Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Jerry Bell and Andrew Kalat
  • 4.7 (357)
  • TECHNOLOGY
  • UPDATED BIWEEKLY
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

  1. 3 DAYS AGO

    Defensive Security Podcast Episode 283

    “They Can’t All Be Winners” In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat explore several pressing cybersecurity topics as of October 2024. The discussion begins by addressing the rapid increase in vulnerability exploitation speeds, with a highlight that 70% of exploitable flaws in 2023 were zero-days, now being exploited within just five days. They stress the importance of effective patch management and prioritization tactics using tools like the CISA KEV list and Tenable’s Viper score. The episode also touches on the evolving nature of automated and targeted exploits, the critical role of timely patching, and the balance between production disruptions and security risks. The conversation broadens to include evolving endpoint security challenges, ransomware trends, and the need for vigilance in adapting to new threats. Additionally, the hosts discuss innovative ways to counter sophisticated attacks, such as leveraging more secure token-based authentication methods over SMS-based MFA. Lastly, the episode delves into how North Korean IT operatives infiltrate companies to steal sensitive data, the implications for remote work, and the importance of robust identity verification processes in hiring. Throughout, the focus remains on adapting to the dynamic threat landscape and continuous reassessment of security strategies. 00:00 Introduction and Casual Banter 00:41 Current Job Market Challenges 02:02 Cybersecurity Landscape Overview 02:20 Google’s Zero-Day Vulnerability Report 04:03 Importance of Patch Management 05:04 Trends in Exploitation Timelines 11:24 Strategies for Mitigating Vulnerabilities 20:03 Red Team Tool: EDR Silencer 26:52 Microsoft’s Ransomware Defense 27:25 Ransomware Attacks: A Decrease Despite the Increase 28:13 The Role of Unmanaged Devices in Cyber Attacks 28:39 Multi-Factor Authentication: Effectiveness and Adaptation 30:07 The Arms Race in Cybersecurity 30:49 The Importance of Phishing-Resistant MFA 32:11 The Rise of SIM Cloning in Ransomware 32:44 Challenges in Adopting Advanced Security Measures 36:46 North Korean IT Workers: A New Threat 40:50 The Future of Remote Hiring and Verification 49:03 Conclusion and Final Thoughts   Links: * https://www.bleepingcomputer.com/news/security/google-70-percent-of-exploited-flaws-disclosed-in-2023-were-zero-days/ * https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html * https://www.theregister.com/2024/10/15/microsoft_ransomware_attacks/ * https://www.bleepingcomputer.com/news/security/undercover-north-korean-it-workers-now-steal-data-extort-employers/

    53 min

  2. OCT 12

    Defensive Security Podcast Episode 282

    Episode 282: Exploiting Trust in Cybersecurity Practices In episode 282 of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kallett discuss several cybersecurity topics. They highlight a phishing attack outlined by Microsoft, where cybercriminals leverage file-hosting services like OneDrive and Dropbox to exploit trust and compromise identities. The episode also explores concerns about AI systems, like Grammarly sharing company confidential info, and emphasizes the growing need for well-defined governance policies. They touch on a cyberattack affecting American Water’s billing systems and the potential implications for OT systems. The final discussion surrounds Kaspersky’s decision to replace its software on US systems with Ultra AV, raising alarms over cyber responsibilities and government influence over IT.   Links: * https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/ * https://www.tenable.com/blog/cybersecurity-snapshot-employees-are-oversharing-work-info-with-ai-tools-cybersecurity * https://go.theregister.com/feed/www.theregister.com/2024/10/07/american_water_cyberattack/ * https://www.theregister.com/2024/09/24/ultraav_kaspersky_antivirus/

    38 min

  3. SEP 30

    Defensive Security Podcast Episode 281

    In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity events and issues. The episode opens with discussion on the recent weather impacts affecting Asheville and lessons for disaster preparedness in the security industry. A significant portion of the episode is dedicated to CrowdStrike’s recent Capitol Hill testimony, examining the fallout from their admitted testing failures and the implications of needed kernel access for security software. The hosts also explore an ongoing GDPR violation by Meta related to storing user passwords in plain text, and a hyped but less-critical-than-expected Linux vulnerability in the CUPS printing system. Finally, they delve into potential risks associated with AI systems like ChatGPT and the increasing need for security in OT and ICS environments. The episode concludes with a reminder about the essential nature of cybersecurity fundamentals. Links: * https://www.cybersecuritydive.com/news/crowdstrike-mea-culpa-testimony-takeaways/727986/ * https://www.bleepingcomputer.com/news/legal/ireland-fines-meta-91-million-for-storing-passwords-in-plaintext/ * https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html?m=1 * https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/ * https://industrialcyber.co/cisa/cisa-alerts-ot-ics-operators-of-ongoing-cyber-threats-especially-across-water-and-wastewater-systems/

    57 min

  4. SEP 23

    Defensive Security Podcast Episode 280

    In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects rather than vulnerabilities, and the need for derogatory names for threat actors to deter cybercrime. The episode also covers Disney’s decision to ditch Slack following a data breach, and the impact of valid account misuse in critical infrastructure attacks. Additionally, they explore new tough cyber regulations in the EU under NIS2, and a Google security flaw from a Black Hat presentation concerning dependency confusion in Apache Airflow. The hosts share their thoughts on industry responses, regulations, and how enterprises can improve their security posture. 00:00 Introduction and Podcast Setup 00:59 First Story: CISA Boss on Insecure Software 03:26 Debate on Software Security Responsibility 11:12 Open Source Software Challenges 15:20 Cloud Imposter Vulnerability 22:22 Disney’s Data Breach and Slack 27:37 Slack Data Breach Concerns 29:26 Critical Infrastructure Vulnerabilities 35:21 EU’s New Cyber Regulations 43:42 Global Regulatory Challenges 48:42 Conclusion and Sign-Off Links: * https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/ * https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package * https://www.cnbc.com/2024/09/19/disney-to-ditch-slack-after-july-data-breach-.html * https://www.cybersecuritydive.com/news/cisa-critical-infrastructure-attacks/727225/ * https://www.cnbc.com/amp/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html

    52 min

  5. SEP 18

    Defensive Security Podcast Episode 279

    In Episode 279 of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss the latest cybersecurity news and issues. Stories include Transportation for London requiring in-person password resets after a security incident, Google’s new ‘air-gapped’ backup service, the impact of a rogue ‘Whois’ server, and the ongoing ramifications of the Moveit breach. The episode also explores workforce challenges in cybersecurity, such as the gap between the number of professionals and the actual needs of organizations, and discusses the trend of just-in-time talent versus long-term training and development.   Links: * https://www.bleepingcomputer.com/news/security/tfl-requires-in-person-password-resets-for-30-000-employees-after-hack/ * https://www.securityweek.com/google-introduces-air-gapped-backup-vault-to-thwart-ransomware/ * https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/ * https://www.cybersecuritydive.com/news/global-cyber-workforce-flatlines-isc2/726667/ * https://www.cybersecuritydive.com/news/moveit-wisconsin-medicare/726441/ Transcript: Jerry: [00:00:00] Here we go. Today is Sunday, September 15th, 2024. And this is episode 279 of the defensive security podcast. My name is Jerry Bell and joining me today as always is Mr. Andrew Kalat. Andrew: Good evening, Jerry. Happy Sunday to you. Jerry:  Happy Sunday, just a reminder that the thoughts and opinions we express on the show are ours do not represent those of our employers or. Andrew: present, or future. Jerry: for those of us who have employers, that is not that I’m bitter or anything. It’s, Andrew: It’s, I envy your lack of a job. I don’t envy your lack of a paycheck. So that is the conflict. Jerry: It’s very interesting times right now for me. Andrew: Indeed. Jerry: All right. So our first story today comes from bleeping computer. And the title here is TFL, which is transportation for London requires in person, password [00:01:00] resets for 30, 000 employees. So those of you who may not be aware transportation for London had suffered what I guess would has been described as a nebulous security incident. They haven’t really pushed out a lot of information about what happened. They have said that it does not affect customers. But it apparently does impact some back office systems that did take off certain parts of their services offline, like I think. They couldn’t issue refunds. And there were a few other transportation related things that were broken as a result. But I think in the aftermath of trying to make sure that they’ve evicted the bad guy who, by the way, apparently has been arrested. Andrew: That’s rare. Somebody actually got arrested. Jerry: yeah. And not only that, but apparently it was somebody local. Andrew: Oops. Jerry: In in the country which may or may not be associated with an unknown named [00:02:00] threat actor, by the way, that was involved in some other ransomware attacks. Andrew: Kids don’t hack in your own backyard. Jerry: That’s right. Make sure you don’t have extradition treaties with where you’re attacking. So what I thought was most interesting was the, their, the approach here to getting back up and going they, they had disabled. So TFL had disabled the access for all of their employees and the requiring their employees to show up at a designated site to prove their identity in order to regain access. This isn’t the first. Organization that’s done this, but it is something that I suspect a lot of organizations don’t think about the logistics of, in the aftermath of a big hack. And if you’re a large company spread out all over the place,

    50 min

  6. SEP 9

    Defensive Security Podcast Episode 278

    In episode 278 of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss various recent cybersecurity topics. The episode starts with light-hearted banter about vacations before diving into the main topics. Key discussions include a new vulnerability in YubiKey that requires sophisticated physical attacks, resulting in a low overall risk but sparking debate about hardware firmware updates for security keys. Another key topic is Verkada being fined for CAN-SPAM Act violations and lack of proper security measures, including exposing 150,000 live camera feeds. The hosts also explore reports showing diverging trends in security budgets and spending, with some organizations reducing budgets while overall industry spending increases. They highlight the need for effective use of security products and potential over-reliance on third-party services. The episode also delves into the growing threat of deepfake scams targeting businesses, emphasizing the need for robust authentication policies and awareness training to mitigate risks. Finally, the hosts reflect on the broader challenges of balancing security needs with budget constraints in an evolving threat landscape. Links: https://www.bleepingcomputer.com/news/security/new-eucleak-attack-lets-threat-actors-clone-yubikey-fido-keys/ https://www.bleepingcomputer.com/news/security/verkada-to-pay-295-million-for-alleged-can-spam-act-violations/ https://www.cybersecuritydive.com/news/iran-cyberattacks-us-critical-infrastructure/725877/ https://www.theregister.com/2024/09/05/security_spending_boom_slowing/ vs https://www.cybersecuritydive.com/news/infosec-spending-surge-gartner/726081/ https://www.cybersecuritydive.com/news/deepfake-scam-businesses-finance-threat/726043/ Transcript Jerry: All right, here we go. Today is Saturday, September 7th, 2024. And this is episode 278 of the defensive security podcast. And my name is Jerry Bell. And joining me today as always is Mr. Andrew Kalat. Andrew: Good evening. Jerry, how are you? Kind sir. Jerry: Doing fantastic. How are you? Andrew: I’m great. Just got back from a little vacation, which was lovely. Saw a lot of Canada, saw some whales, saw some trains. It was Jerry: Did you see any moose? Andrew: Oddly we did not see a single moose, which was a bummer. We crossed from Toronto to Vancouver on a train and didn’t see a single moose. I saw a metric crap ton of ducks though. I couldn’t believe literally in the thousands. I don’t know why. Jerry: The geese are ducks. Cause Andrew: We saw a Jerry: geese are pretty scary. Andrew: We were sealed away from them, so we were protected. Jerry: I don’t know. Andrew: hard to Jerry: I don’t know. I w I wouldn’t I wouldn’t bet my life on that. Andrew: But yeah, we saw a decent chunk of gooses, but mostly ducks. Jerry: Good deal. Andrew: Indeed. I’m good. Now, catching back up on work. Jerry: And you’re back. Andrew: And you are apparently the Southern Command Center. Jerry: I am for another another day or two. Andrew: Nice. Never sucks to be at the beach. Jerry: It definitely does not. No, no bad days at the beach. Andrew: Nice. Jerry: All right. A reminder before we get started that the thoughts and opinions we express in the show are ours and do not represent those of our employers. Andrew: Past, present, or future. Jerry: That’s right. So our first topic or first story from today comes from bleeping computer. And this one was a bit of a, Oh, what’s the best, a bit controversial, best way to say it, controversial on on the social media sites over the past week. And the title is new leak. I’m not even going to try to pronounce that attack. Let’s threat actors, clone, Yubikey, Fido keys.

    52 min

  7. AUG 26

    Defensive Security Podcast Episode 277

    In this episode, Jerry Bell and Andrew Kalat discuss various topics in the cybersecurity landscape, including the influence of cyber insurance on risk reduction for companies and how insurers offer guidance to lower risks. They touch upon the potential challenges with cybersecurity maturity in organizations and the consultant effect. The episode also goes into detail about issues surrounding kernel-level access of security tools, implications of a CrowdStrike outage, and upcoming changes by Microsoft to address these issues. They recount a case about a North Korean operation involving a laptop farm to gain employment in U.S. companies, posing major security concerns. The discussion highlights the pitfalls of relying on end-of-life software, especially in M&A scenarios, and how this could be a significant vulnerability. Lastly, they explore the massive data breaches from Snowflake and the shared security responsibilities between service providers and customers, emphasizing the importance of multi-factor authentication and proper security management. Links: https://www.cybersecuritydive.com/news/insurance-cyber-risk-reduction/724852/ https://arstechnica.com/information-technology/2024/08/crowdstrike-unhappy-with-shady-commentary-from-competitors-after-outage/ https://www.cnbc.com/2024/08/23/microsoft-plans-september-cybersecurity-event-after-crowdstrike-outage.html https://arstechnica.com/security/2024/08/nashville-man-arrested-for-running-laptop-farm-to-get-jobs-for-north-koreans/ https://www.darkreading.com/vulnerabilities-threats/why-end-of-life-for-applications-is-beginning-of-life-for-hackers https://www.cybersecuritydive.com/news/snowflake-security-responsibility-customers/724994/   Transcript: Jerry: Here we go. Today is Saturday, August 24th, and this is episode 277 of the defensive security podcast. My name is Jerry Bell and joining me today as always is Mr. Andrew Kalat. Andrew: Good evening, my good sir Jerry. How are you? Jerry: I am awesome. How are you? Andrew: I’m good. I’m good. I’m getting ready for a little bit of a vacation coming up next week So a little bit of senioritis. If I’m starting to check out on the show, you’ll know why Jerry: Congrats and earned. I know. Andrew: Thank you, but otherwise doing great and happy to be here as always Jerry: Good. Good deal. All right. Just a reminder that the thoughts and opinions we express on this show are ours and do not represent anyone else or including employers, cats, relatives, you name it. Andrew: various sentient plants Jerry: Exactly. Okay. So jumping into some stories today. First one comes from cybersecuritydive. com, which by the way, has a lot of surprisingly good content. Andrew: Yeah, I have enjoyed a lot of what they write. We’ve a couple good stories there Jerry: Yeah. Yeah. So the title here is insurance coverage drives cyber risk reduction for companies, researchers say that the gist of this story is that there were two recent studies done or reports released one from a company called Omeda and another one from Forrester, which I think we all know and love.

    1h 2m

  8. AUG 16

    Defensive Security Podcast Episode 276

    Check out the latest Defensive Security Podcast Ep. 276! From cow milking robots held ransom to why IT folks dread patching, Jerry Bell and Andrew Kalat cover it all. Tune in and stay informed on the latest in cybersecurity! Summary: In episode 276 of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat delve into a variety of security topics including a ransomware attack on a Swedish farm’s milking machine leading to the tragic death of a cow, issues with patch management in IT industries, and an alarming new wormable IPv6 vulnerability patch from Microsoft. The episode also covers a fascinating study on the exposure and exploitation of AWS credentials left in public places, highlighting the urgency of automating patching and establishing robust credential management systems. The hosts engage listeners with a mix of humor and in-depth technical discussions aimed at shedding light on critical cybersecurity challenges. 00:00 Introduction and Casual Banter 01:14 Milking Robot Ransomware Incident 04:47 Patch Management Challenges 05:41 CrowdStrike Outage and Patching Strategies 08:24 The Importance of Regular Maintenance and Automation 15:01 Technical Debt and Ownership Issues 18:57 Vulnerability Management and Exploitation 25:55 Prioritizing Vulnerability Patching 26:14 AWS Credentials Left in Public: A Case Study 29:06 The Speed of Credential Exploitation 31:05 Container Image Vulnerabilities 37:07 Teaching Secure Development Practices 40:02 Microsoft’s IPv6 Security Bug 43:29 Podcast Wrap-Up and Social Media Plugs-tokens-in-popular-projects/ Links: *  https://securityaffairs.com/166839/cyber-crime/cow-milking-robot-hacked.html * https://www.theregister.com/2024/07/25/patch_management_study/ * https://www.cybersecuritydive.com/news/misguided-lessons-crowdstrike-outage/723991/ * https://cybenari.com/2024/08/whats-the-worst-place-to-leave-your-secrets/ * https://www.theregister.com/2024/08/14/august_patch_tuesday_ipv6/   Transcript: Jerry: Today is Thursday, August 15th, 2024. And this is episode 276 of the defensive security podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew Kalat. Andrew: Good evening, Jerry. Once again, from your southern compound, I see. Jerry: Once again, in the final time for a two whole weeks, and then I’ll be back. Andrew: Alright hopefully next time you come back, you’ll have yet another hurricane to dodge. Jerry: God, I hope not. Andrew: How are you, sir? Jerry: I’m doing great. It’s a, it’s been a great couple of weeks and I’m looking forward to going home for a little bit and then then coming back. How are you? Andrew: I’m good, man. It’s getting towards the end of summer. forward to a fall trip coming up pretty soon, and just cruising along. Livin the dream. Jerry: We will make up for last week’s banter about storms and just get into some stories. But first a reminder that the thoughts and opinions we express are those of us and not our employers. Andrew: Indeed. Which is important because they would probably fire me. You’ve tried. Jerry: I would yeah. So the the first story we have tonight is very Moving. Andrew: I got some beef with these people. Jerry: Great. Very moving. This one comes from security affairs and the title is crooks took control of a cow milking robot, causing the death of a cow. Now, I will tell you that the headline is much more salacious than the actual story that the. When I saw the headline, I thought, oh my God, somebody hacked a robot and it somehow kill the cow, but no, that’s not actually what happened, Andrew: Now, also, let’s just say up front, the death of a cow is terrible,

    46 min
See All (200)

4.7
out of 5
357 Ratings

About

Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

Information

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada