Podcasts about Advanced persistent threat

We've been in enough conversations to know when something clicks. This one did — and it did from the very first moment.In our debut Brand Story with White Knight Labs, we sat down with co-founders John Stigerwalt and Greg Hatcher, and what unfolded was more than a company intro — it was a behind-the-scenes look at what offensive security should be.John's journey is the kind that earns your respect quickly: he started at the help desk and worked his way to CISO, before pivoting into red teaming and co-founding WKL. Greg's path was more unconventional — from orchestral musician to Green Beret to cybersecurity leader. Two very different stories, but a shared philosophy: learn by doing, adapt without a manual, and never take the easy route when something meaningful is on the table.That mindset now defines how White Knight Labs works with clients. They don't sell cookie-cutter pen tests. Instead, they ask the right question up front: How does your business make money? Because if you can answer that, you can identify what a real-world attacker would go after. Then they simulate it — not in theory, but in practice.Their ransomware simulation service is a perfect example. They don't just show up with a scanner. They emulate modern adversaries using Cobalt Strike, bypassing endpoint defenses with in-house payloads, encrypting and exfiltrating data like it's just another Tuesday. Most clients fail the test — not because they're careless, but because most simulations aren't this real.And that's the point.White Knight Labs isn't here to help companies check a box. They're here to expose the gaps and raise the bar — because real threats don't play fair, and security shouldn't pretend they do.What makes them different is what they don't do. They're not an all-in-one shop, and they're proud of that. They won't touch IR for major breaches — they've got partners for that. They only resell hardware and software they've personally vetted. That honesty builds credibility. That kind of focus builds trust.Their training programs are just as intense. Between live DEF CON courses and their online platform, they're giving both new and experienced professionals a chance to train the way they operate: no shortcuts, no watered-down certs, just hard-earned skills that translate into real-world readiness.Pass their ODPC certification, and you'll probably get a call — not because they need to check a hiring box, but because it proves you're serious. And if you can write loaders that bypass real defenses? You're speaking their language.This first conversation with John and Greg reminded us why we started this series in the first place. It's not just about product features or service offerings — it's about people who live and breathe what they do, and who bring that passion into every test, every client call, and every training they offer.We've got more stories with them on the way. But if this first one is any sign of what's to come, we're in for something special.⸻Learn more about White Knight Labs: Guests:John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/White Knight Labs Website | https://itspm.ag/white-knight-labs-vukr______________________Keywords: penetration testing, red team, ransomware simulation, offensive security, EDR bypass, cybersecurity training, White Knight Labs, advanced persistent threat, cybersecurity startup, DEF CON training, security partnerships, cybersecurity services______________________ResourcesVisit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukrLearn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode we are looking once again at our digital security, particularly around the state of the industry in 2025, and the way threats and consumer behaviours are evolving.We'll be looking at the adoption of new kinds of security, how VPNs are still an evolving part of the security equation, and how Security Service Edge (SSE) is beginning to be taken more seriously. Joining us to discuss is Jaye Tillson, Field CTO and Distinguished Technologist at HPE.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. About this week's guest, Jaye Tillson: https://jayetillson.tech/ Sources cited in this week's episode:WEF 2025 cyber security report: https://www.weforum.org/publications/global-cybersecurity-outlook-2025/ Nuclear batteries: https://www.sciencedirect.com/science/article/pii/S2590147825000038?via%3DihubStatistics on nuclear energy: https://www.iea.org/energy-system/electricity/nuclear-power

In this episode we are looking once again at our digital security, particularly around the state of the industry in 2025, and the way threats and consumer behaviours are evolving.We'll be looking at the adoption of new kinds of security, how VPNs are still an evolving part of the security equation, and how Security Service Edge (SSE) is beginning to be taken more seriously. Joining us to discuss is Jaye Tillson, Field CTO and Distinguished Technologist at HPE.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. About this week's guest, Jaye Tillson: https://jayetillson.tech/ Sources cited in this week's episode:WEF 2025 cyber security report: https://www.weforum.org/publications/global-cybersecurity-outlook-2025/ Nuclear batteries: https://www.sciencedirect.com/science/article/pii/S2590147825000038?via%3DihubStatistics on nuclear energy: https://www.iea.org/energy-system/electricity/nuclear-power

In this episode we are looking once again at our digital security, particularly around the state of the industry in 2025, and the way threats and consumer behaviours are evolving.We'll be looking at the adoption of new kinds of security, how VPNs are still an evolving part of the security equation, and how Security Service Edge (SSE) is beginning to be taken more seriously. Joining us to discuss is Jaye Tillson, Field CTO and Distinguished Technologist at HPE.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. About this week's guest, Jaye Tillson: https://jayetillson.tech/ Sources cited in this week's episode:WEF 2025 cyber security report: https://www.weforum.org/publications/global-cybersecurity-outlook-2025/ Nuclear batteries: https://www.sciencedirect.com/science/article/pii/S2590147825000038?via%3DihubStatistics on nuclear energy: https://www.iea.org/energy-system/electricity/nuclear-power

In this episode we are taking a fresh look at how AI is affecting the world of cybersecurity. As we've explored on the podcast in previous episodes, artificial intelligence has opened up a whole new world of opportunities for our organizations, but it also brings fresh challenges for cybersecurity professionals.We'll be looking at the current state of play, and asking whether AI as a tool to defend us can match AI as a weapon to attack us, with guest Simon Leech, Director of the Cyber Security Centre of Excellence at HPE.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. About this week's guest, Karim Abou Zahab: https://www.linkedin.com/in/karim-abouzahab/Sources cited in this week's episode:McKinsey report into AI use: https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai Statista report into cybercrime costs:  https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide  Improvements to swarm robot insects: https://news.mit.edu/2025/fast-agile-robotic-insect-could-someday-aid-mechanical-pollination-0115

In this episode we are taking a fresh look at how AI is affecting the world of cybersecurity. As we've explored on the podcast in previous episodes, artificial intelligence has opened up a whole new world of opportunities for our organizations, but it also brings fresh challenges for cybersecurity professionals.We'll be looking at the current state of play, and asking whether AI as a tool to defend us can match AI as a weapon to attack us, with guest Simon Leech, Director of the Cyber Security Centre of Excellence at HPE.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. About this week's guest, Karim Abou Zahab: https://www.linkedin.com/in/karim-abouzahab/Sources cited in this week's episode:McKinsey report into AI use: https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai Statista report into cybercrime costs:  https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide  Improvements to swarm robot insects: https://news.mit.edu/2025/fast-agile-robotic-insect-could-someday-aid-mechanical-pollination-0115

In this episode we are taking a fresh look at how AI is affecting the world of cybersecurity. As we've explored on the podcast in previous episodes, artificial intelligence has opened up a whole new world of opportunities for our organizations, but it also brings fresh challenges for cybersecurity professionals.We'll be looking at the current state of play, and asking whether AI as a tool to defend us can match AI as a weapon to attack us, with guest Simon Leech, Director of the Cyber Security Centre of Excellence at HPE.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. About this week's guest, Karim Abou Zahab: https://www.linkedin.com/in/karim-abouzahab/Sources cited in this week's episode:McKinsey report into AI use: https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai Statista report into cybercrime costs:  https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide  Improvements to swarm robot insects: https://news.mit.edu/2025/fast-agile-robotic-insect-could-someday-aid-mechanical-pollination-0115

In this episode, we'll be taking a look at two increasingly important cybersecurity technologies: Zero Trust Network Access (ZTNA) and Software Security Edge (SSE).To help dissect these technologies and what they could mean for organizations in the face of the ever-increasing risk from ransomware, we're joined again by John Spiegel, and Jaye Tilson. They are both Field CTOs and Distinguished Technologists at HPE. This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About this week's guests: https://www.linkedin.com/in/jaye-tillson/?originalSubdomain=uk   https://www.linkedin.com/in/john-spiegel-2011543/  Sources and statistics cited in this episode: Ransomware attack rate from Statista: https://www.statista.com/statistics/204457/businesses-ransomware-attack-rate/KMPG research into ransomware: https://assets.kpmg.com/content/dam/kpmg/ca/pdf/2024/04/ca-cyber-incidents-and-intelligence-2023-en.pdfNASA's laser communication record: https://www.jpl.nasa.gov/news/nasas-laser-comms-demo-makes-deep-space-record-completes-first-phase/ 

In this episode, we'll be taking a look at two increasingly important cybersecurity technologies: Zero Trust Network Access (ZTNA) and Software Security Edge (SSE).To help dissect these technologies and what they could mean for organizations in the face of the ever-increasing risk from ransomware, we're joined again by John Spiegel, and Jaye Tilson. They are both Field CTOs and Distinguished Technologists at HPE. This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About this week's guests: https://www.linkedin.com/in/jaye-tillson/?originalSubdomain=uk   https://www.linkedin.com/in/john-spiegel-2011543/  Sources and statistics cited in this episode: Ransomware attack rate from Statista: https://www.statista.com/statistics/204457/businesses-ransomware-attack-rate/KMPG research into ransomware: https://assets.kpmg.com/content/dam/kpmg/ca/pdf/2024/04/ca-cyber-incidents-and-intelligence-2023-en.pdfNASA's laser communication record: https://www.jpl.nasa.gov/news/nasas-laser-comms-demo-makes-deep-space-record-completes-first-phase/ 

In this episode, we'll be taking a look at two increasingly important cybersecurity technologies: Zero Trust Network Access (ZTNA) and Software Security Edge (SSE).To help dissect these technologies and what they could mean for organizations in the face of the ever-increasing risk from ransomware, we're joined again by John Spiegel, and Jaye Tilson. They are both Field CTOs and Distinguished Technologists at HPE. This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About this week's guests: https://www.linkedin.com/in/jaye-tillson/?originalSubdomain=uk   https://www.linkedin.com/in/john-spiegel-2011543/  Sources and statistics cited in this episode: Ransomware attack rate from Statista: https://www.statista.com/statistics/204457/businesses-ransomware-attack-rate/KMPG research into ransomware: https://assets.kpmg.com/content/dam/kpmg/ca/pdf/2024/04/ca-cyber-incidents-and-intelligence-2023-en.pdfNASA's laser communication record: https://www.jpl.nasa.gov/news/nasas-laser-comms-demo-makes-deep-space-record-completes-first-phase/ 

An acronym for Advanced Persistent Threat to describe hacker groups or campaigns normally, but not always, associated with nation state cyber espionage and continuous low-level cyber conflict operations. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode we are looking at why people are moving away from Virtual Private Networks, or VPNs, and are navigating towards Zero Trust Network Access, or ZTNAs.VPNs have largely been unchallenged as the go-to cyber security option for organisations since they first came about in the mid-1990s. However, they do have security flaws which have been exploited by hackers and cyber criminals, leading many to ask whether there's a more secure solution.Joining us to discuss why ZTNA is becoming a more popular security option for organisations is Jaye Tillson, HPE's Director of Strategy in Cyber Security.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About the expert: https://www.linkedin.com/in/jaye-tillson/?originalSubdomain=uk Sources and statistics cited in this episode:No more Chewy Cnetres: https://www.forrester.com/report/No-More-Chewy-Centers-The-Zero-Trust-Model-Of-Information-Security/RES56682Revenue generated by the virtual private network (VPN) market worldwide: https://www.statista.com/statistics/542817/worldwide-virtual-private-network-market/ Statistics on ZTNA market share: https://www.kuppingercole.com/press-release/market-sizing-ztnaForbes report on VPN data leaks: https://www.forbes.com/advisor/business/vpn-statistics/ICS2 report on users' cloud security fears: https://www.statista.com/statistics/1172265/biggest-cloud-security-concerns-in-2020/ “String Quartet No. 1, 'Polar Energy Budget.”: https://www.youtube.com/watch?v=Tulsx2wt3qUComposing music from climate data: https://www.cell.com/iscience/fulltext/S2589-0042(24)00844-7?_returnURL=https%3A%2F%2Flinkinghub.elsevier.com%2Fretrieve%2Fpii%2FS2589004224008447%3Fshowall%3Dtrue

In this episode we are looking at why people are moving away from Virtual Private Networks, or VPNs, and are navigating towards Zero Trust Network Access, or ZTNAs.VPNs have largely been unchallenged as the go-to cyber security option for organisations since they first came about in the mid-1990s. However, they do have security flaws which have been exploited by hackers and cyber criminals, leading many to ask whether there's a more secure solution.Joining us to discuss why ZTNA is becoming a more popular security option for organisations is Jaye Tillson, HPE's Director of Strategy in Cyber Security.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About the expert: https://www.linkedin.com/in/jaye-tillson/?originalSubdomain=uk Sources and statistics cited in this episode:No more Chewy Cnetres: https://www.forrester.com/report/No-More-Chewy-Centers-The-Zero-Trust-Model-Of-Information-Security/RES56682Revenue generated by the virtual private network (VPN) market worldwide: https://www.statista.com/statistics/542817/worldwide-virtual-private-network-market/ Statistics on ZTNA market share: https://www.kuppingercole.com/press-release/market-sizing-ztnaForbes report on VPN data leaks: https://www.forbes.com/advisor/business/vpn-statistics/ICS2 report on users' cloud security fears: https://www.statista.com/statistics/1172265/biggest-cloud-security-concerns-in-2020/ “String Quartet No. 1, 'Polar Energy Budget.”: https://www.youtube.com/watch?v=Tulsx2wt3qUComposing music from climate data: https://www.cell.com/iscience/fulltext/S2589-0042(24)00844-7?_returnURL=https%3A%2F%2Flinkinghub.elsevier.com%2Fretrieve%2Fpii%2FS2589004224008447%3Fshowall%3Dtrue

In this episode we are looking at why people are moving away from Virtual Private Networks, or VPNs, and are navigating towards Zero Trust Network Access, or ZTNAs.VPNs have largely been unchallenged as the go-to cyber security option for organisations since they first came about in the mid-1990s. However, they do have security flaws which have been exploited by hackers and cyber criminals, leading many to ask whether there's a more secure solution.Joining us to discuss why ZTNA is becoming a more popular security option for organisations is Jaye Tillson, HPE's Director of Strategy in Cyber Security.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About the expert: https://www.linkedin.com/in/jaye-tillson/?originalSubdomain=uk Sources and statistics cited in this episode:No more Chewy Cnetres: https://www.forrester.com/report/No-More-Chewy-Centers-The-Zero-Trust-Model-Of-Information-Security/RES56682Revenue generated by the virtual private network (VPN) market worldwide: https://www.statista.com/statistics/542817/worldwide-virtual-private-network-market/ Statistics on ZTNA market share: https://www.kuppingercole.com/press-release/market-sizing-ztnaForbes report on VPN data leaks: https://www.forbes.com/advisor/business/vpn-statistics/ICS2 report on users' cloud security fears: https://www.statista.com/statistics/1172265/biggest-cloud-security-concerns-in-2020/ “String Quartet No. 1, 'Polar Energy Budget.”: https://www.youtube.com/watch?v=Tulsx2wt3qUComposing music from climate data: https://www.cell.com/iscience/fulltext/S2589-0042(24)00844-7?_returnURL=https%3A%2F%2Flinkinghub.elsevier.com%2Fretrieve%2Fpii%2FS2589004224008447%3Fshowall%3Dtrue

For the last decade, messaging around cyber security has often followed a similar pattern: Make people fear the consequences of being hacked. We are only human, after all. We're flawed, and we're fallible. So are we the weakest link in the cyber security chain? Or is there a better way to look at it?To answer that, we're joined this week by HPE Cyber Security Awareness Training Program Manager, Joanne O'Connor.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About the expert: https://www.linkedin.com/in/joanne-oconnor-/?originalSubdomain=ieSources and statistics cited in this episode:Psychology of Human error: https://www.tessian.com/research/the-psychology-of-human-error/Survey of most commonly used passwords: https://s1.nordcdn.com/nord/misc/0.78.0/nordpass/top-200-2023/200-most-common-passwords-en.pdfJET Fusion experiment: https://ccfe.ukaea.uk/programmes/joint-european-torus/ITER Fusion lab : https://www.iter.org/proj/inafewlines

For the last decade, messaging around cyber security has often followed a similar pattern: Make people fear the consequences of being hacked. We are only human, after all. We're flawed, and we're fallible. So are we the weakest link in the cyber security chain? Or is there a better way to look at it?To answer that, we're joined this week by HPE Cyber Security Awareness Training Program Manager, Joanne O'Connor.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About the expert: https://www.linkedin.com/in/joanne-oconnor-/?originalSubdomain=ieSources and statistics cited in this episode:Psychology of Human error: https://www.tessian.com/research/the-psychology-of-human-error/Survey of most commonly used passwords: https://s1.nordcdn.com/nord/misc/0.78.0/nordpass/top-200-2023/200-most-common-passwords-en.pdfJET Fusion experiment: https://ccfe.ukaea.uk/programmes/joint-european-torus/ITER Fusion lab : https://www.iter.org/proj/inafewlines

For the last decade, messaging around cyber security has often followed a similar pattern: Make people fear the consequences of being hacked. We are only human, after all. We're flawed, and we're fallible. So are we the weakest link in the cyber security chain? Or is there a better way to look at it?To answer that, we're joined this week by HPE Cyber Security Awareness Training Program Manager, Joanne O'Connor.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About the expert: https://www.linkedin.com/in/joanne-oconnor-/?originalSubdomain=ieSources and statistics cited in this episode:Psychology of Human error: https://www.tessian.com/research/the-psychology-of-human-error/Survey of most commonly used passwords: https://s1.nordcdn.com/nord/misc/0.78.0/nordpass/top-200-2023/200-most-common-passwords-en.pdfJET Fusion experiment: https://ccfe.ukaea.uk/programmes/joint-european-torus/ITER Fusion lab : https://www.iter.org/proj/inafewlines

What if you had a front-row seat to one of the most riveting stories in cybersecurity today? Join us as we unravel the story of the Chinese state-sponsored Advanced Persistent Threat, BlackTech, and their exploitation of the Cisco Zero Day CVE 2023-20109. We dissect their strategy of modifying router firmware on Cisco routers, maintaining a stealthy persistence, and pivoting from international subsidiaries to headquarters in Japan and the U.S. We also shed light on their target: branch routers and the abuse of trusted relationships within corporate networks. In addition, we touch on the recent ransomware attack that Johnson Controls faced and the FBI's warning about dual attacks with diverse ransomware variants.As we navigate the dense terrain of cybersecurity, we promise to enlighten you on network segmentation, a crucial measure for enhanced security and cost savings. We will guide you on creating network enclaves to handle sensitive information securely and discuss the benefits of firewall and switch segmentation for absolute separation of network communications. Furthermore, we emphasize the importance of adhering to the latest security standards like CMMC for better compliance. This episode is a goldmine of practical solutions for network security, making it essential for anyone who lives in the digital world. Stay tuned for this enlightening experience on the pressing issues in cybersecurity today. Support the show - Call 877-468-2721 or visit https://petronellatech.comPlease visit YouTube and LinkedIn and be sure to like and subscribe!Support the showNO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.Support the ShowPlease visit https://compliancearmor.com and https://petronellatech.com for the latest in Cybersecurity and Training and be sure to like, subscribe and visit all of our properties at: YouTube PetronellaTech YouTube Craig Petronella Podcasts Compliance Armor Blockchain Security LinkedIn Call 877-468-2721 or visit https://petronellatech.com

In the world of cyber security, there are occasional events which bring together people from all sides of the spectrum. One of those events is the Black Hat Briefings. In their own words, “a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world – from the corporate and government sectors to academic and even underground researchers.”Back in August Las Vegas hosted the 26th American Black Hat Conference, and today's guest was there. Jaye Tillson is a field Chief Technology Officer at Axis Security, who have recently been acquired as part of HPE Aruba Networking.We'll be finding out what goes on at these events, the hot topics under discussion, and whether they are as clandestine as they sound… Or not.We'd love to hear your one-minute review of books which have changed your year! Simply record them on your smart device or computer and upload them using this Google form: https://forms.gle/pqsWwFwQtdGCKqED6Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMAAbout the expert, Jaye Tillson: https://uk.linkedin.com/in/jaye-tillsonThis is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organisations and what we can learn from it.

In the world of cyber security, there are occasional events which bring together people from all sides of the spectrum. One of those events is the Black Hat Briefings. In their own words, “a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world – from the corporate and government sectors to academic and even underground researchers.”Back in August Las Vegas hosted the 26th American Black Hat Conference, and today's guest was there. Jaye Tillson is a field Chief Technology Officer at Axis Security, who have recently been acquired as part of HPE Aruba Networking.We'll be finding out what goes on at these events, the hot topics under discussion, and whether they are as clandestine as they sound… Or not.We'd love to hear your one-minute review of books which have changed your year! Simply record them on your smart device or computer and upload them using this Google form: https://forms.gle/pqsWwFwQtdGCKqED6Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMAAbout the expert, Jaye Tillson: https://uk.linkedin.com/in/jaye-tillsonThis is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organisations and what we can learn from it.

In the world of cyber security, there are occasional events which bring together people from all sides of the spectrum. One of those events is the Black Hat Briefings. In their own words, “a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world – from the corporate and government sectors to academic and even underground researchers.”Back in August Las Vegas hosted the 26th American Black Hat Conference, and today's guest was there. Jaye Tillson is a field Chief Technology Officer at Axis Security, who have recently been acquired as part of HPE Aruba Networking.We'll be finding out what goes on at these events, the hot topics under discussion, and whether they are as clandestine as they sound… Or not.We'd love to hear your one-minute review of books which have changed your year! Simply record them on your smart device or computer and upload them using this Google form: https://forms.gle/pqsWwFwQtdGCKqED6Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMAAbout the expert, Jaye Tillson: https://uk.linkedin.com/in/jaye-tillsonThis is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organisations and what we can learn from it.

Cyber security, and within that Zero Trust and SSE, is a huge deal for organizations both in terms of the implications and the cost. Implementing a proper security strategy can be a daunting task: Even knowing where to start is a minefield. Fortunately, there are people out there who can help. In a change to our usual format, we're joined by Field Chief Technologist at Axis Security Jaye Tillson. We're going to be asking him the questions he wishes more CTOs did before embarking on their Zero Trust, SSE and cyber security journeys.We'd love to hear your one-minute review of books which have changed your year! Simply record them on your smart device or computer and upload them using this Google form: https://forms.gle/pqsWwFwQtdGCKqED6Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMAAbout the expert, Jaye Tillson: https://uk.linkedin.com/in/jaye-tillsonThis is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organisations and what we can learn from it.

Cyber security, and within that Zero Trust and SSE, is a huge deal for organizations both in terms of the implications and the cost. Implementing a proper security strategy can be a daunting task: Even knowing where to start is a minefield. Fortunately, there are people out there who can help. In a change to our usual format, we're joined by Field Chief Technologist at Axis Security Jaye Tillson. We're going to be asking him the questions he wishes more CTOs did before embarking on their Zero Trust, SSE and cyber security journeys.We'd love to hear your one-minute review of books which have changed your year! Simply record them on your smart device or computer and upload them using this Google form: https://forms.gle/pqsWwFwQtdGCKqED6Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMAAbout the expert, Jaye Tillson: https://uk.linkedin.com/in/jaye-tillsonThis is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organisations and what we can learn from it.

‘Hacking for Cash' is a new ASPI podcast series exploring state sponsored campaigns of cyber espionage for commercial gain. Throughout the series we talk to experts who were close to the negotiations that led to a 2015 agreement between the United States and China to refrain from supporting and engaging in ‘hacking for cash', as well as a G20 leaders' commitment to stamp out cyber-enabled intellectual property (IP) theft. The series features conversations with cybersecurity experts on state-sponsored hackers and how they operate, and with industry leaders about risk and resilience. We also talk with IP experts about how the US and China protect trade secrets, and with national cybersecurity and counter-intelligence agencies about how companies and universities can protect their crown jewels. In this second episode of the series, Gatra Priyandita, Analyst at ASPI, speaks to Dustin McCormack and Callie Aboaf. Both work as cybersecurity analysts with The MITRE Corporation. MITRE is a US non-for-profit research and engineering company. They talk about the actors behind cyber-espionage campaigns, they unpack this phenomenon of APTs - the Advanced Persistent Threat actors , and how they're targeting intellectual property and other assets of economic and commercial value. Music: "Lounge It" by Maarten Schellekens, licensed with permission from the Independent Music Licensing Collective - imlcollective.uk

Cyber security, and within that Zero Trust and SSE, is a huge deal for organizations both in terms of the implications and the cost. Implementing a proper security strategy can be a daunting task: Even knowing where to start is a minefield. Fortunately, there are people out there who can help. In a change to our usual format, we're joined by Field Chief Technologist at Axis Security Jaye Tillson. We're going to be asking him the questions he wishes more CTOs did before embarking on their Zero Trust, SSE and cyber security journeys.We'd love to hear your one-minute review of books which have changed your year! Simply record them on your smart device or computer and upload them using this Google form: https://forms.gle/pqsWwFwQtdGCKqED6Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMAAbout the expert, Jaye Tillson: https://uk.linkedin.com/in/jaye-tillsonThis is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organisations and what we can learn from it.

In this episode, host Bidemi Ologunde presented the story of Marla's extraordinary day tackling a significant cyberattack in Ukraine. An email disrupts her Friday, prompting a thorough investigation that uncovers an Advanced Persistent Threat. Despite the pressure, Marla adeptly manages the crisis, secures resources, traces the attack, and reports to senior management. The demanding day concludes with the satisfying mitigation of the threat, exemplifying the resilience, adaptability, and commitment necessary in the volatile cybersecurity field.Support the show

Diese Episode erklärt, was Advanced Persistent Therats (kurz APTs) sind und wer diese hauptsächlich ausführt.

In this episode of Phishy Business, we take a look at advanced persistent threat groups, also known as APT Groups. Special guest Krijn de Mik, Incident Response and Intelligence Lead at Hunt & Hackett, where he specializes in investigations, forensic analysis, and tracking threat actors and threat actor groups, gives his insight on how organizations can protect themselves from APT Groups and their advanced cyberattacks. In ‘Advanced Persistent Threat Groups: Preparing Instead of Hoping', we discuss: What advanced persistent threat groups are, their tactics, their motivations, how large and organized they can be, and why we distinguish them as threat actors The ransom amounts that APT Groups seek, how and why the amounts differ by industry and victim, and the three most targeted industries (listen to learn which three) To pay or not to pay – some of the things that organizations should consider and what they should do when it comes to making this decision How prevention remains an organization's best bet and how prevention tactics such a table-top and crisis management exercises can help organizations prepare for attacks and reduce chaos One of the largest-scale and most fascinating APT group hacks Krijn and Hunt & Hackett have investigated The importance of: o Forensic readiness and how it can be achieved o Two-factor authentication o Backups and how organizations need to ensure they are complete About Phishy Business Fed up with the same old cybersecurity stories? Come with us on a journey that explores the lesser-known side. Whether it's social engineering, taking criminals to court or the journalists hunting down hackers — our new podcast series, Phishy Business, looks for new ways to think about cybersecurity. Mimecast's very own Brian Pinnock and Alice Jeffery are joined by guests from a range of unique security specialisms. Each episode explores tales of risk, reward and just a dash of ridiculousness to learn how we can all improve in the fight to stay safe. For more tales of risk, reward and ridiculousness, subscribe to Phishy Business on iTunes, Spotify, Anchor or wherever you get your podcasts. www.mimecast.com

[Referências do Episódio] - INSCRIÇÕES PARA O TURING DAY - https://www.even3.com.br/turingday2022/ - Investigating - DeadBolt Ransomware - https://www.qnap.com/en/security-advisory/QSA-22-19 - QNAP NAS devices targeted by surge of eCh0raix ransomware attacks - https://www.bleepingcomputer.com/news/security/qnap-nas-devices-targeted-by-surge-of-ech0raix-ransomware-attacks/ - BRATA is evolving into an Advanced Persistent Threat - https://www.cleafy.com/cleafy-labs/brata-is-evolving-into-an-advanced-persistent-threat - Lookout Uncovers Android Spyware Deployed in Kazakhstan - https://www.lookout.com/blog/hermit-spyware-discovery - Russian Botnet Disrupted in International Cyber Operation - https://www.justice.gov/usao-sdca/pr/russian-botnet-disrupted-international-cyber-operation [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

Bonjour à tous et bienvenue dans le ZDTech, le podcast quotidien de la rédaction de ZDNet. Je m'appelle Louis ADAM et aujourd'hui, je vais vous expliquer pourquoi certains groupes malveillants sont désignés par le sigle APT. Fancy Bear, Animal Farm, Hafnium : chaque société de cybersécurité dispose de sa propre nomenclature pour designer ces groupes. Mais tous sont généralement regroupés sous la même ombrelle, celle des groupes APT. APT pour Advanced Persistent Threat, ou Menace persistante avancée : l'acronyme existe depuis le début des années 2000 et nous vient d'outre atlantique, plus particulièrement du monde de la défense américaine. Le terme a depuis gagné en popularité dans le monde de la sécurité informatique et vise à décrire un certains type d'attaquants. Derrière cet acronyme, il n'est pas question d'une technique particulière ou d'outils spécifique, mais plutôt d'un mode opératoire particulier. Les groupes désignés par le sigle APT sont des groupes organisés et patients. Le terme « Avancé » qui leur colle à la peau est souvent mal interprété. Il ne s'agit pas forcement d'attaquants disposant d'outils, de vulnérabilités ou de logiciels malveillants sophistiqués, mais plutôt de leur capacité à exploiter tout un panel d'attaques pour infiltrer les réseaux qu'ils ciblent et s'y maintenir. En d'autre terme, on peut parfaitement trouver des exemples de groupes APT exploitant des vulnérabilités connues, des logiciels malveillants communs et des techniques d'attaques, comme le phishing, tout à fait traditionnelles. Le qualificatif « Persistant » est en revanche plus adapté : contrairement aux groupes cybercriminels traditionnels, les groupes APT peuvent prendre leur temps pour attaquer une cible. Ils peuvent ainsi effectuer plusieurs reconnaissances avant d'identifier les vulnérabilités à exploiter, contourner les défenses de la cible et ensuite déployer des moyens visant à se maintenir dans le réseau de la cible sans être repéré pendant des périodes très longues, parfois plusieurs mois. Enfin, l'objectif de ces groupes est souvent très spécifique : les chercheurs en sécurité associent plus généralement ce sigle à des groupes spécialisés dansl'espionnage et le vol d'informations souvent sensibles. Il n'est donc pas surprenant de voir que derrière de nombreux groupes APT se trouvent des unités encadrées parles services de renseignement de plusieurs pays. Mais l'espionnage n'est pas forcement leur seule mission : certains groupes APT se livrent ainsi parfois à la diffusion de désinformation ou de sabotage de systèmes informatiques. Et les cibles de ces groupes sont de tous types. Si les secteurs les plus stratégiques, comme ceux ayant trait à la défense ou l'aéronautique, sont fréquemment considérés comme des cibles de choix, n'importe quelle organisation ou personne détenant des informations stratégiques peut être visé par ce type de groupe. Contrairement aux cybercriminels « classiques », les groupes APT opèrent donc avecméthode. Ils ont des objectifs précis, fixés par un commanditaire, des équipes constituées de spécialistes et des procédures souvent rodées visant à atteindre leurs cibles en restant sous le radar.

Please enjoy this episode of The Gate 15 Interview podcast on Anchor, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts. In this episode of The Gate 15 Interview, Andy Jabbour speaks with Ronnie Tokazowski, Principal Threat Advisor at Cofense. Ronnie is a recognized expert cybersecurity researcher with success in reverse engineering both crimeware and Advanced Persistent Threat malware, including creation of decoders and indicators for detecting malicious attacks. When he's not frustrating bad guys, Ronnie is an accidental YouTuber, likes cooking, spicy food, and memes. Ronnie on Twitter, @iHeartMalware. Ronnie's YouTube channel: Ronnie Rants. In the discussion we address: Ronnie's background and the work he's doing at Cofense Business Email Compromise (BEC) Voodoo (no, seriously…) Ronnie's hair and more! “(at Cofense), we try to go back to the human…” – Ronnie Tokazowski, during our discussion, 10 Jan 2022 A few references mentioned in or relevant to our discussion include: What 6 Years of Success in a Global Takedown Operation Looks Like, and How You Can Do It, Too, a Medium post by Ronnie, 02 Jan Cofense Faith-Based Information Sharing and Analysis Organization (FB-ISAO) FBI on Business Email Compromise (numerous links to BEC related information from the FBI) FBI 2020 IC3 Annual Report & 2020 State Reports G4 Boyz x G4Choppa "Scam Likely" (Official Video) G4 Boyz feat. G4Choppa - SBA Job (Official Music Video) G4Choppa & G4 Boyz - “In Scam We Trust” (Official Music Video - WSHH Exclusive) Here's Ronnie providing some commentary: Fun with Fraudsters - Reacting to SBA Job by G4 Boyz Cofense Wins AI-Based Cybersecurity Solution of the Year in 2021 CyberSecurity Breakthrough Awards, 05 Oct 2021 Cofense Joins Microsoft Intelligent Security Association (MISA), 26 Oct 2021 Channel Insider: Best Email Security Providers & Services 2022, 23 Dec 2021 Traffic Light Protocol (TLP) Definitions And Usage, via CISA In our discussion, Ronnie mentions Brian Krebs' Krebs on Security blog (and on Twitter, @briankrebs). Some links to his BEC-related posts can be accessed here.

Τα εταιρικά δίκτυα δέχονται καθημερινά χιλιάδες επιθέσεις από κακόβουλους χρήστες. Μερικές από τις χειρότερες καταστάσεις που μπορούν να βρεθούν, περιστρέφονται γύρω από το ακρωνύμιο APT, ή, Advanced Persistent Threat. Το 2015, ο Andrew, ένας forensics analyst, έρχεται αντιμέτωπος με το APT group το οποίο έχει παραβιάσει το εταιρικό δίκτυο ενός τεχνολογικού κολοσσού. Θα ανακαλύψει με το σκληρότερο τρόπο ποιος είναι ο βασικός νόμος που διέπει κάθε επιχειρισιακή προσπάθεια. Ακούτε το Fabulas de Machina. Find us: Facebook: https://facebook.com/fabulasdemachina Instagram: https://instagram.com/fabulasdemachina Web: https://fabulasdemachina.com

Shared security, also known as shared responsibility, is a cloud security management model that describes the distribution of enterprise data security management and accountability between a company and its cloud service provider(s). The framework essentially enables improved productivity and unparalleled agility, so why isn't every organization adopting it? In this episode, introduced by Neira Jones, Dr. Eric Cole, Founder and CEO of Secure Anchor Consulting,, explores adopting shared security as best practice. Dr. Eric speaks with Chris Martin, IAM Presales Solution Architect for EMEA at Thales. The podcast delves into the main areas of organizational risk concerning cloud migration and vendor native decisions before shedding light on the limitations of a single service provider. The guests then discuss the shared security model - its benefits and the implementation process. Final thoughts centre on what organizations need to understand about control over all users and effectively build a best practice shared security strategy You can also learn more about this topic in our new whitepaper, Owning Your Own Access Security. Dr Eric Cole Dr. Eric Cole is an industry-recognized expert with over 20 years of hands-on experience, founder and an executive leader at Secure Anchor Consulting where he provides leading-edge cybersecurity consulting services, expert witness work, and R&D initiatives to advance our field. Dr. Cole has experience in information technology with a focus on helping customers focus on the right areas of security by building out a dynamic defense. Dr. Cole has a master's degree in computer science from NYIT and a doctorate from Pace University with a concentration in information security. He served as CTO of McAfee and Chief Scientist for Lockheed Martin. Dr. Cole is the author of several books, including Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible 2nd Edition, and Insider Threat. You can connect with Dr Cole on LinkedIn. Chris Martin Chris Martin is the lead EMEA Pre-Sales Solution Architect at Thales. With over 20 years expertise in the IAM space, Chris' extensive background includes Enterprise SSO, PAM, IDaaS and Identity Governance that enables him to bring a holistic approach to enterprise IAM. Within Thales, Chris works alongside our customers to help them define, develop and execute their IAM strategies, either aligning Thales solutions to an existing IAM architecture or building from the ground up. Prior to joining Thales, Chris honed his IAM skills with Sentillion, Centrify, OneLogin, Omada and MicroFocus. You can connect with Chris on LinkedIn.

APTs are said to be the most menacing cyber attacks in existence. Designed to be stealthy, gain access to corporate networks and steal secrets, APTs can cause crippling damage to businesses and governments alike. APT stands for Advanced Persistent Threats and this week we dive deep into the nature of these threats for our audience.  From exploiting vulnerabilities to exfiltrating data, we explore how these threats, and the teams of attackers behind them, can gain access to corporate and government secrets. Buckle up for this one!   Links: What is an APT - https://www.cioinsight.com/security/apt-attack/  

China has hit back at New Zealand after accusations of Chinese-sponsored hacking going on.Late Monday night, GCSB Minister Andrew Little said New Zealand had established links between Chinese state-sponsored actors known as Advanced Persistent Threat 40 (APT40) and malicious cyber activity in New Zealand.Little has called on China to stop the hacking.Beijing responded, saying the claims are lies, slander and ridiculous, and have threatened devastating consequences if the rhetoric continues.Andrew Hampton, the Director-General at the GCSB, told Heather du Plessis Allan New Zealand has been aware for several years about malicious activity by the Chinese ministry."In 2018 the New Zealand Government called them out for a compromise of a range of global managed service provides, which they used to get to customers."If you look at the Minister's statement it's actually talking about two related things - the first is an ongoing campaign that is a whole range of attacks that have been underway for a number of years, and then there's specifically the compromise of the Microsoft exchange which occurred at the start of the year.Hampton says the attribution process undertaken took some weeks to confirm who was responsible for the attacks."The New Zealand Government has raised with the Chinese embassy its concerns about this malicious cyber activity. The decision to go now and speak publically about this is driven by a couple of things - firstly that formal attribution process needed to be complete, but also to have as big as an effect as possible New Zealand wanted to make it a statement at the same time as a range of other like-minded countries did," Hampton adds.

The United States has blamed Chinese hackers backed by the state for one of the largest cyber attacks in history. Microsoft exchange servers were targeted earlier this year, affecting more than a quarter of a million servers worldwide. Late last night, the New Zealand Government also released a statement saying it condemns malicious cyber activity from China. Chinese officials have denied responsibility - saying it opposes cyber attacks and combats cyber theft. The international relationship with China is already under strain. The release from Andrew Little reads " New Zealand has established links between Chinese sponsored actors known as Advanced Persistent Threat 40 and malicious cyber activity in New Zealand". US correspondent Simon Marks has more.

The United States has blamed Chinese hackers backed by the state for one of the largest cyber attacks in history. Microsoft exchange servers were targeted earlier this year, affecting more than a quarter of a million servers worldwide. Late last night, the New Zealand Government also released a statement saying it condemns malicious cyber activity from China. Chinese officials have denied responsibility - saying it opposes cyber attacks and combats cyber theft. The international relationship with China is already under strain. The release from Andrew Little reads " New Zealand has established links between Chinese sponsored actors known as Advanced Persistent Threat 40 and malicious cyber activity in New Zealand". US correspondent Simon Marks has more.

Jesse Trucks is the Minister of Magic at Splunk, where he consults on security and compliance program designs and develops Splunk architectures for security use cases, among other things. He brings more than 20 years of experience in tech to this role, having previously worked as director of security and compliance at Peak Hosting, a staff member at freenode, a cybersecurity engineer at Oak Ridge National Laboratory, and a systems engineer at D.E. Shaw Research, among several other positions. Of course, Jesse is also the host of Meanwhile in Security, the podcast about better cloud security you're about to listen to.Show Notes:Links: ABT1 Report: https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf Securing Your Cloud Transformation Journey: https://onwireco.com/2021/06/08/securing-your-cloud-transformation-journey/ TeamTNT Strikes Again: A Wake-Up Call to Start Securing Cloud Entitlements: https://securityboulevard.com/2021/06/teamtnt-strikes-again-a-wake-up-call-to-start-securing-cloud-entitlements/ Secure Access Trade-offs for DevSecOps Teams: https://beta.darkreading.com/vulnerabilities-threats/secure-access-trade-offs-for-devsecops-teams?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple Cyber Gangs: Who are they in 2021 and what do they Want?: https://securityintelligence.com/articles/cyber-crime-gangs-who-are-they-today/ Required MFA is not Sufficient for Strong Security: A Report: https://www.darkreading.com/cloud/required-mfa-is-not-sufficient-for-strong-security-report/d/d-id/1341263 With Cloud, CDO and CISO Concerns are Equally Important: https://www.itsecuritynews.info/with-cloud-cdo-and-ciso-concerns-are-equally-important/ Colonial Pipeline CEO: Ransomware Attack Started via Pilfered ‘Legacy' VPN Account: https://beta.darkreading.com/attacks-breaches/colonial-pipeline-ceo-ransomware-attack-started-via-pilfered-legacy-vpn-account Cloud Security: Why Being Intentional in Encryption Matters: https://securityintelligence.com/articles/cloud-security-intentional-encryption/ CSPM explained: Filling the gaps in cloud security: https://www.csoonline.com/article/3620049/cspm-explained-filling-the-gaps-in-cloud-security.html Five worthy reads: Confidential computing–the way forward in cloud security: https://securityboulevard.com/2021/06/five-worthy-reads-confidential-computing-the-way-forward-in-cloud-security/ Data Protection in the K-12 Cloud: https://securityboulevard.com/2021/06/data-protection-in-the-k-12-cloud/ Cybersecurity Executive Order 2021: What it Means for Cloud and SaaS Security: https://thehackernews.com/2021/06/cybersecurity-executive-order-2021-what.html Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users: https://thehackernews.com/2021/06/hackers-can-exploit-samsung-pre.html Top 10 security items to improve in your AWS account: https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/ TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Announcer: Are you building cloud applications with a distributed team? Check out Teleport, an open-source identity-aware access proxy for cloud resources. Teleport provides secure access for anything running somewhere behind NAT SSH servers, Kubernetes clusters, internal web apps, and databases. Teleport gives engineers superpowers. Get access to everything via single sign-on with multi-factor authentication, list and see all SSH servers, Kubernetes clusters, or databases available to you, and get instant access to them using tools you already have. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. And best of all, Teleport doesn't get in the way. Download Teleport at goteleport.com. That's goteleport.com.Jesse: Us security people and the general news media like talking about APT this and APT that however, like most things with cybersecurity, the term isn't even explained. The term is Advanced Persistent Threat—or APT—and it came from Kevin Mandia, founder of Mandiant, a security company, in the famous ABT1 Report as it's called, released in early 2013, is a fascinating read. Well, maybe some of us love reading these things.There's a lot of hype around APTs and what it all means. An APT is essentially a well-funded hacking group, usually with nation-state backing. This means some government is funding and/or training and otherwise supporting the efforts of what amounts to a criminal enterprise attacking assets. Most of us shouldn't care much about APTs though, as long as we secure our cloud accounts and use properly configured multi-factor authentication, or MFA.Meanwhile, in the news. Securing Your Cloud Transformation Journey. Plan, build, run, repeat. Plan, build, run, repeat. It's so simple, however, the details are complex and varied at every one of these stages to reduce the possibility of something catastrophic happening.TeamTNT Strikes Again: A Wake-Up Call to Start Securing Cloud Entitlements. If you don't secure your IAM credentials for cloud services, the keys to your kingdom will be shared about by nefarious actors. I've recently pointed out that this ABT group, the TeamTNT, was harvesting easy-to-obtain credentials. I love a chance to hammer on basic protocols and methodology since almost nobody actually follows them correctly. Go secure your cloud credentials right now.Secure Access Trade-offs for DevSecOps Teams. Proper security is a balance between the needs of service delivery or data availability and safety. Work with your development groups at the left end, or start of your development process, to find that balance early.Cyber Gangs: Who are they in 2021 and what do they Want? I found this a tad on the sensationalist side of things, and because it focuses on the human-driven, highly targeted attacks, it seems like the world is caving under the pressure of cyber street gangs tearing us all apart. Despite this, it has good advice, and I think the topic is a very interesting peek into things most of us don't see.Required MFA is not Sufficient for Strong Security: A Report. Multi-factor authentication—or MFA—is not the pinnacle of protection. MFA is highly valuable, but only when you set it up correctly and close all the side and back doors of your floating house in the clouds. Don't forget to lock up on your way out.With Cloud, CDO and CISO Concerns are Equally Important. Now, most of us won't have a Chief Data Officer—or CDO—but that doesn't mean we shouldn't include the creators and curators of our precious data. Just say no to the culture of no.Colonial Pipeline CEO: Ransomware Attack Started via Pilfered ‘Legacy' VPN Account. Really? Really? In most situations like this, there's a root cause here that most people overlook: incomplete or inaccurate asset management systems. If you don't know what you have, you can't track how to secure it. Do you want to become international news because you forgot to monitor some VPN system nobody actually uses?Cloud Security: Why Being Intentional in Encryption Matters. Of course we should encrypt all the things, but we should do it sanely. Ensure you have personally identifiable information—or PII—and protected health information—or PHI—and other highly sensitive materials encrypted both at rest, which means sitting on storage devices or services of some sort, like S3 buckets and in transit, which means a network transaction such as sending query result records for a web app.Announcer: If your mean time to WTF for a security alert is more than a minute, it's time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you're building a secure business on AWS with compliance requirements, you don't really have time to choose between antivirus or firewall companies to help you secure your stack. That's why Lacework is built from the ground up for the cloud: low effort, high visibility, and detection. To learn more, visit lacework.com. That's lacework.com.Jesse: CSPM explained: Filling the gaps in cloud security. Cloud security posture management—or CSPM. Great, another acronym for another security product category. This might grow legs and go places, so bone up on it while we all experiment with it to see how useful and reliable it actually is.Five worthy reads: Confidential computing–the way forward in cloud security. I love me a meta-post; you are listening to one right now. So, I'll reference another source that's just a list of other sources, yeah? These are great pointers to more in-depth coverage on confidential computing and what that means. Confidential computing is essentially encryption of data via hardware, rather than the software or application layer. In theory, this makes it harder to decrypt the data. I'm in a wait-and-see place with that though.Data Protection in the K-12 Cloud. Being the principal for a K-through-five school, I love this one. It's a great read or listen—it's a podcast with a partial transcript—and I highly recommend listening to this one. Elementary schools often have huge budget shortfalls, even the private schools. It makes it difficult for us to implement proper security at such a small scale. It is, however, worth every second you spend on security and privacy.Cybersecurity Executive Order 2021: What it Means for Cloud and SaaS Security. Biden's executive order on improving the nation's cybersecurity is a dense read, but Hacker News breaks it down for us normal people. Can you guess my favorite part in the executive order? Email me with your answer.Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users. I try not to pick on any particular company because everyone fails in some way or another, and everyone gets pwned at some point. However, I've heard Android users complain about the Samsung builds being full-up with junk you don't need. Now, there's even more reason to be suspicious of the default software. If I ran Android devices still, I'd consider going back to the days when I ran CyanogenMod and broke my phone every few days. Nah, I'll keep my Apple device, thanks.And now for the tip of the week. Read the AWS Security Blog starting with Top 10 security items to improve in your AWS account entry from last year in March. This walks you through what AWS sees as the most critical things to look at and do, such as using MFA—correctly please—responding to things found in GuardDuty, and limiting security groups. For some of us implementing all of these things might be a big ask and large hurdle to leap over. However, their work will pay off handsomely.And that's it for the week, folks. Securely yours Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.

In episode 44 of The Cyber5, we are joined by Ronald Eddings. Ron is a Security Engineer and Architect for Marqeta, host of Hack Valley Studio podcast, and a cybersecurity expert and blogger have earned him a reputation as a trusted industry leader. In this episode, we discuss the fundamentals of automating threat intelligence. We focus on the automation and analysis of forensic artifacts such as indicators of compromise and actual attacker behaviors within an environment. We also discuss metrics that matter when the objective is to show progress for a security engineering program.  5 Topics Covered in this Episode: Define the Use Cases: (01:19 - 04:17) For a mature security team, the automation of cyber threat intelligence should start with defining use cases. An enterprise should ask, “What problems am I trying to solve?” Detecting malicious binaries on devices is a good place. For example, let's start with a problem that plagues all organizations: phishing. Creating an inbox for phishing emails is a good first step. Then, an organization needs to make a decision whether to automate the extraction of file hashes, URLs, and IPs for analysis or to direct employees not to click on the link or open the file.  Storage and Logging Components that Need to be In Place: (04:17 - 06:59) For security engineering to be effective, data must be available. Security engineers should define a data acquisition strategy by eliciting stakeholder requirements and assessing your collection plan. The right data is often spread across multiple tools and systems. This must be consolidated into one location for automation to be effective. For example, if an organization wants to detect lateral movement from an Advanced Persistent Threat and is only storing a month of Windows event logs, success is unlikely. To be effective, the following logging should be in place: 1) Windows event logs 2) Netflow (which can be expensive) 3) Cloud logs 4) EDR logs from endpoint devices, and 5) VPN and RDP logs. Prioritizing MITRE ATT&CK in Security Engineering: (06:59 - 10:12) When beginning a program, security engineering should resist the temptation to automate APT groups. Instead, they should automate alerts in the reconnaissance stages within MITRE ATT&CK and then work down the cyber kill chain towards exfiltration. Reconnaissance stages are easier to automate and by the time an attack escalates to the lateral movement stage, automation will facilitate and speed human analysis.  Security Orchestration and Automated Response (SOAR): (10:12 - 12:00) Python and Go are helpful languages to learn in the SOAR process and useful with incident response.  Useful Metrics and What Cannot be Automated in Security Engineering: (12:00 - 19:00)  Mean time to detection, response, and remediation are critical metrics for security engineers to measure. Case management systems such as JIRA can facilitate interaction between the security team roles, including SOC, Incident Response, Security Engineering, Threat Hunt, Threat Intel, Vulnerability Management, Application Security, Business Units, and Red Team. Identifying new threats and understanding why a threat occurred is almost impossible to automate and will always require analysis.

Dr. Cole has a master's degree in computer science from NYIT and a doctorate from Pace University with a concentration in information security. He served as CTO of McAfee and Chief Scientist for Lockheed Martin. Dr. Cole is the author of several books, including Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible 2nd Edition, and Insider Threat. He is the inventor of over 20 patents and is a researcher, writer, and speaker. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is the founder and an executive leader at Secure Anchor Consulting where he provides leading-edge cybersecurity consulting services, expert witness work, and leads research and development initiatives to advance the state-of-the-art in information systems security. Social Links for Dr. Cole: YOUTUBE: https://www.youtube.com/channel/UCwg_j4TF1dnP9OZFXzYussA TWITTER: https://twitter.com/drericcole​ FACEBOOK: https://www.facebook.com/DrEricCole/​ INSTAGRAM: https://www.instagram.com/drericcole/​ E-Books by Dr. Eric Cole: Threat Hunting: https://ar407.isrefer.com/go/mm2ythun Insider Threat: https://ar407.isrefer.com/go/mm2ytit/...​ Online Danger: https://www.onlinedanger.com

What is Advanced Persistent Threat? Advanced Persistent Threat? Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, commenting, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational, or personal use tips the balance in favor of fair use. All these podcasts are only created for teaching purposes. © 2020 Luv Johar

On this episode of the teissPodcast, we talk to Mick Jenkins, CISO of Brunel University, about Advanced Persistent Threat actors, espionage and the targeting of Intellectual Property.Mick talks about the University's 5 year strategy to improve their cyber security, and how this has been affected by the COVID-19 pandemic. Mick shares how he communicates cyber security messages to the wider university community, who might not realise that their data is the target of nefarious actors.Presenter: Russell LawsonMusic: Late Night (Loop), Joseph McDade

Heute erklärt Sven anhand eines einzelnen Vorfalls wie ein APT-Angriff (Advanced Persistent Threat) abläuft und wie die dazugehörige Analyse funktioniert. Zusätzlich bekommt Sven am Ende der Sendung eine Überraschung von Stefan, welche am Anfang der Episode bereits angekündigt wird, damit Sven sich auch in Vorfreude üben kann. Disclaimer In diesem Podcast werden Techniken oder Hardware vorgestellt, die geeignet sind, externe Geräte anzugreifen. Dies geschieht ausschließlich zu Bildungszwecken, denn nur, wenn man die Angriffstechniken kennt, kann man sich effektiv davor schützen. Denkt immer daran, diese Techniken oder Hardware nur bei Geräten anzuwenden, deren Eigner oder Nutzer das erlaubt haben.Der unerlaubte Zugriff auf fremde Infrastruktur ist strafbar (In Deutschland §202a, §202b, §202c StGB).

In this eprisode, Man delves into the Iranian cyber war Read My Lips, PoisonFrog and Glimpse, Hypershell and TwoFace, tools EternalBlue and EternalRomance, DNSpionage, RAT malware phishing, brute-force attacks such as "credential stuffing" WannaCry and Man-in-the-middle attacks. FireEye, Advanced Persistent Threat 33, Advanced Persistent Threat 34 MBTM Computer Intro • Cyberattacks : Iran • Sat Jun 29 2019 • Cyber warfare : Iran + Russia • Track737 • Audio_06_25_2019_15_42_25.mp3

Full episode with images and links available at CISO Series (https://cisoseries.com/do-these-jeans-make-my-vulnerabilities-look-too-big/) We're starting to get a little self-conscious that our vulnerabilities are starting to show. People we don't even know are telling us we have them on the latest episode of CISO/Security Vendor Relationship Podcast. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Fredrick Lee (AKA "Flee") (@fredrickl), CSO of Gusto. Effective vulnerability prioritization helps you answer three questions: Where should we prioritize based on risk? Which vulnerabilities are likeliest to be exploited? What should we fix first? Tenable gives you the accurate and actionable data you need to answer these questions and better secure your business. Learn more: tenable.com/predictive-prioritization. What's a CISO to do? Chris Romeo, CEO of Security Journey, wrote a post where he asked, "What if I had to develop an application security program with a budget of zero dollars?" What he presented was a means to lean on the OWASP open source community and tools to build an application security program. You're a CISO, what's your take on this? I was chatting with a pentester, Benjamin McEwan, from Scotland, who reaches out to CISOs trying to responsibly disclose, not expose, a credible security vulnerability. It's his effort to get recognized. He's frustrated though in his ability to find permanent work because those hiring only see him as an independent researcher. Is his exercise the right approach? What can a talented security person in his position do to make himself more attractive to CISOs? What's Worse?! We've got a couple of scenarios that shocked our guest at the sheer InfoSec horror. Breathe In, It's Time for a Little Security Philosophy On Quora, a question right out of the Matthew Broderick movie WarGames asks, "If a student hacked into university computers and changed his grade in cyber security to an A, does he actually deserve the A?" Except for one person, everyone said, "No," but for different reasons. Mike, are you saying no, and if so, what reason? What do you think of this pitch? We've got two pitches from vendors this week. One came directly to me. Cloud Security Tip, by Steve Prentice - Sponsored by OpenVPN. The idea behind an Advanced Persistent Threat is both intriguing and a little distracting. It sounds like the title of a Tom Clancy novel – maybe a sequel to Clear and Present Danger. Designed to penetrate a network, operate while hidden for a long time, all the while receiving commands from an outside agent, an APT is more sophisticated than everyday malware and tends to be deployed against large targets.

Eric Cole (@drericcole) is arguably the #1 cyber security expert in the US with a resume including the Obama administration, the CIA, the Gates Foundation and CTO of McAfee and was inducted into the 2014 InfoSecurity Hall of Fame.Eric is an expert in information technology, with a focus on secure network design, perimeter defense, penetration testing, vulnerability discovery, and intrusion detection systems. He has also authored many books, including Online Danger, Advanced Persistent Threat and many more, an inventor with more than 20 patents and the founder of Secure Anchor, an elite cybersecurity consulting firm.You can listen right here on iTunesToday we discuss: * The importance of cybersecurity and why hacking always gets easier * What the CIA does when it comes to cyberwarfare * Why the US is actually one of the biggest perpetrators of hacking worldwide * What is the future of politics in a post-Trump world * Which monopoly scares Eric the most and why * How Alexa and smart home devices drive even greater surveillance and tyranny * Why Eric is terrified of autonomous vehicles and thinks they're overhyped * How Eric views social media and our future * Why politicians probably can't fix the cybersecurity threat * How to think about increased polarization * What Russia taught us about social media and influence * Is Huawei actually a threat to US infrastructureMake a Tax-Deductible Donation to Support FringeFMFringeFM is supported by the generosity of its readers and listeners. If you find our work valuable, please consider supporting us on Patreon, via Paypal or with DonorBox powered by Stripe.Donate

Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure Nation-state conflict has come to dominate many of the policy discussions and much of the strategic thinking about cybersecurity. When events of geopolitical significance hit the papers, researchers look for parallel signs of sub rosacyber activity carried out by state-sponsored threat actors—espionage, sabotage, coercion, information operations—to complete the picture. After all, behind every story may lurk a cyber campaign. Rosneft is a Russian company which likes to refer to itself as one of the largest publicly traded oil companies in the world. According to the New York Times, it is also a prominent foreign policy toolof the Russian government. More than half of the company is owned by Moscow and serves as a major pillar of critical infrastructure for Russia as well as other neighboring nation states. Rosneft is a large company with a very wide reach. It plays a massive role in Russian critical infrastructure as well in surrounding countries. There are HUGE sums of money involved in its privatization. It also wields incredible domestic and international political power. All of these characteristics made it a highly likely and legitimate target of foreign espionage efforts. In today’s episode of InSecurity, Matt Stephenson talks with Cylance Directors of Threat Intelligence Jon Gross and Kevin Livelli about their new report: Poking the Bear. Their research team took a look at an Advanced Persistent Threat campaign which targeted many state-sponsored fuel and agricultural companies as well as critical infrastructure organizations. About Jon Gross Jon Gross is a Director of Threat Intelligence at Cylance. Other than that… he doesn’t tell us much  About Kevin Livelli Kevin Livelliis Director of Threat Intelligence at Cylance, where he conducts long-term, complex investigations with the Research and Intelligence team. His work there follows ten years at 60 Minutes, where his investigative reporting and analysis were recognized with Peabody and Emmy awards. Before that, Livelli supervised investigations at the nation’s largest independent police oversight agency. A graduate of Dartmouth, he earned master's degrees from Trinity College Dublin and Columbia University.  About Matt Stephenson Insecurity Podcast host Matt Stephenson(@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcastand host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. Can’t get enough of Insecurity? You can find us wherever you get your podcasts including Spotify, Stitcher, SoundCloud, I Heart Radio as well as ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste Make sure you Subscribe, Rate and Review!

Advanced Persistent Threat is a  STEAL THIS SHOW special series looking at the 2016 Bangladesh Bank Heist (https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery?utm_source=rss&utm_medium=rss) . Had it succeeded, this would easily have been the biggest bank robbery in history — and it was carried out almost entirely in the digital realm, using a variety of exploits and malware, in order to leverage access to the SWIFT banking network and the US Federal Reserve. In Part One, we look at exactly what happened in the Bangladesh heist, and walk through how it was carried out. To help us through the complex story, we hear from Cheryl Biswas (https://twitter.com/3ncr1pt3d?utm_source=rss&utm_medium=rss) , Strategic Threat Intel Analyst in Cyber Security at a Big Four consulting firm. After covering the how of the robbery, we consider whether trusted systems like SWIFT can remain secure in an information environment replete with radically heterogeneous, eminently hackable devices. Cheryl Biswas wishes to make clear that she speaks here on her own behalf Her views do not represent those of her employer. This episode was completed in part with funding from Film Agency Wales (http://www.ffilmcymruwales.com/index.php/en/?utm_source=rss&utm_medium=rss) . Presented by TorrentFreak  (http://torrentfreak.com?utm_source=rss&utm_medium=rss) | Season Sponsor Private Internet Access (http://privateinternetaccess.com?utm_source=rss&utm_medium=rss) Showrunner & Host Jamie King (mailto:jamie@stealthisshow.com) | Editing & Post Lucas Marston (mailto:lucas@hollagully.com) Original Music David Triana | Web Production Eric Barch Episode Sponsor ZCash Company (https://z.cash/?utm_source=rss&utm_medium=rss) Executive Producers: Mark Zapalac (http://twitter.com/mark_zapalac?utm_source=rss&utm_medium=rss) , Eric Barch (https://twitter.com/ericbarch?utm_source=rss&utm_medium=rss) , Nelson Larios, George Alvarez, Adam Burns, Daniel, Grof, Sean Lynch.   (http://www.facebook.com/sharer.php?u=https%3A%2F%2Fstealthisshow.com%2Fs04e07%2F&t=Advanced%20Persistent%20Threat%20Part%201%3A%20%E2%80%98The%20What%20%26%20How%20Of%20the%20Bangladesh%20Bank%20Heist%E2%80%99&s=100&p[url]=https%3A%2F%2Fstealthisshow.com%2Fs04e07%2F&p[images][0]=https%3A%2F%2Fstealthisshow.com%2Fwp-content%2Fuploads%2F2018%2F10%2Fapt-e1539783611295.jpg&p[title]=Advanced%20Persistent%20Threat%20Part%201%3A%20%E2%80%98The%20What%20%26%20How%20Of%20the%20Bangladesh%20Bank%20Heist%E2%80%99&utm_source=rss&utm_medium=rss) (https://twitter.com/intent/tweet?url=https%3A%2F%2Fstealthisshow.com%2Fs04e07%2F&text=Hey%20check%20this%20out&utm_source=rss&utm_medium=rss) (https://plus.google.com/share?url=https%3A%2F%2Fstealthisshow.com%2Fs04e07%2F&utm_source=rss&utm_medium=rss) (http://www.reddit.com/submit?url=https%3A%2F%2Fstealthisshow.com%2Fs04e07%2F&title=Advanced%20Persistent%20Threat%20Part%201%3A%20%E2%80%98The%20What%20%26%20How%20Of%20the%20Bangladesh%20Bank%20Heist%E2%80%99&utm_source=rss&utm_medium=rss) (http://pinterest.com/pin/create/button/?url=https%3A%2F%2Fstealthisshow.com%2Fs04e07%2F&media=https%3A%2F%2Fstealthisshow.com%2Fwp-content%2Fuploads%2F2018%2F10%2Fapt-e1539783611295.jpg&description=Advanced%20Persistent%20Threat%20Part%201%3A%20%E2%80%98The%20What%20%26%20How%20Of%20the%20Bangladesh%20Bank%20Heist%E2%80%99&utm_source=rss&utm_medium=rss) (http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fstealthisshow.com%2Fs04e07%2F&title=Advanced%20Persistent%20Threat%20Part%201%3A%20%E2%80%98The%20What%20%26%20How%20Of%20the%20Bangladesh%20Bank%20Heist%E2%80%99&utm_source=rss&utm_medium=rss) (mailto:?subject=Advanced%20Persistent%20Threat%20Part%201%3A%20%E2%80%98The%20What%20%26%20How%20Of%20the%20Bangladesh%20Bank%20Heist%E2%80%99&body=Hey%20check%20this%20out:%20https%3A%2F%2Fstealthisshow.com%2Fs04e07%2F)

Over the past decade, the Advanced Persistent Threat (APT) has risen to forefront of cybersecurity threats. APTs are a major contributor to the billions of dollars lost by corporations around the world annually. The threat is significant enough that the Navy Cyber Power 2020 plan identified them as a "must mitigate" threat in order to ensure the security of its warfighting network.This presentation and its related research applies the science of Natural Language Processing Open Source Intelligence in order to build an open source Ontology in the APT domain. About the speaker: COREY HOLZER is currently a PhD Candidate of Computer and Information Technology at Purdue University. He earned a B.A. degree in Government and Politics from St. John's University, NY; a M.A. degree in Government and Politics from St. John's University, NY; a M.S. in Networking Communications Management from Keller Graduate School of Management, IL; and a M.B.A. from Keller Graduate School of Management, IL. He currently serves as a Captain in the United States Army and has worked in the Information Technology field for over 24 years. His research interests include Information Security, Cyber Security, Forensics, Risk Analysis, Cyber Resiliency, and Information Assurance Ethics.

Over the past decade, the Advanced Persistent Threat (APT) has risen to forefront of cybersecurity threats. APTs are a major contributor to the billions of dollars lost by corporations around the world annually. The threat is significant enough that the Navy Cyber Power 2020 plan identified them as a “must mitigate” threat in order to ensure the security of its warfighting network. This presentation and its related research applies the science of Natural Language Processing Open Source Intelligence in order to build an open source Ontology in the APT domain.

This week in Security: September 29, 2015 We discuss the recent attack on Apple’s App Store that revealed a fraudulent version of XCode (XCode Ghost) that inserted malware into over ...

Erik van Ommeren and Samantha Mills continue their discussion around Sogeti's recently published book, 'Staying Ahead of the Cyber Security Game'. Erik explains important elements from the book in more detail such as security by design, Advanced Persistent Threat and the Big Data phenomenon, before summarising what he thinks the most important next steps are for businesses to overcome cyber security challenges.

In this podcast, Derek Smith discusses Advanced Persistent Threats (APTs).  Smith defines what APT's are and provides an overview of how Advanced Persistent Threat actors breach enterprises.  Derek A. Smith Biography Derek A. Smith is the Director of Cyber Security Initiatives at the National Cyber Security Institute at Excelsior College. Mr. Smith has years of government and military leadership experience and holds an MBA, Master of Science in Information Assurance, Master in Information Technology Project Management, and B.S in Education. He also holds the following certifications:  Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), Certified Ethical Hacker (CEH), Certified Hacking Forensic Investigator, Computer Network Defense Architect, Certified EC-Council Instructor, Certified SCADA Security Architect (CSSA), and Security+.  

In this episode Advanced Threat Actors - more or less a threat right now than before? (how much is hype?) Advanced Persistent Threat - is it really THAT advanced? (a "what" or a "who"?) The distinction of what "APT" is ...and isn't Touching on Mandiant APT-1 ...hype from reality A quick discourse on corporate espionage! How we respond to APTs ... is this just really "incident response" for a boogeyman? The snake oil salesman behind "Automated APT defense" Threat Intelligence - necessary, but what's the proper use? Threat Intelligence requires collaboration, how do we do it? Is our security failing, or is our perception of what we want it to do wrong? Key take-aways for the enterprise professional Guests Steve Santorelli ( @SteveSantorelli ) - Manager of outreach at Team Cymru John Pirc ( @jopirc ) - CTO of NSS Labs J. Oquendo ( @advancedthreat ) - veteran threat researcher Robin Jackson ( @rjacksix ) - veteran threat researcher, forensics expert at HP Enterprise Security Services

Since early 2010 Google, Sony, Epsilon CitiBank, International Monetary Fund, RSA, various law enforcement agencies and many other organizations have been compromised by different attack groups. These groups include hacktivist organizations like Anonymous, Eastern European organized crime and state-sponsored teams referred to as the Advanced Persistent Threat.Mandiant will draw upon investigations it has conducted over the last eighteen months to:Illustrate major differences among the attack groupsDescribe the tactics attackers use to breach their victimsOutline the investigative approaches required to contain active attack groupsDetail remediation techniques that are most successful at removing attackers from the networks.The information covered will not be theoretical. All the material will anonymously reference actual cases Mandiant has conducted – some of which have not received media attention to date. About the speaker: Dan McWhorter is responsible for Mandiant's Professional Education services. Mr. McWhorter has been a part of the Mandiant team for over five years. Over that time he has contributed to dozens of initiatives. He has led and managed incident response investigations, developed and delivered course curriculum, and helped design and implement an automated methodology for evaluating software assurance in source code. He has also supervised Mandiant's team of Consulting Technical Directors, oversaw process improvement within Consulting, and managed a complex matrix-staffing methodology for Consulting projects. Mr. McWhorter is a graduate of the National Security Agency's (NSA) three-year Cryptologic Mathematics Program. Mr. McWhorter has worked toward his doctorate in mathematics at the University of North Carolina, has a Masters of Science in mathematics from the University of Cincinnati, and has a Bachelors of Science in mathematics from Mount Union College. Steve Surdu has responsibility for Mandiant's Professional Services organization. He has spent his career providing information technology consulting services or software product integration services to large organizations. He has been an application programmer, systems programmer, tech support team lead and project manager. For the last 14 years he has focused primarily on computer security. He has deployed security infrastructure, lead complex vulnerability assessment teams and participated in dozens of incident response investigations. He graduated from the University of Michigan with a business degree in 1980. MANDIANT Corporation is a private company with offices in Washington DC, New York City, Los Angeles and San Francisco. MANDIANT specializes in investigating and resolving large scale active network breaches involving hundreds or thousands of compromised systems. It also helps organizations to improve their security postures so they can avoid breaches. Lastly, Mandiant delivers malware analysis, network traffic analysis, wireless security and incident response courses to law enforcement and corporate clients.

Since early 2010 Google, Sony, Epsilon CitiBank, International Monetary Fund, RSA, various law enforcement agencies and many other organizations have been compromised by different attack groups. These groups include hacktivist organizations like Anonymous, Eastern European organized crime and state-sponsored teams referred to as the Advanced Persistent Threat. Mandiant will draw upon investigations it has conducted over the last eighteen months to: Illustrate major differences among the attack groups Describe the tactics attackers use to breach their victims Outline the investigative approaches required to contain active attack groups Detail remediation techniques that are most successful at removing attackers from the networks. The information covered will not be theoretical. All the material will anonymously reference actual cases Mandiant has conducted – some of which have not received media attention to date.