Podcasts about BitSight

Tech News Weekly Episode 392 Show Notes This week on Tech News Weekly, Mikah Sargent and Jennifer Pattison Tuohy talk cybersecurity vulnerabilities with over 40,000 exposed internet cameras, Wyze's new security features following past breaches, a study on youth mental health and addictive tech use, and the launch of Trump Mobile's new phone and cellular plan. • 40,000 Exposed Internet Cameras: A cybersecurity investigation by BitSight reveals that over 40,000 internet-connected cameras are accessible to anyone with a browser and IP address, many of which use default passwords or lack basic security features. • Wyze Introduces "Verified View" Security Feature: Following previous incidents where users could see other people's camera streams due to cloud failures, Wyze launched a new security feature that stamps user metadata onto footage for an additional layer of verification to access photos and videos. • Study Challenges Screen Time Assumptions for Youth Mental Health: A major JAMA study tracking over 4,000 kids from ages 10-14 found no direct link between screen time duration and suicidal behavior, but instead identified addictive usage patterns as the real culprit. • The Launch of Trump Mobile: The new "47 Plan" offers 20GB of data for $47.45/month, along with a $499 phone claimed to be "made in America," though tech experts question both the value proposition and manufacturing claims. Hosts: Mikah Sargent and Jennifer Pattison Tuohy Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com/twit

Tech News Weekly Episode 392 Show Notes This week on Tech News Weekly, Mikah Sargent and Jennifer Pattison Tuohy talk cybersecurity vulnerabilities with over 40,000 exposed internet cameras, Wyze's new security features following past breaches, a study on youth mental health and addictive tech use, and the launch of Trump Mobile's new phone and cellular plan. • 40,000 Exposed Internet Cameras: A cybersecurity investigation by BitSight reveals that over 40,000 internet-connected cameras are accessible to anyone with a browser and IP address, many of which use default passwords or lack basic security features. • Wyze Introduces "Verified View" Security Feature: Following previous incidents where users could see other people's camera streams due to cloud failures, Wyze launched a new security feature that stamps user metadata onto footage for an additional layer of verification to access photos and videos. • Study Challenges Screen Time Assumptions for Youth Mental Health: A major JAMA study tracking over 4,000 kids from ages 10-14 found no direct link between screen time duration and suicidal behavior, but instead identified addictive usage patterns as the real culprit. • The Launch of Trump Mobile: The new "47 Plan" offers 20GB of data for $47.45/month, along with a $499 phone claimed to be "made in America," though tech experts question both the value proposition and manufacturing claims. Hosts: Mikah Sargent and Jennifer Pattison Tuohy Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com/twit

Tech News Weekly Episode 392 Show Notes This week on Tech News Weekly, Mikah Sargent and Jennifer Pattison Tuohy talk cybersecurity vulnerabilities with over 40,000 exposed internet cameras, Wyze's new security features following past breaches, a study on youth mental health and addictive tech use, and the launch of Trump Mobile's new phone and cellular plan. • 40,000 Exposed Internet Cameras: A cybersecurity investigation by BitSight reveals that over 40,000 internet-connected cameras are accessible to anyone with a browser and IP address, many of which use default passwords or lack basic security features. • Wyze Introduces "Verified View" Security Feature: Following previous incidents where users could see other people's camera streams due to cloud failures, Wyze launched a new security feature that stamps user metadata onto footage for an additional layer of verification to access photos and videos. • Study Challenges Screen Time Assumptions for Youth Mental Health: A major JAMA study tracking over 4,000 kids from ages 10-14 found no direct link between screen time duration and suicidal behavior, but instead identified addictive usage patterns as the real culprit. • The Launch of Trump Mobile: The new "47 Plan" offers 20GB of data for $47.45/month, along with a $499 phone claimed to be "made in America," though tech experts question both the value proposition and manufacturing claims. Hosts: Mikah Sargent and Jennifer Pattison Tuohy Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com/twit

Tech News Weekly Episode 392 Show Notes This week on Tech News Weekly, Mikah Sargent and Jennifer Pattison Tuohy talk cybersecurity vulnerabilities with over 40,000 exposed internet cameras, Wyze's new security features following past breaches, a study on youth mental health and addictive tech use, and the launch of Trump Mobile's new phone and cellular plan. • 40,000 Exposed Internet Cameras: A cybersecurity investigation by BitSight reveals that over 40,000 internet-connected cameras are accessible to anyone with a browser and IP address, many of which use default passwords or lack basic security features. • Wyze Introduces "Verified View" Security Feature: Following previous incidents where users could see other people's camera streams due to cloud failures, Wyze launched a new security feature that stamps user metadata onto footage for an additional layer of verification to access photos and videos. • Study Challenges Screen Time Assumptions for Youth Mental Health: A major JAMA study tracking over 4,000 kids from ages 10-14 found no direct link between screen time duration and suicidal behavior, but instead identified addictive usage patterns as the real culprit. • The Launch of Trump Mobile: The new "47 Plan" offers 20GB of data for $47.45/month, along with a $499 phone claimed to be "made in America," though tech experts question both the value proposition and manufacturing claims. Hosts: Mikah Sargent and Jennifer Pattison Tuohy Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com/twit

Tech News Weekly Episode 392 Show Notes This week on Tech News Weekly, Mikah Sargent and Jennifer Pattison Tuohy talk cybersecurity vulnerabilities with over 40,000 exposed internet cameras, Wyze's new security features following past breaches, a study on youth mental health and addictive tech use, and the launch of Trump Mobile's new phone and cellular plan. • 40,000 Exposed Internet Cameras: A cybersecurity investigation by BitSight reveals that over 40,000 internet-connected cameras are accessible to anyone with a browser and IP address, many of which use default passwords or lack basic security features. • Wyze Introduces "Verified View" Security Feature: Following previous incidents where users could see other people's camera streams due to cloud failures, Wyze launched a new security feature that stamps user metadata onto footage for an additional layer of verification to access photos and videos. • Study Challenges Screen Time Assumptions for Youth Mental Health: A major JAMA study tracking over 4,000 kids from ages 10-14 found no direct link between screen time duration and suicidal behavior, but instead identified addictive usage patterns as the real culprit. • The Launch of Trump Mobile: The new "47 Plan" offers 20GB of data for $47.45/month, along with a $499 phone claimed to be "made in America," though tech experts question both the value proposition and manufacturing claims. Hosts: Mikah Sargent and Jennifer Pattison Tuohy Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com/twit

  In this episode of Cybersecurity Today, host Jim Love discusses critical AI-related security issues, such as the Echo Leak vulnerability in Microsoft's AI, MCP's universal integration risks, and Meta's privacy violations in Europe. The episode also explores the dangers of internet-exposed cameras as discovered by BitSight, highlighting the urgent need for enhanced AI security and the legal repercussions for companies like Meta. 00:00 Introduction to AI Security Issues 00:24 Echo Leak: The Zero-Click AI Vulnerability 03:17 MCP Protocol: Universal Interface, Universal Vulnerabilities 07:01 Meta's Privacy Scandal: Local Host Tracking 10:11 The Peep Show: Internet-Connected Cameras Exposed 12:08 Conclusion and Call to Action

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: From Y2K to 2038: Uncovering Time Bombs in OT and ICS Systems with Pedro UmbelinoPub date: 2025-06-09Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Protect It All, host Aaron Crow welcomes Pedro Umbelino, Principal Research Scientist at BitSight, for an insightful and lively conversation recorded shortly after they met at RSA. Pedro shares stories of his early days in computing, from scavenging parts as a kid to teaching himself programming on a ZX Spectrum. The discussion quickly dives into critical cybersecurity issues across the interconnected worlds of IT and OT, focusing on dramatic vulnerabilities in Automatic Tank Gauges (ATGs) at gas stations—exposing ways attackers could cause significant physical damage and even spark major operational disruptions, all through insecure legacy protocols.   Pedro also brings attention to a ticking time bomb: the “Year 2038” problem, where millions (if not billions) of 32-bit systems might fail due to an epoch time rollover—an issue that could have consequences reminiscent of Y2K, but on a potentially broader scale, especially for OT and critical infrastructure.   Throughout the episode, Aaron and Pedro share practical strategies, lessons from the field, and the sobering reminder that many of these vulnerabilities are still lurking below the surface. The conversation highlights the importance of awareness, collaboration across industry and ISPs, and a proactive approach to understanding and hardening both new and legacy systems. Whether you're an OT engineer, a security researcher, or just curious about what it means to truly “protect it all,” this episode offers a fascinating look at the evolving landscape of digital and physical security risks.   Key Moments: 06:37 Letting Go of Old Memories 15:12 Refueling Spill Risks Concern Technicians 17:37 Understanding Risks Beyond Fear 23:24 Internet Exposure Risks for OT Devices 32:17 Global Cyber Incident Response Challenges 35:30 Legacy System Challenges 39:19 Unidentified Cyber Assets Risk 48:41 "Understanding the Apocalypse Project's Challenges" 49:31 Testing System Vulnerabilities at Scale 55:12 Tech Vulnerabilities Analogous to Y2K 01:03:08 Challenges in OT Modernization   About the Guest: Pedro Umbelino currently holds the position of Principal Research Scientist at Bitsight Technologies and brings over a decade of experience in dedicated security research. ⁤His eclectic curiosity has led to the uncovering of vulnerabilities spanning a gamut of technologies, highlighting critical issues in multiple devices and software, ranging from your everyday smartphone to household smart vacuums, from the intricacies of HTTP servers to the nuances of NFC radio frequencies, from vehicle GPS trackers to protocol-level denial of service attacks.  Pedro is committed to advancing cybersecurity knowledge and has shared his findings at prominent conferences, including Bsides Lisbon, DEF CON, Hack.lu and RSA. How to connect Pedro : LinkedIn: https://www.linkedin.com/in/pedroumbelino/X: https://x.com/kripthorWebsite: https://www.bitsight.com/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In the enterprise security news, Bitsight, Snyk, and Silverfort announce acquisitions Tanium announces an “autonomous” endpoint security offering We find out how much a smartphone costs when it is manufactured in the US CISA's leadership announces resignations Ransomware is going after old versions of Excel Should vendors be doing more about alert fatigue? The latest cybersecurity reports Using AI to mess with scammers All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-385

In the enterprise security news, Bitsight, Snyk, and Silverfort announce acquisitions Tanium announces an “autonomous” endpoint security offering We find out how much a smartphone costs when it is manufactured in the US CISA's leadership announces resignations Ransomware is going after old versions of Excel Should vendors be doing more about alert fatigue? The latest cybersecurity reports Using AI to mess with scammers All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-385

This is a topic our hosts are very passionate about, and we're excited to discuss with Mariana Padilla, co-founder and CEO of Hackerverse. She wants to change how cybersecurity sales works, with a focus on making the process more transparent and ideally demonstrating a product's efficacy before buyers even need to talk to a sales team. We'll discuss why existing sales processes are broken, how VC funding impacts vendor sales/marketing, and why community-led growth is so important. Why a special segment on Microsoft Ignite announcements? There were a lot of announcements Microsoft is the largest security vendor, in terms of revenue Microsoft and its products are also the biggest and most vulnerable hacking target in the tech industry. In the enterprise security news, Bitsight, Snyk, and Silverfort announce acquisitions Tanium announces an “autonomous” endpoint security offering We find out how much a smartphone costs when it is manufactured in the US CISA's leadership announces resignations Ransomware is going after old versions of Excel Should vendors be doing more about alert fatigue? The latest cybersecurity reports Using AI to mess with scammers All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-385

This is a topic our hosts are very passionate about, and we're excited to discuss with Mariana Padilla, co-founder and CEO of Hackerverse. She wants to change how cybersecurity sales works, with a focus on making the process more transparent and ideally demonstrating a product's efficacy before buyers even need to talk to a sales team. We'll discuss why existing sales processes are broken, how VC funding impacts vendor sales/marketing, and why community-led growth is so important. Why a special segment on Microsoft Ignite announcements? There were a lot of announcements Microsoft is the largest security vendor, in terms of revenue Microsoft and its products are also the biggest and most vulnerable hacking target in the tech industry. In the enterprise security news, Bitsight, Snyk, and Silverfort announce acquisitions Tanium announces an “autonomous” endpoint security offering We find out how much a smartphone costs when it is manufactured in the US CISA's leadership announces resignations Ransomware is going after old versions of Excel Should vendors be doing more about alert fatigue? The latest cybersecurity reports Using AI to mess with scammers All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-385

In this episode, KYC Decoded welcomes Derek Vadala, Chief Risk Officer at BitSight, who shares his insights on the intricacies of cyber risk, technology risk, and digital risk with host Alex Pillow. They explore the evolving nature of cyber threats, from financially motivated attacks to nation-state espionage, and discuss best practices for mitigating these risks through in depth defense strategies and ongoing monitoring. Derek emphasizes the criticality of a risk-based approach to supply chain due diligence and the importance of integrating cyber risk management into broader compliance frameworks.Key takeaways:Cyber risk encompasses adversarial activities, technology issues, and digital transformation challenges, each requiring distinct mitigation strategiesFinancially motivated cyber criminals and nation-state actors use different tactics but can blur lines, necessitating vigilant, multifaceted defensesEffective cyber defense relies on automation and layered security measures, beyond just user educationIntegrating cyber risk management with overall compliance and due diligence processes enhances organizational resilienceTo learn more about cyber related risk, please check out the resources below:Risky business podcastCyber Security Headlines podcastTo learn how you can mitigate cyber-related risk in your organization, visit our website  and feel free to get in touch - we would love to hear from you.

In this episode of Sloanies Talking with Sloanies, host Christopher Reichert, MOT '04, interviews Stephen Boyer, SDM '08, co-founder and chief innovation officer at Bitsight. The conversation reflects on the evolution of cybersecurity, including the complexity of cyber threats and the challenges companies face in managing risks. Boyer shares insights from his career, discussing the importance of transparency in cybersecurity incidents and the role of AI in enhancing security practices. He also emphasizes the value of a mission-driven career and the need for continuous learning.Boyer also discusses his experiences at MIT Sloan, highlighting the impact of the MIT 100K competition and the broader MIT ecosystem on his entrepreneurial journey. He offers advice to prospective Sloanies, encouraging them to immerse themselves fully in the MIT environment and to align their studies with their long-term career goals. The episode provides a blend of practical cybersecurity advice and reflections on the significance of strategic thinking and innovation in one's career.Support the Show.Thanks for listening! Find more episodes on our website Sloanies Talking with Sloanies. Learn more about MIT Sloan Alumni on X (Formerly known as Twitter), Facebook, Instagram, and LinkedIn. To support this show or if you have an idea for a topic or a guest you think we should feature, drop us a note at sloanalumni@mit.edu© MIT SLOAN SCHOOL OF MANAGEMENT

Dottie Schindlinger is Executive Director of Diligent Institute, the global corporate governance research arm of Diligent - the largest SaaS software company in the Governance, Risk, Compliance (GRC), and ESG space. She co-authored the book Governance in the Digital Age: A Guide for the Modern Corporate Board Director, co-hosts “The Corporate Director Podcast,” and co-created Diligent Institute's Certification programs for directors and executives, including AI Ethics & Board Oversight. Dottie was a founding team member of the tech start-up BoardEffect, acquired by Diligent in 2016. She graduated from the University of Pennsylvania and is a Fellow of the Salzburg Global Seminar Corporate Governance Forum. Diligent and Bitsight recently issued an important report on corporate board oversight of cybersecurity risks. Dottie Schindlinger, Executive Director of Diligent Institute, joins Michael Volkov to discuss the important findings of Diligent's report.You'll hear Dottie and Michael discuss:Companies with advanced security ratings create nearly four times the amount of value for shareholders as companies with basic security ratings. On average, the Total Shareholders' Return (TSR) over three and five years for companies in the advanced security performance range is approximately 372% and 91% higher, respectively, than their peers in the basic security performance range.Companies with a specialized risk or audit committee had higher security performance ratings on average. Companies falling within these two categories have an average security rating of 710, whereas companies lacking both committees have an average security rating of 650.The findings also suggest that the distribution of security ratings among companies with specialized risk and audit committees tends to skew towards the advanced security performance range, whereas companies lacking either of these committees tend to skew toward the basic security performance range.Having a cybersecurity expert on the board is not enough. Integrating a cybersecurity expert into the board committee tasked with cybersecurity risk oversight makes a significant difference in an organization's performance.Merely having a cybersecurity expert on the board does not correlate to having a higher security performance rating. Highly regulated industries tend to outperform other industries in terms of cybersecurity performance. Of the companies with advanced-level security performance ratings, a full third (33%) came from the financial services sector – with an average rating of 720. The sector with the highest average rating overall was healthcare at 730. Nearly a quarter (24%) of companies with basic security performance ratings came from the industrial sector. ResourcesDottie Schindlinger on LinkedInDiligent Institute | Diligent | Board EffectThe Report can be downloaded at: Cybersecurity, Audit and the Board ReportMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

We talk to Joe Lyons of Bitsight about the growing risk from deepfakes in the age of GenAI. Speakers: Joe Lyons, VP, Cyber Risk & Ratings Research, Bitsight;  Abhi Srivastava, AVP-Analyst, Moody's RatingsHost: Danielle Reed, VP – Senior Research Writer, Moody's RatingsRelated Research: Digital Economy – Cross Region: GenAI-powered deepfakes introduce new and transformed credit risks

Host Shannon Sabens of CrowdStrike chats with Benjamin Edwards and Sander Vinberg, both of Bitsight, about analyzing vulnerability data in the CVE List. This is a follow-on to their “CVE Is The Worst Vulnerability Framework (Except For All The Others)” talk at CVE/FIRST VulnCon 2024.Topics discussed include the types of vulnerabilities and vulnerability intelligence they reviewed and the different ways they approached the data; how CVE is a really good framework for compiling information about, and communicating effectively about, vulnerabilities; how increasing the number of CVE Numbering Authorities (CNAs) through federation has improved the quantity and quality of data produced by the program over time; how the overall quality of CVE List data will improve for the entire vulnerability management ecosystem as more CNAs include CVSS, CWE, CPE, etc., information when their CVE Records are published; and much, much, more!  

In this episode, JC Gaillard looks back at a number of cybersecurity governance aspects he has written or spoken over the past few months, in the light of a recent report by Diligent and Bitsight

Craig Callé talks about third party risk management (TPRM) and cyber security. TPRM is a subset of Governance Risk and Compliance (GRC), which aims to help organizations achieve their objectives, address uncertainties, and act with integrity. TPRM is crucial as over half of all data breaches occur through insecure third parties. Companies need to understand their relationships and monitor them more carefully, which requires a variety of tools and processes. Chris explains that third party risk management includes cybersecurity, reputation management, supply chain issues, and other risk categories such as financial liability. Cybersecurity has become the primary focus due to the numerous issues it addresses. Privacy is another important risk, with regulations like GDPR in Europe, CCPA in California, and others worldwide ensuring companies have a firm grip on consumer data. Companies must follow through with privacy regulations unless they can follow data to third parties. Areas of Scrutiny in Third Party Risk Management Craig mentions that ESG and sustainability are also areas of scrutiny, as companies must ensure their third parties align with their company's goals and objectives. However, he stresses that one must also be aware of laws pertaining to sanctions around the world. Issues of reputation, child labor, anti-money laundering, and bribery, are also important to be attentive to, not just for their own company but also for third parties they work with. Defining Third Party Risk Management Chris explains that third party risk management and enterprise risk management, are all subcomponents of GRC. He mentions that the term includes outsource providers, software as a service (SaaS) apps, cloud hosts, contractors, ecosystem partners, technology partners, and counterparties. Emergency third party risk management is a broader category that includes enterprise risk management, business continuity or operational resilience, compliance, and internal compliance. Global Risk Control (GRC) includes enterprise risk management, a risk register, business continuity or operational resilience, and compliance. A risk register compiles all the potential threats that can impact a company, and it is crucial to continually build a more predictable and measurable system to achieve its objectives at the lowest possible risk. GRC Frameworks Craig adds that business continuity or operational resilience is an important aspect of GRC, as it involves a set of controls and risks in place to understand where the company is in the journey and be able bounce back when bad things happen. Compliance is another area under GRC, as it involves creating a methodology for ongoing monitoring of operations and ensuring compliance with global rules and regulations. He mentions that a lot of GRC work involves picking a framework and building a program around it; for example, in cybersecurity circles, a popular standards body would be NIST, and he mentions a few others that give leaders a roadmap apropos to achieving high standards of operation. Governance in Risk Management Strategy Craig states that, in the context of Global Risk Control, the governance aspect is a crucial part of the organization's overall risk management strategy and that it is set in the roadmaps that have been developed with a team for each area, such as compliance or continuity.  The head of GRC is responsible for overseeing the system and ensuring that the organization operates within its control frameworks. For example, in a Fortune 500 company, a C-suite executive responsible for GRC would report to a Chief Risk Officer or CRO, with a solid line to the CEO and a dotted line to the board audit and risk committee.He goes on to explain various titles that may be given to the person in charge of GRC and why he believes there is a deficiency in putting all risks under one umbrella. The Director of Third Party Risk Management Role Explained The director of third party risk management might have several processes, such as onboarding new third parties, periodic audits, ongoing real-time monitoring, reporting functions, and investigating and dealing with incidents and responses. However, the responsibilities depend on the organization's level of maturity and the complexity of the process. David offers a few examples to clarify the complexity of the many situations involved that have to be taken into consideration, including the fact that risk management processes can often be seen as blockers, and additionally, offers a tip on how to overcome this issue.  The Importance of Third Party Risk Management in Organizations The discussion revolves around the importance of third party risk management in organizations. It discusses the use of questionnaires and cyber risk ratings, which are non-invasive and objective tools that help triage the community of third parties and quantify vulnerability to data breaches. These tools allow TPRM professionals to compare responses on lengthy questionnaires with objective data, allowing for deeper discussions and corrective action when necessary. The discussion also touches on the need for human involvement in the processes, as automation has become increasingly popular. AI has become an important tool for parsing through voluminous data to identify central facts. However, human involvement remains an essential element in the process. Software for Third Party Risk Management Craig talks about the different types of software within the third party risk management universe. Some of the essential platforms include workflow automation platforms like Process, Unity, MetricStream, ServiceNow, LogicGate, BitSight and more. These platforms facilitate the issuance of assessments, review of responses, and routing to specific people or groups within an organization. Cyber risk ratings, which have been around for over 10 years, represent over half the market share and are now a natural complement to flow platforms. They provide easy-to-digest results that don't require an IT certification and are not based on FICO scores or letter grades. Overall, the discussion emphasizes the importance of human involvement in the third party risk management process to ensure effective and influential outcomes. Forecasting Improvements in the GRC Arena Craig believes that over the next decade, the focus of third party risk management will evolve from a risk focus within GRC to a high-electron level orchestration across CISOs, risk officers, and procurement people. This will lead to a more comprehensive view of risk and performance, ensuring that companies are not just scratching the surface when it comes to the risk aspects of third parties. Craig talks about the importance of selecting the right software for clients, highlighting the pros and cons of a best of breed approach versus a multi-module suite and a GRC-oriented suite. He explains that there are pros and cons to sharing data across modules, but there is also an opportunity for cross-sharing information across platforms. For example, if a company has a privacy module and wants to attack vendor risk, there is a natural logic to connect the data map to third parties that might pull data that needs to be aware of. However, this can be a different silo, and it can be difficult to cross-share information across platforms. He also emphasizes the need to understand the problem and inherited solutions, as well as the timeframe and budget constraints.  Timestamps: 05:15 Third-party risk management and GRC 11:57 GRC roles and responsibilities in a Fortune 500 company 16:10 Third-party risk management processes and responsibilities 21:59 Third-party risk management software and techniques 27:26 Third-party risk management and platform automation 32:21 GRC and third-party risk management Links: Company Website:https://sourcecalle.com/ LinkedIn: https://www.linkedin.com/in/craigcalle/ Unleashed is produced by Umbrex, which has a mission of connecting independent management consultants with one another, creating opportunities for members to meet, build relationships, and share lessons learned. Learn more at www.umbrex.com.  

On this episode of Embracing Erosion, Devon chats with Jay Roxe, a veteran marketing leader and the former CMO at several influential tech companies including HYPR and BitSight. They discuss his engineering past and what that taught him now as a marketing leader, why CMOs - much like product marketers, must master storytelling, why simplifying is multiplying, the ins and outs of cybersecurity and AI's impact, how to be a people-first manager, and much more. Enjoy! --- Support this podcast: https://podcasters.spotify.com/pod/show/devon-orourke/support

With CISA just putting out new “secure by design” guidance, Lexmark CISO Bryan Willett pulls the curtain back on the curtain back on how Lexmark is approaching secure-by-design in its products Lexmark is at the forefront of secure by design as their products constantly touch highly confidential information in regulated industries, along with an established security record validated by IDC, Quocirca, and Bitsight. Bryan talks about the impact of secure by design on hardware manufacturers; the steps his company has taken to secure its products, monitor suppliers, and push updates; and his thoughts on the CISA guidance. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-164

Steve Tu, Farooq Khan and Petr Paklin of Moody's, with Joe Lyons of Bitsight, on how AI will change banks; On Fast Finance, we discuss Evergrande's liquidation and upcoming FHLBank reforms.Speakers:  David Yin, VP – Senior Credit Officer, Moody's Investors Service; Allen Tischler, Senior Vice President, Moody's Investors Service; Stephen Tu, VP – Senior Credit Officer, Moody's Investors Service; Farooq Khan, VP – Senior Analyst, Moody's Investors Service; Petr Paklin, AVP – Analyst, Moody's Investors Service; Joe Lyons, Senior Director Cyber Risk Quantification & Ratings Research, Bitsight Hosts: Danielle Reed, VP – Senior Research Writer, Moody's Investors Service; Carolyn Henson, VP – Senior Research Writer, Moody's Investors ServiceRelated Research:Property – China: Court order to liquidate China Evergrande will weaken fragile market sentimentBanks – US: FAQ: Initial impact of FHFA reforms of FHLBanks will be less emergency liquidity for troubled banksBanks – Global: Banks are well-placed for substantial efficiency gains with deep AI adoption

In this wide-ranging podcast, we tackle the CPI inflation report, the mounting threat posed by cyberattacks on the financial system and broader economy, and the regulatory response. Jill Cetina and Lesley Ritter of Moody's Investor Service and Joe Lyons of BitSight join us with their insights. And we finally learn how to pronounce Matt's last name.Follow Mark Zandi @MarkZandi, Cris deRitis @MiddleWayEcon, and Marisa DiNatale on LinkedIn for additional insight.

A cyberattack on Ukraine's largest telecom operator. Ukraine's GUR claims a hit on Russia's tax service, while the fate of the ALPHV/BlackCat group remains shrouded in mystery. The Air Force disciplines members over a classified documents breach, and Apple releases urgent security updates. From Spain, a significant arrest in the Kelvin Security hacking group. On today's Industry Voices segment, my conversation with Andre Durand,  CEO and Founder of Ping Identity, on digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud. Plus, a cautionary tale about burning bridges. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we speak with Andre Durand, the CEO and Founder of Ping Identity. Andre discusses the state of digital experiences. Ping recently commissioned a study to better understand the changing sentiments around digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud, as well as digital wallets and the use of decentralized identity. Selected Reading Ukraine's Mobile Operator Kyivstar Facing ‘Powerful' Cyberattack (Bloomberg) Ukraine's top mobile operator hit by biggest cyber attack of war so far (Reuters) GUR says it has hacked servers of Russian tax service (Interfax-Ukraine) ALPHV/BlackCat Site Downed After Suspected Police Action (Infosecurity Magazine) BlackCat ransomware site down amidst rumours of law enforcement action (Computing) No confirmation on rumored ALPHV/BlackCat site takedown by law enforcement (SC Media) Cloudflare 2023 Year in Review (Cloudflare) Bitsight and Google collaborate to reveal global cybersecurity performance (Bitsight) 15 Air National Guardsmen disciplined in Discord server leak (C4ISRNET) Apple emergency updates fix recent zero-days on older iPhones (Bleeping Computer) Kelvin Security hacking group leader arrested in Spain (Bleeping Computer) Cloud engineer gets 2 years for wiping ex-employer's code repos (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Podcast: Control Loop: The OT Cybersecurity Podcast (LS 33 · TOP 5% what is this?)Episode: When IT infrastructure translates into OT.Pub date: 2023-10-04Johnson Controls sustains cyberattack. Nearly 100,000 ICS services exposed to the Internet. FBI anticipates an increase in Chinese and Russian targeting of the energy sector. Joint advisory warns of Beijing's “BlackTech” threat activity. CISA's push for hardware bills of materials. Cybersecurity in the US industrial base. Guest Michael Toecker, Cyber Security Advisor at the United States Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response, continues his discussion of community defense and Neighborhood Keeper. On the Learning Lab, Mark Urban is joined by Alex Baretta, a senior solution architect at Dragos, for part two of their discussion about secure remote access.Control Loop News Brief.Homeland Security IG finds flaws in TSA pipeline security regulations.https://www.oig.dhs.gov/sites/default/files/assets/2023-09/OIG-23-57-Sep23-Redacted.pdf https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years Johnson Controls sustains cyberattack.Building automation giant Johnson Controls hit by ransomware attack (BleepingComputer)Nearly 100,000 ICS services exposed to the Internet.Bitsight identifies nearly 100,000 exposed industrial control systems (BitSight)FBI anticipates an increase in Chinese and Russian targeting of the energy sector.FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers (The Record)Joint advisory warns of Beijing's “BlackTech” threat activity.CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (CISA)CISA's push for hardware bills of materials. Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management (CISA)CISA task force aims to improve supply chain security with new hardware standards (Nextgov)Cybersecurity in the US industrial base.Aprio Releases U.S. National Manufacturing Survey, Highlighting the Need for Improved Operational Excellence, Digitization and Cybersecurity Practices (Aprio)Control Loop Interview.Guest is Michael Toecker, Cyber Security Advisor at the United States Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response, continues his discussion of community defense and Neighborhood Keeper.Control Loop Learning Lab.On the Learning Lab, Mark Urban concludes his conversation about secure remote access with Alex Baretta, senior solution architect at Dragos. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Control Loop: The OT Cybersecurity Podcast (LS 35 · TOP 3% what is this?)Episode: When IT infrastructure translates into OT.Pub date: 2023-10-04Johnson Controls sustains cyberattack. Nearly 100,000 ICS services exposed to the Internet. FBI anticipates an increase in Chinese and Russian targeting of the energy sector. Joint advisory warns of Beijing's “BlackTech” threat activity. CISA's push for hardware bills of materials. Cybersecurity in the US industrial base. Guest Michael Toecker, Cyber Security Advisor at the United States Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response, continues his discussion of community defense and Neighborhood Keeper. On the Learning Lab, Mark Urban is joined by Alex Baretta, a senior solution architect at Dragos, for part two of their discussion about secure remote access.Control Loop News Brief.Homeland Security IG finds flaws in TSA pipeline security regulations.https://www.oig.dhs.gov/sites/default/files/assets/2023-09/OIG-23-57-Sep23-Redacted.pdf https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years Johnson Controls sustains cyberattack.Building automation giant Johnson Controls hit by ransomware attack (BleepingComputer)Nearly 100,000 ICS services exposed to the Internet.Bitsight identifies nearly 100,000 exposed industrial control systems (BitSight)FBI anticipates an increase in Chinese and Russian targeting of the energy sector.FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers (The Record)Joint advisory warns of Beijing's “BlackTech” threat activity.CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (CISA)CISA's push for hardware bills of materials. Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management (CISA)CISA task force aims to improve supply chain security with new hardware standards (Nextgov)Cybersecurity in the US industrial base.Aprio Releases U.S. National Manufacturing Survey, Highlighting the Need for Improved Operational Excellence, Digitization and Cybersecurity Practices (Aprio)Control Loop Interview.Guest is Michael Toecker, Cyber Security Advisor at the United States Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response, continues his discussion of community defense and Neighborhood Keeper.Control Loop Learning Lab.On the Learning Lab, Mark Urban concludes his conversation about secure remote access with Alex Baretta, senior solution architect at Dragos. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Johnson Controls sustains cyberattack. Nearly 100,000 ICS services exposed to the Internet. FBI anticipates an increase in Chinese and Russian targeting of the energy sector. Joint advisory warns of Beijing's “BlackTech” threat activity. CISA's push for hardware bills of materials. Cybersecurity in the US industrial base. Guest Michael Toecker, Cyber Security Advisor at the United States Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response, continues his discussion of community defense and Neighborhood Keeper. On the Learning Lab, Mark Urban is joined by Alex Baretta, a senior solution architect at Dragos, for part two of their discussion about secure remote access. Control Loop News Brief. Homeland Security IG finds flaws in TSA pipeline security regulations. https://www.oig.dhs.gov/sites/default/files/assets/2023-09/OIG-23-57-Sep23-Redacted.pdf  https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years  Johnson Controls sustains cyberattack. Building automation giant Johnson Controls hit by ransomware attack (BleepingComputer) Nearly 100,000 ICS services exposed to the Internet. Bitsight identifies nearly 100,000 exposed industrial control systems (BitSight) FBI anticipates an increase in Chinese and Russian targeting of the energy sector. FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers (The Record) Joint advisory warns of Beijing's “BlackTech” threat activity. CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (CISA) CISA's push for hardware bills of materials.  Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management (CISA) CISA task force aims to improve supply chain security with new hardware standards (Nextgov) Cybersecurity in the US industrial base. Aprio Releases U.S. National Manufacturing Survey, Highlighting the Need for Improved Operational Excellence, Digitization and Cybersecurity Practices (Aprio) Control Loop Interview. Guest is Michael Toecker, Cyber Security Advisor at the United States Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response, continues his discussion of community defense and Neighborhood Keeper. Control Loop Learning Lab. On the Learning Lab, Mark Urban concludes his conversation about secure remote access with Alex Baretta, senior solution architect at Dragos.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Nearly 100,000 ICS services exposed to the Internet. BunnyLoader in the C2C market. Phantom Hacker scams. API risks. Cybersecurity attitudes and behaviors. Homeland Security IG finds flaws in TSA pipeline security programs, and privacy issues with CBP, ICE, and USSS use of commercial telemetry. Kyiv prepares for Russian attacks on Ukraine's power grid. Ben Yelin on the Department of Commerce placing guardrails on semi-conductor companies. As part of our sponsored Industry Voices segment, Dave Bittner sits down with Nick Ascoli, Founder and CTO at Foretrace, to discuss the last year in data leaks. And Russian disinformation is expected to aim at undermining US support for Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/189 Selected reading. Bitsight identifies nearly 100,000 exposed industrial control systems (Bitsight)  New BunnyLoader threat emerges as a feature-rich malware-as-a-service (BleepingComputer)  "Phantom Hacker" Scams Target Senior Citizens and Result in Victims Losing their Life Savings (FBI) FBI warns of surge in 'phantom hacker' scams impacting elderly (BleepingComputer) APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (Hacker News) Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023 (National Cybersecurity Alliance) Watchdog says pipeline security regulations, data collection safeguards not up to snuff at DHS (Washington Post)  Better TSA Tracking and Follow-up for the 2021 Security Directives Implementation Should Strengthen Pipeline Cybersecurity (REDACTED) (Office of Inspector General, Department of Homeland Security)  CBP, ICE, and Secret Service Did Not Adhere to Privacy Policies or Develop Sufficient Policies Before Procuring and Using Commercial Telemetry Data (REDACTED) (Office of Inspector General, Department of Homeland Security)  Ukraine prepares for winter again as Russia targets its power grid (The Economist)  Putin's Next Target: U.S. Support for Ukraine, Officials Say (New York Times Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we cover four crucial cyber and technology topics, including: 1.        New SLP flaw allows amplification of DoS attacks 2.        Iranian threat actor updates tools in new campaign 3.        Chinese actors spotted using new Linux-targeting tool 4.        Hacktivists allegedly working with government target gas  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Ben Borodach has spent his career working at the intersection of finance and technology. He helped scale Team8 Group into a multi-hundred million AUM fund, and initiated and helped sell several FinTech companies to PayPal and Bitsight, among others. During his tenure at Team8, Ben also spearheaded the firm's strategy arm and its US office as well as launched an award-winning cyber ETF and Ph.D. program. He has also been an advisor and contributor to the World Economic Forum on issues relating to central bank digital currencies. Prior to joining Team8, Ben was a FinTech strategist at Deloitte Consulting, where he advised the largest US banks and insurers on their business, technology, M&A, and venture strategies. Most recently, Ben co-founded april to bring more equity to the tax experience for all Americans. The company's vision is to democratize access to the tax code, enabling any company to develop and incorporate tax features and filing into their application. Ben graduated from NYU with a degree in Economics and Business with Dean's List and Presidential Honors Scholar distinctions.Connect with Behind Company Lines and HireOtter Website Facebook Twitter LinkedIn:Behind Company LinesHireOtter Instagram Buzzsprout

In this episode of Revenue Builders, our hosts John Kaplan and John McMahon talk with Bob Brennan. Bob has worked in multiple VP and CEO positions throughout his career and is currently a board chairman for Fairwinds, BitSight, and Thoughtworks. They discuss the metaphorical ‘athleticism' required to be a successful leader of a high-growth sales organization, gained through self-improvement and practice. Bob's advice for sales leaders is to own your mistakes, never assume you're the expert, and not be afraid to ask for help. He reminds us that it takes a team mentality to succeed, so positive energy and true comradery are your best assets. Additional Resources:Help give opportunities to youth in foster care: https://mtwyouth.org/Support Black-owned businesses in Massachusetts: https://www.becma.org/Connect with Bob on LinkedIn: https://www.linkedin.com/in/bobbrennan236/Listen to More Revenue Builders: https://www.forcemanagement.com/revenue-builders-podcast HIGHLIGHTSBeing a coachable leaderBenefits of an accountable cultureHow to handle the wrong hireOwning your mistakes, but not dwelling on themDon't talk to yourself in a way you wouldn't talk to othersDealing with activist investorsThe difference in leading public vs. private companiesLeading indicators of a successful ventureLeadership doesn't have to be lonely - don't be afraid to ask for help QUOTESBOB: The kind of people you want around you"I think you want to have people around you that are going to be supportive, but clear-eyed about, like when you're off or when you're wrong, and can you know, say, hey, wait a minute. So you don't end up betting the farm inadvertently, or, you know, chasing the wrong truck.”BOB: Don't be so hard on yourself"I think you want to hold up the mirror and be honest with yourself about screwing things up because it is a game of misses business. But then, let yourself off the hook too, just take that on board is don't do it again. But like, would you let it go? Check out John McMahon's book here: https://www.amazon.com/Qualified-Sales-Leader-Proven-Lessons/dp/0578895064

Today, we will be talking for a 2nd time with our good friend, Ryan Chapman. Listen as Ryan and I cover the post mortem of the ransomware attack on Heartland Community College. Ryan also gives us a better understanding of the ransomware group, PYSA. He also provides feedback on Bitsight and KnowB4. LinkedIn: http://linkedin.com/in/ryanjchapman. At Tech & Main, we want to be YOUR technology partner. Let our 20+ years of expertise help you achieve the outcomes that are best for your business: cybersecurity, cloud, SD-WAN and data center. We have engineers and project managers available to assist you. Call our office at 678-575-8515, email us at info@techandmain.com or visit us at www.techandmain.com. Thanks for listening! --- Send in a voice message: https://anchor.fm/techandmain/message

In this episode of CISO Insiders, we welcome Jack Freund, VP, Head of Cyber Risk Methodology at BitSight, for an exciting and eye-level conversation about his journey into cybersecurity, advice for young cybersecurity professionals just starting out, and how the industry will evolve in 2022 and beyond.⏱️

Finally, in the enterprise security news, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw284

Finally, in the enterprise security news, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw284

This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns! Visit https://www.securityweekly.com/esw for all the latest episodes! Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54 https://www.cisa.gov/uscert/ncas/alerts/aa22-181a Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw287

This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns! Visit https://www.securityweekly.com/esw for all the latest episodes! Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54 https://www.cisa.gov/uscert/ncas/alerts/aa22-181a Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw287

A daily look at the relevant information security news from overnight - 20 July, 2022Episode 269 - 20 July 2022Knauf Knocked Out- https://www.bleepingcomputer.com/news/security/building-materials-giant-knauf-hit-by-black-basta-ransomware-gang/Rusty Luna - https://thehackernews.com/2022/07/new-rust-based-ransomware-family.htmlGPS Over-Tracking - https://www.zdnet.com/article/flaws-in-a-popular-gps-tracker-could-allow-hackers-to-track-or-stop-vehicles-say-security-researchers/Oracle Patchfest- https://www.securityweek.com/oracle-releases-349-new-security-patches-july-2022-cpu Magicart Skim - https://docs.google.com/document/d/1Kse6lMi7hJEg1wDnVS_ZEND2pZOEMT4a9We3erCPsXE/editHi, I'm Paul Torgersen. It's Wednesday July 20th, 2022, and from Victoria, this is a look at the information security news from overnight. From BleepingComputer.com:The Knauf Group, a large Germany based building materials company, has announced it has been the target of a cyberattack that has disrupted its business operations. Their global IT team has shut down all systems to isolate the incident. Knauf has not confirmed it is a ransomware attack, but the Black Basta group has claimed responsibility for the attack on their extortion site. So far they claim to have released about 20% of the information they stole, which indicates they are likely still hopeful to receive a ransom from the victim. From TheHackerNews.com:Researchers have disclosed a brand-new ransomware family written in Rust, that Kaspersky Labs has named Luna. The ransomware is fairly simple and appears to be in its early development. It is designed to be used by Russian speaking threat actors, and can run on Windows, Linux, and ESXi systems. From ZDNet.com:Critical security vulnerabilities in the MiCODUS MV720 vehicle GPS tracker could be used to remotely track, stop or even take control of vehicles in which it is installed. These devices are popular with large companies and government entities, with approximately 1.5 million of them currently in use in 169 countries. Researchers at BitSight, who found the flaws, say these devices should not be used until patches are available. No word from MiCODUS on when that might be. From SecurityWeek.com:Oracle's quarterly Critical Patch Update has a total of 349 new security patches, including 230 for vulnerabilities that can be exploited by remote, unauthenticated attackers. 64 of the vulnerabilities are rated critical, with four of those scoring a ten out of ten. Financial Services Applications received the largest number of fixes, followed by Oracle Communications, then Fusion Middleware. Get your patch on kids. And last today, from ThreatPost.com:A Magecart campaign has been skimming payment-card credentials from customers using three online restaurant-ordering systems. The attack has affected over 300 restaurants and compromised at least 50,000 cards so far, which have already been offered up for sale on the dark web. The platforms impacted are MenuDrive, Harbortouch, and InTouchPOS. That's all for me today. Have a great rest of your day. Like and subscribe, and until next tomorrow, be safe out there.

Steve Harvey is the CEO of BitSight, the cyber security platform used by nearly a quarter of the Fortune 500 companies and multiple government agencies around the world. With a background in risk assessment, Steve spent 13 years at the Institutional Shareholder Services (ISS) and became the CEO of BitSight in 2020, just before the COVID-19 pandemic. Because so many businesses were forced to go digital and adopt the work-from-home model, cyber-attacks became more prevalent than ever. Steve certainly had his work cut out for him, but in two short years made multiple acquisitions and received a $250M investment from Moody's. With over 2,400 customers, BitSight has quickly become the most widely used security ratings service in the world and is showing no signs of slowing down. GGV is an incredibly proud investor in BitSight, with our own Glenn Solomon sitting on the board since 2016. In this episode, Steve talks about removing disruption at the highest level and entering a well-established company at its tipping point.

In this episode of the GRU, we discuss the use and value of Cyber Risk Ratings, with Derek Vadala, who is Chief Risk Officer at BitSight in New York. We discuss the current threat landscape and how cybersecurity ratings and analytics help organizations manage their own security performance, mitigate third party risk, underwrite cyber insurance policies, conduct financial diligence, and improve national security. Derek also shares tips and effective practices for firms wanting to improve their cyber defenses and overall resiliency.

In this week's episode, we dive into how you can strengthen your CI efforts by leveraging win/loss insights. This fireside chat is lead by DoubleCheck's own Bruce Kasrel and guests Paul Senatori and Carlo Cadet. Paul has over 20 years of experience in CI and is currently the Director of Competitive Intelligence at SiteCore. Carlo leads the Content and Product Marketing teams at BitSight as the Senior Director. As experts in the field, these two share which CI deliverables are most important to the sales team, how they adapt CI efforts when working with non-sales stakeholders, and—of course—how to leverage win/loss in CI efforts. Key Takeaways:

As one of the fastest growing segments of the P&C insurance industry, cyber risk presents both challenges and opportunities for carriers to address. In this partner podcast episode of Conversations on the Creek, Rob Savitsky and Peter Herz from Duck Creek talk with Samit Shah of BitSight to demystify the state of the cyber insurance market, and discuss how emerging data sources in security ratings are enabling carriers to better underwrite, price, and manage cyber risk.

In this episode, GGV Capital's Hans Tung and Rita Yang interviewed Renee Wang (王小雨), the founder and CEO of CastBox, a global podcast platform often referred to as the "Netflix for podcasting". It uses natural language processing and machine learning to power unique features like personalized recommendations and in-audio search. According to a report from Sensor tower in April 2019, Castbox is now the biggest 3rd-party pure-play podcast app.   Before launching CastBox in 2016, Renee worked for Google in China, Japan, and Ireland. She holds a bachelor's degree in Peking University in psychology and mathematical statistics. While in college, she taught herself coding and became one of the earliest Android developers in China.    On the show, Renee discussed user acquisition in international markets with a cross-cultural team, integrating Chinese social app features into its global podcasting platform, the landscape of consumer-facing audio apps in China and her strategic decision for not entering the Chinese market. She also shared her journey of landing a job at Google without speaking a word of English, selling her apartment in Beijing to fund her startup and leading a diverse team spread across the US and China.   Join our listeners' community via WeChat/Slack at 996.ggvc.com/community.  The 996 Podcast is brought to you by GGV Capital, a global venture capital firm that invests in local founders. As a multi-stage, sector-focused firm, GGV focuses on seed-to-growth stage investments across Consumer/New Retail, Social/Digital & Internet, Enterprise/Cloud and Frontier Tech sectors. The firm was founded in 2000 and manages $6.2 billion in capital across 13 funds. Past and present portfolio companies include Affirm, Airbnb, Alibaba, Bitsight, ByteDance, Ctrip, Didi Chuxing, Grab, Gladly, Hello Chuxing, HashiCorp, Houzz, Keep, LingoChamp, Namely, Niu, Nozomi Networks, Opendoor, Peloton, Poshmark, Slack, Square, Wish, Xauto, Xiaohongshu, Yellow, YY, Zhaoyou and more. The firm has offices in Beijing, San Francisco, Shanghai and Silicon Valley. Learn more at ggvc.com, or “GGVCapital” on WeChat.

On this episode, we interviewed Brian Gu (顾宏地), the vice chairman and president of XPENG Motors, also known as Xiaopeng Motors, a Chinese electric vehicle company and a GGV portfolio company. The company designs and manufactures what it calls "Internet cars" which has AI technology integrated into the vehicles. Prior to joining XPENG Motors in March 2018, Brian was the Chairman of Asia Pacific Investment Banking at J.P. Morgan. He holds an MBA from Yale University, a Ph.D. in Biochemistry from the University of Washington Medical School and a bachelor's degree in Chemistry from the University of Oregon. At XPENG, Brian leads the company's global strategy, finance, fundraising, investments and international partnerships. Brian discussed his journey from an investment banker to a tech company executive, why China's EV market excites him, and how XPENG differentiates itself from its competitors. This episode also features a bonus interview with GGV Managing Partner, Jixun Foo, on why we invested in XPENG Motors. Join our listeners' community via WeChat/Slack at 996.ggvc.com/community. The 996 Podcast is brought to you by GGV Capital, a global venture capital firm that invests in local founders. As a multi-stage, sector-focused firm, GGV focuses on seed-to-growth stage investments across Consumer/New Retail, Social/Digital & Internet, Enterprise/Cloud and Frontier Tech sectors. The firm was founded in 2000 and manages $6.2 billion in capital across 13 funds. Past and present portfolio companies include Affirm, Airbnb, Alibaba, Bitsight, ByteDance, Ctrip, Didi Chuxing, Grab, Gladly, Hello Chuxing, HashiCorp, Houzz, Keep, LingoChamp, Namely, Niu, Nozomi Networks, Opendoor, Peloton, Poshmark, Slack, Square, Wish, Xauto, Xiaohongshu, Yellow, YY, Zhaoyou and more. The firm has offices in Beijing, San Francisco, Shanghai and Silicon Valley. Learn more at http://ggvc.com/, or "GGVCapital" on WeChat.

On a special "AMA" (Ask Me Anything) episode, GGV Managing Partner Hans Tung answers questions posed by our listeners on a wide range of topics. How did Hans break into the VC world? What made he move to China and then come back to Silicon Valley afterwards? How does he deal with failures as an investor? What does it take for non-Chinese entrepreneurs to succeed in China? What motivates him to wake up and work hard every day? Join our listeners' community via WeChat/Slack at 996.ggvc.com/community. The 996 Podcast is brought to you by GGV Capital, a global venture capital firm that invests in local founders. As a multi-stage, sector-focused firm, GGV focuses on seed-to-growth stage investments across Consumer/New Retail, Social/Digital & Internet, Enterprise/Cloud and Frontier Tech sectors. The firm was founded in 2000 and manages $6.2 billion in capital across 13 funds. Past and present portfolio companies include Affirm, Airbnb, Alibaba, Bitsight, ByteDance, Ctrip, Didi Chuxing, Grab, Gladly, Hello Chuxing, HashiCorp, Houzz, Keep, LingoChamp, Namely, Niu, Nozomi Networks, Opendoor, Peloton, Poshmark, Slack, Square, Wish, Xauto, Xiaohongshu, Yellow, YY, Zhaoyou and more. The firm has offices in Beijing, San Francisco, Shanghai and Silicon Valley. Learn more at ggvc.com, or "GGVCapital" on WeChat.

We interviewed Hao Wu, a Chinese American film director, producer and writer to discuss his recent work "People's Republic of Desire", a documentary about the live streaming industry in China. Originally trained as a molecular biologist, Hao worked in tech before becoming a full-time filmmaker. He held various management positions at technology companies including Excite@Home, Yahoo China and Alibaba. From 2008-2011, he was the China Country Manager for TripAdvisor. As his career progressed, so did his passion in more artistic and creative endeavors. In 2012 he decided to pursue documentary filmmaking full time. His latest work, which is the subject of this episode, is a documentary called "People's Republic of Desire", a journey into the live streaming industry in China, where Hao follows a few top streamers on YY to document their lives behind the screen. The film has won the Grand Jury Award at the 2018 South By South West, among many other awards, and has screened at over 40 film festivals worldwide. The New York Times calls the film "hypercharged," while The Los Angeles Times says it's "invariably surprising and never less than compelling." If you haven't watched the film, we highly recommend doing so. It is available on Vimeo, iTunes, Amazon and Google Play; just visit desire.film for the links. Hao has produced two other documentaries, The Road to Fame, and Nowhere to Call Home. Hao holds a bachelor's degree in biology from the University of Science and Technology of China, a master's degree in molecular and cell biology from Brandeis University, and an MBA from the University of Michigan's Ross School of Business. Join our listeners' community via WeChat/Slack at 996.ggvc.com/community. The 996 Podcast is brought to you by GGV Capital, a global venture capital firm that invests in local founders. As a multi-stage, sector-focused firm, GGV focuses on seed-to-growth stage investments across Consumer/New Retail, Social/Digital & Internet, Enterprise/Cloud and Frontier Tech sectors. The firm was founded in 2000 and manages $6.2 billion in capital across 13 funds. Past and present portfolio companies include Affirm, Airbnb, Alibaba, Bitsight, ByteDance, Ctrip, Didi Chuxing, Grab, Gladly, Hello Chuxing, HashiCorp, Houzz, Keep, LingoChamp, Namely, Niu, Nozomi Networks, Opendoor, Peloton, Poshmark, Slack, Square, Wish, Xauto, Xiaohongshu, Yellow, YY, Zhaoyou and more. The firm has offices in Beijing, San Francisco, Shanghai and Silicon Valley. Learn more at ggvc.com, or "GGVCapital" on WeChat.

GGV Capital's Hans Tung and Zara Zhang interview Tao Peng (彭韬), the president of Airbnb China. Prior to joining Airbnb in Sept 2018, Tao has founded a number of companies in the travel space including Breadtrip, a social app for recording and sharing trips, and more recently, CityHome, a management platform for short-terms rentals across China. Before founding Breadtrip, Tao has worked at the network security provider IntelliGuard and has also worked for McKinsey for two years as a management consultant. Tao graduated from the University of Melbourne with Ph.D degree in computer networks and the Huazhong University of Science and Technology with a bachelor's degree in communication engineering. He is also an avid traveler and has been to over 50 countries across seven continents. Earlier on the 996 Podcast, we have interviewed Nathan Blecharczyk, Airbnb's co-founder and chief strategy officer as well as the chairman of Airbnb China. If you haven't listened to that episode, we highly recommend checking it out; it was released around exactly a year ago on April 11th, 2018. Airbnb is a GGV portfolio company and our managing partners Hans Tung and Glenn Solomon actively works with the company especially with regards to its China strategy. Join our listeners' community via WeChat/Slack at 996.ggvc.com/community. The 996 Podcast is brought to you by GGV Capital, a global venture capital firm that invests in local founders. As a multi-stage, sector-focused firm, GGV focuses on seed-to-growth stage investments across Consumer/New Retail, Social/Digital & Internet, Enterprise/Cloud and Frontier Tech sectors. The firm was founded in 2000 and manages $6.2 billion in capital across 13 funds. Past and present portfolio companies include Affirm, Airbnb, Alibaba, Bitsight, ByteDance, Ctrip, Didi Chuxing, Grab, Gladly, Hello Chuxing, HashiCorp, Houzz, Keep, LingoChamp, Namely, Niu, Nozomi Networks, Opendoor, Peloton, Poshmark, Slack, Square, Wish, Xauto, Xiaohongshu, Yellow, YY, Zhaoyou and more. The firm has offices in Beijing, San Francisco, Shanghai and Silicon Valley. Learn more at ggvc.com, or “GGVCapital” on WeChat.

GGV Capital's Hans Tung and Zara Zhang interview Jane Sun (孙洁), the CEO of Ctrip, the largest online travel platform in China which is listed on the NASDAQ. It's current market cap (at time of recording) is around $23 billion. Jane has been at Ctrip for 13 years. Prior to becoming CEO in Nov 2016, Jane served as COO of Ctrip for four years and CFO for seven years. Before joining Ctrip, Jane worked at Applied Materials in the US as the head of SEC and External Reporting Division. Prior to that, she worked with KPMG as an audit manager in Silicon Valley for five years. Jane received her bachelor's degree from the business school of the University of Florida, and LLM degree from the Peking University Law School. Jane discussed her journey from studying abroad in the US to one of the one of the top female leaders in Chinese tech, her daily routine as the CEO of a New York-listed Chinese tech company, and her advice for young people with cross-cultural backgrounds. This episode also features a bonus interview with GGV managing partner Jixun Foo, who led the firm's investment in the online travel search company Qunar, which merged with Ctrip in 2015. Join our listeners' community via WeChat/Slack at 996.ggvc.com/community. The 996 Podcast is brought to you by GGV Capital, a global venture capital firm that invests in local founders. As a multi-stage, sector-focused firm, GGV focuses on seed-to-growth stage investments across Consumer/New Retail, Social/Digital & Internet, Enterprise/Cloud and Frontier Tech sectors. The firm was founded in 2000 and manages $6.2 billion in capital across 13 funds. Past and present portfolio companies include Affirm, Airbnb, Alibaba, Bitsight, ByteDance, Ctrip, Didi Chuxing, Grab, Gladly, Hello Chuxing, HashiCorp, Houzz, Keep, LingoChamp, Namely, Niu, Nozomi Networks, Opendoor, Peloton, Poshmark, Slack, Square, Wish, Xauto, Xiaohongshu, Yellow, YY, Zhaoyou and more. The firm has offices in Beijing, San Francisco, Shanghai and Silicon Valley. Learn more at ggvc.com, or “GGVCapital” on WeChat.

GGV Capital's Hans Tung and Zara Zhang interview two “GGV Fellows,” David Sun (a data scientist on Apple's Siri team) and Bo Ning Han (a recent Harvard grad working on a startup in Beijing), on their life stories and their takeaways from the GGV Fellows program. What is the GGV Fellows program? Read this blog post to find out more: https://hans.vc/why-we-organized-ggv-fellows/ If you are interested in applying to future batches of GGV Fellows or our other events, please join our listeners' community via WeChat/Slack at 996.ggvc.com/community, where all related announcements will be posted. The 996 Podcast is brought to you by GGV Capital, a global venture capital firm that invests in local founders. As a multi-stage, sector-focused firm, GGV focuses on seed-to-growth stage investments across Consumer/New Retail, Social/Digital & Internet, Enterprise/Cloud and Frontier Tech sectors. The firm was founded in 2000 and manages $6.2 billion in capital across 13 funds. Past and present portfolio companies include Affirm, Airbnb, Alibaba, Bitsight, ByteDance, Ctrip, Didi Chuxing, Grab, Gladly, Hello Chuxing, HashiCorp, Houzz, Keep, LingoChamp, Namely, Niu, Nozomi Networks, Opendoor, Peloton, Poshmark, Slack, Square, Wish, Xauto, Xiaohongshu, Yellow, YY, Zhaoyou and more. The firm has offices in Beijing, San Francisco, Shanghai and Silicon Valley. Learn more at ggvc.com, or “GGVCapital” on WeChat.

GGV Capital's Hans Tung and Zara Zhang discuss the opportunities and challenges faced by Chinese overseas returnees (“sea turtles”, or 海归) who are interested in working in China's tech industry. These are people who were born and raised in China, completed their high education outside of China or have worked overseas, and then have returned to China for opportunities. There has been a growing number of sea turtles in recent year as China's tech economy boomed and the US immigration policies became less friendly to foreign talent. We addressed questions including: What are the common pitfalls that sea turtle entrepreneurs run into? In an age where the premium of an overseas education is arguably declining in China, how can sea turtles make the most of their global experience? For aspiring sea turtle entrepreneurs, which verticals should they spend time on? If you're an aspiring or current Chinese overseas returnee, we have a special resource for you: we recently compiled a list of 10 Chinese books on tech & entrepreneurship in China that we recommend all sea turtles read before going back to China. These include books on China's tech giants Tencent, Alibaba, JD, and Meituan, books on practical aspects of running a startup in China such as growth and marketing, as well as books on general Chinese business history. To read the book list, please follow GGV's WeChat official account by searching "GGVCapital" in WeChat, and then message the word "sea turtle" to that account. We also have a lucky draw for you: If you comment on that article with your story of coming back to China as a sea turtle before April 10th, you can enter a lottery to win a bundle of these 10 books, which will be mailed to you. We look forward to hearing your story. And, here's a list of news outlets and resources that can help you stay in touch with what's going on in tech in China: https://zarazhang.com/2018/03/25/how-to-keep-up-with-whats-happening-china/ Join our listeners' community via WeChat/Slack at 996.ggvc.com/community. The 996 Podcast is brought to you by GGV Capital, a global venture capital firm that invests in local founders. As a multi-stage, sector-focused firm, GGV focuses on seed-to-growth stage investments across Consumer/New Retail, Social/Digital & Internet, Enterprise/Cloud and Frontier Tech sectors. The firm was founded in 2000 and manages $6.2 billion in capital across 13 funds. Past and present portfolio companies include Affirm, Airbnb, Alibaba, Bitsight, ByteDance, Ctrip, Didi Chuxing, Grab, Gladly, Hello Chuxing, HashiCorp, Houzz, Keep, LingoChamp, Namely, Niu, Nozomi Networks, Opendoor, Peloton, Poshmark, Slack, Square, Wish, Xauto, Xiaohongshu, Yellow, YY, Zhaoyou and more. The firm has offices in Beijing, San Francisco, Shanghai and Silicon Valley. Learn more at ggvc.com, or “GGVCapital” on WeChat.

GGV Capital's Hans Tung and Zara Zhang interview Wang Yu (王宇), the co-founder and CEO of Tantan (探探), China's leading dating app. Tantan is social app that help young people in China connect with one another. It has a slide-left slide-right interface. Only when two users both slide right on each other can they start a conversation. The company was founded in 2014 and has helped users make over 10 billion matches to date. In 2018, Tantan was acquired by Momo (陌陌) for $735 million. Momo is a top location-based social networking platform in China that help people meet strangers around them. It is also one of the leading live streaming platforms in China. It is a public company on the NASDAQ and its current market cap is around $6.8 billion. Wang Yu was born in Beijing and grew up in Sweden. He holds two master's degrees, one on computer science and one in industrial economics. In 2007, he moved back to China and started his first business P1, a fashion community, before founding Tantan in 2014. During this episode, Yu discussed how the failure of his first startup P1 proved crucial to the success of Tantan, why flawless execution is more important than flawless product in China, whether any social apps in China will be able to challenge WeChat, and the advantages and disadvantages of being an overseas Chinese returnee entrepreneur. Join our listeners' community via WeChat/Slack at 996.ggvc.com/community. The 996 Podcast is brought to you by GGV Capital, a global venture capital firm that invests in local founders. As a multi-stage, sector-focused firm, GGV focuses on seed-to-growth stage investments across Consumer/New Retail, Social/Digital & Internet, Enterprise/Cloud and Frontier Tech sectors. The firm was founded in 2000 and manages $6.2 billion in capital across 13 funds. Past and present portfolio companies include Affirm, Airbnb, Alibaba, Bitsight, ByteDance, Ctrip, Didi Chuxing, Grab, Gladly, Hello Chuxing, HashiCorp, Houzz, Keep, LingoChamp, Namely, Niu, Nozomi Networks, Opendoor, Peloton, Poshmark, Slack, Square, Wish, Xauto, Xiaohongshu, Yellow, YY, Zhaoyou and more. The firm has offices in Beijing, San Francisco, Shanghai and Silicon Valley. Learn more at ggvc.com, or “GGVCapital” on WeChat.