Category Archives: Security

Defensive Security Podcast Episode 306

In this episode, Jerry and Andrew discuss  the importance of data security, phishing attacks targeting hiring managers, the implications of paying ransoms, and the recent Disney data breach incident. They emphasize the need for better training for employees and the challenges of managing software supply chains. The conversation highlights the evolving landscape of cyber threats and the necessity for organizations to adopt more robust security practices.

Links:
https://www.darkreading.com/cyber-risk/venom-spider-phishing-scheme
https://go.theregister.com/feed/www.theregister.com/2025/05/08/powerschool_data_extortionist/
https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-npm-package-with-45-000-weekly-downloads/
https://www.theregister.com/2025/05/02/disney_slack_hacker_revealed_to/

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Defensive Security Podcast Episode 305

In this episode, we discuss the Google Mandiant 2025 M-Trends report.  The report is available here: https://services.google.com/fh/files/misc/m-trends-2025-en.pdf

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Defensive Security Podcast Episode 303

Summary

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the rise of ransomware, the importance of backup strategies, and the implications of AI in phishing attacks. They discuss into the challenges of managing non-human identities and the need for effective communication of security metrics. The conversation also touches on the recent Oracle breach and the evolving landscape of cybersecurity threats.

Links:

  • https://www.cybersecuritydive.com/news/remote-access-tools-ransomware-entry/745144/
  • https://www.darkreading.com/cyberattacks-data-breaches/oracle-breach-2-obsolete-servers
  • https://thehackernews.com/2025/04/explosive-growth-of-non-human.html?m=1
  • https://thehackernews.com/2025/04/security-theater-vanity-metrics-keep.html?m=1
  • https://www.securityweek.com/ai-now-outsmarts-humans-in-spear-phishing-analysis-shows/

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Defensive Security Podcast Episode 302

In this episode, Jerry and Andrew discuss various cybersecurity topics, including the recent Oracle Cloud security breach, a GitHub supply chain attack, insider threats, and the implications of AI in cybersecurity. They explore the challenges of maintaining trust in cloud services, the complexities of insider threats, and the evolving landscape of cybercrime driven by AI advancements. The conversation emphasizes the need for robust security measures and the importance of adapting to emerging threats in the cybersecurity realm.

Links:

  • https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/
  • https://www.bleepingcomputer.com/news/security/recent-github-supply-chain-attack-traced-to-leaked-spotbugs-token/
  • ttps://www.securityweek.com/39-million-secrets-leaked-on-github-in-2024/
  • https://www.theregister.com/2025/04/02/deel_rippling_espionage/
  • https://www.securityweek.com/ai-giving-rise-of-the-zero-knowledge-threat-actor/

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Defensive Security Podcast Episode 301

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a range of cybersecurity topics, including the recent Oracle Cloud breach, the challenges of asset management in large environments, and the importance of prioritizing vulnerabilities. They also explore the findings from a pen test report, the implications of emerging threats like Medusa ransomware, and the need for better security practices in organizations.

Links:

  • https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/
  • https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html?m=1
  • https://www.horizon3.ai/attack-research/attack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/
  • https://www.forbes.com/sites/daveywinder/2025/03/30/fbi-warns-use-2fa-as-time-traveling-hackers-strike/
  • https://www.reversinglabs.com/blog/epss-is-not-foolproof-shift-your-appsec-beyond-vulnerabilities

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Defensive Security Podcast Episode 298

In this episode of the Defense of Security podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a recent incident involving notorious hackers breaching a company network in under an hour, strategies to defend against deepfake attacks, the targeting of freelance developers by North Korean adversaries, vulnerabilities in Palo Alto firewalls, and the emergence of ghost ransomware. The conversation emphasizes the importance of proactive security measures and the evolving landscape of cyber threats.

Want to support the Defensive Security Podcast?  You can donate here: https://www.patreon.com/defensivesec

Takeaways:

  • The speed of cyber attacks is increasing, with breaches occurring in under an hour.
  • Organizations must implement robust processes to defend against deepfake attacks.
  • Freelance developers are at risk of being targeted by sophisticated cybercriminals.
  • Palo Alto firewalls are vulnerable to attacks if management interfaces are exposed to the internet.
  • Ghost ransomware is a growing threat, often using familiar tactics to exploit vulnerabilities.

Links:

  • https://arstechnica.com/security/2025/02/notorious-crooks-broke-into-a-company-network-in-48-minutes-heres-how/
  • https://www.darkreading.com/vulnerabilities-threats/4-low-cost-ways-defend-organization-against-deepfakes
  • https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/
  • https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/
  • https://hackread.com/fbi-cisa-ghost-ransomware-threat-to-firms-worldwide/

Defensive Security Podcast Episode 296

In this episode of the Defense of Security Podcast, Jerry Bell and Andrew Kalat discuss the evolving landscape of cybersecurity threats, focusing on ransomware tactics that exploit insider threats, the hijacking of LLM resources, and the effectiveness of phishing simulations. They explore how adversaries are increasingly targeting employees to gain access to sensitive data and how organizations can better protect themselves against these threats. The conversation also covers the ethical implications of phishing tests and the need for a more supportive approach to security awareness training. In this episode, Jerry and Andrew discuss the challenges faced by cybersecurity teams, the dynamics between security and other business units, and the importance of learning from incidents to improve security practices. They explore the balance between enabling business operations and maintaining security, the implications of generative AI in the workplace, and the need for effective governance around AI usage. The conversation emphasizes the proactive role security professionals must take in navigating these complexities while ensuring organizational safety.

 

 
Takeaways
  • Ransomware attackers are increasingly using insider threats to gain access.
  • Greed can turn employees into insider threats, especially in tough economic times.
  • LLM hijacking is a new tactic that exploits compromised API keys.
  • Phishing simulations may create a rift between users and IT security teams.
  • Punitive measures for phishing failures can lead to underreporting of actual attacks.
  • Security awareness training should focus on protecting users, not punishing them.
  • Adversaries are finding valid API keys to exploit cloud resources.
  • The effectiveness of phishing simulations is being questioned by experts.
  • Organizations need to do a better job at protecting their secrets and credentials.
  • The cybersecurity landscape is rapidly evolving, requiring constant adaptation. Cybersecurity teams often feel like janitors cleaning up after others.
  • Organizational dynamics can create resentment in security teams.
  • Learning from incidents is crucial for improving security practices.
  • Balancing security needs with business operations is essential.
  • Generative AI presents both risks and opportunities for organizations.
  • Effective governance is needed for AI usage in business.
  • Security professionals must help businesses understand risk management.
  • Building relationships across departments can improve security outcomes.
  • AI tools should be used with proper agreements to protect data.
  • The landscape of AI in business is rapidly evolving and requires adaptation.

Links

  • https://www.scworld.com/news/ransomware-attackers-turn-to-workers-for-data-breach-access
  • https://www.darkreading.com/application-security/llm-hijackers-deepseek-api-keys
  • https://www.wsj.com/tech/cybersecurity/phishing-tests-the-bane-of-work-life-are-getting-meaner-76f30173
  • https://www.securityweek.com/security-teams-pay-the-price-the-unfair-reality-of-cyber-incidents/
  • https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts

Defensive Security Podcast Episode 293

“Another day, another data breach.”

In this episode of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss a significant data breach affecting hotel reservation data, regulatory actions taken against GoDaddy for poor security practices, and the evolving landscape of cyber attacks. They emphasize the importance of proactive defense strategies and innovative detection techniques to combat these threats effectively.

Takeaways

  • Data breaches continue to be a common occurrence in the cybersecurity landscape.
    Regulatory bodies like the FTC are increasingly involved in enforcing security improvements post-breach.
  • Organizations must prioritize security measures to protect sensitive data from breaches.
  • The importance of multi-factor authentication cannot be overstated in preventing credential theft.
  • Ad blockers are not just for user convenience; they are essential for security.
  • Cybersecurity is a shared responsibility across all departments, including marketing and IT.
  • Proactive detection strategies can help identify malicious activity before significant damage occurs.
  • Understanding the attack vectors used by cybercriminals is crucial for effective defense.
  • Regularly updating and patching systems is vital to prevent exploitation of known vulnerabilities.
  • Innovative detection techniques, such as canary accounts, can enhance security monitoring efforts.

Links:

  • https://www.bleepingcomputer.com/news/security/otelier-data-breach-exposes-info-hotel-reservations-of-millions/
  • https://www.bleepingcomputer.com/news/security/ftc-orders-godaddy-to-fix-poor-web-hosting-security-practices/
  • https://www.bleepingcomputer.com/news/security/hackers-leak-configs-and-vpn-credentials-for-15-000-fortigate-devices/
  • https://cybersecuritynews.com/hackers-exploiting-companies-google-ads-accounts/
  • https://www.blackhillsinfosec.com/one-active-directory-account-can-be-your-best-early-warning/

Defensive Security Podcast Episode 290

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the FTC’s order for Marriott and Starwood to enhance their data security measures, a recent hijacking of a Chrome extension, and emerging threats for 2025. They also delve into the implications of AI in cybersecurity, emphasizing the need for governance and risk management as AI technologies become more pervasive in the workplace.
Takeaways

  • The FTC has mandated Marriott and Starwood to implement a comprehensive security program for 20 years.
  • Data breaches can lead to significant regulatory actions and long-term consequences for companies.
  • The hijacking of browser extensions poses a serious risk to user data and security.
  • Emerging threats for 2025 include zero-day exploits and supply chain attacks.
  • AI governance is crucial as employees increasingly use AI tools without oversight.

Links

  • https://www.bleepingcomputer.com/news/security/ftc-orders-marriott-and-starwood-to-implement-strict-data-security/
  • https://www.bleepingcomputer.com/news/security/cybersecurity-firms-chrome-extension-hijacked-to-steal-users-data/
  • https://www.darkreading.com/vulnerabilities-threats/emerging-threats-vulnerabilities-prepare-2025
  • https://www.securityweek.com/beware-of-shadow-ai-shadow-its-less-well-known-brother/

Defensive Security Podcast Episode 289

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a year-long supply chain attack that compromised 390,000 credentials, the U.S. government’s bounty for information on North Korean IT worker farms, and the alarming number of vulnerabilities found in software containers. They also delve into the implications of the False Claims Act for cybersecurity whistleblowers and the evolving landscape of AI in security.