Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Jerry Bell and Andrew Kalat
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

  1. 21 OCT

    Defensive Security Podcast Episode 283

    “They Can’t All Be Winners” In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat explore several pressing cybersecurity topics as of October 2024. The discussion begins by addressing the rapid increase in vulnerability exploitation speeds, with a highlight that 70% of exploitable flaws in 2023 were zero-days, now being exploited within just five days. They stress the importance of effective patch management and prioritization tactics using tools like the CISA KEV list and Tenable’s Viper score. The episode also touches on the evolving nature of automated and targeted exploits, the critical role of timely patching, and the balance between production disruptions and security risks. The conversation broadens to include evolving endpoint security challenges, ransomware trends, and the need for vigilance in adapting to new threats. Additionally, the hosts discuss innovative ways to counter sophisticated attacks, such as leveraging more secure token-based authentication methods over SMS-based MFA. Lastly, the episode delves into how North Korean IT operatives infiltrate companies to steal sensitive data, the implications for remote work, and the importance of robust identity verification processes in hiring. Throughout, the focus remains on adapting to the dynamic threat landscape and continuous reassessment of security strategies. 00:00 Introduction and Casual Banter 00:41 Current Job Market Challenges 02:02 Cybersecurity Landscape Overview 02:20 Google’s Zero-Day Vulnerability Report 04:03 Importance of Patch Management 05:04 Trends in Exploitation Timelines 11:24 Strategies for Mitigating Vulnerabilities 20:03 Red Team Tool: EDR Silencer 26:52 Microsoft’s Ransomware Defense 27:25 Ransomware Attacks: A Decrease Despite the Increase 28:13 The Role of Unmanaged Devices in Cyber Attacks 28:39 Multi-Factor Authentication: Effectiveness and Adaptation 30:07 The Arms Race in Cybersecurity 30:49 The Importance of Phishing-Resistant MFA 32:11 The Rise of SIM Cloning in Ransomware 32:44 Challenges in Adopting Advanced Security Measures 36:46 North Korean IT Workers: A New Threat 40:50 The Future of Remote Hiring and Verification 49:03 Conclusion and Final Thoughts   Links: * https://www.bleepingcomputer.com/news/security/google-70-percent-of-exploited-flaws-disclosed-in-2023-were-zero-days/ * https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html * https://www.theregister.com/2024/10/15/microsoft_ransomware_attacks/ * https://www.bleepingcomputer.com/news/security/undercover-north-korean-it-workers-now-steal-data-extort-employers/

    53 min
  2. 30 SEPT

    Defensive Security Podcast Episode 281

    In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity events and issues. The episode opens with discussion on the recent weather impacts affecting Asheville and lessons for disaster preparedness in the security industry. A significant portion of the episode is dedicated to CrowdStrike’s recent Capitol Hill testimony, examining the fallout from their admitted testing failures and the implications of needed kernel access for security software. The hosts also explore an ongoing GDPR violation by Meta related to storing user passwords in plain text, and a hyped but less-critical-than-expected Linux vulnerability in the CUPS printing system. Finally, they delve into potential risks associated with AI systems like ChatGPT and the increasing need for security in OT and ICS environments. The episode concludes with a reminder about the essential nature of cybersecurity fundamentals. Links: * https://www.cybersecuritydive.com/news/crowdstrike-mea-culpa-testimony-takeaways/727986/ * https://www.bleepingcomputer.com/news/legal/ireland-fines-meta-91-million-for-storing-passwords-in-plaintext/ * https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html?m=1 * https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/ * https://industrialcyber.co/cisa/cisa-alerts-ot-ics-operators-of-ongoing-cyber-threats-especially-across-water-and-wastewater-systems/

    57 min
  3. 23 SEPT

    Defensive Security Podcast Episode 280

    In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects rather than vulnerabilities, and the need for derogatory names for threat actors to deter cybercrime. The episode also covers Disney’s decision to ditch Slack following a data breach, and the impact of valid account misuse in critical infrastructure attacks. Additionally, they explore new tough cyber regulations in the EU under NIS2, and a Google security flaw from a Black Hat presentation concerning dependency confusion in Apache Airflow. The hosts share their thoughts on industry responses, regulations, and how enterprises can improve their security posture. 00:00 Introduction and Podcast Setup 00:59 First Story: CISA Boss on Insecure Software 03:26 Debate on Software Security Responsibility 11:12 Open Source Software Challenges 15:20 Cloud Imposter Vulnerability 22:22 Disney’s Data Breach and Slack 27:37 Slack Data Breach Concerns 29:26 Critical Infrastructure Vulnerabilities 35:21 EU’s New Cyber Regulations 43:42 Global Regulatory Challenges 48:42 Conclusion and Sign-Off Links: * https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/ * https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package * https://www.cnbc.com/2024/09/19/disney-to-ditch-slack-after-july-data-breach-.html * https://www.cybersecuritydive.com/news/cisa-critical-infrastructure-attacks/727225/ * https://www.cnbc.com/amp/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html

    52 min
  4. 18 SEPT

    Defensive Security Podcast Episode 279

    In Episode 279 of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss the latest cybersecurity news and issues. Stories include Transportation for London requiring in-person password resets after a security incident, Google’s new ‘air-gapped’ backup service, the impact of a rogue ‘Whois’ server, and the ongoing ramifications of the Moveit breach. The episode also explores workforce challenges in cybersecurity, such as the gap between the number of professionals and the actual needs of organizations, and discusses the trend of just-in-time talent versus long-term training and development.   Links: * https://www.bleepingcomputer.com/news/security/tfl-requires-in-person-password-resets-for-30-000-employees-after-hack/ * https://www.securityweek.com/google-introduces-air-gapped-backup-vault-to-thwart-ransomware/ * https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/ * https://www.cybersecuritydive.com/news/global-cyber-workforce-flatlines-isc2/726667/ * https://www.cybersecuritydive.com/news/moveit-wisconsin-medicare/726441/ Transcript: Jerry: [00:00:00] Here we go. Today is Sunday, September 15th, 2024. And this is episode 279 of the defensive security podcast. My name is Jerry Bell and joining me today as always is Mr. Andrew Kalat. Andrew: Good evening, Jerry. Happy Sunday to you. Jerry:  Happy Sunday, just a reminder that the thoughts and opinions we express on the show are ours do not represent those of our employers or. Andrew: present, or future. Jerry: for those of us who have employers, that is not that I’m bitter or anything. It’s, Andrew: It’s, I envy your lack of a job. I don’t envy your lack of a paycheck. So that is the conflict. Jerry: It’s very interesting times right now for me. Andrew: Indeed. Jerry: All right. So our first story today comes from bleeping computer. And the title here is TFL, which is transportation for London requires in person, password [00:01:00] resets for 30, 000 employees. So those of you who may not be aware transportation for London had suffered what I guess would has been described as a nebulous security incident. They haven’t really pushed out a lot of information about what happened. They have said that it does not affect customers. But it apparently does impact some back office systems that did take off certain parts of their services offline, like I think. They couldn’t issue refunds. And there were a few other transportation related things that were broken as a result. But I think in the aftermath of trying to make sure that they’ve evicted the bad guy who, by the way, apparently has been arrested. Andrew: That’s rare. Somebody actually got arrested. Jerry: yeah. And not only that, but apparently it was somebody local. Andrew: Oops. Jerry: In in the country which may or may not be associated with an unknown named [00:02:00] threat actor, by the way, that was involved in some other ransomware attacks. Andrew: Kids don’t hack in your own backyard. Jerry: That’s right. Make sure you don’t have extradition treaties with where you’re attacking. So what I thought was most interesting was the, their, the approach here to getting back up and going they, they had disabled. So TFL had disabled the access for all of their employees and the requiring their employees to show up at a designated site to prove their identity in order to regain access. This isn’t the first. Organization that’s done this, but it is something that I suspect a lot of organizations don’t think about the logistics of, in the aftermath of a big hack. And if you’re a large company spread out all over the place,

    50 min
  5. 9 SEPT

    Defensive Security Podcast Episode 278

    In episode 278 of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss various recent cybersecurity topics. The episode starts with light-hearted banter about vacations before diving into the main topics. Key discussions include a new vulnerability in YubiKey that requires sophisticated physical attacks, resulting in a low overall risk but sparking debate about hardware firmware updates for security keys. Another key topic is Verkada being fined for CAN-SPAM Act violations and lack of proper security measures, including exposing 150,000 live camera feeds. The hosts also explore reports showing diverging trends in security budgets and spending, with some organizations reducing budgets while overall industry spending increases. They highlight the need for effective use of security products and potential over-reliance on third-party services. The episode also delves into the growing threat of deepfake scams targeting businesses, emphasizing the need for robust authentication policies and awareness training to mitigate risks. Finally, the hosts reflect on the broader challenges of balancing security needs with budget constraints in an evolving threat landscape. Links: https://www.bleepingcomputer.com/news/security/new-eucleak-attack-lets-threat-actors-clone-yubikey-fido-keys/ https://www.bleepingcomputer.com/news/security/verkada-to-pay-295-million-for-alleged-can-spam-act-violations/ https://www.cybersecuritydive.com/news/iran-cyberattacks-us-critical-infrastructure/725877/ https://www.theregister.com/2024/09/05/security_spending_boom_slowing/ vs https://www.cybersecuritydive.com/news/infosec-spending-surge-gartner/726081/ https://www.cybersecuritydive.com/news/deepfake-scam-businesses-finance-threat/726043/ Transcript Jerry: All right, here we go. Today is Saturday, September 7th, 2024. And this is episode 278 of the defensive security podcast. And my name is Jerry Bell. And joining me today as always is Mr. Andrew Kalat. Andrew: Good evening. Jerry, how are you? Kind sir. Jerry: Doing fantastic. How are you? Andrew: I’m great. Just got back from a little vacation, which was lovely. Saw a lot of Canada, saw some whales, saw some trains. It was Jerry: Did you see any moose? Andrew: Oddly we did not see a single moose, which was a bummer. We crossed from Toronto to Vancouver on a train and didn’t see a single moose. I saw a metric crap ton of ducks though. I couldn’t believe literally in the thousands. I don’t know why. Jerry: The geese are ducks. Cause Andrew: We saw a Jerry: geese are pretty scary. Andrew: We were sealed away from them, so we were protected. Jerry: I don’t know. Andrew: hard to Jerry: I don’t know. I w I wouldn’t I wouldn’t bet my life on that. Andrew: But yeah, we saw a decent chunk of gooses, but mostly ducks. Jerry: Good deal. Andrew: Indeed. I’m good. Now, catching back up on work. Jerry: And you’re back. Andrew: And you are apparently the Southern Command Center. Jerry: I am for another another day or two. Andrew: Nice. Never sucks to be at the beach. Jerry: It definitely does not. No, no bad days at the beach. Andrew: Nice. Jerry: All right. A reminder before we get started that the thoughts and opinions we express in the show are ours and do not represent those of our employers. Andrew: Past, present, or future. Jerry: That’s right. So our first topic or first story from today comes from bleeping computer. And this one was a bit of a, Oh, what’s the best, a bit controversial, best way to say it, controversial on on the social media sites over the past week. And the title is new leak. I’m not even going to try to pronounce that attack. Let’s threat actors, clone, Yubikey, Fido keys.

    52 min

About

Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.

Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada