Defensive Security Podcast Episode 68

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice from Bob; How China’s army hacked America; Emory University has an SCCM meltdown; Bored executives pull infosec funding; How to avoid a big data security breach; US industry not taking industrial security seriously; Employees stealing data on their way out the door.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://arstechnica.com/tech-policy/2014/05/how-chinas-army-hacked-american-companies/
http://www.infosecnews.org/emory-university-windows-network-wiped-out-blame-emps-cyberwar-squirrels-try-accidental-reformat/
http://www.theregister.co.uk/2014/05/15/aisa_finding_infosec_bores_board_execs/
http://www.computerworld.com.au/article/545450/how_avoid_big_data_security_breachhttp://www.reuters.com/article/2014/05/16/us-cyber-summit-infrastructure-idUSBREA4F0OK20140516

http://www.itpro.co.uk/data-loss-prevention/22273/employees-steal-data-to-make-good-impression-in-a-new-job

Defensive Security Podcast Episode 67

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Doctor finds out the hard way that Google likes to index stuff; What’s old is new again – the current focus on improving detection is not new; Microsoft’s Security Incident Response Report and the malware explosion; Security vs. compliance.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.computerworld.com/s/article/9248205/IT_malpractice_Doc_operates_on_server_costs_hospitals_4.8M
http://www.brookings.edu/~/media/research/files/papers/2014/05/07%20strategy%20not%20speed%20digital%20defenders%20early%20cybersecurity%20thinkers%20bejtlich/voices%20from%20the%20cyber%20past%20final
http://www.zdnet.com/microsoft-report-downloaded-malware-exploded-in-late-2013-7000029131/#ftag=RSS4d2198e

Defensive Security Podcast Episode 66

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice from Bob; We have entered the post AV world; Target reboots it’s CEO; Microsoft backs down and patches IE 0day for XP; How to communicate to users in situations like the IE 0day; Results from a survey of executives on data protection; Australian real estate company has bank account hacked, advice is to stop using Internet email and Facebook on business computers; A report on Non-advanced Persistent Threats

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://online.wsj.com/news/article_email/SB10001424052702303417104579542140235850578-lMyQjAxMTA0MDAwNTEwNDUyWj
http://consumerist.com/2014/05/05/target-ceo-clocks-out-in-wake-of-data-breach/
http://blogs.technet.com/b/msrc/archive/2014/05/01/out-of-band-release-to-address-microsoft-security-advisory-2963983.aspx
http://m.slashdot.org/story/201515
http://www.networkworld.com/news/2014/043014-survey-execs-clueless-security-pros-281183.html
http://www.rebonline.com.au/breaking-news/7583-cyber-thieves-steal-50-000-from-real-estate-agency
http://www.imperva.com/docs/HII_The_Non-Advanced_Persistent_Threat.pdf

Defensive Security Podcast Episode 65

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Cisco’s annual security report for 2014; the Verizon Data Breach Investigations Report; 7 deadly cyber risks from Zurich Insurance; Alien Vault  urges opening up threat  intelligence; Stanford’s new password policy; New social engineering alert from Trusted Sec; New Internet Explorer 0day

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf

http://www.verizonenterprise.com/DBIR/2014/reports/rp_Verizon-DBIR-2014_en_xg.pdf

http://www.ibtimes.co.uk/zurich-insurance-unveils-7-deadly-cyber-risks-1445607

http://www.infosecurity-magazine.com/view/38136/alienvault-ceo-throws-down-the-gauntlet-on-threat-sharing/?utm_source=twitterfeed&utm_medium=twitter

http://arstechnica.com/security/2014/04/stanfords-password-policy-shuns-one-size-fits-all-security/

https://www.trustedsec.com/april-2014/red-alert-massive-cyber-wire-fraud-attacks-us-companies/

https://community.qualys.com/blogs/laws-of-vulnerabilities/2014/04/26/new-internet-explorer-0-day

Defensive Security Podcast Episode 64

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Some advice from Bob, arrest made in the heartbleed attack on the Canadian Revenue Agency; Heartbleed used to bypass 2 factor controls,;Mandiant’s 2014 M-Trends report; The economics of security controls; 3 million credit cards stolen from Michaels and Aaron’s stores; Hardward company Lacie has a year long data breach.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.theregister.co.uk/2014/04/16/mounties_get_their_man_canadian_heartbleed_hacker_nabbed

https://www.mandiant.com/blog/attackers-exploit-heartbleed-openssl-vulnerability-circumvent-multifactor-authentication-vpns/

http://www.v3.co.uk/v3-uk/news/2340171/hackers-hit-harley-medical-group-in-customer-data-extortion-attempt

https://www.mandiant.com/blog/mtrends-2014-threat-report-revealed/

http://www.fireeye.com/blog/corporate/2014/04/the-economics-of-security.html

http://krebsonsecurity.com/2014/04/3-million-customer-credit-debit-cards-stolen-in-michaels-aaron-brothers-breaches/

http://krebsonsecurity.com/2014/04/hardware-giant-lacie-acknowledges-year-long-credit-card-breach/

Defensive Security Podcast Episode 63

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Heartbleed!

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://arstechnica.com/security/2014/04/heartbleed-bug-exploited-to-steal-taxpayer-data/
http://arstechnica.com/security/2014/04/private-crypto-keys-are-accessible-to-heartbleed-hackers-new-data-shows
http://www.vox.com/2014/4/12/5601828/we-massively-underinvest-in-internet-security

Defensive Security Podcast Episode 62

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Cyber criminals operate on a budget too; 7 things you didn’t know cyber insurance covered; Security hype; Billions spent on cyber security with not a lot to show for it; Banks abandon lawsuit against Target and Trustwave; CIOs don’t know what advanced evasion techniques are; 5 tips for improving incident response.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.darkreading.com/vulnerabilities—threats/cyber-criminals-operate-on-a-budget-too/d/d-id/1141650
http://www.esecurityplanet.com/network-security/cyber-insurance-covers-that-7-items-you-might-not-know.html
http://www.tripwire.com/state-of-security/featured/security-meaning-hype/
http://www.smh.com.au/it-pro/security-it/billions-spent-on-cyber-security-and-much-of-it-wasted-20140403-zqprb.html
http://www.computerworld.com/s/article/9247309/Bank_abandons_place_in_class_action_suit_against_Target_Trustwave
http://news.techworld.com/security/3509357/what-are-advanced-evasion-techniques-dont-expect-cios-know-finds-mcafee/
http://www.networkworld.com/news/2014/040214-understanding-incident-response-5-tips-280338.html?page=1

Defensive Security Podcast Episode 61

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Big announcement inside!

Stories covered:
http://www.mercurynews.com/business/ci_25369262/jesse-jackson-take-techs-lack-diversity
https://securosis.com/blog/jennifer-minella-is-now-a-contributing-analyst
http://seclists.org/dailydave/2014/q1/74
http://www.hollywoodreporter.com/news/man-who-exposed-target-security-689782
http://www.cnet.com/news/symantec-fires-ceo-steve-bennett/
 

Defensive Security Podcast Episode 60

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice from Bob; The problems with qualitative risk assessments; Defending like an attacker; Secunia’s vulnerability review;  Watching for data breaches by looking for anomalies; The NSA targets sysadmins, expect criminals to follow suit; Insurers are finding energy firms controls are not up to snuff; 4 lessons CIOs can learn from the Target breach; A court approved a damages settlement for victims of a data breach who did not suffer any damages; Trustwave, Target’s QSA, gets sued as a result of the breach.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

https://blogs.rsa.com/bad-decisions-made-faster-qualitative-security-risk-assessments-making-things-worse/

http://www.tripwire.com/state-of-security/vulnerability-management/defend-like-attacker/

https://secunia.com/vulnerability-review/

https://www.slideshare.net/secret/3LQwBdlNZ03kFO

https://firstlook.org/theintercept/article/2014/03/20/inside-nsa-secret-efforts-hunt-hack-system-administrators/

http://www.bbc.com/news/technology-26358042

http://www.networkworld.com/news/2014/031714-4-lessons-cios-can-learn-279785.html?page=1

http://www.computerworld.com/s/article/9247017/Court_approves_first_of_its_kind_data_breach_settlement

http://www.chicagobusiness.com/article/20140325/BLOGS11/140329865?template=mobile

Defensive Security Podcast Episode 59

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice for the criminals from Bob; Pwn2Own results are in; Target ignored it’s FireEye alerts; Integrating threat intelligence into your operations; The problem with threat intelligence; Advanced endpoint protection advice; Workers are apathetic about lost mobile devices and company data; Lessons to learn from the hack of some Navy servers; How the Syrian Electronic Army compromised Forbes; a discussion about what to do when you see criminal activity.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://threatpost.com/three-things-to-take-away-from-cansecwest-pwn2own/104835

http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data#p1

https://securosis.com/assets/library/reports/Securosis_ThreatIntelSecurityMonitoring_FINAL.pdf

http://krypt3ia.wordpress.com/2014/03/09/assessment-corporate-threat-intelligence-versus-actual-intelligence-products/

https://securosis.com/mobile/advanced-endpoint-and-server-protection-quick-wins/full

http://www.networkworld.com/news/2014/030514-cios-battle-worker-apathy-towards-279420.html

http://www.csoonline.com/article/749450/navy-network-hack-has-valuable-lessons-for-companies

http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/