Podcast

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

Episodes

  • Defensive Security Podcast Episode 236

    Jun 15 2019

    Get well soon, Mr. Kalat!

  • Defensive Security Podcast Episode 235

    Apr 15 2019

    https://www.theregister.co.uk/2019/03/20/steffan_needham_aws_rampage_prison_sentence_voova/ https://www.zdnet.com/google-amp/article/study-shows-programmers-will-take-the-easy-way-out-and-not-implement-proper-password-security/ https://arstechnica.com/information-technology/2019/03/50-shades-of-greyhat-a-study-in-how-not-to-handle-security-disclosures/ https://matrix.org/blog/2019/04/11/security-incident/index.html

  • Defensive Security Podcast Episode 234

    Mar 04 2019

    https://www.zdnet.com/article/hackers-wipe-us-servers-of-email-provider-vfemail/ https://www.securityweek.com/russian-state-sponsored-hackers-are-fastest-crowdstrike https://www.zdnet.com/article/icann-there-is-an-ongoing-and-significant-risk-to-dns-infrastructure/ https://www.infosecurity-magazine.com/news/password-managers-no-more-secure-1/ https://www.zdnet.com/article/microsoft-do-these-things-now-to-protect-your-network/

  • Defensive Security Podcast Episode 233

    Feb 12 2019

    https://www.securityweek.com/hackers-using-rdp-are-increasingly-using-network-tunneling-bypass-protections https://www.zdnet.com/article/trojan-malware-is-back-and-its-the-biggest-hacking-threat-to-your-business/ https://www.csoonline.com/article/3336923/security/phishing-has-become-the-root-of-most-cyber-evil.html https://www.darkreading.com/attacks-breaches/ransomware-attack-via-msp-locks-customers-out-of-systems/d/d-id/1333825 https://www.dlapiper.com/~/media/files/insights/public...more

  • Defensive Security Podcast Episode 232

    Jan 22 2019

    https://www.zdnet.com/article/popular-wordpress-plugin-hacked-by-angry-former-employee/ https://www.zdnet.com/article/notpetya-an-act-of-war-cyber-insurance-firm-taken-to-task-for-refusing-to-pay-out/ https://www.zdnet.com/article/employees-sacked-ceo-fined-in-singhealth-security-breach/ – https://www.zdnet.com/article/firms-fined-1m-for-singhealth-data-security-breach/ https://www.securityweek.com/new-variant-bec-seeks-divert-payroll-deposits https://www.zdnet.com/article/oklaho...more

  • Defensive Security Podcast Episode 231

    Jan 15 2019

    https://lifehacker.com/why-smart-people-make-stupid-mistakes-1831503216 https://www.chicagotribune.com/business/ct-biz-tribune-publishing-malware-20181230-story,amp.html https://www.securityweek.com/was-north-korea-wrongly-accused-ransomware-attacks https://www.healthcareitnews.com/news/staff-lapses-and-it-system-vulnerabilities-are-key-reasons-behind-singhealth-cyberattack https://www.nextgov.com/cybersecurity/2019/01/hhs-releases-voluntary-cybersecurity-practices-health-industry/15...more

  • Defensive Security Podcast Episode 230

    Dec 04 2018

    https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/ https://krebsonsecurity.com/2018/11/marriott-data-on-500-million-guests-stolen-in-4-year-breach/ https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/

  • Defensive Security Podcast Episode 229

    Nov 27 2018

    https://www.dutchnews.nl/news/2018/11/internet-con-men-ripped-off-pathe-nl-for-e19m-in-sophisticated-fraud/ https://lifehacker.com/how-password-constraints-give-you-a-false-sense-of-secu-1830564360 https://www.csoonline.com/article/3319704/data-protection/the-end-of-security-as-we-know-it.html https://www.careersinfosecurity.com/breach-settlement-has-unusual-penalty-a-11669 https://motherboard.vice.com/en_us/article/bje8na/massive-data-leaks-keep-happening-because-big-companies-can-afford-to-los...more

  • Defensive Security Podcast Episode 228

    Nov 13 2018

    https://www.zdnet.com/article/this-is-how-artificial-intelligence-will-become-weaponized-in-future-cyberattacks/ https://www.securityinfowatch.com/article/12434583/everyone-needs-to-take-responsibility-for-cybersecurity-in-the-workplace https://www.zdnet.com/article/adobe-coldfusion-servers-under-attack-from-apt-group/ https://www.securityweek.com/troubled-waters-how-new-wave-cyber-attacks-targeting-maritime-trade https://securityaffairs.co/wordpress/77676/malware/industrial-facilities-malware.h...more

  • Defensive Security Podcast Episode 227

    Oct 30 2018

    https://www.zdnet.com/article/equifax-engineer-who-designed-breach-portal-gets-8-months-of-house-arrest-for-insider-trading/ https://www.csoonline.com/article/3314557/security/ransomware-attack-hits-north-carolina-water-utility-following-hurricane.html https://www.securityweek.com/insurer-anthem-will-pay-record-16m-massive-data-breach https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html https://www.thinkadvisor.com/2018/09/26/sec-hits-voya-financial-advi...more

  • Defensive Security Podcast Episode 226 redux

    Oct 08 2018

    Note: this episode is being re-released to fix a problem with the mp3 download. https://www.tripwire.com/state-of-security/security-data-protection/bec-as-a-service-offers-hacked-business-accounts-for-as-little-as-150/ https://www.bleepingcomputer.com/news/security/ic3-issues-alert-regarding-remote-desktop-protocol-rdp-attacks/ https://krebsonsecurity.com/2018/10/supply-chain-security-is-the-whole-enchilada-but-whos-willing-to-pay-for-it/  

  • Defensive Security Podcast Episode 225

    Sep 09 2018

    https://motherboard.vice.com/en_us/article/pa8emg/russian-indicted-jp-morgan-chase-hack https://www.zdnet.com/article/us-government-releases-post-mortem-report-on-equifax-hack/ https://www.zdnet.com/article/phishing-alert-north-korean-hacking-attacks-shows-your-email-is-still-the-weakest-link/ https://www.verizon.com/about/news/lifting-lid-cybercrime

  • Defensive Security Podcast Episode 224

    Aug 31 2018

    https://www.zdnet.com/article/this-destructive-ransomware-has-made-crooks-6m-by-encrypting-data-and-backups/ https://www.bleepingcomputer.com/news/security/reddit-announces-security-breach-after-hackers-bypassed-staffs-2fa/ https://www.databreachtoday.com/art-steal-fin7s-highly-effective-phishing-a-11286 https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

  • Defensive Security Podcast Episode 223

    Jul 31 2018

    https://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most https://www.bankinfosecurity.com/labcorp-still-recovering-from-ransomware-attack-a-11235 https://www.securityweek.com/cyber-axis-evil-rewriting-cyber-kill-chain https://arstechnica.com/information-technology/2018/07/prolific-hacking-group-steals-almost-1-million-from-russian-bank/#p3 https://www.bleepingcomputer.com/news/government/us-charges-12-russian-intelligence-officers...more

  • Defensive Security Podcast Episode 222

    Jul 15 2018

    https://www.csoonline.com/article/3285982/data-protection/4-reasons-why-cisos-must-think-like-developers-to-build-cybersecurity-platforms.html https://www.csoonline.com/article/3287655/phishing/stop-training-your-employees-to-fall-for-phishing-attacks.html https://www.bankinfosecurity.com/cryptojacking-displaces-ransomware-as-top-malware-threat-a-11165 https://wiki.gentoo.org/wiki/Project:Infrastructure/Incident_Reports/2018-06-28_Github

  • Defensive Security Podcast Episode 221

    Jul 03 2018

    https://www.esecurityplanet.com/network-security/security-projects-cisos-should-consider-gartner.html Data breach defendant must hand over computer forensics reports: court https://www.theregister.co.uk/2018/06/26/digitally_signed_malware/ https://www.bankinfosecurity.com/californias-new-privacy-law-its-almost-gdpr-in-us-a-11149 https://blog.erratasec.com/2018/06/lessons-from-npetya-one-year-later.html

  • Defensive Security Podcast Episode 220

    Jun 28 2018

    https://www.wired.com/story/exactis-database-leak-340-million-records/ https://www.helpnetsecurity.com/2018/06/19/opm-breach-fraud/ https://www.tenable.com/blog/should-you-still-prioritize-exploit-kit-vulnerabilities  

  • Defensive Security Podcast Episode 219

    Jun 19 2018

    https://www.csoonline.com/article/3276584/ransomware/what-does-a-ransomware-attack-cost-beware-the-hidden-expenses.html https://www.bankinfosecurity.com/mental-health-provider-pays-ransom-to-recover-data-a-11040 https://www.itbusinessedge.com/blogs/data-security/did-we-see-our-first-data-breach-of-the-gdpr-era.html

  • Defensive Security Podcast Episode 218

    May 28 2018

    https://www.zdnet.com/article/wannacry-ransomware-crisis-one-year-on-are-we-ready-for-the-next-global-cyber-attack/ https://www.zdnet.com/article/enterprise-vulnerability-management-as-effective-as-random-chance/ https://www.zdnet.com/article/enterprise-codebases-plagued-by-open-source-vulnerabilities/ https://www.databreachtoday.com/nuance-communications-breach-affected-45000-patients-a-11002

  • Defensive Security Podcast Episode 217

    Apr 24 2018

    https://www.csoonline.com/article/3262168/ransomware/customers-describe-the-impact-of-the-allscripts-ransomware-attack.html https://www.infosecurity-magazine.com/news/atlanta-city-splurges-27m/ https://arstechnica.com/information-technology/2018/04/insecure-rsa-conference-app-leaked-attendee-data/ https://www.wired.com/story/inside-the-unnerving-supply-chain-attack-that-corrupted-ccleaner/

  • Defensive Security Podcast Episode 216

    Apr 21 2018

    https://www.verizonenterprise.com/verizon-insights-lab/dbir/

  • Defensive Security Podcast Episode 215

    Apr 13 2018

    https://www.bankinfosecurity.com/nj-ag-smacks-practice-hefty-fine-for-vendor-breach-a-10774 https://www.bankinfosecurity.com/panera-bread-data-leak-persisted-for-eight-months-a-10760 http://www.eweek.com/security/best-buy-delta-sears-hit-by-third-party-chat-widget-breach http://www.baltimoresun.com/news/maryland/crime/bs-md-ci-hack-folo-20180328-story.html

  • Defensive Security Podcast Episode 214

    Mar 29 2018

    https://www.csoonline.com/article/3265024/privacy/are-you-letting-gdpr-s-privacy-rules-trump-security.html http://www.zdnet.com/article/doj-indicts-iranian-hackers-for-stealing-data-from-144-us-universities/ https://www.databreachtoday.com/report-guccifer-20-unmasked-at-last-a-10737 https://www.databreachtoday.com/expedias-orbitz-suspects-880000-payment-cards-stolen-a-10729 https://www.csoonline.com/article/3266364/security/samsam-group-deletes-atlantas-contact-portal-after-the-address-goes-publ...more

  • Defensive Security Podcast Episode 213

    Mar 21 2018

    https://www.theguardian.com/business/2018/mar/14/equifax-insider-trading-data-breach-jun-ying-charged https://gizmodo.com/us-power-company-fined-2-7-million-over-security-flaws-1823745994 https://www.csoonline.com/article/3262551/data-protection/are-your-employees-unwittingly-invalidating-your-cyber-liability-insurance.html https://www.cisecurity.org/controls/

  • Defensive Security Podcast Episode 212

    Mar 13 2018

    https://www.csoonline.com/article/3258817/data-breach/sec-guidance-on-it-security-would-you-report-security-risks-before-a-breach.html http://www.zdnet.com/article/hackers-are-selling-legitimate-code-signing-certificates-to-evade-malware-detection/ http://au.news.yahoo.com/a/39380423/equifax-expects-net-200-million-in-breach-related-costs-in-2018/ http://www.eweek.com/security/crowdstrike-reveals-time-to-breakout-as-key-cyber-security-metric https://www.securityweek.com/sophisticated-cyberspies-...more

  • Defensive Security Podcast Episode 211

    Feb 19 2018

    https://www.bleepingcomputer.com/news/security/destructive-malware-wreaks-havoc-at-pyeongchang-2018-winter-olympics/ https://www.cyberscoop.com/atos-olympics-hack-olympic-destroyer-malware-peyongchang/ https://www.bankinfosecurity.com/blogs/attribution-games-dont-rush-to-blame-p-2594 http://www.zdnet.com/article/meltdown-spectre-flaws-weve-found-new-attack-variants-say-researchers/ https://news.iu.edu/stories/2018/02/iub/releases/13-paper-suggests-agency-to-prevent-cyberattacks.html

  • Defensive Security Podcast Episode 209

    Jan 17 2018

    https://www.csoonline.com/article/3247653/data-protection/5-mistakes-ive-made-and-how-to-avoid-them.html https://www.csoonline.com/article/3244650/disaster-recovery/why-we-continue-to-fail-lessons-learned-from-the-atlanta-airport-fiasco.html https://www.wired.com/story/meltdown-and-spectre-patches-take-toll/

  • Defensive Security Podcast Episode 208

    Dec 30 2017

    https://www.upguard.com/breaches/cloud-leak-alteryx?ilink=1 https://krebsonsecurity.com/2017/12/4-years-after-target-the-little-guy-is-the-target/

  • Defensive Security Podcast Episode 207

    Dec 14 2017

    https://www.csoonline.com/article/3239645/data-protection/3-common-cybersecurity-maturity-failings.html https://www.troyhunt.com/the-trouble-with-politicians-sharing-passwords/ https://krebsonsecurity.com/2017/12/phishers-are-upping-their-game-so-should-you/ https://www.reuters.com/article/us-uber-cyber-payment-exclusive/exclusive-uber-paid-20-year-old-florida-man-to-keep-data-breach-secret-sources-idUSKBN1E101C

  • Defensive Security Podcast Episode 206

    Dec 05 2017

    http://www.zdnet.com/article/national-credit-federation-leaked-us-citizen-data-through-unsecured-aws-bucket/ http://www.mercurynews.com/2017/11/21/uber-concealed-attack-that-exposed-data-of-57-million/

  • Defensive Security Podcast Episode 205

    Nov 13 2017

    https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/ https://www.bankinfosecurity.com/mayer-strengthened-defense-couldnt-stop-massive-breaches-a-10442 http://www.securityweek.com/phishing-poses-biggest-threat-users-google

  • Defensive Security Podcast Episode 204

    Nov 06 2017

    https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/ https://motherboard.vice.com/en_us/article/ne3bv7/equifax-breach-social-security-numbers-researcher-warning https://www.csoonline.com/article/3234675/data-protection/6-reasons-why-awareness-programs-fail-even-when-following-best-practices.html https://cyberbalancesheet.com/

  • Defensive Security Podcast Episode 203

    Oct 16 2017

    https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-pros https://www.databreachtoday.com/ex-ceo-blames-human-error-tech-failures-for-equifax-breach-a-10349 http://www.zdnet.com/article/wsj-kaspersky-software-likely-used-in-russian-backed-nsa-breach/ https://www.washingtonpost.com/world/national-security/israel-hacked-kaspersky-then-tipped-the-nsa-that-its-tools-had-been-breached/2017/10/10/d48ce774-aa95-11e7-850e-2bdd1236be5d_story.html ht...more

  • Defensive Security Podcast Episode 202

    Oct 02 2017

    https://arstechnica.com/information-technology/2017/09/ccleaner-backdoor-infecting-millions-delivered-mystery-payload-to-40-pcs/ https://www.theregister.co.uk/2017/09/26/equifax_ceo_resigns/ https://krebsonsecurity.com/2017/09/source-deloitte-breach-affected-all-company-email-admin-accounts/comment-page-2/ https://www.theregister.co.uk/2017/09/26/deloitte_leak_github_and_google/

  • Defensive Security Podcast Episode 201

    Sep 11 2017

    https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/ https://www.welivesecurity.com/2017/09/06/security-vulnerability-leaves-fortune-100-firms-vulnerable/ http://nypost.com/2017/09/08/equifax-blames-giant-breach-on-vendor-software-flaw/amp/ https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax https://qz.com/1073221/the-hackers-who-broke-into-equifax-exploited-a-nine-year-old-security-flaw/

  • Defensive Security Podcast Episode 200

    Aug 29 2017

    http://www.securityweek.com/three-questions-every-ciso-should-be-able-answer https://arstechnica.com/information-technology/2017/08/powerful-backdoor-found-in-software-used-by-100-banks-and-energy-cos/?amp=1 https://krebsonsecurity.com/2017/08/blowing-the-whistle-on-bad-attribution/ http://www.csoonline.com/article/3213030/security/when-it-comes-to-the-cloud-do-cisos-have-their-heads-in-the-sand.html http://www.zdnet.com/article/petya-ransomware-cyber-attack-costs-could-hit-300m-for-shipping-gia...more

  • Defensive Security Podcast Episode 199

    Aug 14 2017

    https://www.theregister.co.uk/2017/08/10/salesforce_fires_its_senior_security_engineers_after_defcon_talk/?mt=1502653861726 PR fight ensues after claims of leaked Carbon Black data https://www.theregister.co.uk/2017/08/10/carbon_black_denies_sec_sys_broken/ http://www.databreachtoday.com/ocr-tells-organizations-to-step-up-phishing-scam-awareness-a-10174 https://www.infosecurity-magazine.com/news/anthem-medicare-patients-hit-breach/ https://www.theregister.co.uk/2017/08/07/cba_blames_software_fo...more

  • Defensive Security Podcast Episode 198

    Aug 07 2017

    https://www.darkreading.com/vulnerabilities—threats/wannacry-inspires-worm-like-module-in-trickbot/d/d-id/1329491 http://www.securityweek.com/one-million-exposed-adware-hijacked-chrome-extension https://www.darkreading.com/risk/can-your-risk-assessment-stand-up-under-scrutiny/a/d-id/1329435

  • Defensive Security Podcast Episode 197

    Jul 24 2017

    http://thehackernews.com/2017/07/adwind-rat-malware.html https://www.theregister.co.uk/2017/07/13/swiss_domain_name_hijack/ http://www.databreachtoday.com/fedex-warns-notpetya-will-negatively-affect-profits-a-10118 http://www.cnbc.com/2017/07/21/a-cyberattack-is-going-to-cause-this-tech-company-to-miss-earnings.html http://www.securityweek.com/alarming-percentage-employees-hide-security-incidents-report

  • Defensive Security Podcast Episode 196

    Jul 12 2017

    http://www.databreachtoday.com/notpetya-patient-zero-ukrainian-accounting-software-vendor-a-10080 http://blog.talosintelligence.com/2017/07/the-medoc-connection.html?m=1 http://www.databreachtoday.com/police-seize-backdoored-firms-servers-to-stop-attacks-a-10083 https://www.bleepingcomputer.com/news/security/m-e-doc-software-was-backdoored-3-times-servers-left-without-updates-since-2013/ https://www.wired.com/story/petya-plague-automatic-software-updates/ https://www.theregister.co.uk/2017/06/28...more

  • Defensive Security Podcast Episode 195

    Jun 27 2017

    http://securityaffairs.co/wordpress/60243/data-breach/dra-data-leak.html https://www.wired.com/story/crash-override-malware/ https://threatpost.com/fin10-extorting-canadian-mining-companies-casinos/126382/ http://variety.com/2017/digital/features/netflix-orange-is-the-new-black-leak-dark-overlord-larson-studios-1202471400/amp/ https://arstechnica.com/information-technology/2017/06/32tb-of-windows-10-beta-builds-driver-source-code-leaked/ https://arstechnica.com/security/2017/06/5-weeks-after-wcr...more

  • Defensive Security Podcast Episode 194

    Jun 22 2017

    https://hotforsecurity.bitdefender.com/blog/heartbleed-still-hurting-hard-uk-council-fined-100000-after-data-breach-18205.html https://threatpost.com/ransomware-attack-hobbles-prestigious-university-college-london/126299/ http://www.securityweek.com/web-hosting-provider-pays-1-million-ransomware-attackers https://infosec.engineering/improving-the-effectiveness-of-vulnerability-remediation-targeting/ 

  • Defensive Security Podcast Episode 193

    Jun 12 2017

    http://www.csoonline.com/article/3198492/security/ceos-risky-behaviors-compromise-security.html https://www.bleepingcomputer.com/news/security/ex-admin-deletes-all-customer-data-and-wipes-servers-of-dutch-hosting-provider http://thehackernews.com/2017/06/intel-amt-firewall-bypass.html http://thehackernews.com/2017/06/microsoft-powerpoint-malware.html

  • Defensive Security Podcast Episode 192

    Jun 06 2017

    http://www.csoonline.com/article/3198496/compliance/sometimes-it-is-necessary-to-bend-the-rules-a-bit.html http://www.securityweek.com/nature-vs-nurture-bad-cybersecurity-our-dna http://gizmodo.com/top-defense-contractor-left-sensitive-pentagon-files-on-1795669632 https://nakedsecurity.sophos.com/2017/06/02/onelogin-warns-that-attacker-could-be-able-to-decrypt-data/

  • Defensive Security Podcast Episode 191

    May 25 2017

    https://arstechnica.com/security/2017/05/windows-7-not-xp-was-the-reason-last-weeks-wcry-worm-spread-so-widely/ http://www.publictechnology.net/articles/news/nhs-cyber-attack-forces-week-long-council-email-block https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html https://www.grahamcluley.com/companies-keeping-bitcoin-hand-case-ransomware-attacks/ http:...more

  • Defensive Security Podcast Episode 190

    May 10 2017

    http://www.verizonenterprise.com/resources/reports/rp_DBIR_2017_Report_en_xg.pdf

  • Defensive Security Podcast Episode 189

    Apr 25 2017

    https://www.wsj.com/articles/cybersecurity-startup-tanium-exposed-california-hospitals-network-in-demos-without-permission-1492624287 95% of enterprise risk assessments find employees using TOR, private VPNs to bypass security, report says http://www.csoonline.com/article/3191286/security/most-employees-willing-to-share-sensitive-information-survey-says.html https://www.bleepingcomputer.com/news/security/over-36-000-computers-infected-with-nsas-doublepulsar-malware/

  • Defensive Security Podcast Episode 188

    Apr 17 2017

    https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/ https://www.bleepingcomputer.com/news/security/former-sysadmin-accused-of-planting-time-bomb-in-companys-database/ http://www.computerworld.com/article/3189059/security/what-prevents-breaches-process-technology-or-people-one-answer-is-pc-and-one-is-right.html http://www.csoonline.com/article/3187422/network-security/report-30-of-malware-is-zero-day-missed-by-legacy-antivirus.amp.html ...more

  • Defensive Security Podcast Episode 187

    Mar 28 2017

    http://www.itworld.com/article/3182431/security/some-https-inspection-tools-might-weaken-security.html https://www.bleepingcomputer.com/news/legal/former-it-admin-accused-of-leaving-backdoor-account-accessing-it-700-times/ http://www.securityweek.com/what-cisos-can-learn-er-doctors http://www.csoonline.com/article/3180762/data-breach/inside-the-russian-hack-of-yahoo-how-they-did-it.html https://arstechnica.com/security/2017/03/microsofts-silence-over-unprecedented-patch-delay-doesnt-smell-right/...more

  • Defensive Security Podcast Episode 186

    Mar 14 2017

    http://www.bankinfosecurity.com/emory-healthcare-database-breach-what-happened-a-9745 http://www.networkworld.com/article/3176718/security/dealing-with-overwhelming-volume-of-security-alerts.html#tk.rss_security http://www.networkworld.com/article/3175030/security/trend-micro-report-ransomware-booming.html https://www.helpnetsecurity.com/2017/03/02/yahoo-cookie-forging-incident/ http://www.darkreading.com/risk/new-cybersecurity-regulations-begin-today-for-ny-banks/d/d-id/1328295 http://www.pcwor...more

  • Defensive Security Podcast Episode 185

    Feb 28 2017

    https://www.bleepingcomputer.com/news/security/malware-used-to-attack-polish-banks-contained-false-flags-blaming-russian-hackers/ http://www.csoonline.com/article/3173639/security/bleeding-clouds-cloudflare-server-errors-blamed-for-leaked-customer-data.html http://www.csoonline.com/article/3174153/security/carders-capitalize-on-cloudflare-problems-claim-150-million-logins-for-sale.amp.html http://www.securityweek.com/what-hackers-think-your-defenses http://www.csoonline.com/article/3171154/secur...more

  • Defensive Security Podcast Episode 184

    Feb 20 2017

    https://gallery.technet.microsoft.com/ATA-Playbook-ef0a8e38/file/169827/1/ATA%20Playbook.pdf http://www.securityweek.com/google-shares-data-corporate-email-attacks http://www.databreachtoday.com/reworked-ny-cybersecurity-regulation-takes-effect-in-march-a-9733 http://www.computerworld.com/article/3169386/security/recent-malware-attacks-on-polish-banks-tied-to-wider-hacking-campaign.html#tk.rss_security http://www.computerworld.com/article/3166824/security/polish-banks-on-alert-after-mystery-malw...more

  • Defensive Security Podcast Episode 183

    Feb 14 2017

    https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/?amp=1 http://www.darkreading.com/risk/7-tips-for-getting-your-security-budget-approved/d/d-id/1328004 https://www.asd.gov.au/publications/protect/essential-eight-explained.htm http://www.csoonline.com/article/3163068/application-development/how-to-secure-active-directory.html https://securosis.com/mobile/tidal-forces-software-as-a-service-is-the-new-back-office/full

  • Defensive Security Podcast Episode 182

    Jan 23 2017

    http://www.securityweek.com/cyber-threat-intelligence-shows-majority-cybercrime-not-sophisticated http://www.databreachtoday.com/new-in-depth-analysis-anthem-breach-a-9627 http://www.databreachtoday.com/475000-hipaa-penalty-for-tardy-breach-notification-a-9624 http://www.databreachtoday.com/insurer-slapped-22-million-hipaa-settlement-a-9643 https://krebsonsecurity.com/2017/01/extortionists-wipe-thousands-of-databases-victims-who-pay-up-get-stiffed/ https://securosis.com/mobile/tidal-forces-endpo...more

  • Defensive Security Podcast Episode 181

    Jan 09 2017

    http://www.businessinsider.com/russian-hacking-fears-reportedly-triggered-by-vermont-employee-checking-his-email-2017-1 http://www.cio.com/article/3153706/security/4-information-security-threats-that-will-dominate-2017.html http://www.databreachtoday.com/major-breach-insurer-blames-system-integrator-a-9603 http://www.zdnet.com/article/this-ransomware-targets-hr-departments-with-fake-job-applications/ https://securosis.com/mobile/tidal-forces-the-trends-tearing-apart-security-as-we-know-it/full h...more

  • Defensive Security Podcast Episode 180

    Dec 20 2016

    https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/ http://arstechnica.com/tech-policy/2016/12/disgraced-it-worker-stole-confidential-expedia-e-mails-even-after-he-left/ http://arstechnica.com/security/2016/12/millions-exposed-to-malvertising-that-hid-attack-code-in-banner-pixels/ http://www.reuters.com/article/us-cyber-heist-bangladesh-exclusive-idUSKBN1411ST http://motherboard.vice.com/read/newly-uncovered-site-suggests-ns...more

  • Defensive Security Podcast Episode 179

    Dec 18 2016

    2016 HOLIDAY PODCAST MASHUP With: PVC Security Podcast: http://www.pvcsec.com/ Brakeing Down Security Podcast: http://www.brakeingsecurity.com/ Advanced Persistent Security Podcast: https://advancedpersistentsecurity.net/ …and Amanda Berlin!

  • Defensive Security Podcast Episode 178

    Nov 28 2016

    Slack channel:  https://defensivesecurity.org/slack-channel/ http://blog.checkpoint.com/2016/11/24/imagegate-check-point-uncovers-new-method-distributing-malware-images/ http://www.csoonline.com/article/3143713/analytics/shall-we-care-about-zero-day.html http://www.databreachtoday.com/umass-amherst-hit-650000-hipaa-settlement-a-9554 http://arstechnica.com/security/2016/11/elegant-0day-unicorn-underscores-serious-concerns-about-linux-security/ http://www.securityweek.com/disgruntled-gamer-likely-...more

  • Defensive Security Podcast Episode 177

    Nov 14 2016

    Book recommendations: https://defensivesecurity.org/resources/recommended-books/ Slack channel: http://https://defensivesecurity.org/slack-channel/ http://arstechnica.com/information-technology/2016/11/kaspersky-accuses-microsoft-of-anticompetitive-bundling-of-antivirus-software/ https://nakedsecurity.sophos.com/2016/11/11/yahoo-staff-knew-they-were-breached-two-years-ago/ http://www.csoonline.com/article/3139311/security/412-million-friendfinder-accounts-exposed-by-hackers.html

  • Defensive Security Podcast Episode 176

    Nov 07 2016

    https://www.helpnetsecurity.com/2016/11/03/overconfidence-risk-attacks/ http://arstechnica.com/security/2016/11/windows-zero-day-exploited-by-same-group-behind-dnc-hack/ http://www.bankinfosecurity.com/those-suing-anthem-seek-security-audit-documents-a-9498 https://it.slashdot.org/story/16/11/05/1744231/it-workers-facing-layoffs-jolted-by-ceos-message

  • Defensive Security Podcast Episode 175

    Nov 02 2016

    http://www.securityweek.com/shadow-brokers-leaks-servers-allegedly-hacked-nsa http://www.bankinfosecurity.com/online-ad-industry-threatened-by-security-issues-a-9488 http://m.elpasoinc.com/news/local_news/article_92e82ee0-9f84-11e6-b429-0b2b853bae0b.html?mode=jqm http://researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-used-lure-operation-lotus-blossom-actors/

  • Defensive Security Podcast Episode 174

    Oct 24 2016

    https://threatpost.com/serious-dirty-cow-linux-vulnerability-under-attack/121448/ http://news.softpedia.com/news/hackers-steal-research-and-user-data-from-japanese-nuclear-research-lab-509380.shtml https://www.databreaches.net/rainbow-childrens-clinic-notifies-33368-patients-of-ransomware-attack/ https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/

  • Defensive Security Podcast Episode 173

    Oct 16 2016

    http://conferences.oreilly.com/security/network-data-security-ny/public/content/buy-one-get-one-discount https://www.eventbrite.com/e/bsides-atlanta-2016-tickets-27895813128 http://www.cnbc.com/2016/10/14/british-banks-keep-cyber-attacks-under-wraps-to-protect-image.html http://www.lexology.com/library/detail.aspx?g=f17c1e55-5768-4ea6-a7e6-d555c4052eef https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly

  • Defensive Security Podcast Episode 172

    Oct 03 2016

    http://cybersecurity.oxfordjournals.org/content/early/2016/08/08/cybsec.tyw001 https://www.helpnetsecurity.com/2016/09/29/risky-password-practices/ http://www.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html?_r=0 http://www.databreachtoday.com/blogs/yahoo-breach-great-nation-state-cop-out-p-2260

  • Defensive Security Podcast Episode 171

    Sep 22 2016

    http://www.csoonline.com/article/3119965/security/a-single-ransomware-network-has-pulled-in-121-million.html https://www.sans.org/reading-room/whitepapers/dataprotection/data-breaches-prevention-practical-37267 http://www.bankinfosecurity.com/aligning-cyber-framework-organizations-strategy-goals-a-9401 http://arstechnica.com/security/2016/09/swift-fraudsters-detection-system-bangladesh-bank-heist/ http://www.bankinfosecurity.com/blogs/ransomware-victims-please-come-forward-p-2255 http://www.nyti...more

  • Defensive Security Podcast Episode 170

    Sep 11 2016

    http://news.softpedia.com/news/retiring-sysadmin-fakes-cyber-attack-to-get-away-with-data-theft-507992.shtml https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf http://money.cnn.com/2016/09/08/investing/wells-fargo-created-phony-accounts-bank-fees/index.html http://spectrum.ieee.org/view-from-the-valley/computing/it/facebook-engineers-crash-data-centers-in-realworld-stress-test http://www.b...more

  • Defensive Security Podcast Episode 169

    Aug 30 2016

    http://www.csoonline.com/article/3110975/techology-business/how-do-you-measure-success-when-it-comes-to-stopping-phishing-attacks.html http://www.databreachtoday.com/equation-group-hacking-tool-dump-5-lessons-a-9358 http://www.csoonline.com/article/3109982/security/attackers-dont-need-vulnerabilities-when-the-basics-work-just-as-well.html http://www.securityweek.com/attacker-uses-virtual-machine-hide-malicious-activity http://www.networkworld.com/article/3110653/security/imperva-application-laye...more

  • Defensive Security Podcast Episode 168

    Aug 21 2016

    https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ http://www.extremetech.com/extreme/234031-your-guide-to-the-shadow-brokers-nsa-theft-which-puts-the-snowden-leaks-to-shame http://phys.org/news/2016-08-people-software-percent.html http://www.csoonline.com/article/3108025/cyber-attacks-espionage/cerber-ransomware-earns-2-3mil-with-0-3-response-rate.html

  • Defensive Security Podcast Episode 167

    Aug 14 2016

    http://www.csoonline.com/article/3101863/security/report-only-3-percent-of-u-s-companies-pay-attackers-after-ransomware-infections.html http://www.bankinfosecurity.com/fed-reserve-a-9282 http://www.tripwire.com/state-of-security/featured/does-dropping-malicious-usb-sticks-really-work-yes-worryingly-well/ http://arstechnica.com/security/2016/08/frequent-password-changes-are-the-enemy-of-security-ftc-technologist-says/ http://spectrum.ieee.org/tech-talk/telecom/security/nigerian-scammers-infect-th...more

  • Defensive Security Podcast Episode 166

    Jul 25 2016

    http://www.bankinfosecurity.com/report-new-york-fed-fumbled-cyber-heist-response-a-9281 http://motherboard.vice.com/read/ransomware-gang-claims-fortune-500-company-hired-them-to-hack-the-competition http://www.lexology.com/library/detail.aspx?g=d0f4e774-6c6a-4783-b993-4f165f1dcc7e

  • Defensive Security Podcast Episode 165

    Jul 17 2016

    Tiaracon: http://tiaracon.org/ http://www.cbc.ca/news/technology/antivirus-software-1.3668746 http://www.csoonline.com/article/3089439/business-continuity/9-critical-controls-for-todays-threats.html http://www.bankinfosecurity.com/interviews/heartbleed-update-america-vulnerable-i-3242 http://www.bankinfosecurity.com/blogs/av-wars-sophos-vs-cylance-p-2172 http://www.reuters.com/article/us-cyber-fdic-china-idUSKCN0ZT20M http://blog.talosintel.com/2016/07/ranscam.html

  • Defensive Security Podcast Episode 164

    Jun 30 2016

    http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html#.V3BKyvkrJhE http://www.zdnet.com/article/cvss-scores-are-not-enough-for-modern-security/ http://www.crn.com/news/security/300081157/sophos-slams-cylance-in-blog-post-as-market-for-endpoint-security-heats-up.htm?itc=refresh

  • Defensive Security Podcast Episode 163

    Jun 20 2016

    http://www.darkreading.com/vulnerabilities—threats/windows-badtunnel-attack-hijacks-network-traffic/d/d-id/1325875 http://krebsonsecurity.com/2016/06/adobe-update-plugs-flash-player-zero-day/ http://krebsonsecurity.com/2016/06/banks-credit-card-breach-at-cicis-pizza/ http://ieee-security.org/TC/SP2016/papers/0824a018.pdf https://securelist.com/blog/research/75027/xdedic-the-shady-world-of-hacked-servers-for-sale/ https://www.washingtonpost.com/world/national-security/guccifer-20-claims-cre...more

  • Defensive Security Podcast Episode 162

    Jun 05 2016

    https://threatpost.com/teamviewer-denies-hack-blames-password-reuse-for-compromises/118427/ http://www.businessinsurance.com/article/20160602/NEWS06/160609935/chubb-p-f-changs-federal-insurance-co-cybersecurity-by-chubb-credit http://www.csoonline.com/article/3075385/backup-recovery/will-your-backups-protect-you-against-ransomware.html#jump http://www.csoonline.com/article/3077434/security/93-of-phishing-emails-are-now-ransomware.html#jump http://venturebeat.com/2016/06/04/federal-reserve-bank-w...more

  • Defensive Security Podcast Episode 161

    May 23 2016

    Vote for us! https://www.surveymonkey.com/r/secbloggerwards2016 http://www.csoonline.com/article/3071337/cyber-attacks-espionage/cybercriminals-are-increasingly-embracing-a-sophisticated-business-model-approach.html#tk.rss_all https://www.yahoo.com/news/special-report-cyber-thieves-exploit-banks-faith-swift-052100312–finance.html?ref=gs http://www.securityweek.com/google-soon-kill-sslv3-rc4-support-gmail https://threatpost.com/microsoft-warns-of-sneaky-new-macro-trick/118227/ http://www.ne...more

  • Defensive Security Podcast Episode 160

    May 18 2016

    http://www.bankinfosecurity.com/researcher-hacks-symantecs-av-via-email-a-9109 http://www.v3.co.uk/v3-uk/news/2457773/hackers-exploiting-six-year-old-sap-software-flaw-warns-us-cert http://arstechnica.com/security/2016/05/1b-bangladesh-heist-officials-say-swift-technicians-left-bank-vulnerable/ http://www.csoonline.com/article/3069502/data-breach/malware-attacks-on-two-banks-have-links-with-2014-sony-pictures-hack.html https://www.surveymonkey.com/r/secbloggerwards2016

  • Defensive Security Podcast Episode 159

    May 02 2016

    http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/ https://blog.osvdb.org/2016/04/27/a-note-on-the-verizon-dbir-2016-vulnerabilities-claims/  

  • Defensive Security Podcast Episode 158

    Apr 28 2016

    http://baesystemsai.blogspot.nl/2016/04/two-bytes-to-951m.html https://threatpost.com/bangladesh-bank-hackers-accessed-swift-system-to-steal-cover-tracks/117637/ http://www.csoonline.com/article/3061229/fraud/swift-banking-network-warns-customers-of-cyberfraud-cases.html http://www.theregister.co.uk/2016/04/22/i_hacked_facebook_and_found_someone_had_beaten_me_to_it/

  • Defensive Security Podcast Episode 157

    Apr 19 2016

    https://www.helpnetsecurity.com/2016/04/15/eu-data-protection-rules/ http://pastebin.com/raw/0SNSvyjJ https://threatpost.com/apple-deprecates-quick-time-for-windows-wont-patch-new-flaws/117427/ http://www.welivesecurity.com/2016/04/13/medical-data-breach-leads-record-cash-settlement/

  • Defensive Security Podcast Episode 156

    Apr 13 2016

    https://offensivetechblog.wordpress.com/2016/03/29/systems-admins-we-need-to-talk/ http://m.sfgate.com/business/technology/article/Hackers-broke-into-hospitals-despite-software-7229722.php http://www.wired.co.uk/news/archive/2016-04/06/panama-papers-mossack-fonseca-website-security-problems http://arstechnica.com/security/2016/04/ok-panic-newly-evolved-ransomware-is-bad-news-for-everyone/

  • Defensive Security Podcast Episode 155

    Apr 05 2016

    https://www.cooley.com/california-attorney-general-2016-data-breach-report http://www.csoonline.com/article/3049392/security/chinese-scammers-take-mattel-to-the-bank-phishing-them-for-3-million.html http://www.oreilly.com/security/newsletter http://conferences.oreilly.com/security/network-data-security-ny

  • Defensive Security Podcast Episode 154

    Mar 29 2016

    https://threatpost.com/apt-attackers-flying-more-false-flags-than-ever/116814/ http://www.csoonline.com/article/3048334/security/verizons-breach-experts-missed-one-right-under-their-noses.html http://www.wsj.com/articles/hackers-in-bangladesh-bank-account-heist-part-of-larger-breach-1458582678 http://krebsonsecurity.com/2016/03/hospital-declares-internet-state-of-emergency-after-ransomware-infection/

  • Defensive Security Podcast Episode 153

    Mar 15 2016

    http://www.csoonline.com/article/3043975/security/compromised-data-goes-public-as-staminus-recovers-from-attack.html#tk.rss_all http://www.darkreading.com/endpoint/patch-management-still-plagues-enterprise/d/d-id/1324615 http://www.welivesecurity.com/2016/03/09/android-trojan-targets-online-banking-users/ http://arstechnica.com/security/2016/03/a-typo-costs-bank-hackers-nearly-1b/ http://www.cnet.com/news/home-depot-offers-19m-to-settle-customers-hacking-lawsuit/

  • Defensive Security Podcast Episode 152

    Mar 07 2016

    http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf?_ga=1.157194172.685877305.1433735448 https://blog.agilebits.com/2015/06/17/1password-inter-process-communication-discussion/ http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest_xg_en.pdf

  • Defensive Security Podcast Episode 151

    Feb 28 2016

    http://www.databreachtoday.com/anthem-breach-lessons-one-year-later-a-8897 http://www.dw.com/en/hackers-hold-german-hospital-data-hostage/a-19076030 http://krebsonsecurity.com/2016/02/breached-credit-union-comes-out-of-its-shell/ http://arstechnica.com/security/2016/02/hackers-did-indeed-cause-ukrainian-power-outage-us-report-concludes/

  • Defensive Security Podcast Episode 150

    Feb 25 2016

    http://www.scmagazineuk.com/russian-bank-licences-revoked-for-using-hackers-to-withdraw-funds/article/474464/ http://arstechnica.com/security/2016/02/hospital-pays-17k-for-ransomware-crypto-key/ http://news.softpedia.com/news/us-school-agrees-to-pay-8-500-to-get-rid-of-ransomware-500684.shtml http://www.scmagazineuk.com/44-of-ransomware-victims-in-the-uk-have-paid-to-recover-their-data/article/475426/ http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and...more

  • Defensive Security Podcast Episode 149

    Feb 16 2016

    http://www.tripwire.com/state-of-security/latest-security-news/cisco-patches-critical-asa-ike-buffer-overflow-vulnerability/ http://www.securityweek.com/we-cant-give-preventing-breaches http://www.csoonline.com/article/3033160/security/ransomware-takes-hollywood-hospital-offline-36m-demanded-by-attackers.html http://arstechnica.com/security/2016/02/clever-bank-hack-allowed-crooks-to-make-unlimited-atm-withdrawals/

  • Defensive Security Podcast Episode 148

    Feb 11 2016

    http://www.theregister.co.uk/2016/02/04/norse_corp_ceo_fired/ http://www.secureworks.com/resources/blog/ransomware-used-as-a-distraction/ http://www.zdnet.com/article/most-windows-flaws-mitigated-by-removing-admin-rights-says-report/ http://mobile.reuters.com/article/idUSKCN0VD14X http://www.csoonline.com/article/3025787/security/defending-against-insider-security-threats-hangs-on-trust.html http://www.securityforrealpeople.com/2016/02/poor-ux-leads-to-poorly-secured-soho.html

  • Defensive Security Podcast Episode 147

    Feb 01 2016

    Hack in the Box: https://conference.hitb.org/ Circle City Con: https://circlecitycon.com/tickets/ http://www.theregister.co.uk/2016/01/28/nsas_top_hacking_boss_explains_how_to_protect_your_network_from_his_minions/?page=1 https://www.youtube.com/watch?v=bDJb8WOJYdA http://krebsonsecurity.com/2016/01/sources-security-firm-norse-corp-imploding/ http://arstechnica.com/security/2016/01/secret-ssh-backdoor-in-fortinet-hardware-found-in-more-products/

  • Defensive Security Podcast Episode 146

    Jan 27 2016

    https://blog.malwarebytes.org/intelligence/2016/01/draft-lechiffre-a-manually-run-ransomware/ http://www.tripwire.com/state-of-security/security-data-protection/boeing-supplier-hacked-claims-55-million-worth-of-damage-as-stock-price-falls/ http://krebsonsecurity.com/2016/01/firm-sues-cyber-insurer-over-480k-loss/ http://shawnetuma.com/2016/01/08/supervalu-data-breach-class-action-dismissed-for-lack-of-harm/ Hack in the Box: https://conference.hitb.org/ Circle City Con: https://circlecitycon.com/...more

  • Defensive Security Podcast Episode 145

    Jan 21 2016

    http://arstechnica.com/security/2016/01/security-firm-sued-for-filing-woefully-inadequate-forensics-report/ http://arstechnica.com/security/2016/01/et-tu-fortinet-hard-coded-password-raises-new-backdoor-eavesdropping-fears/ http://www.csoonline.com/article/3021774/security/trend-micro-flaw-could-have-allowed-attacker-to-steal-all-passwords.html

  • Defensive Security Podcast Episode 144

    Jan 03 2016

    http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/ http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html http://www.databreaches.net/191-million-voters-personal-info-exposed-by-misconfigured-database/ http://darkmatters.norsecorp.com/2015/12/28/the-cybersecurity-information-sharing-act-cisa-passed/

  • Defensive Security Podcast Episode 143

    Jan 03 2016

    This is our 2015 holiday episode with the Brakeing Down Security and PVC Security podcasts.

  • Defensive Security Podcast Episode 142

    Dec 13 2015

    https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html http://www.csoonline.com/article/3012443/security/how-the-nsa-uses-behavior-analytics-to-detect-threats.html#tk.rss_all http://www.databreachtoday.com/wyndham-agrees-to-settle-ftc-breach-case-a-8737 https://technet.microsoft.com/en-us/library/security/ms15-127.aspx https://www.reddit.com/r/sysadmin/comments/3wa8rl/early_warning_system_for_cryptowall_crypto_canary/

  • Defensive Security Podcast Episode 141

    Dec 06 2015

    http://www.zdnet.com/article/vtech-hack-gets-worse-kids-photos-chat-logs-also-stolen/ http://krebsonsecurity.com/2015/12/dhs-giving-firms-free-penetration-tests/ http://www.csoonline.com/article/3011580/data-protection/insurance-companies-will-crack-down-on-cyber-security-in-2016-report.html http://www.forbes.com/sites/joannabelbey/2015/11/30/7-tips-from-the-fbi-to-prepare-your-firm-for-a-cyber-attack/

  • Defensive Security Podcast Episode 140

    Nov 26 2015

    http://krebsonsecurity.com/2015/11/breach-at-it-automation-firm-landesk/ http://www.slate.com/articles/technology/users/2015/11/sony_employees_on_the_hack_one_year_later.html http://www.csoonline.com/article/3006816/cyber-attacks-espionage/damballa-finds-tools-related-to-the-malware-that-hit-sony.html http://www.databreachtoday.com/interviews/what-jpmorgan-chase-breach-teaches-us-i-2982 http://www.healthcaredive.com/news/ftc-data-breach-case-dismissal-raises-bar-for-demonstrating-consumer-harm/4...more

  • Defensive Security Podcast Episode 139

    Nov 16 2015

    http://www.bloomberg.com/news/articles/2015-11-10/hackers-accused-by-u-s-of-targeting-top-banks-mutual-funds http://www.trust.org/item/20151113203615-j3cyu http://krebsonsecurity.com/2015/11/jpmorgan-hackers-breached-anti-fraud-vendor-g2-web-services/#more-32855 http://consumerist.com/2015/11/13/lack-of-windows-3-1-technicians-causes-traffic-backup-at-french-airport/ http://securityaffairs.co/wordpress/41950/cyber-crime/fakben-ransomware-as-a-service.html

  • Defensive Security Podcast Episode 138

    Nov 08 2015

    http://arstechnica.com/security/2015/11/crypto-e-mail-service-pays-6000-ransom-gets-taken-out-by-ddos-anyway/ http://arstechnica.com/security/2015/11/booming-crypto-ransomware-industry-employs-new-tricks-to-befuddle-victims/ http://www.theregister.co.uk/2015/11/02/pagefair_malware_snare_scare_in_halloween_hack_of_adblocker_blocker/ http://www.infosecurity-magazine.com/news/it-personnel-are-the-riskiest/

  • Defensive Security Podcast Episode 137

    Oct 26 2015

    http://blog.erratasec.com/2015/10/dumb-dumber-and-cybersecurity.html http://www.businessinsider.com/talktalk-didnt-use-encryption-hack-protect-4-million-customer-details-2015-10 https://grahamcluley.com/2015/10/talktalk-hacked-silly-ask-data-encrypted/ http://krebsonsecurity.com/2015/10/talktalk-hackers-demanded-80k-in-bitcoin/ http://www.securityweek.com/hacking-impact-short-lived-sony-boss https://threatpost.com/european-aviation-agency-warns-of-aircraft-hacking/114987/

  • Defensive Security Podcast Episode 136

    Oct 21 2015

    http://www.threatconnect.com/threat-intelligence-driven-risk-analysis/http://www.theregister.co.uk/2015/10/15/inside_mandiants_biggest_forensics_breach_battle_is_this_anthem/http://www.theregister.co.uk/2015/10/16/dow_jones_denies_russian_hackers_plundered_its_servers_for_insider_trading_tips/http://m.nextgov.com/cybersecurity/2015/10/opm-fully-do-away-passwords-network-access-2-years/122768/

  • Defensive Security Podcast Episode 135

    Oct 13 2015

    tp://www.databreachtoday.com/report-usps-workers-vulnerable-to-phishing-scams-a-8579 http://krebsonsecurity.com/2015/10/at-experian-security-attrition-amid-acquisitions/#more-32501 http://www.databreachtoday.com/etrade-dow-jones-issue-breach-alerts-a-8586 http://www.bankinfosecurity.asia/blogs/cyber-insurance-primer-for-insurers-insured-p-1946 http://www.csoonline.com/article/2990471/social-engineering/near-flawless-social-engineering-attack-spoiled-by-single-flaw.html#tk.rss_all

  • Defensive Security Podcast Episode 134

    Oct 05 2015

    http://arstechnica.com/security/2015/10/patreon-was-warned-of-serious-website-flaw-5-days-before-it-was-hacked/ http://www.scmagazine.com/sec-hits-security-adviser-with-75000-penalty-in-breach-settlement/article/440268/ http://krebsonsecurity.com/2015/10/scottrade-breach-hits-4-6-million-customers/ http://www.wired.com/2015/10/hack-brief-hackers-steal-15m-t-mobile-customers-data-experian/ http://time.com/4056928/trump-hotels-hacked/ http://fortune.com/2015/10/02/american-bankers-association-brea...more

  • Defensive Security Podcast Episode 133

    Sep 30 2015

    http://www.pvcsec.com/ http://brakeingsecurity.com/  

  • Defensive Security Podcast Episode 132

    Sep 29 2015

    http://www.thenationaltriallawyers.org/2015/09/standing-neiman-marcus-data-breach/ http://krebsonsecurity.com/2015/09/bidding-for-breaches-redefining-targeted-attacks/ http://www.miltonstart.com/blog/2015/09/22/morgan-stanley-employee-pleads-guilty-in-data-breach-case/

  • Defensive Security Podcast Episode 131

    Sep 21 2015

    http://www.bizjournals.com/atlanta/blog/atlantech/2015/09/atlantas-bitpay-got-hacked-for-1-8-million-in.html http://www.securityweek.com/excellus-data-breach-impacts-10-million http://www.databreachtoday.com/attacks-on-insurers-lessons-learned-a-8530 http://federalnewsradio.com/cybersecurity/2015/09/us-certs-dos-and-donts-for-after-the-cyber-hack/ http://www.theguardian.com/technology/2015/sep/10/cyber-threat-data-manipulation-us-intelligence-chief http://www.csoonline.com/article/2984543/vulner...more

  • Defensive Security Podcast Episode 130

    Sep 12 2015

    http://www.theregister.co.uk/2015/09/04/mozilla_firefox_bugzilla_leak/ http://darkmatters.norsecorp.com/2015/09/03/four-non-technical-measures-for-mitigating-insidious-insiders/ http://arstechnica.com/tech-policy/2015/08/ftc-can-sue-companies-with-poor-information-security-appeals-court-says/ https://nakedsecurity.sophos.com/2015/09/02/microsoft-word-intruder-revealed-inside-a-malware-construction-kit/ http://www.securityweek.com/executive-it-security-problem-lessons-learned-hillary-clinton

  • Defensive Security Podcast Episode 129

    Aug 25 2015

    http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/security-reverse-engineering-and-eulas/ http://arstechnica.com/security/2015/08/my-browser-visited-drudgereport-and-all-i-got-was-this-lousy-malware/ http://arstechnica.com/security/2015/08/attackers-actively-exploit-windows-bug-that-uses-usb-sticks-to-infect-pcs/ http://arstechnica.com/information-technology/2015/08/lenovo-used-windows-anti-theft-feature-to-install-persistent-crapwar...more

  • Defensive Security Podcast Episode 128

    Aug 25 2015

  • Defensive Security Podcast Episode 127

    Aug 11 2015

    http://resources.infosecinstitute.com/can-user-awareness-really-prevent-spear-phishing/ http://www.net-security.org/secworld.php?id=18702 http://link.springer.com/article/10.1007/s12290-015-0355-5/fulltext.html

  • Defensive Security Podcast Episode 126

    Aug 03 2015

    http://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/ http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/phishing-up-74-in-q2-2015-reveals-infoblox-dns-threat-index/ http://blog.trendmicro.com/trendlabs-security-intelligence/angler-exploit-kit-used-to-find-and-infect-pos-systems/ http://www.welivesecurity.com/2015/07/28/new-report-explains-gulf-security-experts-non-experts/

  • Defensive Security Podcast Episode 125

    Jul 27 2015

    http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/ http://www.mcafee.com/us/resources/reports/rp-aspen-holding-line-cyberthreats.pdf http://arstechnica.com/tech-policy/2015/07/obama-administration-decides-not-to-blame-china-publicly-for-opm-hack/ http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/

  • Defensive Security Podcast Episode 124

    Jul 19 2015

    http://arstechnica.com/tech-policy/2015/07/hacking-teams-surveillance-software-sold-to-kgb-successor/ http://arstechnica.com/security/2015/07/hackingteams-evil-android-app-had-code-to-bypass-google-play-screening/ http://www.scmagazine.com/ios-devices-dont-have-to-be-jailbroken-for-spyware-sold-by-hacking-team-to-be-installed/article/426137/ https://krebsonsecurity.com/2015/07/hacking-team-used-spammer-tricks-to-resurrect-spy-network/ http://www.scmagazine.com/fireeye-intern-morgan-culbertson-ar...more

  • Defensive Security Podcast Episode 123

    Jul 13 2015

    http://labs.bromium.com/2015/07/10/government-grade-malware-a-look-at-hackingteams-rat/ http://www.theregister.co.uk/2015/07/12/adobe_flash_zero_day_cve_2015_5122/ https://www.tenable.com/blog/lessons-to-learn-from-the-opm-breach http://arstechnica.com/tech-policy/2015/07/opm-director-resigns-after-news-that-hack-affected-21-5-million-people/ http://www.ffiec.gov/cyberassessmenttool.htm

  • Defensive Security Podcast Episode 122

    Jul 09 2015

    http://arstechnica.com/security/2015/07/massive-leak-reveals-hacking-teams-most-private-moments-in-messy-detail/ & http://www.csoonline.com/article/2945200/vulnerabilities/adobe-to-patch-flash-0-day-created-by-hacking-team.html http://securityaffairs.co/wordpress/38372/cyber-crime/kins-malware-builder-leaked.html https://threatpost.com/cyber-ul-could-become-reality-under-leadership-of-hacker-mudge/113538 http://www.federaltimes.com/story/government/omr/opm-cyber-report/2015/06/23/keypoint-u...more

  • Defensive Security Podcast Episode 121

    Jun 30 2015

    http://www.databreaches.net/fbi-cyber-division-bulletin-on-tools-reportedly-used-by-opm-hackers/ https://fortune.com/sony-hack-part-1/ http://www.csoonline.com/article/2938310/data-protection/lieberman-mandiant-and-verizon-wrong-on-unstoppable-threats.html http://www.itworld.com/article/2939255/windows/the-us-navys-warfare-systems-command-just-paid-millions-to-stay-on-windows-xp.html

  • Defensive Security Podcast Episode 120

    Jun 23 2015

    http://www.bankinfosecurity.com/blogs/did-fisma-facilitate-opm-hack-p-1879/op-1 http://www.csoonline.com/article/2936723/data-breach/user-error-is-an-expected-business-problem.html http://www.databreachtoday.com/blogs/post-malware-outbreak-rip-replace-p-1877 http://www.csoonline.com/article/2936615/data-breach/6-breaches-lessons-reminders-and-potential-ways-to-prevent-them.html http://www.nytimes.com/2015/06/17/sports/baseball/st-louis-cardinals-hack-astros-fbi.html

  • Defensive Security Podcast Episode 119

    Jun 15 2015

    http://www.theregister.co.uk/2015/05/28/cottage_healthcare_system_sued/ http://arstechnica.com/security/2015/06/report-hack-of-government-employee-records-discovered-by-product-demo/ http://www.reddit.com/r/netsec/comments/36obxt/what_i_know_about_us_export_controls_and_hacking/ http://www.bis.doc.gov/index.php/policy-guidance/faqs http://www.wired.com/2015/06/kaspersky-finds-new-nation-state-attack-network/

  • Defensive Security Podcast Episode 118

    May 27 2015

    http://www.symantec.com/connect/fr/blogs/check-your-sources-trojanized-open-source-ssh-software-used-steal-information https://nakedsecurity.sophos.com/2015/05/21/anatomy-of-a-logjam-another-tls-vulnerability-and-what-to-do-about-it/ http://krebsonsecurity.com/2015/05/carefirst-blue-cross-breach-hits-1-1m/ http://www.forbes.com/sites/thomasbrewster/2015/05/20/guns-bombs-hacking-cars-and-planes-dangerous-tweets-for-a-security-researcher/

  • Defensive Security Podcast Episode 117

    May 18 2015

    http://www.computerworld.com/article/2918406/cybercrime-hacking/cybercriminals-borrow-from-apt-playbook-in-attacking-pos-vendors.html http://www.welivesecurity.com/2015/05/12/5-practical-tips-avoid-ransomware-email/ http://www.zdnet.com/article/what-causes-enterprise-data-breaches-the-terrible-complexity-and-fragility-of-our-it-systems/ http://www.computing.co.uk/ctg/news/2408602/venom-security-vulnerability-allows-hackers-to-infiltrate-networks-via-the-cloud http://arstechnica.com/security/2015...more

  • Defensive Security Podcast Episode 116

    May 11 2015

    John’s book: http://www.amazon.com/Offensive-Countermeasures-Art-Active-Defense/dp/1491065966/ref=sr_1_1?ie=UTF8&qid=1431313328&sr=8-1&keywords=active+defense

  • Defensive Security Podcast Episode 115

    Apr 28 2015

    http://www.wsj.com/articles/five-simple-steps-to-protect-corporate-data-1429499477 http://www.politico.com/story/2015/04/sony-hackers-fake-emails-117200.html http://www.japantimes.co.jp/news/2015/04/21/national/tepcos-frugality-rapped-after-48000-pcs-found-running-windows-xp/ http://www.darkreading.com/attacks-breaches/zero-day-malvertising-attack-went-undetected-for-two-months/d/d-id/1320092 http://www.csoonline.com/article/2913884/access-control/credit-card-terminals-have-used-same-password-si...more

  • Defensive Security Podcast Episode 114

    Apr 20 2015

    http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report-2015_en_xg.pdf http://arstechnica.com/security/2015/04/researcher-who-joked-about-hacking-a-jet-plane-barred-from-united-flight/

  • Defensive Security Podcast Episode 113

    Apr 12 2015

    http://arstechnica.com/tech-policy/2015/04/police-chief-paying-the-bitcoin-ransom-was-the-last-resort/ http://www.computerworld.com/article/2907088/russian-hackers-accessed-white-house-email.html http://www.darkreading.com/endpoint/so-you-dont-believe-in-security-education-/a/d-id/1319793? – my post regarding this: https://www.maliciouslink.com/applying-science-to-cyber-security/ http://www.reuters.com/article/2015/04/07/us-cybersecurity-americas-idUSKBN0MY06Z20150407

  • Defensive Security Podcast Episode 112

    Apr 07 2015

     HTCIA conference: http://www.htciaconference.org http://www.databreachtoday.com/new-malware-attacks-prey-on-banks-a-8076 http://www.databreachtoday.com/cyber-attacks-target-energy-firms-a-8068/op-1 http://www.techworld.com/news/security/removing-admin-rights-would-ease-97-percent-of-critical-microsoft-flaws-3605895/  http://www.ffiec.gov/press/pr033015.htm http://www.csoonline.com/article/2905682/data-breach/employees-have-no-qualms-in-selling-corporate-passwords.html

  • Defensive Security Podcast Episode 111

    Mar 31 2015

    High Tech Crime Investigation Association Conference: http://www.htciaconference.org http://www.databreachtoday.com/pci-issues-penetration-test-guidance-a-8056 http://arstechnica.com/security/2015/03/github-battles-largest-ddos-in-sites-history-targeted-at-anti-censorship-tools/

  • Defensive Security Podcast Episode 110

    Mar 25 2015

    http://www.infoworld.com/article/2898658/security/premera-anthem-data-breaches-linked-by-similar-hacking-tactics.html http://www.theregister.co.uk/2015/03/23/premera_healthcare_hipaa/ http://arstechnica.com/security/2015/03/all-four-major-browsers-take-a-stomping-at-pwn2own-hacking-competition/ http://www.csoonline.com/article/2898128/disaster-recovery/godaddy-accounts-vulnerable-to-social-engineering-and-photoshop.html http://blog.norsecorp.com/2015/03/23/bitwhisper-breaching-air-gapped-systems...more

  • Defensive Security Podcast Episode 109

    Mar 18 2015

    http://www.firstcoastnews.com/story/news/local/2015/03/09/cyber-thieves-target-orange-park-bank/24682713/ https://blogs.mcafee.com/mcafee-labs/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events http://mobile.esecurityplanet.com/network-security/pci-compliance-still-a-challenge-verizon.html http://www.zdnet.com/article/feds-hot-on-the-trail-of-jpmorgan-hackers/ http://www.pnj.com/story/news/2015/03/16/sacred-heart-health-system-billing-information-hacked/2485...more

  • Defensive Security Podcast Episode 108

    Mar 10 2015

    http://arstechnica.com/security/2015/03/ubers-epic-db-blunder-is-hardly-an-exception-github-is-awash-in-passwords/ http://www.csoonline.com/article/2892417/security-awareness/5-steps-to-incorporate-threat-intelligence-into-your-security-awareness-program.html http://www.csoonline.com/article/2892327/malware-cybercrime/driveby-attack-relies-on-hacked-godaddy-accounts.html#tk.rss_all http://www.csoonline.com/article/2889850/security/insurance-firm-staysure-fined-175000-for-unbelievable-credit-card...more

  • Defensive Security Podcast Episode 107

    Mar 01 2015

    http://www.bloomberg.com/news/articles/2015-02-19/morgan-stanley-probe-said-to-examine-whether-adviser-got-hacked http://gizmodo.com/state-department-computer-systems-hit-by-hackers-1659549503/1686899463/+chris-mills http://www.theregister.co.uk/2015/02/25/gemalto_everythings_fine_security_industry_hang_on_a_minute/ https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf http://www.csoonline.com/article/2887930/network-security/how-better-log-monitoring-can-prevent-data-breaches.html

  • Defensive Security Podcast Episode 106

    Feb 16 2015

    http://training.pcisecuritystandards.org/pci-ssc-bulletin-on-impending-revisions-to-pci-dss-pa-dss-assessor http://www.theguardian.com/technology/2015/feb/05/company-loses-17m-in-email-scam http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html?_r=0 http://www.group-ib.com/files/Anunak_APT_against_financial_institutions.pdf http://arstechnica.com/security/2015/02/pwned-in-7-seconds-hackers-use-flash-and-ie-to-target-forbes-visitors/ http://www.csoonline.com/article/...more

  • Defensive Security Podcast Episode 105

    Feb 09 2015

    http://www.techworld.com/news/security/dating-site-topface-pays-hacker-who-stole-20-million-credentials-3596333/ http://www.securityweek.com/disconnected-security-increases-risk http://www.csoonline.com/article/2879444/data-breach/hack-to-cost-sony-35-million-in-it-repairs.html http://www.csoonline.com/article/2879655/malware-cybercrime/malicious-advertisements-on-major-sites-compromised-many-computers.html http://www.csoonline.com/article/2880095/cyber-attacks-espionage/crowdstrike-demonstrates...more

  • Defensive Security Podcast Episode 104

    Feb 01 2015

    http://www.scmagazine.com/travelers-accuses-web-firm-of-shoddy-practices/article/394588/ https://www.htbridge.com/blog/ransomweb_emerging_website_threat.html http://blogs.gartner.com/anton-chuvakin/2015/01/28/defeat-the-casual-attacker-first/ http://www.csoonline.com/article/2876310/security-leadership/7-ideas-for-security-leaders.html http://blog.erratasec.com/2015/01/some-notes-on-ghost.html

  • Defensive Security Podcast Episode 103

    Jan 26 2015

    http://www.abc.net.au/pm/content/2015/s4164603.htm http://breakingbits.net/2015/01/18/taking-over-godaddy-accounts-using-csrf/ http://recode.net/2015/01/20/heres-what-helped-sonys-hackers-break-in-zero-day-vulnerability/ http://www.darkreading.com/attacks-breaches/nsa-report-how-to-defend-against-destructive-malware/d/d-id/1318734 http://www.databreachtoday.com/court-rules-in-favor-breached-retailer-a-7822 http://www.csoonline.com/article/2872329/data-breach/6-biggest-business-security-risks-an...more

  • Defensive Security Podcast Episode 102

    Jan 19 2015

    http://www.darkreading.com/a-lot-of-security-purchases-remain-shelfware/d/d-id/1318648 http://arstechnica.com/information-technology/2015/01/google-drops-more-windows-0-days-somethings-gotta-give/ http://www.eweek.com/security/effective-computer-security-means-covering-all-your-bases.html http://krebsonsecurity.com/2015/01/park-n-fly-onestopparking-confirm-breaches/ http://www.databreachtoday.com/report-mercenaries-behind-apt-attacks-a-7806 http://www.zdnet.com/article/new-report-the-dhs-is-a-me...more

  • Defensive Security Podcast Episode 101

    Jan 15 2015

    http://www.wsj.com/articles/puzzle-forms-in-morgan-stanley-data-breach-1420590326 http://www.economist.com/news/leaders/21637390-states-should-police-corporate-cyber-security-more-toughlybut-react-breaches-cautiously-losing http://www.securityweek.com/google-discloses-new-unpatched-windows-81-privilege-escalation-flaw http://www.cultofmac.com/308478/confidential-apple-product-plans-quanta/ http://www.networkworld.com/article/2867565/microsoft-subnet/hackers-dump-over-30-000-confidential-client-e...more

  • Defensive Security Podcast Episode 100

    Jan 07 2015

     http://www.darkreading.com/attacks-breaches/long-running-cyberattacks-become-the-norm/d/d-id/1318392 http://www.hotforsecurity.com/blog/top-10-data-breaches-of-2014-lessons-learned-for-a-safer-2015-11101.html http://www.net-security.org/secworld.php?id=17784 http://m.healthcareitnews.com/news/phi-485k-swiped-usps-data-breach http://www.databreachtoday.com/breach-prevention-5-lessons-learned-a-7757/op-1 http://www.securityweek.com/morgan-stanley-fires-employee-stealing-client-data

  • Defensive Security Podcast Episode 99

    Dec 30 2014

    https://securityledger.com/2014/12/new-clues-in-sony-hack-point-to-insiders-away-from-dprk/http://www.databreachtoday.com/blogs/6-sony-breach-lessons-we-must-learn-p-1786 http://www.theregister.co.uk/2014/12/26/isc_org_hacked/ http://www.darkreading.com/attackers-leverage-it-tools-as-cover-/d/d-id/1318365 http://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/ https://www.maliciouslink.com/jpmc-is-getting-off-easy/

  • Defensive Security Podcast Episode 98

    Dec 23 2014

    http://www.bizjournals.com/atlanta/news/2014/12/19/home-depot-data-breach-forces-community-banks-to.html?ana=twt http://www.itworld.com/article/2861675/cyberattack-on-german-steel-factory-causes-massive-damage.html http://www.csoonline.com/article/2860737/social-engineering/icann-targeted-by-spear-phishing-attack-several-systems-impacted.html#tk.rss_all http://gizmodo.com/sony-execs-knew-about-extensive-it-flaws-two-months-bef-1670203774 http://for.tn/1x7xPTe

  • Defensive Security Podcast Episode 97

    Dec 19 2014

  • Defensive Security Podcast Episode 96

    Dec 09 2014

    http://www.cio.com/article/2439324/risk-management/your-guide-to-good-enough-compliance.html https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/ http://recode.net/2014/12/07/sony-describes-hack-attack-as-unprecedented/ http://www.theregister.co.uk/2014/12/08/kaspersky_deets_on_sony_malware/ http://securelist.com/blog/research/67985/destover/ https://www.bluecoat.com/security-blog/2014-12-04/custom-sony-malware-indicates-previous-knowledge

  • Defensive Security Podcast Episode 95

    Dec 04 2014

    http://www.welivesecurity.com/2014/11/25/craigslist-redirected-prank-site-via-dns-hijack/ https://nakedsecurity.sophos.com/2014/11/28/syrian-electronic-army-returns-with-thanksgiving-press-hack/ http://www.theregister.co.uk/2014/12/02/us_parking_garage_breach/ http://arstechnica.com/security/2014/12/critical-networks-in-us-15-nations-completely-owned-by-iran-backed-hackers/ http://www.wired.com/2014/12/sony-hack-what-we-know/

  • Defensive Security Podcast Episode 94

    Nov 25 2014

    http://rt.com/usa/206663-detroit-bitcoin-ransom-database/ http://www.databreachtoday.com/fdic-what-to-expect-in-new-guidance-a-7596/op-1 http://blog.cobaltstrike.com/2014/11/12/adversary-simulation-becomes-a-thing/ http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance

  • Defensive Security Podcast Episode 93

    Nov 18 2014

    http://www.securityweek.com/postal-service-suspends-telecommuting-vpn-access-breach-investigation-continues http://www.browserstack.com/attack-and-downtime-on-9-November http://www.techweekeurope.co.uk/security/hotel-wifi-hacked-executives-kaspersky-155165 http://www.washingtonpost.com/world/national-security/state-department-shuts-down-its-e-mail-system-amid-concerns-about-hacking/2014/11/16/92cf0722-4815-41ca-b602-9bfe8ecdb256_story.html  http://www.securityweek.com/security-operations-what...more

  • Defensive Security Podcast Episode 92

    Nov 11 2014

    http://www.securityweek.com/nc-dermatology-center-discovers-hacked-server-two-years-after-attack http://krebsonsecurity.com/2014/11/home-depot-hackers-stole-53m-email-addreses/ http://www.csoonline.com/article/2842532/data-breach/6-things-we-learned-from-this-years-security-breaches.html http://www.net-security.org/article.php?id=2156

  • Defensive Security Podcast Episode 91

    Nov 04 2014

    http://news.yahoo.com/j-p-morgan-found-hackers-breach-corporate-event-010203954–sector.html http://www.scmagazine.com/research-helps-companies-determine-if-theyve-suffered-data-leaks/article/380063/ http://www.darkreading.com/attacks-breaches/drupal-attacks-started-within-hours-of-patch-release/d/d-id/1317145 http://www.bankinfosecurity.com/home-depot-breach-cost-cus-60-million-a-7504/op-1 http://www.bankinfosecurity.com/phishing-attack-leads-to-bank-breach-a-7502

  • Defensive Security Podcast Episode 90

    Oct 28 2014

    http://www.darkreading.com/operations/10-things-it-probably-doesnt-know-about-cyber-insurance/d/d-id/1316862 http://www.csoonline.com/article/2838025/data-protection/disaster-as-cryptowall-encrypts-us-firms-entire-server-installation.html#tk.rss_all http://www.csoonline.com/article/2836568/data-breach/fraudulent-activity-is-first-hint-of-a-staples-data-breach.html#tk.rss_all http://www.csoonline.com/article/2836843/data-breach/pci-compliance-under-scrutiny-following-big-data-breaches.html#tk.rs...more

  • Defensive Security Podcast Episode 89

    Oct 21 2014

    http://www.healthcareitnews.com/news/hipaa-breach-letters-go-out-after-email-hack https://blog.gdatasoftware.com/blog/article/new-frameworkpos-variant-exfiltrates-data-via-dns-requests.html http://www.zdnet.com/average-company-now-attacked-every-four-days-with-no-end-to-the-cybercrime-wave-in-sight-7000034755/ http://arstechnica.com/security/2014/10/ghost-in-the-bourne-again-shell-fallout-of-shellshock-far-from-over/ http://www.databreachtoday.com/defending-against-government-intrusions-a-7452

  • Defensive Security Podcast Episode 88

    Oct 16 2014

    https://www.imperialviolet.org/2014/10/14/poodle.html http://www.cnbc.com/id/102070655 https://www.nsslabs.com/blog/all%E2%80%99s-well-ends-well http://www.csoonline.com/article/2692415/data-protection/an-inside-look-at-russian-cybercriminals.html#tk.rss_all http://krebsonsecurity.com/2014/10/signed-malware-is-expensive-oops-for-hp/ http://krebsonsecurity.com/2014/10/dairy-queen-confirms-breach-at-395-stores/ http://krebsonsecurity.com/2014/10/malware-based-credit-card-breach-at-kmart/#comments

  • Defensive Security Podcast Episode 87

    Oct 08 2014

    Derbycon Videos: http://www.irongeek.com/i.php?page=videos/derbycon4/mainlist http://www.tripwire.com/state-of-security/top-security-stories/att-discovers-second-insider-breach-this-year/ http://www.zdnet.com/yahoo-confirms-servers-infected-but-not-by-shellshock-7000034411/ http://www.futuresouth.us/wordpress/?p=32 http://www.theregister.co.uk/2014/10/05/report_says_russians_behind_jpmorgan_chase_cyber_attack/ http://nakedsecurity.sophos.com/2014/10/06/badusb-now-with-do-it-yourself-instructions...more

  • Defensive Security Podcast Episode 86

    Sep 30 2014

    http://www.zdnet.com/shellshock-makes-heartbleed-look-insignificant-7000034143/ https://www.maliciouslink.com/post-traumatic-vulnerability-disorder/

  • Defensive Security Podcast Episode 85

    Sep 24 2014

    http://arstechnica.com/tech-policy/2014/09/senior-it-worker-at-top-tech-law-firm-arrested-for-insider-trading/ http://www.finextra.com/news/fullstory.aspx?newsitemid=26446 http://arstechnica.com/security/2014/09/home-depots-former-security-architect-had-history-of-techno-sabotage/ http://www.nytimes.com/2014/09/20/business/ex-employees-say-home-depot-left-data-vulnerable.html http://online.wsj.com/articles/fraudulent-transactions-surface-in-wake-of-home-depot-breach-1411506081 http://risky.biz...more

  • Defensive Security Podcast Episode 84

    Sep 16 2014

    http://www.businessweek.com/articles/2014-09-11/home-depot-hack-malware-points-to-different-hackers-than-targets http://www.csoonline.com/article/2605857/security-awareness/successful-security-awareness-programs-hold-employees-hands-to-the-fire-in.html http://www.networkworld.com/article/2604411/security0/ernst-and-young-accused-by-canadian-used-computer-dealer-of-data-breach.html http://www.cyber-security-blog.com/2013/08/Responding-to-a-Domain-Admin-Account-Compromise-Bootstrapping-Trust-A-Bil...more

  • Defensive Security Podcast Episode 83

    Sep 09 2014

    [1] http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/ [2a] http://nakedsecurity.sophos.com/2014/04/18/pci-dss-whats-new-in-v3-0/ [2b] https://www.pcisecuritystandards.org/documents/DSS_and_PA-DSS_Change_Highlights.pdf [3] http://news.techworld.com/security/3543504/phishing-emails-fool-most-employees-but-is-this-their-problem-or-emails/ [4] https://www.nccgroup.com/en/blog/2014/09/phishing-all-you-need-is-one/ [5] http://hackerhurricane.blogspot.com/2014/09/infosec-indu...more

  • Defensive Security Podcast Episode 82

    Sep 05 2014

    http://www.databreachtoday.com/buying-cyber-insurance-5-tips-a-7250 http://www.csoonline.com/article/2600212/data-protection/why-russian-hackers-are-beating-us.html http://www.aorato.com/labs/report/untold-story-target-attack-step-step/ http://www.csoonline.com/article/2599257/network-security/security-council-blames-breaches-on-poor-pci-standard-support.html#tk.rss_all

  • Defensive Security Podcast Episode 81

    Aug 27 2014

      http://www.csoonline.com/article/2466084/data-protection/community-health-systems-blames-china-for-recent-data-breach.html http://www.csoonline.com/article/2466726/data-protection/heartbleed-to-blame-for-community-health-systems-breach.html http://www.csoonline.com/article/2597389/data-protection/more-problems-emerge-on-the-community-health-systems-network.html http://www.securityweek.com/secret-service-over-1000-business-infected-backoff-point-sale-malware http://nakedsecurity.sophos.com...more

  • Defensive Security Podcast Episode 80

    Aug 19 2014

    [1] Recovering from a hacked website [2] Albertson’s and Supervalu hacked [3] VNC everywhere!!!! [4] HTTPS as a solution to network injection appliances [5] Tennessee company sues its bank to recover stolen money [6] 7 places to check for signs of a targeted attack in your network =================== [1] http://blog.soundidea.co.za/articles/Your_websites_been_hacked_now_what-378.html [2] http://money.cnn.com/2014/08/15/technology/security/albertsons-supervalu-hack/index.html [3] http://www...more

  • Defensive Security Podcast Episode 79

    Aug 12 2014

    [1] Cisco’s mid-year report [2] Poorly trained IT workers pose a risk to organizations [3] Cyber security should be professionalized [4] How hackers are using Google to steal data’ [5] PCI creates a check-box mentality [6] Gamma’s ownage detailed on pastebin [7] 1.2 Billion passwords, Russians and controversy Web Site | Subscribe in iTunes | Podcast RSS Feed | Twitter | Email [1] https://blogs.cisco.com/security/cisco-2014-midyear-security-report-exposing-weak-links-to-strength...more

  • Defensive Security Podcast Episode 78

    Aug 05 2014

    Web Site | Subscribe in iTunes | Podcast RSS Feed | Twitter | Email [1] Researchers to demonstrate attacks by reprogramming firmware of commodity USB devices [2] Survey find that enterprises are not paying attention to 3rd party risks, despite recent headlines [3] Ransomware attack failed thanks to security awareness training [4] Stubhub defrauded out of $1.6M using stolen passwords of its users [5] Maricopa County fires IT manager in the wake of a data breach that the IT manager apparently warn...more

  • Defensive Security Podcast Episode 77

    Jul 22 2014

    Russians steal the NASDAQ; Importance of AV in incident response; Report finds poor security communication between staff and executives; Microsoft recommends reusing weak passwords; Government malware found being used by criminals; Don’t use security as an excuse to resist the cloud. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.businessweek.com/printer/articles/213544-how-russian-hackers-stole-the-nasdaq http://www.bankinfosecurity.com/nasdaq-hack-attribution-questio...more

  • Defensive Security Podcast Episode 76

    Jul 17 2014

    A question from Bob on Active Directory; 67 percent of critical infrastructure providers were breached last year; Malware coming from shipping scanners; It’s the end of the road for Windows Server 2003; Details emerge on the Boeing hack; Testing your APT response plan; Revamping your insider threat program; Beware of computers in hotel business centers. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.esecurityplanet.com/network-security/67-percent-of-critical-infrastruc...more

  • Defensive Security Podcast Episode 75

    Jul 08 2014

    SEC investigating breached companies; How companies can rebuild trust after a security breach; Preparing your company for a ransom attack; BAE retracts the story on hedge fund hack; Hackers compromising businesses via 3rd parties and remote access. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.sfgate.com/business/article/Hacked-companies-face-SEC-scrutiny-over-5596541.php http://www.forbes.com/sites/katevinton/2014/07/01/how-companies-can-rebuild-trust-after-a-security-brea...more

  • Defensive Security Podcast Episode 74

    Jul 01 2014

    Advice from Bob; Airport breaches and the apparently misguided priorities of security pros; Hospitals are leaking data; Attackers hack legitimate downloads to deliver industrial control malware; Listener mail. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.csoonline.com/article/2378585/data-protection/airport-breach-a-sign-for-it-industry-to-think-security-not-money.html http://www.wired.com/2014/06/hospital-networks-leaking-data/ http://arstechnica.com/security/2014/06/atta...more

  • Defensive Security Podcast Episode 73

    Jun 25 2014

    Advice from Bob; Acoustical covert communication channel; Researchers recreate some NSA spy tools based on catalog descriptions; Why cyber insurance is such a mess; Code Spaces hacked out of business; Reuters defaced by the Syrian Electronic Army; Aviva hacked by Heartbleed bug, or was it? Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.tripwire.com/state-of-security/top-security-stories/covert-acoustical-mesh-networks-present-new-attack-vector/ http://www.theregister.co.uk/2...more

  • Defensive Security Podcast Episode 72

    Jun 18 2014

    New Logo!; Dominos has 600k records stolen and held for ransome; Undisclosed number of customer records are stolen from ATT by employees of a vendor; PF Changs confirms credit card breach; Stratfor forensic report leaks; Feedly hit by DDOS attack, doesn’t pay ransom and gets it again; Inland Empire Colleges emails 35000 records to the wrong address; Class action suit filed against payroll company following data breach; 9 rules to follow after you’ve suffered a data breach; You should...more

  • Defensive Security Podcast Episode 71

    Jun 11 2014

    Advice from Bob; SEC asks public companies to disclose more breaches; 230k IPMI devices found in Internet scan; PF Changs may have been hacked; Building network security to fail; 5 lessons from companies that get security right; Advice in responding to Anonymous threats; Bank of England announces assessment framework; Target shoppers don’t seem to be fazed by breach; Target board is under fire; Truecrypt may be coming back. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://ww...more

  • Defensive Security Podcast Episode 70

    Jun 04 2014

    Privileged user security; FTC holding companies to a mysterious security standard; Information overload; business users bypass IT and go straight to the cloud. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.trustedcs.com/resources/whitepapers/Ponemon-RaytheonPrivilegedUserAbuseResearchReport.pdf http://www.computing.co.uk/ctg/news/2345362/businesses-risk-data-breaches-due-to-confusion-over-privileged-user-information-security http://www.networkworld.com/news/2014/053014-comp...more

  • Defensive Security Podcast Episode 69

    May 30 2014

    Advice from Bob on the importance of an accurate inventory; TrueCrypt meets an unfortunate end; Weak passwords are responsible for the initial intrusion in 31% of breaches; 71% of exploits used Java; 59% of malicious email used an attachment, 41% used a link; NTT’s Global Threat Intelligence Report finds that most incidents are the result of failing to take basic precautions; DHS reports about a public utility compromised by a brute force attack; There is an apparent discrepancy between th...more

  • Defensive Security Podcast Episode 68

    May 21 2014

    Advice from Bob; How China’s army hacked America; Emory University has an SCCM meltdown; Bored executives pull infosec funding; How to avoid a big data security breach; US industry not taking industrial security seriously; Employees stealing data on their way out the door. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://arstechnica.com/tech-policy/2014/05/how-chinas-army-hacked-american-companies/ http://www.infosecnews.org/emory-university-windows-network-wiped-out-blame-e...more

  • Defensive Security Podcast Episode 67

    May 14 2014

    Doctor finds out the hard way that Google likes to index stuff; What’s old is new again – the current focus on improving detection is not new; Microsoft’s Security Incident Response Report and the malware explosion; Security vs. compliance. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.computerworld.com/s/article/9248205/IT_malpractice_Doc_operates_on_server_costs_hospitals_4.8M http://www.brookings.edu/~/media/research/files/papers/2014/05/07%20strategy%2...more

  • Defensive Security Podcast Episode 66

    May 07 2014

    Advice from Bob; We have entered the post AV world; Target reboots it’s CEO; Microsoft backs down and patches IE 0day for XP; How to communicate to users in situations like the IE 0day; Results from a survey of executives on data protection; Australian real estate company has bank account hacked, advice is to stop using Internet email and Facebook on business computers; A report on Non-advanced Persistent Threats Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://online.wsj.co...more

  • Defensive Security Podcast Episode 65

    Apr 30 2014

    Cisco’s annual security report for 2014; the Verizon Data Breach Investigations Report; 7 deadly cyber risks from Zurich Insurance; Alien Vault  urges opening up threat  intelligence; Stanford’s new password policy; New social engineering alert from Trusted Sec; New Internet Explorer 0day Subscribe in iTunes | Podcast RSS Feed | Twitter | Email https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf http://www.verizonenterprise.com/DBIR/2014/reports/rp_Verizon-DBIR-2014_en_...more

  • Defensive Security Podcast Episode 64

    Apr 22 2014

    Some advice from Bob, arrest made in the heartbleed attack on the Canadian Revenue Agency; Heartbleed used to bypass 2 factor controls,;Mandiant’s 2014 M-Trends report; The economics of security controls; 3 million credit cards stolen from Michaels and Aaron’s stores; Hardward company Lacie has a year long data breach. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.theregister.co.uk/2014/04/16/mounties_get_their_man_canadian_heartbleed_hacker_nabbed https://www.m...more

  • Defensive Security Podcast Episode 63

    Apr 16 2014

    Heartbleed! Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://arstechnica.com/security/2014/04/heartbleed-bug-exploited-to-steal-taxpayer-data/ http://arstechnica.com/security/2014/04/private-crypto-keys-are-accessible-to-heartbleed-hackers-new-data-shows http://www.vox.com/2014/4/12/5601828/we-massively-underinvest-in-internet-security

  • Defensive Security Podcast Episode 62

    Apr 08 2014

    Cyber criminals operate on a budget too; 7 things you didn’t know cyber insurance covered; Security hype; Billions spent on cyber security with not a lot to show for it; Banks abandon lawsuit against Target and Trustwave; CIOs don’t know what advanced evasion techniques are; 5 tips for improving incident response. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.darkreading.com/vulnerabilities—threats/cyber-criminals-operate-on-a-budget-too/d/d-id/1141650 htt...more

  • Defensive Security Podcast Episode 61

    Apr 01 2014

    Big announcement inside! Stories covered: http://www.mercurynews.com/business/ci_25369262/jesse-jackson-take-techs-lack-diversity https://securosis.com/blog/jennifer-minella-is-now-a-contributing-analyst http://seclists.org/dailydave/2014/q1/74 http://www.hollywoodreporter.com/news/man-who-exposed-target-security-689782 http://www.cnet.com/news/symantec-fires-ceo-steve-bennett/  

  • Defensive Security Podcast Episode 60

    Mar 26 2014

    Advice from Bob; The problems with qualitative risk assessments; Defending like an attacker; Secunia’s vulnerability review;  Watching for data breaches by looking for anomalies; The NSA targets sysadmins, expect criminals to follow suit; Insurers are finding energy firms controls are not up to snuff; 4 lessons CIOs can learn from the Target breach; A court approved a damages settlement for victims of a data breach who did not suffer any damages; Trustwave, Target’s QSA, gets sued as...more

  • Defensive Security Podcast Episode 59

    Mar 18 2014

    Advice for the criminals from Bob; Pwn2Own results are in; Target ignored it’s FireEye alerts; Integrating threat intelligence into your operations; The problem with threat intelligence; Advanced endpoint protection advice; Workers are apathetic about lost mobile devices and company data; Lessons to learn from the hack of some Navy servers; How the Syrian Electronic Army compromised Forbes; a discussion about what to do when you see criminal activity. Subscribe in iTunes | Podcast RSS Feed...more

  • Defensive Security Podcast Episode 58

    Mar 11 2014

    Some security advice from Bob; Target’s CIO resigns, should the QSA bear some responsibility? Rogue ads overtake porn as top source for mobile malware; Five things to know about malware before driving it out; Why you need to segment your network; SecurePay in denial about breach; Sally Beauty apparently breached. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.networkworld.com/research/2014/030514-cio-not-the-only-one-279445.html http://www.csoonline.com/article/749298/...more

  • Defensive Security Podcast Episode 57

    Mar 04 2014

    Security recommendations from Bob; Meetup.com rides out a DDOS attack rather than pay a ransom; How to test the security savvy of your employees; Why companies need to think about this insider threat; 6 lessons learned from advanced attacks; How IT can establish better cloud control; Council on Cyber Security releases version 5 of critical security controls. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://meetupblog.meetup.com/post/78413031007/no-doubt-this-has-been-a-tough-weeke...more

  • Defensive Security Podcast Episode 56

    Feb 25 2014

    Tip from Bob; US Cyber Security Framework; Challenges with deploying insecure technology; Target vendor compromised through email and some discussions on vendor risks;  Healthcare organizations are UNDER SIEGE by cyber attacks; The DSD’s ranking of security controls; 6 tips to combat APT; The importance of not running with administrator rights; Neiman Marcus breach details begin to emerge, 60,000 events went uninvestigated. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://ww...more

  • Defensive Security Podcast Episode 55

    Feb 19 2014

    A small bit of advice from Bob; A lengthy discussion on communicating risk to management. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Risk Science Podcast: http://riskscience.net/

  • Defensive Security Podcast Episode 54

    Feb 12 2014

    More advice from Bob; Verizon’s report on PCI compliance; Target hacked through HVAC contractor; Reporting fail on hacking the Winter Olympics;  Optimizing the use of security budgets in larger organizations. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Verizon PCI report: http://www.verizonenterprise.com/resources/reports/rp_pci-report-2014_en_xg.pdf http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ http://www.infoworld.com/d/security/target-attack-s...more

  • Defensive Security Podcast Episode 53

    Feb 04 2014

    More advice from Bob; Follow up on Coke’s lost laptops; Honey Encryption to frustrate attackers; What the Target breach shows us about vendor risk; Managing the response to a data breach; More POS malware, this time with TOR goodness. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://blogs.csoonline.com/security-leadership/2957/interesting-finding-coke-data-breach-and-why-you-need-prevent-it-happening-you http://www.technologyreview.com/news/523746/honey-encryption-will-bambo...more

  • Defensive Security Podcast Episode 52

    Jan 30 2014

    Coke loses 55 laptops and 56000 records over 7 years; Private cyber espionage network in India; Review of the Shell_Crew hack using Adobe Cold Fusion exploit; Should we punish employees who fall for phishing emails?; Assuming your network has been hacked; more details on the Target breach are emerging. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.networkworld.com/news/2014/012814-coca-cola-suffers-data-breach-after-278154.html http://www.computerweekly.com/news/2240184448...more

  • Defensive Security Podcast Episode 51

    Jan 22 2014

    Bob’s wisdom for the week;  Learning from the Target breach; Question: given the massive Target breach, the Neiman Marcus breach and rumors of 6 other significant retailers being breached, assuming Target and others were complying with PCI rules, what will be the PCI council’s response?  AWS & GoDaddy hosting malware. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Why we don’t rely on AV: https://securosis.com/blog/a-very-telling-antivirus-metric Target: 1. http:/...more

  • Defensive Security Podcast Episode 50

    Jan 14 2014

    Advice from Bob; the Threat of Powerlocker, a new variant of ransomware; Senior managers are bad at security; More details emerge about the Target breach; and Jerry’s rant about the PTV situation. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.informationweek.com/security/attacks-and-breaches/beware-powerlocker-ransomware/d/d-id/1113344 http://www.csoonline.com/article/745703/senior-managers-fumble-security-much-more-often-than-rank-and-file http://www.csoonline.com/ar...more

  • Defensive Security Podcast Episode 49

    Jan 07 2014

    More wisdom from Bob; Yahoo’s ad network delivers the magnitude exploit kit; OpenSSL site defaced by way of the hypervisor; How a 4 year long HIPAA breach highlights the need for activity monitoring; Credit Union files lawsuit against Target, seems to lack some facts; US CERT issues advisory on POS malware; 7 dodgy tips for protecting your organization from data breaches and why this security stuff is hard; A political rant on the state of security. Subscribe in iTunes | Podcast RSS Feed |...more

  • Defensive Security Podcast Episode 48

    Dec 31 2013

    More advice from Bob; The Target breach; Hacking hard drive controllers; NSA shenanigans; Compromised BBC server for sale; 2014 predictions. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://blog.cryptographyengineering.com/2013/12/can-hackers-decrypt-targets-pin-data.html http://spritesmods.com/?art=hddhack http://www.spiegel.de/international/world/nsa-secret-toolbox-ant-unit-offers-spy-gadgets-for-every-need-a-941006.html http://www.dailymail.co.uk/news/article-2531062/BBC-takes-...more

  • Defensive Security Podcast Episode 47

    Dec 17 2013

    More advice from Bob; Chinese spear phish diplomats with Mrs Bruni-Sarkozy’s nude pictures; Network segmentation could have mitigated phishing attacks on governments; Krebs find organizations having systems with open RDP connections rented out; Generation Y employees have a dubious view on security; 61% of web traffic is automated; 5 recommendations on improving the security situation; Some great incident response documents from Society Generale; More ideas on cleaning up family’s co...more

  • Defensive Security Podcast Episode 46

    Dec 11 2013

    More security thoughts from Bob; A paper on thwarting targeted email attacks from Japan; Security recommendations for SMB’s from Sophos; An update on Badbios; How to handle our parent’s infected home computers over the holidays. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Guide on preventing targeted email attacks and one on preventing apt: http://www.ipa.go.jp/security/english/newattack_en.html SMB’s putting themselves at risk: http://www.networkworld.com/news/201...more

  • Defensive Security Podcast Episode 45

    Dec 03 2013

    99% of Indian programmers lack secure coding skills; Gartner’s 5 styles of defending against advanced threats; Malware: the war without end; a discussion on the value of penetration testing. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://m.infoworld.com/d/security/malware-war-without-end-231654 http://www.networkworld.com/news/2013/103013-gartner-defense-attacks-275438.html

  • Defensive Security Podcast Episode 44

    Nov 25 2013

    Another tip from Bob; Anonymous blamed for stealing US Department of Health and Human Services Data; Cupid Media loses 42M unencrypted passwords in a breach they apparently did not disclose; Looking at a Ponemon study about views of IT security staff; Botnet take downs might be more marketing than helpful; New malware uses I2P for C&C; A longer than expected discussion on Stuxnet. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Anonymous government hacks: http://www.reuters.com/arti...more

  • Defensive Security Podcast Episode 43

    Nov 19 2013

    More advice from Bob; PCI 3 is here; Stats from a survey of malware analysts; A report from EastWest on measuring the Cyber Security Problem; The benefits of a GRC program; and we talk about web defacements. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email PCI 3: http://www.bankinfosecurity.com/critiquing-new-version-pci-dss-a-6208 Study of malware analysts, highlighting that it’s apparently common to not disclose breaches: http://www.threattracksecurity.com/documents/malware-analy...more

  • Defensive Security Podcast Episode 42

    Nov 12 2013

    Bob drops some more advice on malware; More details emerge about the Adobe password breach and it isn’t pretty; Long live the security perimeter; Snowden highlights the importance of not sharing passwords, and the downside to when it happens; A new 0day impacting Internet Explorer is making the rounds; And part 2 of our talk on advanced malware. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-si...more

  • Defensive Security Podcast Episode 41

    Nov 05 2013

    New trojan looking for SAP installations, possibly a harbinger of things to come; Turns out Adobe used symmetric encryption to store the 130M passwords that were stolen; A dicey list of suggestions on how not to be the guy that gets your company owned; The results of the 2013 social engineering capture the flag are not pretty; Some security researchers completely compromise a government agency with a fake Facebook profile of an attractive lady; and all sorts of craziness about #badbios. Subscrib...more

  • Defensive Security Podcast Episode 40

    Oct 29 2013

    Federal employees circumventing onerous security controls resulting in breaches;  Cryptolocker is scary stuff; PHP.net hacked, and the response; DDOS attacks getting much larger, but lasting less time; Our discussion on advanced malware. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.networkworld.com/news/2013/101713-federal-security-breaches-traced-to-274944.html http://www.securelist.com/en/blog/208214109/Cryptolocker_Wants_Your_Money http://bartblaze.blogspot.com/2013/10/...more

  • Defensive Security Podcast Episode 39

    Oct 22 2013

    Hackers hide drugs coming through Belgium port by repeatedly hacking port computer systems; Aligning security with business priorities and other sage advice; how [not] to respond to a malware incident; on the security of jump boxes; reminder about security risks to small businesses; defining metrics for an incident response organization. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.csoonline.com/article/741530/security-spending-continues-to-run-a-step-behind-the-threats?pa...more

  • Defensive Security Podcast Episode 38

    Oct 15 2013

    Study on personality traits and susceptibility to phishing; Android is apparently more secure than iOS; Don’t forget to factor malicious BHO’s into your plans; Don’t forget to factor malicious BHO’s into your plans; More registrar attacks; Insider threats are number 1; Defending against watering hole attacks. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

  • Defensive Security Podcast Episode 37

    Oct 09 2013

    The depressingly small impact from the arrest of the black hole exploit kit author; detecting malware embedded in hardware; altering CPUs during manufacturing to  weaken random number generation; investigation into major identity theft operation results in discovery that data brokers were infected and that Adobe’s source code and 2.9M user IDs were stolen; recapping Derbycon 3. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Depressing impact from the arrest of the black hole ex...more

  • Defensive Security Podcast Episode 36

    Sep 23 2013

    How to change your SSN; How Snowden was able to access and steal the documents; Liberty Mutual sues Schucks grocery store over cyber breach insurance policy; Barclays and Santander banks hit with physical IT attacks; password security   Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Changing a social security number in the US: http://ssa-custhelp.ssa.gov/app/answers/detail/a_id/79/~/request-for-a-different-social-security-number Follow up on how Snowden stole the documents: http:/...more