Category Archives: Podcast

Defensive Security Podcast Episode 75

July 7, 2014PodcastBAE, breach, hacking, SECjb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

SEC investigating breached companies; How companies can rebuild trust after a security breach; Preparing your company for a ransom attack; BAE retracts the story on hedge fund hack; Hackers compromising businesses via 3rd parties and remote access.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
http://www.sfgate.com/business/article/Hacked-companies-face-SEC-scrutiny-over-5596541.php
http://www.forbes.com/sites/katevinton/2014/07/01/how-companies-can-rebuild-trust-after-a-security-breach/
http://akamai.infoworld.com/d/security/prepare-yourself-high-stakes-cyber-ransom-245320
http://www.theregister.co.uk/2014/07/03/bae_retracts_hedge_fund_hack_allegation/
http://www.computerworld.com/s/article/9249516/Hackers_hit_more_businesses_through_remote_access_accounts

Defensive Security Podcast Episode 74

June 30, 2014PodcastAPT, hacking, Healthcare, Hospital, infosec, KRIjb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice from Bob; Airport breaches and the apparently misguided priorities of security pros; Hospitals are leaking data; Attackers hack legitimate downloads to deliver industrial control malware; Listener mail.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
http://www.csoonline.com/article/2378585/data-protection/airport-breach-a-sign-for-it-industry-to-think-security-not-money.html
http://www.wired.com/2014/06/hospital-networks-leaking-data/
http://arstechnica.com/security/2014/06/attackers-poison-legitimate-apps-to-infect-sensitive-industrial-control-systems/
http://www.coso.org/documents/COSOKRIPaperFull-FINALforWebPostingDec110_000.pdf

Defensive Security Podcast Episode 73

June 24, 2014Podcastadvanced malware, Code Spaces, cyber insurance, hacking, Syrian Electronic Army, Target, Threat modellingjb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice from Bob; Acoustical covert communication channel; Researchers recreate some NSA spy tools based on catalog descriptions; Why cyber insurance is such a mess; Code Spaces hacked out of business; Reuters defaced by the Syrian Electronic Army; Aviva hacked by Heartbleed bug, or was it?

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
http://www.tripwire.com/state-of-security/top-security-stories/covert-acoustical-mesh-networks-present-new-attack-vector/
http://www.theregister.co.uk/2014/06/19/hackers_reverseengineer_nsa_spying_devices_using_offtheshelf_parts/
http://www.slate.com/articles/technology/future_tense/2014/06/target_breach_cyberinsurance_is_a_mess.html
http://www.cnbc.com/id/101770396
https://threatpost.com/hacker-puts-hosting-service-code-spaces-out-of-business/106761
https://medium.com/@FredericJacobs/the-reuters-compromise-by-the-syrian-electronic-army-6bf570e1a85b
http://www.theregister.co.uk/2014/06/23/aviva_heartbleed_hack/

Defensive Security Podcast Episode 72

June 17, 2014Podcastdata breach, DDOS, feedly, ransomjb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

New Logo!; Dominos has 600k records stolen and held for ransome; Undisclosed number of customer records are stolen from ATT by employees of a vendor; PF Changs confirms credit card breach; Stratfor forensic report leaks; Feedly hit by DDOS attack, doesn’t pay ransom and gets it again; Inland Empire Colleges emails 35000 records to the wrong address; Class action suit filed against payroll company following data breach; 9 rules to follow after you’ve suffered a data breach; You should be managing incidents, not responding to them.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
http://consumerist.com/2014/06/16/dominos-hit-by-hackers-demanding-ransom-money-for-european-customers-data
http://www.11alive.com/story/news/nation/2014/06/15/att-data-breach/10555039/
http://krebsonsecurity.com/2014/06/p-f-changs-confirms-credit-card-breach/#more-26467
http://www.dailydot.com/politics/stratfor-verizon-report-security-flaws/
http://techcrunch.com/2014/06/11/feedly-evernote-and-others-become-latest-victims-of-ddos-attacks/
http://www.nbclosangeles.com/news/local/Inland-Empire-Colleges-Report-Possible-Mass-Data-Breach-263370251.html
http://www.scmagazine.com/class-action-filed-against-payroll-company-paytime-over-massive-data-breach/article/356013/
http://www.infoworld.com/t/security/9-rules-follow-after-youve-suffered-data-breach-244273
http://integriography.wordpress.com/2014/05/06/if-you-are-doing-incident-response-you-are-doing-it-wrong/

Defensive Security Podcast Episode 71

June 10, 2014Podcastbreach, data breach, exploit, hacking, information security, infosec, security, Targetjb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice from Bob; SEC asks public companies to disclose more breaches; 230k IPMI devices found in Internet scan; PF Changs may have been hacked; Building network security to fail; 5 lessons from companies that get security right; Advice in responding to Anonymous threats; Bank of England announces assessment framework; Target shoppers don’t seem to be fazed by breach; Target board is under fire; Truecrypt may be coming back.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
http://www.reuters.com/article/2014/06/10/sec-cybersecurity-aguilar-idUSL2N0OR13U20140610

https://securityledger.com/2014/06/ipmi-insecurity-affects-200k-systems/

http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/

http://www.forbes.com/sites/davelewis/2014/06/03/network-security-build-to-fail/

http://www.infoworld.com/d/security/5-lessons-companies-get-computer-security-right-243407

http://cyberwarzone.com/hackers-behind-oppetrol-will-attack-june-20-2014/

http://www.mondovisione.com/media-and-resources/news/bank-of-england-launches-new-framework-to-test-for-cyber-vulnerabilities/

http://www.dailyfinance.com/2014/06/05/target-data-breach-shoppers-dont-care/

http://www.startribune.com/business/261527581.html

http://www.wired.com/2014/06/bleed/

http://www.forbes.com/sites/jameslyne/2014/06/02/truecrypt-is-back-but-should-it-be/

Fuckyer: https://m.youtube.com/watch?v=2I-nudEqz7o

Defensive Security Podcast Episode 69

May 29, 2014Podcastbreach, compliance, hacking, information security, malware, TrueCryptjb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice from Bob on the importance of an accurate inventory; TrueCrypt meets an unfortunate end; Weak passwords are responsible for the initial intrusion in 31% of breaches; 71% of exploits used Java; 59% of malicious email used an attachment, 41% used a link; NTT’s Global Threat Intelligence Report finds that most incidents are the result of failing to take basic precautions; DHS reports about a public utility compromised by a brute force attack; There is an apparent discrepancy between the severity of the breaches detailed in the recent DOJ indictment of alleged Chinese hackers and the way that the breached companies categorize was was stolen, and whether that loss needed to be reported to share holders.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
http://arstechnica.com/security/2014/05/bombshell-truecrypt-advisory-backdoor-hack-hoax-none-of-the-above/
http://blog.itgovernance.co.uk/weak-passwords-responsible-for-31-of-cyber-attacks/

http://www.techcentral.co.za/surge-in-security-breaches-report/48374/
http://t.esecurityplanet.com/esecurityplanet/#!/entry/lowes-acknowledges-third-party-data-breach,5383580a025312186c0cf074
http://www.myce.com/news/only-51-of-anti-virus-scanners-detect-zero-day-malware-71652/
http://www.itproportal.com/2014/05/26/stop-the-blame-game-report-reveals-the-secrets-to-business-it-security/
http://news.techworld.com/security/3520791/public-utility-compromised-after-brute-force-attack-dhs-says/
http://mobile.bloomberg.com/news/2014-05-21/u-s-companies-hacked-by-chinese-didn-t-tell-investors.html

Defensive Security Podcast Episode 68

May 20, 2014Podcastbig data, breach, funding, infosecjb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice from Bob; How China’s army hacked America; Emory University has an SCCM meltdown; Bored executives pull infosec funding; How to avoid a big data security breach; US industry not taking industrial security seriously; Employees stealing data on their way out the door.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
http://arstechnica.com/tech-policy/2014/05/how-chinas-army-hacked-american-companies/
http://www.infosecnews.org/emory-university-windows-network-wiped-out-blame-emps-cyberwar-squirrels-try-accidental-reformat/
http://www.theregister.co.uk/2014/05/15/aisa_finding_infosec_bores_board_execs/
http://www.computerworld.com.au/article/545450/how_avoid_big_data_security_breach http://www.reuters.com/article/2014/05/16/us-cyber-summit-infrastructure-idUSBREA4F0OK20140516

http://www.itpro.co.uk/data-loss-prevention/22273/employees-steal-data-to-make-good-impression-in-a-new-job

Defensive Security Podcast Episode 67

May 13, 2014Podcastbreach, compliance, HHS, HIPAA, malware, microsoft, securityjb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Doctor finds out the hard way that Google likes to index stuff; What’s old is new again – the current focus on improving detection is not new; Microsoft’s Security Incident Response Report and the malware explosion; Security vs. compliance.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

http://www.computerworld.com/s/article/9248205/IT_malpractice_Doc_operates_on_server_costs_hospitals_4.8M
http://www.brookings.edu/~/media/research/files/papers/2014/05/07%20strategy%20not%20speed%20digital%20defenders%20early%20cybersecurity%20thinkers%20bejtlich/voices%20from%20the%20cyber%20past%20final
http://www.zdnet.com/microsoft-report-downloaded-malware-exploded-in-late-2013-7000029131/#ftag=RSS4d2198e

Defensive Security Podcast Episode 66

May 6, 2014PodcastAPT, Targetjb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice from Bob; We have entered the post AV world; Target reboots it’s CEO; Microsoft backs down and patches IE 0day for XP; How to communicate to users in situations like the IE 0day; Results from a survey of executives on data protection; Australian real estate company has bank account hacked, advice is to stop using Internet email and Facebook on business computers; A report on Non-advanced Persistent Threats

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

http://online.wsj.com/news/article_email/SB10001424052702303417104579542140235850578-lMyQjAxMTA0MDAwNTEwNDUyWj
http://consumerist.com/2014/05/05/target-ceo-clocks-out-in-wake-of-data-breach/
http://blogs.technet.com/b/msrc/archive/2014/05/01/out-of-band-release-to-address-microsoft-security-advisory-2963983.aspx
http://m.slashdot.org/story/201515
http://www.networkworld.com/news/2014/043014-survey-execs-clueless-security-pros-281183.html
http://www.rebonline.com.au/breaking-news/7583-cyber-thieves-steal-50-000-from-real-estate-agency
http://www.imperva.com/docs/HII_The_Non-Advanced_Persistent_Threat.pdf