Podcast: Play in new window | Download | Embed

Subscribe: RSS

Summary

In this episode, we celebrate the 300th episode of the Defensive Security Podcast then discuss various cybersecurity topics including the rise of AI-driven threats, the importance of zero trust architecture, best practices for incident response, the impact of human error on security breaches, and the risks associated with collaboration tools. We also cover the dangers of malvertising campaigns exploiting platforms like GitHub.

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Links:

• https://venturebeat.com/security/51-seconds-to-breach-how-cisos-are-fighting-back-against-lightning-fast-attacks/
• https://www.theregister.com/2025/03/10/incident_response_advice/
• https://www.scworld.com/news/95-of-data-breaches-involve-human-error-report-reveals
• https://www.darkreading.com/cyber-risk/remote-access-infra-remains-riskiest-corp-attack-surface
• https://www.bleepingcomputer.com/news/security/microsoft-says-malvertising-campaign-impacted-1-million-pcs/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Summary

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a Disney employee’s mishap with an AI tool that led to a significant hack, vulnerabilities in VMware ESX hypervisors, and a developer’s sabotage of their ex-employer. They also explore the implications of GitHub repository exposure and the growing risks associated with third-party vendors in cybersecurity.

Link to support Andy and Jerry’s work creating the Defensive Security Podcast: https://www.patreon.com/defensivesec

Story links:

• https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931
• https://doublepulsar.com/use-one-virtual-machine-to-own-them-all-active-exploitation-of-esxicape-0091ccc5bdfc
• https://www.theregister.com/2025/03/08/developer_server_kill_switch/
• https://arstechnica.com/information-technology/2025/02/copilot-exposes-private-github-pages-some-removed-by-microsoft/
• https://www.darkreading.com/cyber-risk/third-party-risk-top-cybersecurity-claims

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the alarming statistics surrounding ransomware attacks, the implications of paying ransoms, and the evolving nature of ransomware as a broader category of cyber threats. They also discuss the consolidation of security tools and the skepticism surrounding it, particularly in light of a recent report by Palo Alto and IBM. The conversation shifts to the risks associated with AI, highlighted by the DeepSeek incident, and concludes with a discussion on the importance of securing management interfaces and the ongoing challenges in the cybersecurity landscape.

Links:

• https://www.infosecurity-magazine.com/news/ransomware-victims-shut-operations/
• https://www.cybersecuritydive.com/news/consolidation-security-tools/738912/
• https://9to5mac.com/2025/01/31/security-bite-top-macos-threat-found-riding-the-deepseek-wave/
• https://www.securityweek.com/sonicwall-confirms-exploitation-of-new-sma-zero-day/
• https://www.theregister.com/2025/01/30/deepseek_database_left_open/

Takeaways

• 58% of ransomware victims had to shut down operations temporarily.
• Only 13% of victims who paid ransom got all their data back.
• The ransomware ecosystem relies on the belief that victims will recover their data.
• Organizations average 83 different security tools, leading to inefficiencies.
• Speed in deploying AI can compromise security practices.
• DeepSeek incident highlights risks of using unverified AI models.
• SonicWall’s zero-day vulnerability emphasizes the need for secure management practices.
• Security tool consolidation may not always lead to better outcomes.
• Phishing and RDP compromises are common entry points for ransomware.
• The evolving nature of ransomware requires a broader understanding of cyber threats.

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a hidden backdoor in Juniper routers, PayPal’s recent data breach settlement, the exploitation of older Ivanti bugs, the PowerSchool data breach affecting millions, and CISA’s new software security recommendations. The conversation emphasizes the importance of proactive security measures and the evolving landscape of cybersecurity threats.

If you find this podcast useful, please consider supporting us here: https://www.patreon.com/defensivesec

Takeaways

• The hidden backdoor in Juniper routers raises concerns about network security.
• PayPal’s settlement highlights the need for better data protection practices.
• Older vulnerabilities in Ivanti products continue to be exploited, stressing the importance of timely patching.
• The PowerSchool data breach underscores the risks of inadequate credential protection.
• CISA’s recommendations aim to improve software security across critical infrastructure.

Links:

• https://www.theregister.com/2025/01/25/mysterious_backdoor_juniper_routers/
• https://www.bleepingcomputer.com/news/security/paypal-to-pay-2-million-settlement-over-2022-data-breach/
• https://www.bleepingcomputer.com/news/security/cisa-hackers-still-exploiting-older-ivanti-bugs-to-breach-networks/
• https://www.securityweek.com/millions-impacted-by-powerschool-data-breach/
• https://www.securityweek.com/cisa-fbi-update-software-security-recommendations/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the dangers of malware disguised as proof of concept code on GitHub, the alarming rise in phishing attacks, the implications of a recent Treasury hack, and the targeted attacks on Ivanti’s security products. The conversation emphasizes the need for skepticism in security research, the importance of creating a safer environment for users, and the ongoing challenges posed by sophisticated threat actors.

Links:

• https://www.bleepingcomputer.com/news/security/fake-ldapnightmware-exploit-on-github-spreads-infostealer-malware/
• https://www.forbes.com/sites/daveywinder/2025/01/09/do-not-click-new-gmail-outlook-apple-mail-warning-for-billions/
• https://www.bleepingcomputer.com/news/security/treasury-hackers-also-breached-us-foreign-investments-review-office/
• https://www.bleepingcomputer.com/news/security/google-chinese-hackers-likely-behind-ivanti-vpn-zero-day-attacks/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Summary

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a significant incident involving a Tenable plugin update that disrupted Nessus agents worldwide. They delve into the implications of malicious Chrome extensions and sophisticated phishing attacks, particularly focusing on a recent incident involving OAuth trust exploitation. The conversation shifts to new HIPAA cybersecurity rules that aim to enhance security measures in healthcare, followed by a discussion on the rise of AI-generated phishing emails targeting executives. Finally, they explore the challenges of passkey technology in achieving usable security across different platforms.

Links:

• https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/
• https://www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/
• https://www.darkreading.com/vulnerabilities-threats/hipaa-security-rules-pull-no-punches
• https://arstechnica.com/security/2025/01/ai-generated-phishing-emails-are-getting-very-good-at-targeting-executives/
• https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode of the Defensive Security Podcast, we discuss the anticipated rise of Mac malware, the economic implications of new top-level domains (TLDs) for phishing, innovative phishing techniques using corrupt documents, and the risks associated with open-source software. We also explore the concept of risk homeostasis in cybersecurity, examining how users’ perceptions of security can influence their behavior and risk-taking. The conversation emphasizes the importance of education, robust security measures, and the need for a deeper understanding of complex systems in the face of evolving threats.

If you would like to support this podcast, please consider donating here: https://www.patreon.com/defensivesec

Links:

• https://appleinsider.com/articles/24/12/04/what-a-new-threat-report-says-about-mac-malware-in-2024
• https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/
• https://www.bleepingcomputer.com/news/security/novel-phishing-campaign-uses-corrupted-word-documents-to-evade-security/
• https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/ and https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various topics including their holiday plans, updates on their podcast, and significant cybersecurity incidents. They delve into a recent Wi-Fi breach involving Russian hackers, CrowdStrike’s IT outage and its implications for customer retention, and the discovery of malware exploiting vulnerable device drivers. The conversation emphasizes the importance of security practices such as multi-factor authentication and the challenges of managing cybersecurity risks in a rapidly evolving landscape. In this engaging conversation, Andrew Kalat and Jerry Bell explore various themes in cybersecurity, including the shift towards self-service IT solutions, the rise of phishing as a service, and the evolving landscape of multi-factor authentication. They discuss the implications of new threats like BootKitty and the challenges posed by firmware vulnerabilities. The conversation also touches on the future of cloud security and the often-overlooked role of marketing in cybersecurity threats, culminating in a light-hearted discussion about their pets.

You can support the Defensive Security Podcast through our Patreon site here: https://patreon.com/defensivesec

Links to the stories we discussed in this episode:

• https://www.bleepingcomputer.com/news/security/hackers-breach-us-firm-over-wi-fi-from-russia-in-nearest-neighbor-attack/
• https://www.cybersecuritydive.com/news/crowdstrike-retains-customers/734203/
• https://thehackernews.com/2024/11/researchers-uncover-malware-using-byovd.html?m=1
• https://securityaffairs.com/171532/cyber-crime/rockstar-2fa-phaas.html
• https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Links:

• https://www.darkreading.com/cyberattacks-data-breaches/zero-days-wins-superlative-most-exploited-vulns
• https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/
• https://thehackernews.com/2024/11/microsoft-launches-windows-resiliency.html?m=1
• https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a