Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Jerry Bell and Andrew Kalat
  • 0.0 (0)
  • TECHNOLOGY
  • EVERY TWO WEEKS
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec Podcast

Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

  1. 2 DAYS AGO

    Defensive Security Podcast Episode 280

    In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects rather than vulnerabilities, and the need for derogatory names for threat actors to deter cybercrime. The episode also covers Disney’s decision to ditch Slack following a data breach, and the impact of valid account misuse in critical infrastructure attacks. Additionally, they explore new tough cyber regulations in the EU under NIS2, and a Google security flaw from a Black Hat presentation concerning dependency confusion in Apache Airflow. The hosts share their thoughts on industry responses, regulations, and how enterprises can improve their security posture. 00:00 Introduction and Podcast Setup 00:59 First Story: CISA Boss on Insecure Software 03:26 Debate on Software Security Responsibility 11:12 Open Source Software Challenges 15:20 Cloud Imposter Vulnerability 22:22 Disney’s Data Breach and Slack 27:37 Slack Data Breach Concerns 29:26 Critical Infrastructure Vulnerabilities 35:21 EU’s New Cyber Regulations 43:42 Global Regulatory Challenges 48:42 Conclusion and Sign-Off Links: * https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/ * https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package * https://www.cnbc.com/2024/09/19/disney-to-ditch-slack-after-july-data-breach-.html * https://www.cybersecuritydive.com/news/cisa-critical-infrastructure-attacks/727225/ * https://www.cnbc.com/amp/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html

    52 min

  2. 18 SEPT

    Defensive Security Podcast Episode 279

    In Episode 279 of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss the latest cybersecurity news and issues. Stories include Transportation for London requiring in-person password resets after a security incident, Google’s new ‘air-gapped’ backup service, the impact of a rogue ‘Whois’ server, and the ongoing ramifications of the Moveit breach. The episode also explores workforce challenges in cybersecurity, such as the gap between the number of professionals and the actual needs of organizations, and discusses the trend of just-in-time talent versus long-term training and development.   Links: * https://www.bleepingcomputer.com/news/security/tfl-requires-in-person-password-resets-for-30-000-employees-after-hack/ * https://www.securityweek.com/google-introduces-air-gapped-backup-vault-to-thwart-ransomware/ * https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/ * https://www.cybersecuritydive.com/news/global-cyber-workforce-flatlines-isc2/726667/ * https://www.cybersecuritydive.com/news/moveit-wisconsin-medicare/726441/ Transcript: Jerry: [00:00:00] Here we go. Today is Sunday, September 15th, 2024. And this is episode 279 of the defensive security podcast. My name is Jerry Bell and joining me today as always is Mr. Andrew Kalat. Andrew: Good evening, Jerry. Happy Sunday to you. Jerry:  Happy Sunday, just a reminder that the thoughts and opinions we express on the show are ours do not represent those of our employers or. Andrew: present, or future. Jerry: for those of us who have employers, that is not that I’m bitter or anything. It’s, Andrew: It’s, I envy your lack of a job. I don’t envy your lack of a paycheck. So that is the conflict. Jerry: It’s very interesting times right now for me. Andrew: Indeed. Jerry: All right. So our first story today comes from bleeping computer. And the title here is TFL, which is transportation for London requires in person, password [00:01:00] resets for 30, 000 employees. So those of you who may not be aware transportation for London had suffered what I guess would has been described as a nebulous security incident. They haven’t really pushed out a lot of information about what happened. They have said that it does not affect customers. But it apparently does impact some back office systems that did take off certain parts of their services offline, like I think. They couldn’t issue refunds. And there were a few other transportation related things that were broken as a result. But I think in the aftermath of trying to make sure that they’ve evicted the bad guy who, by the way, apparently has been arrested. Andrew: That’s rare. Somebody actually got arrested. Jerry: yeah. And not only that, but apparently it was somebody local. Andrew: Oops. Jerry: In in the country which may or may not be associated with an unknown named [00:02:00] threat actor, by the way, that was involved in some other ransomware attacks. Andrew: Kids don’t hack in your own backyard. Jerry: That’s right. Make sure you don’t have extradition treaties with where you’re attacking. So what I thought was most interesting was the, their, the approach here to getting back up and going they, they had disabled. So TFL had disabled the access for all of their employees and the requiring their employees to show up at a designated site to prove their identity in order to regain access. This isn’t the first. Organization that’s done this, but it is something that I suspect a lot of organizations don’t think about the logistics of, in the aftermath of a big hack. And if you’re a large company spread out all over the place,

    50 min

  3. 9 SEPT

    Defensive Security Podcast Episode 278

    In episode 278 of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss various recent cybersecurity topics. The episode starts with light-hearted banter about vacations before diving into the main topics. Key discussions include a new vulnerability in YubiKey that requires sophisticated physical attacks, resulting in a low overall risk but sparking debate about hardware firmware updates for security keys. Another key topic is Verkada being fined for CAN-SPAM Act violations and lack of proper security measures, including exposing 150,000 live camera feeds. The hosts also explore reports showing diverging trends in security budgets and spending, with some organizations reducing budgets while overall industry spending increases. They highlight the need for effective use of security products and potential over-reliance on third-party services. The episode also delves into the growing threat of deepfake scams targeting businesses, emphasizing the need for robust authentication policies and awareness training to mitigate risks. Finally, the hosts reflect on the broader challenges of balancing security needs with budget constraints in an evolving threat landscape. Links: https://www.bleepingcomputer.com/news/security/new-eucleak-attack-lets-threat-actors-clone-yubikey-fido-keys/ https://www.bleepingcomputer.com/news/security/verkada-to-pay-295-million-for-alleged-can-spam-act-violations/ https://www.cybersecuritydive.com/news/iran-cyberattacks-us-critical-infrastructure/725877/ https://www.theregister.com/2024/09/05/security_spending_boom_slowing/ vs https://www.cybersecuritydive.com/news/infosec-spending-surge-gartner/726081/ https://www.cybersecuritydive.com/news/deepfake-scam-businesses-finance-threat/726043/ Transcript Jerry: All right, here we go. Today is Saturday, September 7th, 2024. And this is episode 278 of the defensive security podcast. And my name is Jerry Bell. And joining me today as always is Mr. Andrew Kalat. Andrew: Good evening. Jerry, how are you? Kind sir. Jerry: Doing fantastic. How are you? Andrew: I’m great. Just got back from a little vacation, which was lovely. Saw a lot of Canada, saw some whales, saw some trains. It was Jerry: Did you see any moose? Andrew: Oddly we did not see a single moose, which was a bummer. We crossed from Toronto to Vancouver on a train and didn’t see a single moose. I saw a metric crap ton of ducks though. I couldn’t believe literally in the thousands. I don’t know why. Jerry: The geese are ducks. Cause Andrew: We saw a Jerry: geese are pretty scary. Andrew: We were sealed away from them, so we were protected. Jerry: I don’t know. Andrew: hard to Jerry: I don’t know. I w I wouldn’t I wouldn’t bet my life on that. Andrew: But yeah, we saw a decent chunk of gooses, but mostly ducks. Jerry: Good deal. Andrew: Indeed. I’m good. Now, catching back up on work. Jerry: And you’re back. Andrew: And you are apparently the Southern Command Center. Jerry: I am for another another day or two. Andrew: Nice. Never sucks to be at the beach. Jerry: It definitely does not. No, no bad days at the beach. Andrew: Nice. Jerry: All right. A reminder before we get started that the thoughts and opinions we express in the show are ours and do not represent those of our employers. Andrew: Past, present, or future. Jerry: That’s right. So our first topic or first story from today comes from bleeping computer. And this one was a bit of a, Oh, what’s the best, a bit controversial, best way to say it, controversial on on the social media sites over the past week. And the title is new leak. I’m not even going to try to pronounce that attack. Let’s threat actors, clone, Yubikey, Fido keys.

    52 min

  4. 26 AUG

    Defensive Security Podcast Episode 277

    In this episode, Jerry Bell and Andrew Kalat discuss various topics in the cybersecurity landscape, including the influence of cyber insurance on risk reduction for companies and how insurers offer guidance to lower risks. They touch upon the potential challenges with cybersecurity maturity in organizations and the consultant effect. The episode also goes into detail about issues surrounding kernel-level access of security tools, implications of a CrowdStrike outage, and upcoming changes by Microsoft to address these issues. They recount a case about a North Korean operation involving a laptop farm to gain employment in U.S. companies, posing major security concerns. The discussion highlights the pitfalls of relying on end-of-life software, especially in M&A scenarios, and how this could be a significant vulnerability. Lastly, they explore the massive data breaches from Snowflake and the shared security responsibilities between service providers and customers, emphasizing the importance of multi-factor authentication and proper security management. Links: https://www.cybersecuritydive.com/news/insurance-cyber-risk-reduction/724852/ https://arstechnica.com/information-technology/2024/08/crowdstrike-unhappy-with-shady-commentary-from-competitors-after-outage/ https://www.cnbc.com/2024/08/23/microsoft-plans-september-cybersecurity-event-after-crowdstrike-outage.html https://arstechnica.com/security/2024/08/nashville-man-arrested-for-running-laptop-farm-to-get-jobs-for-north-koreans/ https://www.darkreading.com/vulnerabilities-threats/why-end-of-life-for-applications-is-beginning-of-life-for-hackers https://www.cybersecuritydive.com/news/snowflake-security-responsibility-customers/724994/   Transcript: Jerry: Here we go. Today is Saturday, August 24th, and this is episode 277 of the defensive security podcast. My name is Jerry Bell and joining me today as always is Mr. Andrew Kalat. Andrew: Good evening, my good sir Jerry. How are you? Jerry: I am awesome. How are you? Andrew: I’m good. I’m good. I’m getting ready for a little bit of a vacation coming up next week So a little bit of senioritis. If I’m starting to check out on the show, you’ll know why Jerry: Congrats and earned. I know. Andrew: Thank you, but otherwise doing great and happy to be here as always Jerry: Good. Good deal. All right. Just a reminder that the thoughts and opinions we express on this show are ours and do not represent anyone else or including employers, cats, relatives, you name it. Andrew: various sentient plants Jerry: Exactly. Okay. So jumping into some stories today. First one comes from cybersecuritydive. com, which by the way, has a lot of surprisingly good content. Andrew: Yeah, I have enjoyed a lot of what they write. We’ve a couple good stories there Jerry: Yeah. Yeah. So the title here is insurance coverage drives cyber risk reduction for companies, researchers say that the gist of this story is that there were two recent studies done or reports released one from a company called Omeda and another one from Forrester, which I think we all know and love.

    1h 2m

  5. 16 AUG

    Defensive Security Podcast Episode 276

    Check out the latest Defensive Security Podcast Ep. 276! From cow milking robots held ransom to why IT folks dread patching, Jerry Bell and Andrew Kalat cover it all. Tune in and stay informed on the latest in cybersecurity! Summary: In episode 276 of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat delve into a variety of security topics including a ransomware attack on a Swedish farm’s milking machine leading to the tragic death of a cow, issues with patch management in IT industries, and an alarming new wormable IPv6 vulnerability patch from Microsoft. The episode also covers a fascinating study on the exposure and exploitation of AWS credentials left in public places, highlighting the urgency of automating patching and establishing robust credential management systems. The hosts engage listeners with a mix of humor and in-depth technical discussions aimed at shedding light on critical cybersecurity challenges. 00:00 Introduction and Casual Banter 01:14 Milking Robot Ransomware Incident 04:47 Patch Management Challenges 05:41 CrowdStrike Outage and Patching Strategies 08:24 The Importance of Regular Maintenance and Automation 15:01 Technical Debt and Ownership Issues 18:57 Vulnerability Management and Exploitation 25:55 Prioritizing Vulnerability Patching 26:14 AWS Credentials Left in Public: A Case Study 29:06 The Speed of Credential Exploitation 31:05 Container Image Vulnerabilities 37:07 Teaching Secure Development Practices 40:02 Microsoft’s IPv6 Security Bug 43:29 Podcast Wrap-Up and Social Media Plugs-tokens-in-popular-projects/ Links: *  https://securityaffairs.com/166839/cyber-crime/cow-milking-robot-hacked.html * https://www.theregister.com/2024/07/25/patch_management_study/ * https://www.cybersecuritydive.com/news/misguided-lessons-crowdstrike-outage/723991/ * https://cybenari.com/2024/08/whats-the-worst-place-to-leave-your-secrets/ * https://www.theregister.com/2024/08/14/august_patch_tuesday_ipv6/   Transcript: Jerry: Today is Thursday, August 15th, 2024. And this is episode 276 of the defensive security podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew Kalat. Andrew: Good evening, Jerry. Once again, from your southern compound, I see. Jerry: Once again, in the final time for a two whole weeks, and then I’ll be back. Andrew: Alright hopefully next time you come back, you’ll have yet another hurricane to dodge. Jerry: God, I hope not. Andrew: How are you, sir? Jerry: I’m doing great. It’s a, it’s been a great couple of weeks and I’m looking forward to going home for a little bit and then then coming back. How are you? Andrew: I’m good, man. It’s getting towards the end of summer. forward to a fall trip coming up pretty soon, and just cruising along. Livin the dream. Jerry: We will make up for last week’s banter about storms and just get into some stories. But first a reminder that the thoughts and opinions we express are those of us and not our employers. Andrew: Indeed. Which is important because they would probably fire me. You’ve tried. Jerry: I would yeah. So the the first story we have tonight is very Moving. Andrew: I got some beef with these people. Jerry: Great. Very moving. This one comes from security affairs and the title is crooks took control of a cow milking robot, causing the death of a cow. Now, I will tell you that the headline is much more salacious than the actual story that the. When I saw the headline, I thought, oh my God, somebody hacked a robot and it somehow kill the cow, but no, that’s not actually what happened, Andrew: Now, also, let’s just say up front, the death of a cow is terrible,

    46 min

  6. 8 AUG

    Defensive Security Podcast Episode 275

    Links: * https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf * https://www.theregister.com/2024/08/05/crowdstrike_is_not_at_all/ * https://www.theverge.com/2024/8/6/24214371/microsoft-delta-letter-crowdstrike-response-comments * https://www.linkedin.com/posts/alexstamos_why-crowdstrikes-baffling-bsod-disaster-activity-7224046054076243969-1An8?utm_source=combined_share_message&utm_medium=ios_app * https://www.linkedin.com/posts/choff_why-crowdstrikes-baffling-bsod-disaster-activity-7224078879445958658-ymuc?utm_source=combined_share_message&utm_medium=member_ios * https://www.securityweek.com/thousands-of-devices-wiped-remotely-following-mobile-guardian-hack/ * https://www.bleepingcomputer.com/news/security/stackexchange-abused-to-spread-malicious-pypi-packages-as-answers/ * https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-gang-targets-it-workers-with-new-sharprhino-malware/ Transcript: Jerry: Today is Wednesday, August 7th, 2024. And this is episode 275 of the Defensive Security Podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew Kalat. Andrew: Good evening, Jerry. How are you?

    51 min

  7. 2 AUG

    Defensive Security Podcast Episode 274

    https://www.bleepingcomputer.com/news/security/over-3-000-github-accounts-used-by-malware-distribution-service/ https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/ https://www.darkreading.com/cybersecurity-operations/crowdstrike-outage-losses-estimated-staggering-54b  https://cdn.prod.website-files.com/64b69422439318309c9f1e44/66a24d5478783782964c1f6f_CrowdStrikes%20Impact%20on%20the%20Fortune%20500_%202024%20_Parametrix%20Analysis.pdf https://www.darkreading.com/vulnerabilities-threats/unexpected-lessons-learned-from-the-crowdstrike-event Summary: Episode 274: Malware on GitHub, North Korean Developer Scam & Secure Boot Failures In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss several notable security stories and issues. They start with a malware distribution service that leverages compromised GitHub accounts and WordPress sites. They then cover a security warning from KnowBe4 about hiring a supposed North Korean agent as a senior developer. They dive into the significance of two separate vulnerable firmware signing keys affecting over 500 hardware models. Lastly, they explore the massive financial impact of the recent CrowdStrike outage, with losses estimated at $5.4 billion. Throughout the episode, the hosts provide insights, potential solutions, and share personal experiences related to these cybersecurity challenges. 00:00 Introduction and Casual Banter 00:30 Funemployment and Retirement Reflections 01:54 Disclaimer and First Story Introduction 02:17 Malware Distribution via GitHub 04:24 WordPress Security Issues 8:09 North Korean Developer Incident 14:36 Lessons Learned and Recommendations 23:27 Secure Boot Vulnerabilities 29:19 Cloud Providers and Firmware Security 30:47 The Epidemic of Leaked Keys on GitHub 33:35 Challenges in Development and Security Practices 35:36 CrowdStrike Outage and Its Financial Impact 39:16 Legal and Technical Implications of the Outage 57:33 Concluding Thoughts and Future Plans   Transcript: Episode 274 274 === jerry: [00:00:00] Today is Wednesday, July 31st, 2024. And this is episode 274 of the defensive security podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew Kalat. Andrew: Good evening, Jerry. How are you? My good sir. jerry: So good. It hurts. How are you? Andrew: I’m doing good. it’s Wednesday, which is halfway through the week. So I can’t complain too much. jerry: It’s just another day to me though. Andrew: I, how are you enjoying your funemployment? jerry: It is awesome. funny story, when my dad retired, he told me something sad. He said, one of the things that you don’t realize is that the weekend starts losing its appeal, Andrew: Because every day is the weekend. jerry: because it’s just another day and, holidays are just another day.

    60 min

  8. 24 JUL

    Defensive Security Podcast Episode 273

    The Joe Sullivan Verdict – Unfair? – Which Part? (cybertheory.io) Fujitsu Details Non-Ransomware Cyberattack (webpronews.com) 5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy (thehackernews.com) Sizable Chunk of SEC Charges Vs. SolarWinds Dismissed (darkreading.com) CrowdStrike CEO apologizes for crashing IT systems around the world, details fix | CSO Online Summary: Cybersecurity Updates: Uber’s Legal Trouble, SolarWinds SEC Outcome, and CrowdStrike Outage In Episode 273 of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss recent quiet weeks in cybersecurity and correct the record on Uber’s CISO conviction. They delve into essential questions CISOs should consider about their cybersecurity strategies, including budget justification and risk reporting. The episode highlights the significant impact of CrowdStrike’s recent updates causing massive system crashes and explores the court’s decision to dismiss several SEC charges against SolarWinds. The hosts provide insights into navigating cybersecurity complexities and emphasize the importance of effective communication and collaboration within organizations. 00:00 Introduction and Banter 01:52 Correction on Uber’s CISO Conviction 04:07 Recommendations for CISOs 09:28 Fujitsu’s Non-Ransomware Cyber Attack 12:13 Key Questions for CISOs 32:47 Corporate Puffery and SEC Charges 33:15 Internal vs External Communications 33:52 SolarWinds Security Assessment 36:36 CrowdStrike CEO Apologizes 37:16 Global IT Systems Crash 37:57 CrowdStrike’s Kernel-Level Issues 40:55 Industry Reactions and Lessons 42:58 Balancing Security and Risk 49:26 CrowdStrike’s Future and Market Impact 01:03:46 Conclusion and Final Thoughts   Transcript: defensive_security_podcast_episode_273 === jerry: [00:00:00] All right, here we go. Today is Sunday, July 21st, 2024, and this is episode 273 of the Defensive Security Podcast. My name is Jerry Bell, and joining me tonight as always is Mr. Andrew Kalat. Andy: Good evening, Jerry. I’m not sure why we’re bothering to do a show. Nothing’s happened in the past couple of weeks. Andy: It’s been really quiet. jerry: Last week was very quiet. Andy: Yeah, sometimes You just need a couple quiet weeks. jerry: Yeah. Yeah, nothing going on so before we get into the stories a reminder that the thoughts and opinions We express on this podcast do not represent andrew’s employers Andy: Or your potential future employers jerry: or my potential future employers Andy: as you’re currently quote enjoying more time with family end quote jerry: Yes, which by the way Is highly recommended if you can do it. Andy: You’re big thumbs up of being an unemployed bum. jerry: It’s been amazing. Absolutely [00:01:00] amazing. I I forgot what living was like. jerry: I’ll say it that way. Andy: Having watched your career from next door ish, not a far, but not too close. I think you earned it. I think you absolutely earned some downtime. My friend, you’ve worked your ass off. jerry: Thank you. Thank you. It’s been fun. Andy: And I’ve seen your many floral picks. I don’t,

    1h 5m
See All (200)

About

Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

Information

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada