The Threatpost Podcast

There is no question that companies are in the sights of would-be criminals looking to exploit them. While companies look at solutions and trainings to help keep the perimeter secure, the biggest fail point is often the employees, AKA the human element. In this Threatpost podcast, sponsored by Egress, we sit down with Jack Chapman to discuss the steps and tactics that companies can take to stay one step ahead of their adversaries. During our conversation, we discuss: Weaknesses that attackers look to exploit Evolution of toolkits Securing MFA and more

There is no question that the level of threats facing today's businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, , Chief Security Strategist & VP Global Threat Intelligence, Fortinet's FortiGuard Labs to discuss the threats facing CISOs along with more. During the course of our discussion, we dive into: What an attack on all fronts looks like The current state of the threat landscape New techniques being leveraged be adversaries The automation of threats We also lay out what CISOs need to consider when laying out and producing their threat action plan.

Can I tell you a secret? Will you keep it between us? You've probably said this or heard this when it comes to friends and family. However, do you also know that secret keeping, or lack thereof is one of the biggest issues that businesses face? According to the recent The State of the Secret Sprawl from GitGuardian further defines the breadth of business secrets. “A secret can be any sensitive data that we want to keep private. When discussing secrets in the context of software development, secrets generally refer to digital authentication credentials that grant access to services, systems and data. These are most commonly API keys, usernames and passwords, or security certificates. Secrets are what tie together different building blocks of a single application by creating a secure connection between each component. Secrets grant access to the most sensitive systems.” In this podcast with Mackenzie Jackson, developer advocate at GitGuardian, we dive into the report and also the issues that corporations face with public leaks from groups like Lapsus and more, along with as ways that developers can keep their code safe. For the full report, click here.

18:53 false Huntress Labs R&D Director Jamie Levy busts the old “Macs don't get viruses” myth and offers tips on how MacOS malware differs and how to protect against it.

27:33 false Still mystified by it all? Listen to KnowBe4's Dr. Lydia Kostopoulos explain what blockchain is: Now's the time to learn about associated cybersecurity risks.

18:51 false The automation and speed of attacks are increasing, says Fortinet's Derek Manky. Cases in point: Log4J and Linux as a new fav target.

21:40 false Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest. full

It's about time, AttackIQ's Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill: Visibility into adversary behavior has been muck.

The ransomware group's benefits – monthly bonuses, fines, employee of the month, performance reviews and top-notch training materials – might be better than your own company's, says BreachQuest's Marco Figueroa. 

There's a yawning gap between IT decision makers' confidence about security vs. their concession that repeated incidents are their own fault, says ExtraHop's Jamie Moles.

It's not just Ukraine: Threat intel experts are seeing a flood of data on Russian military, nukes and crooks, even with the Conti ransomware gang having shuttered its leaking Jabber chat server. 

Stock your liquor cabinets and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.”

With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.

Applications are the most preferred vectors for cybercriminals. Yet no single team or process can assure the rollout of safe cloud applications. From code design to unit testing to deployment, teams and tools have to work together to detect risks early while keeping the pipeline of digital products moving.   Alex Rice, CTO at HackerOne and Johnathan Hunt, VP of Security at GitLab, help development teams evolve their processes to build security directly into their workflows for smooth and safe cloud app rollouts.  They dropped by the Threatpost podcast recently to share tips on DevSecOps, including:   How to build a continual testing, monitoring, and feedback processes to drive down application risk. Developing a continuous approach to application security and DevOps security tools. Why collaboration and continual feedback is essential across development, cloud and security teams.   …as well as how to deal with the boatload of animosity between development and security teams. One tip: Assume positive intent!

22:33 false Dek: Crane Hassold, former FBI analyst turned director of threat intel at Abnormal Security, shares stories from his undercover work with cyberattackers.

Threatpost podcast: Cybereason CTO Yonatan Striem-Amit shares details about the company's vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show having been disclosed.

28:58 no Cyberattackers will target those & more as they pick up APT techniques to hurl more-destructive ransomware & supply-chain attacks, says Fortinet's Derek Manky.

11:02 no passwords,zoho,ad,kroll,solarwinds,redscan That's what clients are worried about, says Redscan's George Glass: that the powerful, highly privileged app could be a convenient point of entry for attackers, to areas deep inside an enterprise's footprint. That's what clients are worried about, says Redscan's George Glass: that the powerful, highly privileged app could be a convenient point of entry for at

26:01 no Fortinet's Derek Manky discusses a recent global survey showing that two-thirds of surveyed entities suffered at least one ransomware attack, while half were hit multiple times. Fortinet's Derek Manky discusses a recent global survey showing that two-thirds of surveyed entities suffered at

Imperva's Peter Klimek visited Threatpost podcast to discuss the evolution of DDoS attacks: They started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,

Imperva's Elad Erez discusses findings that 46% of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws.

Bryce Webster-Jacobsen – director of intelligence operations at digital risk protection/ransomware negotiators GroupSense – dropped by the Threatpost podcast to tell us what percentage of Ragnar Locker's warning that victims shouldn't call the FBI/police/negotiators is a bluff and what, if anything, security teams should take seriously. 

22:10 no DBIR is already funny, useful & well-written. Now that it's mapped to the ATT&CK framework, security teams could finally get the holy grail of security: the answer to “Are we doing this right?” Verizon's DBIR is already funny, useful & well-written. DBIR's Alex Pinto and Rich Struse, Director of MITRE Engenuity's Center for Threat Informed Defense (CTID), discuss an enticing future: They say that with the mapping of DBIR to the ATT&CK framework, security teams could finally get the holy grail of security. Namely, the answer to “What's

18:55 no Splunk's Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya & how to get ahead of encryption leaving your business a pile of broken shells. Splunk's Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya & how to get ah

19:21 no Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021. Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, discusses the top threats

Interos CEO Jennifer Bisceglie drops by the Threatpost podcast to talk about avoiding the mess a T-Mobile size breach can lead to, with the damage it can do to a business's brand, reputation, customer loyalty and revenue stream. 

Trillions of dollars in notional value are controlled by hedge funds and private equity firms, many of which have no cybersecurity protection to speak of. The calamitous, widespread SolarWinds attacks was a wakeup call: Another attack of that ilk could lead to the next 2008-esque financial meltdown. Agio CEO Bart McDonough says AI-enabled service platform could maybe, just maybe, help avert it.

FuzzCon panelists Damilare D. Fagbemi of Resilience Software Security and Anmol Misra of Autodesk say join the party as they share fuzzing wins & fuzzing fails when building a security testing program

n the company's annual Human Factor 2021 report assessing how the threat landscape morphed over the past year, Proofpoint researchers scratched their heads over the reasons for so many users succumbing to malicious email attachments. Could be that threat actors jumped on our Pavlovian work-from-home security conditioning, as suggested by Proofpoint vice president and general manager of email fraud defense Rob Holmes. Check out the Threatpost podcast for his take on how the pandemic influenced the threat landscape.

11:55 no Podcast: Blood samples aren't martinis. You can't shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware. Podcast: Blood samples aren't martinis. You can't shake them

SpecterOps researchers Lee Christensen and Will Schroeder discuss their work, to be presented at Black Hat, on how AD “misconfiguration debt” lays out a dizzying array of attack paths such as the one in the PetitPotam exploit for which Microsoft  rushed out a fix.

Threat actors have been building enormous botnets using IoT devices to try to compromise the computing systems that control crucial infrastructure, such as pipelines (case in point: the DarkSide ransomware attack on Colonial Pipeline) and other utilities, preying on legacy systems that have decades-old vulnerabilities. In this Threatpost podcast, Armis CISO Curtis Simpson delves into how to fight back.

21:47 no Nothing good, now that the ransomware gang's servers have vanished mid-negotiation, as ransomware negotiator Kurtis Minder details on Threatpost podcast. Nothing good, now that the ransomware gang's servers have vanished mid-negotiation, as ransomware negotiator Kurtis Minder details on Threatpost podcast. GroupSense's Minder offers tips on

Podcast: Is protecting your phone from spyware attacks a la NSO Group's Pegasus as simple as getting a new SIM card? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block three types of spyware attacks.

SophosLabs Principal Researcher Andrew Brandt discusses what makes organizations prime targets for ransomware threat actors, what steps could help them to protect themselves, and what's stopping them from implementing those steps.

"Trust is a human emotion. Computers don't have emotions. They don't need that trust, inherently" – that's the heart of Zero Trust cybersecurity, and SASE is how to make it happen.  Forcepoint's Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust a reality.

Forcepoint's Michael Crouse talks about risk-adaptive data-protection approaches and how to develop a behavior-based approach to insider threats and risk: particularly important as security perimeters have expanded due to the pandemic.

17:50 no darkside,Ransomware,fortinet,fortiguard In this Threatpost podcast, Fortinet's top researcher sketches out the ransom landscape, with takeaways from the DarkSide attack on Colonial Pipeline. In this Threatpost podcast, Fortinet's top researcher sketches out the ransom lands

21:03 no forcepoint,sase In this Threatpost podcast, Forcepoint's SASE and Zero Trust director describes how the pandemic jump-started SASE adoption for easier, more affordable security. In this Threatpost podcast, Forcepoint's SASE and Zero Trust director describes how the pandemic jump-started SASE adoption for easier, more affordable

19:05 no UNDERGROUND,malware,cybersecurity,cybercriminals,cyberattackers Trend Micro's Mayra Fuentes talks about the threat actors on 600+ monitored forums who requisition exploits and why they eschew bug bounty programs. Trend Micro's Mayra Fuentes talks about the threat actors on 600+ monitored f

Derek Manky Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs is joined by Threatpost podcast host Cody Hackett about the cybersecurity supply chain. What is it? How is it funded? And who are the victims and criminals within this multi-million dollar dark economy?  

Weeks after the disclosure around the ProxyLogon group of security bugs, exploitation attempts against unpatched Microsoft Exchange servers have skyrocketed. Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, said that last week researchers with FortiGuard Labs saw activity double over two days for cybercriminals targeting the vulnerabilities. The attackers are using the flaws to deploy cryptominers, ransomware (such as the recently discovered DearCry ransomware) and other malicious campaigns, he said.

Ransomware attacks continue to be a top security issue plaguing companies, with researchers from Fortinet's Fortiguard Labs saying they saw an explosion in ransomware activity towards the end of the fourth quarter of 2020.

Yaniv Balmas, the head of cyber research with Check Point Software, and Oded Vanunu, the head of products vulnerability research with Check Point Software, talk on this week's Threatpost podcast about the new discoveries around the NSA-linked exploit tools, as well as the implications of the SolarWinds supply-chain hack.

Law enforcement have been on a malware-takedown rampage: Last week, several agencies took down servers supporting the Emotet malware. Sherrod DiGrippo, senior director of threat research and detection with Proofpoint, said that no activity involving Emotet has been detected since the takedown effort occurred last week.

Joe Biden's inauguration ceremony last week marked a new strategy for the government's cybersecurity initiatives, with the US president's COVID-19 relief plan including $10 billion in funding for various cybersecurity defense initiatives - from hiring key security personnel to support for the Cybersecurity Infrastructure Security Agency (CISA).

In this week’s Threatpost podcast, senior editor Lindsey Welch talks with Steve Moore, chief security strategist with Exabeam, about the data privacy challenges posed by impending exposure notification implementations in the workplace.

Threatpost editors Tom Spring, Tara Seals and Lindsey Welch break down the top security stories to look out for in this week's first podcast of 2021 - from the SolarWinds hack to surging ransomware hospital cyberattacks. 

Security defense strategy can be very complex - with security teams not dealing with mere small bits of information, but instead dealing with tens of thousands of data points, from IoCs to TTPs, said Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet.

From eCommerce threats, to security concerns in connected speakers, Fortinet researchers discuss the top evolving threats of 2020, heading into the new year.

Researchers - as well as the U.S. Cybersecurity Infrastructure Security Agency (CISA) - are warning of a set of serious vulnerabilities affecting TCP/IP stacks. The flaws impact millions of Internet-of-Things (IoT) devices and embedded systems, including smart thermometers, smart plugs and printers, Forescout researcher Daniel dos Santos said during this week's Threatpost podcast.