Securiosity

Despite the world being in the state it's in, there is still an internet to defend. Whether its information about criminals spinning up COVID-related scams, a run-of-the-mill ransomware attack, or some other form of cybercrime, information still needs to be shared between enterprises in order to keep things working as much as possible.    On this episode, Greg Otto talks to Dan Young, Founder of QuoLab, about what he's doing to help keep the lines of information sharing open, especially in this heavily-remote workforce world we are all living in. 

Everyone loves APIs. They can simplify app development while saving time and money. Yet, like all technology, hackers can find holes in APIs that can lead to enterprises having to deal with the loss of their crown jewels. So, in turn, there are startups entering the marketplace that aim to secure APIs, no matter what type of business is putting them to use. In this episode, Greg talks to Roey Eliyahu, CEO of Salt Security, about API security and how important it is for enterprises to consider.

Ransomware has been one of the biggest threats in cybersecurity over the past few years. Hospitals, governments, cities, companies, they've all been impacted by this wave of malicious behavior. But what happens when an enterprise is hit? What goes on in the short term? How do you stop the bleeding? How do you recover? On this episode, Greg Otto talks with David Macias, president of ITRMS, a IT service provider based in California. Macias, a victim of a ransomware attack, tells us how he recovered, what he learned, and what he tells his clients to do in order to prevent a similar incident from occurring.

Security awareness training, in the form of phishing emails, is generally frowned upon. Whether you have been responsible for administering it, taking it, and/or failing at it, the practice generally elicits an eye roll. What if it didn't have to be that way? CyberScoop Editor-in-Chief Greg Otto talks with Votiro CEO Aviv Grafi on the way he is making email content safe to click on -- no matter what.

In April, a small agency under the DOD released a bulletin that said a Chinese hacker group had been stealing data from cleared contractors via a leaking sinkhole. Shannon Vavra dug into that bulletin, and found the story behind it to be a very confusing mystery. In this episode, she talks about it with CyberScoop Editor-in-Chief Greg Otto.

In this episode, CyberScoop Editor-in-Chief Greg Otto talks with AppOmni CEO Brendan O'Connor on how enterprises are dealing with application security. Sometimes security teams just click the wrong box or grant the wrong permission, and O'Connor talks about how to fold that into a organization's overall security strategy.

The 2020 presidential election is going to be here, and like anything else, it's going to be impacted by the global pandemic. Some tech-savvy people want to vote online, while others are pushing for the low-tech means of vote-by-mail. Imperva CTO Kunal Anand spoke with CyberScoop Editor-in-Chief Greg Otto about the feasibility of each, no matter if it occurs during a pandemic.

Winnti Group has appeared time and time again in recent months, but a new report released this week shows that the group may be getting sloppy. Greg Otto and Shannon Vavra break down what malware the group is using, how they may be tied to a company known as "World Wired Labs," and what it tells us about the Chinese cybercrime underground.

Threat intelligence has been around as long as the cybersecurity industry itself. Yet the conversation has sounded the same for years. In this episode, Greg Otto talks with Todd Weller, chief strategy officer for Bandura Cyber, about how the community can shift what it talks about when it comes to threat intel and which sectors needs to better utilize it if the conversation is to ever sound different.

We've seen malware, scams, and surveillance pop up since COVID-19 has turned our world upside down. The CyberScoop staff — Greg Otto, Jeff Stone, Sean Lyngaas and Shannon Vavra — looks at the whirlwind of news from the past month, how is the cybersecurity community dealing with it, and the lasting changes that will come from the pandemic.

In this episode, Greg Otto talks with Adam Darrah, director of intelligence at Vigilante, about hacker gangs on the dark web, how they run their ransomware operations, and if the cybersecurity community get ever get past the mindset of shaming victims when they are hit with a breach.

Right before the world drastically changed due to the COVID-19 pandemic, the craziest story in cybersecurity was the Vault 7 trial. With that ending in a mistrial, Greg Otto and Jeff Stone look at how the government failed to get a conviction, what we learned about the CIA and when, if ever, we could see a new trial.

Greg Otto and Sean Lyngaas were in Miami for S4 -- and brought back all of info you need to know if you weren't there.

DHS cyber leadership is shuffling, we will break down who’s left, where they are going, and who’s new among the leadership in CISA. In our interview we talk to serial entrepreneur Marty Roesch about what he's been up to and how the cybersecurity scene has changed over his decades-long career.

DHS has set the agenda for agencies when it comes to vulnerability disclosure programs, we will break down what it means. In our interview, we talk to Firedome co-founder Sharon Mirsky about IoT security and the future of her company.

A top DHS cyber official is leaving the agency. We will break down what it means for 2020. In our interview we talk to Rupert Cook from Immersive Labs. We talk about why he’s company thinks it’s got a winning ,model in gamifying cybersecurity training,

North Korea tried to hack banks, Cyber Command caught them and put their malware out in the open, and we wrote a story about it, the world keeps spinning along. In our interview we talk to Mourad Yesayan Managing Director at Paladin Capital Group. We will get into a deep discussion on the money flowing into cybersecurity and where consolidation is headed.

So much for Twitter’s good couple of weeks -- we break down the insider threat case that shocked everyone this week. And, believe it or not, it wasn't the only insider threat story to make news! In our interview, we talk with Casey Ellis, CTO and Founder of Bugcrowd. Casey, Greg and Jen talk about election security, vulnerability disclosure programs, and the meme sweeping the nation: ok boomer.

Facebook is going hard at a private surveillance company, we will break down what is means for the future. In our interview we talk to Jeff Massimilla, VP of cyber at General Motors. Jeff talks to us about what it's like overseeing cybersecurity for one of the world’s largest car makers.

As part of CyberWeek, Greg Otto was joined by Gambling Compliance Editor-in-Chief James Kilsby and Bulletproof IT VP of Security Gus Fritschie to talk about the intersection of cybersecurity and casino gaming. This was a fun one.

One highly watched Russian hacker group just kept on hacking while we watched. We will talk about what some researchers unveiled this week. In our interview, we talk to Ori Eisen, Founder and CEO of Trusona about his quest to move both consumers and enterprises away from two-factor authentication.

There is a very interesting case going on in New York that could shape the future of cyber insurance. We will dive into the ramifications.In our interview, we talk to Jason Soroko, CTO of IoT at Sectigo If you are a PKI nerd, you are going to want to listen to this one.

Brace yourselves, there is another round of the crypto wars coming over the horizon. We will dive into what exactly is happening this time around. In our interview, we talk to Bob Ackerman, Managing Director of Allegis Capital and founder of DataTribe, on what are the emerging areas in cyber venture capital, why NSA talent is building the next wave of cybersecurity companies, and what exactly is to come with the next DataTribe challenge

The president is pushing a very weird false narrative on CrowdStrike. FedEx shareholders are fighting over NotPetya and bug bounty companies may have some workforce issues in California.In our interview, we talk with Keenan Skelly of Circadence about the gamification of cybersecurity training and how enterprises are learning to teach EVERYONE about cybersecurity.

Snowden is being sued, Emotet is back and we look at why exactly there is a cybersecurity workforce shortage.In our interview, we talk to Danny Adamitis and Elizabeth Wharton of Prevailion. Last week we told you about their research into a phishing campaign hiding in Microsoft Word macros. We get them to dive deeper and tell us what their company brings to the marketplace.

Microsoft wants to get into the attribution game, but through its Cyber Peace Institute. What's that all about? Also, Cyber Command is trolling North Korea, and the courts come down on a guy that tried to hack into President Trump’s tax returns.IN our interview, we talk to Mike Kirschner, COO of vigilante.io -- a new company coming out of stealth the same day this podcast dropped. How's that for synergy?

Greg and Jen break down exactly how bad it has been for Apple and what it means for your precious little iPhone.In our interview, Joakim Sundberg, CEO and founder of Baffin Bay Networks, tells us on how is protecting enterprises with his cloud-native threat intel platform.

The scams were plentiful and full of head-scratching details. So settle in, we have a bunch of crazy stories for you. In our interview, we talk to Fred Kneip from CyberGRX about how companies are understanding third-party risk.

It’s been a quieter week as the cybersecurity world, but we’ve got some updates from the Capital One case. In our interview, we talk to Jonathan Couch from ThreatQuotient about the cybersecurity issues surrounding the upcoming Census.

Right smack in the middle of the desert, we will talk about all the news coming out of Black Hat. New APT groups, phone company employees being arrested, cybersecurity issues in planes — we hit it all. In our interview, we talk to Cofense CTO Aaron Higbee about his company’s research into a sextortion campaign that is aimed at enterprises.

What else did you think we were going to talk about? We look at every angle that we possibly can on the biggest breach of the year. In our interview, we talk with Brian NeSmith of Arctic Wolf Networks. Arctic Wolf sells a SOC-as-a-service product to small and medium business, he tells us how his customers are more protected than ever before.

The NSA Is reorganizing, encryption has cops complaining, and Equifax is going to be cutting a lot of checks. In our interview, we talk to DUST Identity CEO about his company, which uses industrially-grown diamonds to secure electronics in the supply chain.

Microsoft is sending out early warnings about the 2020 election, Bluekeep patching is a mixed bag, and a company wants to use diamonds in the supply chain. In our interview, we talk with Casey Ellis from Bugcrowd on how his company has meshed the nature of pen testing with bug bounty programs to form what’s considered to be “crowdsourced security.”

This week, the cybersecurity world turned on a popluar video conferencing app, more home security services are being attacked, and we have what we believe to be the first compliance unicorn. In our interview we talk to JP Keating from Zimperium about the security around mobile banking apps.

Iran and U.S. are trading cyberattacks, another Florida city has paid a ransom and two big cybersecurity companies are suing each other. We cover it all. In our interview, we talk with Kowsik Guruswamy, CTO of Menlo Security. Menlo is a startup in the browser isolation space — which is a piece of technology is becoming more and more popular inside enterprises. He tells how the business is evolving and how the tech changes the way people work.

Welp, the hostage takers won this a round: a city in Florida paid up to get rid of some ransomware. We talk about what it means and why it was a bad idea. We also hit on the Black Hat speaker controversy and all the money that's still flying around. In our interview, we David Damato, Chief Security Officer of Tanium. We talked to David on the sidelines of the Gartner summit in Maryland this week, and spoke about patching, cyber hygiene, and whats like to be in charge of cybersecurity inside a cybersecurity company.

It was another week filled with M&A, venture and IPO talk. There was a bunch of hacker talk, sure, but the deals kept comin', so we talked about it a lot. In our interview, we talked to Distil Networks CEO Tiffany Kleeman to learn what's next for Distil (it was acquired earlier this week) and how her customers are stopping all those bad ad fraud bots.

This week was a lot. A lot of bickering, a lot of confusion, and a lot of money flying around. But the real fun is Greg and Jen finally talking about that 'Crypto' movie. We watched so you don't have to. In our interview, we talk with Andrea Little Limbago, chief social scientist at Virtru. Andrea wrote an op-ed of CyberScoop on the noise around encryption and the changes we are seeing to privacy laws on the state and local level.

The U.S. government has been all over the map on Huawei. Google flubbed its password storage. And identity management is getting a ton of money. In our interview, we talk with Justin Shattuck of Baffin Bay Networks. He goes into his work with threat intelligence and what bothers him with the scene today.

What didn't go down this week? Intel chip flaws, Cisco server issues, WhatsApp exploits, Microsoft RDP issues, IPOs....it's all happening! In our interview, we talk to IDExperts CEO Tom Kelly about all the noise surrounding Facebook and what needs to be done to give social media users more privacy.

Among the things discussed this week: NSA tools being repurposed, the DOJ indicting or extraditing a ton of hackers, cryptocurrency being stolen, kinetic attacks, election security drama, dark web marketplaces, and multiple rounds of funding. Yeah, it was a busy week. In our interview, we talk to Associate Editor Jeff Stone about his in-depth reporting on ad fraud and how its being leveraged by criminals to the tune of billions in losses.

Jen and Greg discuss Trump's cybersecurity workforce executive order, the Vault7 accuser's preposterous civil rights filing, and Fiserv's latest lawsuit. In our interview, we talk with HyperQube CEO Craig Stevenson and CRO Jessica Crytzer on spinning up cyber ranges quicker that ever before....and how Craig used to be a professional arm wrestler. Yup, you read that last part right.

ES&S wants to pen test its way to better security. But that may not be the best way to go about it. Greg and Jen discuss. In the interview, we talk with Flashpoint CEO Josh Lefkowitz about the new features to his company's dashboards, including information from dark web marketplaces and underground chats.

Operations around the world were unearthed this week. Brazil, India, Iran, Ukraine...you name the country, and we will tell you the info sec issue. In our interview, we talk with Andrew Morris of Greynoise about the way he is making it easier for security analysts to do their jobs.

Greg & Jen debate what the charges against Julian Assange really mean, a new plan to get people into the infosec workforce and a whole new spin on the word “cyberspace” In our weekly interview, we talk with Eric Heitzman from Security Compass, who looks to peel back all the buzzwords and tell us some practical ways on how DevSecOps can work for your organization.

People are just waltzing into Mar-A-Lago with thumb drives full of malware. Probably should be frowned upon, but we live in wild times. In our interview, we talk to Gordon Benoit of D3 Security about his SOAR product. Also, some 14-year-olds DDoSed their school's WiFi because they didn't want to take tests. We laugh about it for a bit.

Harold Martin copped a plea, saying that he wanted to put an end to his saga. But does his guilty plea close this chapter in NSA leaker history? In our interview, we talk to Aviv Grafi of votiro about how he got his start and why fileless malware is so hard to detect.

Norway's aluminum giant was rekt, but it was the best-case scenario. Facebook had another fail, but it wasn't the worst-case scenario. We'll explain. In our interview, we talk to Jonas Gyllensvaan, CEO of SyncDog, about his work in the MDM space.

It was a lighter week in news, as RSA is in the rearview mirror. We talk to Master Peace CEO Drew Cohen about his unique business that leverages cybersecurity talent in both the public and private sector. But, really, the big thing is the gift from the heavens that is the 'Crypto' movie trailer. Haven't heard of it. Oh man, you really should listen. TRAILER HERE: https://www.youtube.com/watch?v=kYZut3DWvek

A big week in cybersecurity means an extra big podcast. We talk about it all: Ghidra, Backstory, digital trust, smart house hacks, -- it's all in here. We talk to Christian Lees, CISO for InfoArmor. Christian gets into his role scouring the dark web, figuring out how people’s data ended up on dark web forums. Speaking of the dark web, we also are going to talk to RunSafe CEO Joe Saunders — RunSafe and CyberScoop launched the RunSafe Pwn Index this week. What is that, you ask? Listen and we'll tell you, duh.

There is a new report out on how fast nation-state hackers are moving from system to system. Thats only one of, like, eight stories around nation-state hacking this week. Those hacker spies are a busy bunch. In our interview, we talk to NormShield CEO Mohamoud Jibrell. His company just landed a round of seed funding for its third-party risk assessment scorecard.