Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Jerry Bell and Andrew Kalat
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

  1. 22. FEB.

    Defensive Security Podcast Episode 298

    In this episode of the Defense of Security podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a recent incident involving notorious hackers breaching a company network in under an hour, strategies to defend against deepfake attacks, the targeting of freelance developers by North Korean adversaries, vulnerabilities in Palo Alto firewalls, and the emergence of ghost ransomware. The conversation emphasizes the importance of proactive security measures and the evolving landscape of cyber threats. Want to support the Defensive Security Podcast?  You can donate here: https://www.patreon.com/defensivesec Takeaways: * The speed of cyber attacks is increasing, with breaches occurring in under an hour. * Organizations must implement robust processes to defend against deepfake attacks. * Freelance developers are at risk of being targeted by sophisticated cybercriminals. * Palo Alto firewalls are vulnerable to attacks if management interfaces are exposed to the internet. * Ghost ransomware is a growing threat, often using familiar tactics to exploit vulnerabilities. Links: * https://arstechnica.com/security/2025/02/notorious-crooks-broke-into-a-company-network-in-48-minutes-heres-how/ * https://www.darkreading.com/vulnerabilities-threats/4-low-cost-ways-defend-organization-against-deepfakes * https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/ * https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/ * https://hackread.com/fbi-cisa-ghost-ransomware-threat-to-firms-worldwide/

    1 Std. 17 Min.

  2. 18. FEB.

    Defensive Security Podcast Episode 297

    Become a Patreon supporter of the show here: https://www.patreon.com/defensivesec Links: * https://www.cybersecuritydive.com/news/ransomware-gangs–tactics-/739937/ * https://www.bleepingcomputer.com/news/security/over-12-000-keriocontrol-firewalls-exposed-to-exploited-rce-flaw/ * https://arstechnica.com/information-technology/2025/02/russian-spies-use-device-code-phishing-to-hijack-microsoft-accounts/ * https://www.darkreading.com/cyber-risk/open-source-ai-models-pose-risks-of-malicious-code-vulnerabilities * https://www.csoonline.com/article/3823429/24-of-vulnerabilities-are-abused-before-a-patch-is-available.html

    1 Std. 4 Min.

  3. 9. FEB.

    Defensive Security Podcast Episode 296

    In this episode of the Defense of Security Podcast, Jerry Bell and Andrew Kalat discuss the evolving landscape of cybersecurity threats, focusing on ransomware tactics that exploit insider threats, the hijacking of LLM resources, and the effectiveness of phishing simulations. They explore how adversaries are increasingly targeting employees to gain access to sensitive data and how organizations can better protect themselves against these threats. The conversation also covers the ethical implications of phishing tests and the need for a more supportive approach to security awareness training. In this episode, Jerry and Andrew discuss the challenges faced by cybersecurity teams, the dynamics between security and other business units, and the importance of learning from incidents to improve security practices. They explore the balance between enabling business operations and maintaining security, the implications of generative AI in the workplace, and the need for effective governance around AI usage. The conversation emphasizes the proactive role security professionals must take in navigating these complexities while ensuring organizational safety.     Takeaways * Ransomware attackers are increasingly using insider threats to gain access. * Greed can turn employees into insider threats, especially in tough economic times. * LLM hijacking is a new tactic that exploits compromised API keys. * Phishing simulations may create a rift between users and IT security teams. * Punitive measures for phishing failures can lead to underreporting of actual attacks. * Security awareness training should focus on protecting users, not punishing them. * Adversaries are finding valid API keys to exploit cloud resources. * The effectiveness of phishing simulations is being questioned by experts. * Organizations need to do a better job at protecting their secrets and credentials. * The cybersecurity landscape is rapidly evolving, requiring constant adaptation. Cybersecurity teams often feel like janitors cleaning up after others. * Organizational dynamics can create resentment in security teams. * Learning from incidents is crucial for improving security practices. * Balancing security needs with business operations is essential. * Generative AI presents both risks and opportunities for organizations. * Effective governance is needed for AI usage in business. * Security professionals must help businesses understand risk management. * Building relationships across departments can improve security outcomes. * AI tools should be used with proper agreements to protect data. * The landscape of AI in business is rapidly evolving and requires adaptation. Links * https://www.scworld.com/news/ransomware-attackers-turn-to-workers-for-data-breach-access * https://www.darkreading.com/application-security/llm-hijackers-deepseek-api-keys * https://www.wsj.com/tech/cybersecurity/phishing-tests-the-bane-of-work-life-are-getting-meaner-76f30173 * https://www.securityweek.com/security-teams-pay-the-price-the-unfair-reality-of-cyber-incidents/ * https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts

    1 Std. 10 Min.

  4. 3. FEB.

    Defensive Security Podcast Episode 295

    In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the alarming statistics surrounding ransomware attacks, the implications of paying ransoms, and the evolving nature of ransomware as a broader category of cyber threats. They also discuss the consolidation of security tools and the skepticism surrounding it, particularly in light of a recent report by Palo Alto and IBM. The conversation shifts to the risks associated with AI, highlighted by the DeepSeek incident, and concludes with a discussion on the importance of securing management interfaces and the ongoing challenges in the cybersecurity landscape.   Links: * https://www.infosecurity-magazine.com/news/ransomware-victims-shut-operations/ * https://www.cybersecuritydive.com/news/consolidation-security-tools/738912/ * https://9to5mac.com/2025/01/31/security-bite-top-macos-threat-found-riding-the-deepseek-wave/ * https://www.securityweek.com/sonicwall-confirms-exploitation-of-new-sma-zero-day/ * https://www.theregister.com/2025/01/30/deepseek_database_left_open/   Takeaways * 58% of ransomware victims had to shut down operations temporarily. * Only 13% of victims who paid ransom got all their data back. * The ransomware ecosystem relies on the belief that victims will recover their data. * Organizations average 83 different security tools, leading to inefficiencies. * Speed in deploying AI can compromise security practices. * DeepSeek incident highlights risks of using unverified AI models. * SonicWall’s zero-day vulnerability emphasizes the need for secure management practices. * Security tool consolidation may not always lead to better outcomes. * Phishing and RDP compromises are common entry points for ransomware. * The evolving nature of ransomware requires a broader understanding of cyber threats.

    1 Std. 16 Min.

  5. 26. JAN.

    Defensive Security Podcast Episode 294

    In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a hidden backdoor in Juniper routers, PayPal’s recent data breach settlement, the exploitation of older Ivanti bugs, the PowerSchool data breach affecting millions, and CISA’s new software security recommendations. The conversation emphasizes the importance of proactive security measures and the evolving landscape of cybersecurity threats.   If you find this podcast useful, please consider supporting us here: https://www.patreon.com/defensivesec Takeaways * The hidden backdoor in Juniper routers raises concerns about network security. * PayPal’s settlement highlights the need for better data protection practices. * Older vulnerabilities in Ivanti products continue to be exploited, stressing the importance of timely patching. * The PowerSchool data breach underscores the risks of inadequate credential protection. * CISA’s recommendations aim to improve software security across critical infrastructure. Links: * https://www.theregister.com/2025/01/25/mysterious_backdoor_juniper_routers/ * https://www.bleepingcomputer.com/news/security/paypal-to-pay-2-million-settlement-over-2022-data-breach/ * https://www.bleepingcomputer.com/news/security/cisa-hackers-still-exploiting-older-ivanti-bugs-to-breach-networks/ * https://www.securityweek.com/millions-impacted-by-powerschool-data-breach/ * https://www.securityweek.com/cisa-fbi-update-software-security-recommendations/

    1 Std. 4 Min.

  6. 20. JAN.

    Defensive Security Podcast Episode 293

    “Another day, another data breach.” In this episode of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss a significant data breach affecting hotel reservation data, regulatory actions taken against GoDaddy for poor security practices, and the evolving landscape of cyber attacks. They emphasize the importance of proactive defense strategies and innovative detection techniques to combat these threats effectively. Takeaways * Data breaches continue to be a common occurrence in the cybersecurity landscape. Regulatory bodies like the FTC are increasingly involved in enforcing security improvements post-breach. * Organizations must prioritize security measures to protect sensitive data from breaches. * The importance of multi-factor authentication cannot be overstated in preventing credential theft. * Ad blockers are not just for user convenience; they are essential for security. * Cybersecurity is a shared responsibility across all departments, including marketing and IT. * Proactive detection strategies can help identify malicious activity before significant damage occurs. * Understanding the attack vectors used by cybercriminals is crucial for effective defense. * Regularly updating and patching systems is vital to prevent exploitation of known vulnerabilities. * Innovative detection techniques, such as canary accounts, can enhance security monitoring efforts. Links: * https://www.bleepingcomputer.com/news/security/otelier-data-breach-exposes-info-hotel-reservations-of-millions/ * https://www.bleepingcomputer.com/news/security/ftc-orders-godaddy-to-fix-poor-web-hosting-security-practices/ * https://www.bleepingcomputer.com/news/security/hackers-leak-configs-and-vpn-credentials-for-15-000-fortigate-devices/ * https://cybersecuritynews.com/hackers-exploiting-companies-google-ads-accounts/ * https://www.blackhillsinfosec.com/one-active-directory-account-can-be-your-best-early-warning/

    48 Min.

  7. 12. JAN.

    Defensive Security Podcast Episode 292

    In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the dangers of malware disguised as proof of concept code on GitHub, the alarming rise in phishing attacks, the implications of a recent Treasury hack, and the targeted attacks on Ivanti’s security products. The conversation emphasizes the need for skepticism in security research, the importance of creating a safer environment for users, and the ongoing challenges posed by sophisticated threat actors. Links: * https://www.bleepingcomputer.com/news/security/fake-ldapnightmware-exploit-on-github-spreads-infostealer-malware/ * https://www.forbes.com/sites/daveywinder/2025/01/09/do-not-click-new-gmail-outlook-apple-mail-warning-for-billions/ * https://www.bleepingcomputer.com/news/security/treasury-hackers-also-breached-us-foreign-investments-review-office/ * https://www.bleepingcomputer.com/news/security/google-chinese-hackers-likely-behind-ivanti-vpn-zero-day-attacks/

    45 Min.

  8. 6. JAN.

    Defensive Security Podcast Episode 291

    Summary In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a significant incident involving a Tenable plugin update that disrupted Nessus agents worldwide. They delve into the implications of malicious Chrome extensions and sophisticated phishing attacks, particularly focusing on a recent incident involving OAuth trust exploitation. The conversation shifts to new HIPAA cybersecurity rules that aim to enhance security measures in healthcare, followed by a discussion on the rise of AI-generated phishing emails targeting executives. Finally, they explore the challenges of passkey technology in achieving usable security across different platforms.   Links: * https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/ * https://www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/ * https://www.darkreading.com/vulnerabilities-threats/hipaa-security-rules-pull-no-punches * https://arstechnica.com/security/2025/01/ai-generated-phishing-emails-are-getting-very-good-at-targeting-executives/ * https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/

    51 Min.
Alle anzeigen (200)

Bewertungen und Rezensionen

4,5
von 5
6 Bewertungen

Info

Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

Informationen

Das gefällt dir vielleicht auch

Melde dich an, um anstößige Folgen anzuhören.

Bleib auf dem Laufenden mit dieser Sendung

Melde dich an oder registriere dich, um Sendungen zu folgen, Folgen zu sichern und die neusten Updates zu erhalten.
Wähle ein Land oder eine Region aus

Afrika, Naher Osten und Indien

Asien/Pazifik

Europa

Lateinamerika und Karibik

USA und Kanada