Category: Security

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Episode 315 is available for our patreon donors and will be posted for everyone else on Monday, July 28. Going forward, episodes will be released to our patreon donors shortly after recording and will be released to everyone else a week later. If you want to become a patreon donor, you can do so here: https://www.patreon.com/defensivesec

Also, our new merch store is live and available here: https://store.defensivesecurity.org

It’s a work in progress and please let me know if you have any issued with it. Thank you all and we’ll talk on Monday!

 

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to support us?  Want even MORE DefSec?  Starting this week, we are providing more DefSec for our Patreon donors.  Sign up to be a Patreon donor today: https://www.patreon.com/defensivesec

 

Links:

• https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/
• https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-networks-to-pitch-security-services/
• https://www.helpnetsecurity.com/2025/06/23/new-hire-phishing-risk/

Patreon exclusive discussions:

• https://www.helpnetsecurity.com/2025/06/27/cybersecurity-risk-reduction-breach-transparency/
• https://www.theregister.com/2025/06/24/vulnerability_management_gap_noone_talks/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

 

 

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec

Links:

• https://www.bleepingcomputer.com/news/security/no-the-16-billion-credentials-leak-is-not-a-new-data-breach/
• https://www.bleepingcomputer.com/news/security/russian-hackers-bypass-gmail-mfa-using-stolen-app-passwords/
• https://www.bleepingcomputer.com/news/security/north-korean-hackers-deepfake-execs-in-zoom-call-to-spread-mac-malware/
• https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec

Links: 

https://www.bleepingcomputer.com/news/security/sentinelone-shares-new-details-on-china-linked-breach-attempt/
https://thehackernews.com/2025/06/new-supply-chain-malware-operation-hits.html?m=1
https://www.csoonline.com/article/4002103/cisos-beware-genai-use-is-outpacing-security-controls.html
https://thehackernews.com/2025/06/fin6-uses-aws-hosted-fake-resumes-on.html?m=1

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a range of topics including the introduction of a new cryptocurrency, Guard Llama Coin, and the implications of recent cybersecurity incidents involving ConnectWise and ransomware attacks. They explore the challenges organizations face in responding to nation-state attacks, the complexities of ransomware tactics, and the importance of employee security awareness. The conversation emphasizes the need for timely patching and proactive security measures to protect against evolving threats.

Links: 

https://www.theregister.com/2025/05/30/connectwise_compromised_by_sophisticated_government/
https://www.darkreading.com/application-security/dragonforce-ransomware-msp-supply-chain-attack
https://www.darkreading.com/threat-intelligence/3am-ransomware-adopts-email-bombing-vishing

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode, Jerry and Andrew discuss  the importance of data security, phishing attacks targeting hiring managers, the implications of paying ransoms, and the recent Disney data breach incident. They emphasize the need for better training for employees and the challenges of managing software supply chains. The conversation highlights the evolving landscape of cyber threats and the necessity for organizations to adopt more robust security practices.

Links:
https://www.darkreading.com/cyber-risk/venom-spider-phishing-scheme
https://go.theregister.com/feed/www.theregister.com/2025/05/08/powerschool_data_extortionist/
https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-npm-package-with-45-000-weekly-downloads/
https://www.theregister.com/2025/05/02/disney_slack_hacker_revealed_to/

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode, we discuss the Google Mandiant 2025 M-Trends report.  The report is available here: https://services.google.com/fh/files/misc/m-trends-2025-en.pdf

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Summary

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the rise of ransomware, the importance of backup strategies, and the implications of AI in phishing attacks. They discuss into the challenges of managing non-human identities and the need for effective communication of security metrics. The conversation also touches on the recent Oracle breach and the evolving landscape of cybersecurity threats.

Links:

• https://www.cybersecuritydive.com/news/remote-access-tools-ransomware-entry/745144/
• https://www.darkreading.com/cyberattacks-data-breaches/oracle-breach-2-obsolete-servers
• https://thehackernews.com/2025/04/explosive-growth-of-non-human.html?m=1
• https://thehackernews.com/2025/04/security-theater-vanity-metrics-keep.html?m=1
• https://www.securityweek.com/ai-now-outsmarts-humans-in-spear-phishing-analysis-shows/

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode, Jerry and Andrew discuss various cybersecurity topics, including the recent Oracle Cloud security breach, a GitHub supply chain attack, insider threats, and the implications of AI in cybersecurity. They explore the challenges of maintaining trust in cloud services, the complexities of insider threats, and the evolving landscape of cybercrime driven by AI advancements. The conversation emphasizes the need for robust security measures and the importance of adapting to emerging threats in the cybersecurity realm.

Links:

• https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/
• https://www.bleepingcomputer.com/news/security/recent-github-supply-chain-attack-traced-to-leaked-spotbugs-token/
• ttps://www.securityweek.com/39-million-secrets-leaked-on-github-in-2024/
• https://www.theregister.com/2025/04/02/deel_rippling_espionage/
• https://www.securityweek.com/ai-giving-rise-of-the-zero-knowledge-threat-actor/

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a range of cybersecurity topics, including the recent Oracle Cloud breach, the challenges of asset management in large environments, and the importance of prioritizing vulnerabilities. They also explore the findings from a pen test report, the implications of emerging threats like Medusa ransomware, and the need for better security practices in organizations.

Links:

• https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/
• https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html?m=1
• https://www.horizon3.ai/attack-research/attack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/
• https://www.forbes.com/sites/daveywinder/2025/03/30/fbi-warns-use-2fa-as-time-traveling-hackers-strike/
• https://www.reversinglabs.com/blog/epss-is-not-foolproof-shift-your-appsec-beyond-vulnerabilities

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec