All posts by jb

Defensive Security Podcast Episode 70

Privileged user security; FTC holding companies to a mysterious security standard; Information overload; business users bypass IT and go straight to the cloud.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.trustedcs.com/resources/whitepapers/Ponemon-RaytheonPrivilegedUserAbuseResearchReport.pdf
http://www.computing.co.uk/ctg/news/2345362/businesses-risk-data-breaches-due-to-confusion-over-privileged-user-information-security
http://www.networkworld.com/news/2014/053014-companies-should-already-know-how-282091.html
http://www.networkworld.com/research/2014/052914-information-overload-finding-signals-in-282019.html
http://www.networkworld.com/news/2014/052714-business-users-bypass-it-and-281911.html

Defensive Security Podcast Episode 69

Advice from Bob on the importance of an accurate inventory; TrueCrypt meets an unfortunate end; Weak passwords are responsible for the initial intrusion in 31% of breaches; 71% of exploits used Java; 59% of malicious email used an attachment, 41% used a link; NTT’s Global Threat Intelligence Report finds that most incidents are the result of failing to take basic precautions; DHS reports about a public utility compromised by a brute force attack; There is an apparent discrepancy between the severity of the breaches detailed in the recent  DOJ indictment of alleged Chinese hackers and the way that the breached companies categorize was was stolen, and whether that loss needed to be reported to share holders.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://arstechnica.com/security/2014/05/bombshell-truecrypt-advisory-backdoor-hack-hoax-none-of-the-above/
http://blog.itgovernance.co.uk/weak-passwords-responsible-for-31-of-cyber-attacks/

http://www.techcentral.co.za/surge-in-security-breaches-report/48374/
http://t.esecurityplanet.com/esecurityplanet/#!/entry/lowes-acknowledges-third-party-data-breach,5383580a025312186c0cf074
http://www.myce.com/news/only-51-of-anti-virus-scanners-detect-zero-day-malware-71652/
http://www.itproportal.com/2014/05/26/stop-the-blame-game-report-reveals-the-secrets-to-business-it-security/
http://news.techworld.com/security/3520791/public-utility-compromised-after-brute-force-attack-dhs-says/
http://mobile.bloomberg.com/news/2014-05-21/u-s-companies-hacked-by-chinese-didn-t-tell-investors.html

Defensive Security Podcast Episode 68

Advice from Bob; How China’s army hacked America; Emory University has an SCCM meltdown; Bored executives pull infosec funding; How to avoid a big data security breach; US industry not taking industrial security seriously; Employees stealing data on their way out the door.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://arstechnica.com/tech-policy/2014/05/how-chinas-army-hacked-american-companies/
http://www.infosecnews.org/emory-university-windows-network-wiped-out-blame-emps-cyberwar-squirrels-try-accidental-reformat/
http://www.theregister.co.uk/2014/05/15/aisa_finding_infosec_bores_board_execs/
http://www.computerworld.com.au/article/545450/how_avoid_big_data_security_breachhttp://www.reuters.com/article/2014/05/16/us-cyber-summit-infrastructure-idUSBREA4F0OK20140516

http://www.itpro.co.uk/data-loss-prevention/22273/employees-steal-data-to-make-good-impression-in-a-new-job

Defensive Security Podcast Episode 67

Doctor finds out the hard way that Google likes to index stuff; What’s old is new again – the current focus on improving detection is not new; Microsoft’s Security Incident Response Report and the malware explosion; Security vs. compliance.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.computerworld.com/s/article/9248205/IT_malpractice_Doc_operates_on_server_costs_hospitals_4.8M
http://www.brookings.edu/~/media/research/files/papers/2014/05/07%20strategy%20not%20speed%20digital%20defenders%20early%20cybersecurity%20thinkers%20bejtlich/voices%20from%20the%20cyber%20past%20final
http://www.zdnet.com/microsoft-report-downloaded-malware-exploded-in-late-2013-7000029131/#ftag=RSS4d2198e

Defensive Security Podcast Episode 66

Advice from Bob; We have entered the post AV world; Target reboots it’s CEO; Microsoft backs down and patches IE 0day for XP; How to communicate to users in situations like the IE 0day; Results from a survey of executives on data protection; Australian real estate company has bank account hacked, advice is to stop using Internet email and Facebook on business computers; A report on Non-advanced Persistent Threats

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://online.wsj.com/news/article_email/SB10001424052702303417104579542140235850578-lMyQjAxMTA0MDAwNTEwNDUyWj
http://consumerist.com/2014/05/05/target-ceo-clocks-out-in-wake-of-data-breach/
http://blogs.technet.com/b/msrc/archive/2014/05/01/out-of-band-release-to-address-microsoft-security-advisory-2963983.aspx
http://m.slashdot.org/story/201515
http://www.networkworld.com/news/2014/043014-survey-execs-clueless-security-pros-281183.html
http://www.rebonline.com.au/breaking-news/7583-cyber-thieves-steal-50-000-from-real-estate-agency
http://www.imperva.com/docs/HII_The_Non-Advanced_Persistent_Threat.pdf

Defensive Security Podcast Episode 65

Cisco’s annual security report for 2014; the Verizon Data Breach Investigations Report; 7 deadly cyber risks from Zurich Insurance; Alien Vault  urges opening up threat  intelligence; Stanford’s new password policy; New social engineering alert from Trusted Sec; New Internet Explorer 0day

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf

http://www.verizonenterprise.com/DBIR/2014/reports/rp_Verizon-DBIR-2014_en_xg.pdf

http://www.ibtimes.co.uk/zurich-insurance-unveils-7-deadly-cyber-risks-1445607

http://www.infosecurity-magazine.com/view/38136/alienvault-ceo-throws-down-the-gauntlet-on-threat-sharing/?utm_source=twitterfeed&utm_medium=twitter

http://arstechnica.com/security/2014/04/stanfords-password-policy-shuns-one-size-fits-all-security/

https://www.trustedsec.com/april-2014/red-alert-massive-cyber-wire-fraud-attacks-us-companies/

https://community.qualys.com/blogs/laws-of-vulnerabilities/2014/04/26/new-internet-explorer-0-day

Defensive Security Podcast Episode 64

Some advice from Bob, arrest made in the heartbleed attack on the Canadian Revenue Agency; Heartbleed used to bypass 2 factor controls,;Mandiant’s 2014 M-Trends report; The economics of security controls; 3 million credit cards stolen from Michaels and Aaron’s stores; Hardward company Lacie has a year long data breach.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.theregister.co.uk/2014/04/16/mounties_get_their_man_canadian_heartbleed_hacker_nabbed

https://www.mandiant.com/blog/attackers-exploit-heartbleed-openssl-vulnerability-circumvent-multifactor-authentication-vpns/

http://www.v3.co.uk/v3-uk/news/2340171/hackers-hit-harley-medical-group-in-customer-data-extortion-attempt

https://www.mandiant.com/blog/mtrends-2014-threat-report-revealed/

http://www.fireeye.com/blog/corporate/2014/04/the-economics-of-security.html

http://krebsonsecurity.com/2014/04/3-million-customer-credit-debit-cards-stolen-in-michaels-aaron-brothers-breaches/

http://krebsonsecurity.com/2014/04/hardware-giant-lacie-acknowledges-year-long-credit-card-breach/

Defensive Security Podcast Episode 63

Heartbleed!

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://arstechnica.com/security/2014/04/heartbleed-bug-exploited-to-steal-taxpayer-data/
http://arstechnica.com/security/2014/04/private-crypto-keys-are-accessible-to-heartbleed-hackers-new-data-shows
http://www.vox.com/2014/4/12/5601828/we-massively-underinvest-in-internet-security

Defensive Security Podcast Episode 62

Cyber criminals operate on a budget too; 7 things you didn’t know cyber insurance covered; Security hype; Billions spent on cyber security with not a lot to show for it; Banks abandon lawsuit against Target and Trustwave; CIOs don’t know what advanced evasion techniques are; 5 tips for improving incident response.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.darkreading.com/vulnerabilities—threats/cyber-criminals-operate-on-a-budget-too/d/d-id/1141650
http://www.esecurityplanet.com/network-security/cyber-insurance-covers-that-7-items-you-might-not-know.html
http://www.tripwire.com/state-of-security/featured/security-meaning-hype/
http://www.smh.com.au/it-pro/security-it/billions-spent-on-cyber-security-and-much-of-it-wasted-20140403-zqprb.html
http://www.computerworld.com/s/article/9247309/Bank_abandons_place_in_class_action_suit_against_Target_Trustwave
http://news.techworld.com/security/3509357/what-are-advanced-evasion-techniques-dont-expect-cios-know-finds-mcafee/
http://www.networkworld.com/news/2014/040214-understanding-incident-response-5-tips-280338.html?page=1

Defensive Security Podcast Episode 61

Big announcement inside!

Stories covered:
http://www.mercurynews.com/business/ci_25369262/jesse-jackson-take-techs-lack-diversity
https://securosis.com/blog/jennifer-minella-is-now-a-contributing-analyst
http://seclists.org/dailydave/2014/q1/74
http://www.hollywoodreporter.com/news/man-who-exposed-target-security-689782
http://www.cnet.com/news/symantec-fires-ceo-steve-bennett/