Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Jerry Bell and Andrew Kalat
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

  1. 2 DAYS AGO

    Defensive Security Podcast Episode 286

    In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the launch of their new podcast, Getting Defensive. They delve into a CISA report on exploited vulnerabilities, highlighting the concerning trend of zero-day vulnerabilities being exploited. The conversation also covers a GitHub incident involving malicious commits aimed at framing a researcher, Microsoft’s new Windows resiliency initiative, and insights from a CISA red team assessment of a critical infrastructure organization. We emphasize the importance of consent in security assessments and the challenges organizations face in managing risks associated with outdated software. Takeaways * The launch of the new podcast ‘Getting Defensive’ aims to explore deeper cybersecurity topics. * CISA’s report indicates a troubling trend of zero-day vulnerabilities being exploited more frequently. * Organizations must prioritize patching and mitigating controls to address vulnerabilities effectively. * The GitHub incident highlights the risks of malicious commits and the importance of code review. * Microsoft’s Windows resiliency initiative introduces new features to enhance security and system integrity. * Consent is crucial in penetration testing and security assessments. * Organizations often accept risks associated with outdated software, which can lead to vulnerabilities. * Effective monitoring and detection are essential to mitigate potential attacks. * Ransomware is not the only threat; organizations must be aware of various attack vectors. * The CISA red team assessment provides valuable insights into the security posture of critical infrastructure.   Links: * https://www.darkreading.com/cyberattacks-data-breaches/zero-days-wins-superlative-most-exploited-vulns * https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/ * https://thehackernews.com/2024/11/microsoft-launches-windows-resiliency.html?m=1 * https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a

    1h 12m
  2. 21 OCT

    Defensive Security Podcast Episode 283

    “They Can’t All Be Winners” In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat explore several pressing cybersecurity topics as of October 2024. The discussion begins by addressing the rapid increase in vulnerability exploitation speeds, with a highlight that 70% of exploitable flaws in 2023 were zero-days, now being exploited within just five days. They stress the importance of effective patch management and prioritization tactics using tools like the CISA KEV list and Tenable’s Viper score. The episode also touches on the evolving nature of automated and targeted exploits, the critical role of timely patching, and the balance between production disruptions and security risks. The conversation broadens to include evolving endpoint security challenges, ransomware trends, and the need for vigilance in adapting to new threats. Additionally, the hosts discuss innovative ways to counter sophisticated attacks, such as leveraging more secure token-based authentication methods over SMS-based MFA. Lastly, the episode delves into how North Korean IT operatives infiltrate companies to steal sensitive data, the implications for remote work, and the importance of robust identity verification processes in hiring. Throughout, the focus remains on adapting to the dynamic threat landscape and continuous reassessment of security strategies. 00:00 Introduction and Casual Banter 00:41 Current Job Market Challenges 02:02 Cybersecurity Landscape Overview 02:20 Google’s Zero-Day Vulnerability Report 04:03 Importance of Patch Management 05:04 Trends in Exploitation Timelines 11:24 Strategies for Mitigating Vulnerabilities 20:03 Red Team Tool: EDR Silencer 26:52 Microsoft’s Ransomware Defense 27:25 Ransomware Attacks: A Decrease Despite the Increase 28:13 The Role of Unmanaged Devices in Cyber Attacks 28:39 Multi-Factor Authentication: Effectiveness and Adaptation 30:07 The Arms Race in Cybersecurity 30:49 The Importance of Phishing-Resistant MFA 32:11 The Rise of SIM Cloning in Ransomware 32:44 Challenges in Adopting Advanced Security Measures 36:46 North Korean IT Workers: A New Threat 40:50 The Future of Remote Hiring and Verification 49:03 Conclusion and Final Thoughts   Links: * https://www.bleepingcomputer.com/news/security/google-70-percent-of-exploited-flaws-disclosed-in-2023-were-zero-days/ * https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html * https://www.theregister.com/2024/10/15/microsoft_ransomware_attacks/ * https://www.bleepingcomputer.com/news/security/undercover-north-korean-it-workers-now-steal-data-extort-employers/

    53 min
  3. 30 SEPT

    Defensive Security Podcast Episode 281

    In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity events and issues. The episode opens with discussion on the recent weather impacts affecting Asheville and lessons for disaster preparedness in the security industry. A significant portion of the episode is dedicated to CrowdStrike’s recent Capitol Hill testimony, examining the fallout from their admitted testing failures and the implications of needed kernel access for security software. The hosts also explore an ongoing GDPR violation by Meta related to storing user passwords in plain text, and a hyped but less-critical-than-expected Linux vulnerability in the CUPS printing system. Finally, they delve into potential risks associated with AI systems like ChatGPT and the increasing need for security in OT and ICS environments. The episode concludes with a reminder about the essential nature of cybersecurity fundamentals. Links: * https://www.cybersecuritydive.com/news/crowdstrike-mea-culpa-testimony-takeaways/727986/ * https://www.bleepingcomputer.com/news/legal/ireland-fines-meta-91-million-for-storing-passwords-in-plaintext/ * https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html?m=1 * https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/ * https://industrialcyber.co/cisa/cisa-alerts-ot-ics-operators-of-ongoing-cyber-threats-especially-across-water-and-wastewater-systems/

    57 min
  4. 23 SEPT

    Defensive Security Podcast Episode 280

    In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects rather than vulnerabilities, and the need for derogatory names for threat actors to deter cybercrime. The episode also covers Disney’s decision to ditch Slack following a data breach, and the impact of valid account misuse in critical infrastructure attacks. Additionally, they explore new tough cyber regulations in the EU under NIS2, and a Google security flaw from a Black Hat presentation concerning dependency confusion in Apache Airflow. The hosts share their thoughts on industry responses, regulations, and how enterprises can improve their security posture. 00:00 Introduction and Podcast Setup 00:59 First Story: CISA Boss on Insecure Software 03:26 Debate on Software Security Responsibility 11:12 Open Source Software Challenges 15:20 Cloud Imposter Vulnerability 22:22 Disney’s Data Breach and Slack 27:37 Slack Data Breach Concerns 29:26 Critical Infrastructure Vulnerabilities 35:21 EU’s New Cyber Regulations 43:42 Global Regulatory Challenges 48:42 Conclusion and Sign-Off Links: * https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/ * https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package * https://www.cnbc.com/2024/09/19/disney-to-ditch-slack-after-july-data-breach-.html * https://www.cybersecuritydive.com/news/cisa-critical-infrastructure-attacks/727225/ * https://www.cnbc.com/amp/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html

    52 min
  5. 18 SEPT

    Defensive Security Podcast Episode 279

    In Episode 279 of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss the latest cybersecurity news and issues. Stories include Transportation for London requiring in-person password resets after a security incident, Google’s new ‘air-gapped’ backup service, the impact of a rogue ‘Whois’ server, and the ongoing ramifications of the Moveit breach. The episode also explores workforce challenges in cybersecurity, such as the gap between the number of professionals and the actual needs of organizations, and discusses the trend of just-in-time talent versus long-term training and development.   Links: * https://www.bleepingcomputer.com/news/security/tfl-requires-in-person-password-resets-for-30-000-employees-after-hack/ * https://www.securityweek.com/google-introduces-air-gapped-backup-vault-to-thwart-ransomware/ * https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/ * https://www.cybersecuritydive.com/news/global-cyber-workforce-flatlines-isc2/726667/ * https://www.cybersecuritydive.com/news/moveit-wisconsin-medicare/726441/ Transcript: Jerry: [00:00:00] Here we go. Today is Sunday, September 15th, 2024. And this is episode 279 of the defensive security podcast. My name is Jerry Bell and joining me today as always is Mr. Andrew Kalat. Andrew: Good evening, Jerry. Happy Sunday to you. Jerry:  Happy Sunday, just a reminder that the thoughts and opinions we express on the show are ours do not represent those of our employers or. Andrew: present, or future. Jerry: for those of us who have employers, that is not that I’m bitter or anything. It’s, Andrew: It’s, I envy your lack of a job. I don’t envy your lack of a paycheck. So that is the conflict. Jerry: It’s very interesting times right now for me. Andrew: Indeed. Jerry: All right. So our first story today comes from bleeping computer. And the title here is TFL, which is transportation for London requires in person, password [00:01:00] resets for 30, 000 employees. So those of you who may not be aware transportation for London had suffered what I guess would has been described as a nebulous security incident. They haven’t really pushed out a lot of information about what happened. They have said that it does not affect customers. But it apparently does impact some back office systems that did take off certain parts of their services offline, like I think. They couldn’t issue refunds. And there were a few other transportation related things that were broken as a result. But I think in the aftermath of trying to make sure that they’ve evicted the bad guy who, by the way, apparently has been arrested. Andrew: That’s rare. Somebody actually got arrested. Jerry: yeah. And not only that, but apparently it was somebody local. Andrew: Oops. Jerry: In in the country which may or may not be associated with an unknown named [00:02:00] threat actor, by the way, that was involved in some other ransomware attacks. Andrew: Kids don’t hack in your own backyard. Jerry: That’s right. Make sure you don’t have extradition treaties with where you’re attacking. So what I thought was most interesting was the, their, the approach here to getting back up and going they, they had disabled. So TFL had disabled the access for all of their employees and the requiring their employees to show up at a designated site to prove their identity in order to regain access. This isn’t the first. Organization that’s done this, but it is something that I suspect a lot of organizations don’t think about the logistics of, in the aftermath of a big hack. And if you’re a large company spread out all over the place,

    50 min

About

Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.

Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada