Podcasts about cso online

  • 32PODCASTS
  • 43EPISODES
  • 34mAVG DURATION
  • ?INFREQUENT EPISODES
  • Apr 19, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about cso online

Latest podcast episodes about cso online

Cybercrime Magazine Podcast
Eradicating NTLM. It's Time To Enhance Network Security. David Strom, Cybersecurity Journalist.

Cybercrime Magazine Podcast

Play Episode Listen Later Apr 19, 2025 6:57


David Strom is an award-winning public speaker and cybersecurity journalist. David's writing spans more than 35 years, first as an editorial manager, where he ran publications such as Network Computing, Tom's Hardware, PC Week, ReadWrite and Inside Security. It also includes work as a full-time freelance writer for dozens of computer publications, including CSOonline and numerous TechTarget/Informa websites. In this episode, he joins host Charlie Osborne to discuss ridding networks of NTLM, including the path to eradicating this ancient protocol, why it's time, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

IDG TechTalk | Voice of Digital
Warum sich der KI-Einstieg lohnt - mit Isabell Welpe

IDG TechTalk | Voice of Digital

Play Episode Listen Later Jan 7, 2025 26:44


Die Studienlage ist eindeutig: KI-Investitionen zahlen sich aus! Isabell Welpe, hochdekorierte Wissenschaftlerin an der Technischen Universität München, sieht hier einen großen Unterschied zu „gehypten Technologien“ wie Web3, Blockchain oder Metaverse. Im Podcast „TechTalk Smart Leadership“ von COMPUTERWOCHE, CIO-Magazin und CSO Online empfiehlt sie den Unternehmen, ihre Mitarbeitenden spielerisch an das Thema heranzuführen, Bots für einfache Aufgaben einzurichten und Raum für Experimente zu schaffen. Erfolge würden sich schnell einstellen, da die Menschen hochmotiviert seien. Sie könnten ihr eigenes Arbeitsleben angenehmer gestalten.

The CyberWire
State of security automation. [CSO Perspectives]

The CyberWire

Play Episode Listen Later Nov 4, 2024 22:34


Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, turns over hosting duties to William MacMillan, the Chief Product Officer at Andesite, to discuss the Cybersecurity First Principle of automation: current state and what happens now with AI as it applies to SOC Operations. For a complete reading list and even more information, check out Rick's more detailed essay on the topic. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Bob Violino, 2022. 7 top challenges of security tool integration [Analysis]. CSO Online. Bruce Japsen, 2024. UnitedHealth Group Cyberattack Costs To Hit $2.3 Billion This Year [News]. Forbes. Clay Chun, 2019. JOHN BOYD AND THE “OODA” LOOP (GREAT STRATEGISTS) [Explainer]. War Room - U.S. Army War College. Michael Cobb, 2023. The history, evolution and current state of SIEM [Explainer]. TechTarget. Rick Howard, 2022. History of Infosec: a primer. [Podcast and essay]. The CyberWire - CSO Perspectives. Rick Howard, 2020. Security operations centers: a first principle idea. [Podcast and Essay]. The CyberWire. Rick Howard, 2020. SOAR – a first principle idea. [Podcast and Essay]. The CyberWire - CSO Perspectives. Rick Howard, 2021. XDR: from the Rick the Toolman Series. [Podcast and Essay]. The CyberWire - CSO Perspectives. Robert Lemos, 2024. SOAR Is Dead, Long Live SOAR [Analysis]. Dark Reading. Timbuk 3, 1986. The Future's So Bright, I Gotta Wear Shades [Song]. Genius. Timbuk3VEVO, 2009. Timbuk 3 - The Future's So Bright [Music Video]. YouTube. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
What does materiality mean exactly?

The CyberWire

Play Episode Listen Later Aug 12, 2024 12:21


Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses the meaning of cybersecurity materiality. References: Amy Howe, 2024. Supreme Court strikes down Chevron, curtailing power of federal agencies [Blog] Cydney Posner, 2023. SEC Adopts Final Rules on Cybersecurity Disclosure [Explainer]. The Harvard Law School Forum on Corporate Governance. Cynthia Brumfield, 2022. 5 years after NotPetya: Lessons learned Analysis]. CSO Online. Eleanor Dallaway, 2023. Closed for Business: The Organisations That Suffered Fatal Cyber Attacks that Shut Their Doors For Good [News]. Assured. Gary Cohen, 2021. Throwback Attack: Chinese hackers steal plans for the F-35 fighter in a supply chain heist [Explainer]. Industrial Cybersecurity Pulse. James Pearson, 2022. Russia downed satellite internet in Ukraine [News]. Reuters. Katz, D., 2021. Corporate Governance Update: “Materiality” in America and Abroad [Essay]. The Harvard Law School Forum on Corporate Governance. Kim Zetter, 2014. Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon [Cybersecurity Canon Hall of Fame Book]. Goodreads. Lizárraga, C.J., 2023. Improving the Quality of Cybersecurity Risk Management Disclosures [Essay]. U.S. Securities and Exchange Commission. MATTHEW DALY, 2024. Supreme Court Chevron decision: What it means for federal regulations [WWW Document]. AP News. Rick Howard. Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon [Book Review]. Cybersecurity Canon Project. Rick Howard, 2021. Using cyber sand tables to study the DNC hack of 2016. [Podcast]. The CyberWire. Rick Howard, 2022. Cyber sand table series: OPM. [Podcast and Essay]. The CyberWire. Staff, 2020. Qasem Soleimani: US strike on Iran general was unlawful, UN expert says [Explainer]. BBC News. Staff, 2023. Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure [Government Guidance]. U.S. Securities and Exchange Commission. Staff, 2024. Number of Public Companies v. Private: U.S. [Website]. Advisorpedia. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
SolarWinds and the SEC.

The CyberWire

Play Episode Listen Later Jun 3, 2024 21:05


Rick Howard, N2K's CSO and The CyberWire's Chief Analyst and Senior Fellow, presents the argument for why the SEC was misguided when it charged the SolarWinds CISO, Tim Brown, with fraud the after the Russian SVR compromised the SolarWinds flagship product, Orion. Our guests are, Steve Winterfeld, Akamai's Advisory CISO, and Ted Wagner, SAP National Security Services CISO. References: Andrew Goldstein, Josef Ansorge, Matt Nguyen, Robert Deniston, 2024. Fatal Flaws in SEC's Amended Complaint Against SolarWinds [Analysis]. Crime & Corruption. Anna-Louise Jackson, 2023. Earnings Reports: What Do Quarterly Earnings Tell You? [Explainer]. Forbes. Brian Koppelman, David Levien, Andrew Ross Sorkin, 2016 - 2023. Billions [TV Show]. IMDb. Dan Goodin, 2024. Financial institutions have 30 days to disclose breaches under new rules [News]. Ars Technica. David Katz, 021. Corporate Governance Update: “Materiality” in America and Abroad [Essay]. The Harvard Law School Forum on Corporate Governance. Jessica Corso, 2024. SEC Zeroes In On SolarWinds Exec In Revised Complaint [Analysis]. Law360. Johnathan Rudy, 2024. SEC files Amended complaint against SolarWinds and CISO [Civil Action]. LinkedIn. Joseph Menn, 2023. Former Uber security chief Sullivan avoids prison in data breach case [WWW DocumentNews]. The Washington Post. Kim Zetter, 2014. Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon [Book]. Goodreads. Kim Zetter, 2023. SEC Targets SolarWinds' CISO for Rare Legal Action Over Russian Hack [WWW Document]. ZERO DAY. Kim Zetter, 2023. SolarWinds: The Untold Story of the Boldest Supply-Chain Hack [Essay]. WIRED. Rick Howard, 2022. Cyber sand table series: OPM [Podcast]. The CyberWire - CSO Perspectives Podcast. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Pam Baker, 2021. The SolarWinds hack timeline: Who knew what, and when? [Timeline]. CSO Online. Staff, 2009. Generally Accepted Accounting Principles (Topic 105) [Standard]. PWC. Staff. 30 October 2023. SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures [Website]. The U.S. Securities and Exchange Commision. Staff, 31 October 2023. Securities and Exchange Commission v. SolarWinds Corporation and Timothy G. Brown, No. 23-civ-9518 (SDNY) [Case]. The Securities and Exchange Commission. Staff, 29 March 2024. Cooley, Cybersecurity Leaders File Brief Opposing SEC's SolarWinds Cyberattack Case [Press Release]. Cooley. Stephanie Pell, Jennifer Lee , Shoba Pillay, Jen Patja Howell, 2024. The SEC SolarWinds Enforcement Action [Podcast]. The Lawfare Podcast.

IT in the D
Cybersecurity Realities, Insights, and Challenges with Jeff Marraccini of Altair – IT in the D 471Jeff Marracini

IT in the D

Play Episode Listen Later Nov 16, 2023 42:06


I'm trying something new this week: These show notes were generated by putting a transcript into ChatGPT. Feedback is appreciated! —Randy We recently heard Jeff Marraccini on the "This Week in Enterprise Technology (TWiET)" podcast. Jeff, the Chief Information Security Officer (CISO) at Altair, joined us this week to share insights into his background and the challenges Altair faces in cybersecurity as a globally acquisitive company. The conversation explores Jeff's transition from a Vice President of IT to a CISO, underscoring the importance of continuous learning and formal courses from ISC2 and ISACA to adapt to the evolving cybersecurity landscape. Emphasis is placed on the complex vendor landscape in cybersecurity and the need to implement zero trust as a methodology rather than just a product. Jeff delves into Altair's approach to global operations, collaborating with teams across China, India, Europe, and the United States. Regulatory challenges, such as restrictions on hardware in China, are discussed. The podcast concludes with a discussion on the evolving cybersecurity landscape, highlighting Jeff's optimism about advancements like memory-safe languages and Microsoft's adoption of Rust. Despite existing challenges, Jeff sees promising developments and disruptive solutions in the cybersecurity space. A noteworthy segment of the discussion involves the importance of identity in cybersecurity. Jeff and Bob emphasize that identity management should be at the crux of security efforts, recognizing its role as a foundational element for effective cybersecurity measures. The conversation highlights the shift in focus from traditional security measures, like firewalls, to a more comprehensive approach centered around identity management. Furthermore, Bob and Jeff touch upon the evolution of cybersecurity news coverage. They discuss the noticeable decrease in mainstream media coverage of security breaches, speculating on whether this shift is influenced by the insurance industry advising companies to keep incidents quiet or if it reflects a change in news priorities. Jeff acknowledges the continued prevalence of security issues covered by specialized outlets like the Cyberwire podcast, CSO Online, and Dark Reading. Towards the end, the conversation pivots to the impact of Gen AI (Generative Artificial Intelligence) and digital transformation on the industry. Jeff shares insights into Altair's recent acquisition of RapidMiner, emphasizing the empowerment of individuals to leverage AI techniques for various applications, including data science and cybersecurity. The discussion underscores the potential for Gen AI to enhance efficiency and collaboration across different fields. The podcast concludes with Bob raising a concern about the younger generation's reluctance to pursue careers in IT, especially in areas like cybersecurity and data science. Jeff offers guidance, encouraging individuals to explore these fields through online courses and hands-on projects, emphasizing their applicability across diverse industries. The conversation touches on the need for a shift in mindset and the potential for technology-driven roles to drive innovation and problem-solving. Overall, the discussion provides a comprehensive overview of cybersecurity challenges, industry trends, and the transformative impact of emerging technologies.

Coffee with a Journalist
Andrada Fiscutean, Freelance Journalist

Coffee with a Journalist

Play Episode Listen Later Oct 31, 2023 19:56


Welcome to Coffee with a Journalist! This week, we sit down with freelance science and technology journalist Andrada Fiscutean. Based in Bucharest, Romania, Andrada writes for publications like Ars Technica, Vice Motherboard, ZDNet, Nature, and CSO Online, focusing on cybersecurity and the history of technology. She shares her unique perspective on covering stories that most staff writers wouldn't consider and the benefits of being based in a lower-cost country.  She also opens up about her experiences as a Night Science Journalism Fellow at MIT and reveals her preferences when it comes to receiving pitches from publicists. Join us as we dive into the intriguing science and technology journalism world with Andrada Fiscutean.  

Smashing Security
Nudes leak at the plastic surgery, Mali mail mix-up, and WormGPT

Smashing Security

Play Episode Listen Later Jul 27, 2023 51:54


Dr 90210 finds himself in a sticky situation after his patients' plastic surgery photos AND more end up in the hands of hackers, emails to the US military end up in the wrong hands, and script kiddies salivate at the thought of Business Email Compromise powered by generative AI.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by T-Minus Space Daily's Maria Varmazis.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:90210 plastic surgeon Dr Gary Motykie.Dr Gary Motykie videos - YouTube.More plastic surgery patients have their nude photos and information leaked - DataBreaches.net.Typo watch: 'Millions of emails' for US military sent to .ml addresses in error - The Register.Hundreds of thousands of US military e-mails wind up in Mali - Le Monde.Beware of WormGPT: AI Tool Enables Cyber Attacks and Impersonation Scams - IB Times.WormGPT: a generative AI tool to compromise business emails - CSO Online.WormGPT - The Generative AI Tool Cybercriminals Are Using to Launch BEC Attacks - SlashNext.“Who shat on the floor at my wedding?”Futurama - Wikipedia.Radiooooo.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – Kolide ensures that if your device isn't secure it can't access your cloud apps. It's Device Trust for Okta. Watch the demo today!ClearVPN - Hide your IP address, browse without geo-restrictions, and stay private online with a 30 day free trial of its premium plan.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via

It's 5:05! Daily cybersecurity and open source briefing
Episode #180 - Proof of Concept Program for Microsoft Teams Malware Delivery; OWASP Releases version 0.5 of Top 10 LLMs Risks; Shift Left is a Myth; Inflight Internet Access Systems; This Day in Tech History

It's 5:05! Daily cybersecurity and open source briefing

Play Episode Listen Later Jul 7, 2023 11:40


Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: A proof of concept program has been recently published that exploits an unresolved security vulnerability in Microsoft Teams. The program allows the bypass of Microsoft Teams file sending restraints to deliver malware from an external account.From Olimpiu Pop in Transylvania, Romania: OWASP moves fast. In late May, they initiated the Top 10 Security Risks for LLM applications project. Version 0.5 was released this week and they are aiming to release version 1.0 by the end of the month. From Katy Craig in San Diego, California: In a thought-provoking blog post, Mark Curphy challenges the effectiveness of shifting left in software security. In fact, he says that shifting left is a myth. From Hillary Coover in Washington, DC: In-flight wifi is a convenience, but also potentially a vulnerability to flight safety. According to CSOOnline, commercial airliners are more vulnerable to cyber threats originating from in-flight internet access systems than from avionics.From Marcel Brown in St. Lous, Missouri: July 7th, 1936. Several US patents are issued for the Phillips head screw and screwdriver to inventor Henry F. Phillips. Phillips founded the Phillips Screw Company to license his patents.From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Friday, July 7th. Here's the full story behind today's cyber security and open source headlines...

Cyber Security Weekly Podcast
Episode 346 - Cybersecurity Resilience vs. The Meteors

Cyber Security Weekly Podcast

Play Episode Listen Later Feb 2, 2023


Dave has 30 years of industry experience. He has extensive experience in IT security operations and management. He is the founder of the security site Liquidmatrix Security Digest & podcast as well as the host of DuoTV and the Plaintext podcast. He is currently a member of the board of directors for BSides Las Vegas.  Previously he served on the board of directors for (ISC)2 as well as being a founder of BSides Toronto conference. Dave has been a DEF CON speaker operations goon for over 10 years. Lewis also serves on the advisory board for the Black Hat Sector Security Conference and the CFP review board for 44CON.  He is currently working towards his graduate degree at Harvard. Dave has previously written columns for Forbes, CSO Online, Huffington Post, The Daily Swig and others. For fun he is a curator of small mammals (his kids) plays bass guitar, grills, is part owner of a whisky distillery and a soccer team. In this interview, Dave Lewis shares his highlights from his keynote presentation at SINCON 2023, the first cybersecurity conference in Singapore for the year 2023. Globalisation and supply chain attacks - He shared his thoughts on how threat actors have exploited globalisation of supply chain: that as organisations move to a cloud-based iteration “for everything” and thereby extending targets of opportunities for the attackers. This means that we have extended from protecting the “four walls” to an “unfathomable number of walls”. In particular, as we digitalise, we have to “make sure we are not outpacing security”, and that we understand our fallback position if “there's a global catastrophe and we have to cut off from the rest of the world.” One example is critical infrastructure, where there is “accumulated security debt” (e.g. deprecated applications) and where “stakes are higher”. Zero trust - Dave stressed that “zero trust” is an “iterative process” and there is “no end state”. Rather, it is about reducing the risks and addressing the core fundamentals from 30 years ago – managing our core users, our network segmentation, critical applications in our environment. Cybersecurity skills and resources - Dave also shared how we need “more adults at the table”, that maturing our cybersecurity posture requires more senior level involvement. He also advised that we need to “get away from the “sensationalisation” of the hacker culture” – that cybersecurity is not strictly the hacker sub-culture. Cyber threat landscape - Using Wannacry as an example, Dave noted that the SMBv1 vulnerability had been known but remained unfixed for 10 years. This “security debt” was an example of how we as cybersecurity practitioners tend to “lose our focus collectively”. As we are at that “juncture where we have to figure out how we are going to mature as an industry and be able to handle these risks in a coherent fashion”, he predicted that “we will keep making the same mistakes for a while.”  Further, referencing how the ransomware have evolved since the first version by Dr Joseph Popp in 1989, he said “financial motivation will not go away, it is just how they are going to get their money.” Recorded 5th January 2023, 11.30am, VOCO hotel, Singapore.

Smashing Security
285: Uber's hidden hack, tips for travel, and AI accent fixes

Smashing Security

Play Episode Listen Later Jul 27, 2022 68:06


Uber may not face prosecution over its handling of a 2016 data breach - but its former chief security head does; how to defend your digital devices' data while on vacation, and how to change your accent with artificial intelligence. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by Naked Security's Paul Ducklin. Plus don't miss our featured interview with Ian Farquhar of Gigamon. Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Episode links: https://www.justice.gov/usao-ndca/pr/uber-enters-non-prosecution-agreement (Uber Enters Non-Prosecution Agreement Related to 2016 Data Breach ) — US Department of Justice. https://www.bloomberg.com/news/articles/2022-06-28/uber-former-security-chief-must-face-fraud-charges-judge-rules (Former Uber Security Chief Joe Sullivan Must Face Driver Fraud Charges ) — Bloomberg. https://techcrunch.com/2018/09/26/uber-to-pay-148-million-in-data-breach-settlement/ (Uber to pay $148 million in data breach settlement ) — TechCrunch. https://grahamcluley.com/uber-hackers-paid-data-breach/ (Uber paid hackers $100,000 to keep data breach quiet) — Graham Cluley. https://www.csoonline.com/article/3660560/uber-cisos-trial-underscores-the-importance-of-truth-transparency-and-trust.html (Uber CISO's trial underscores the importance of truth, transparency, and trust ) — CSO Online. https://nakedsecurity.sophos.com/2022/07/15/7-cybersecurity-tips-for-your-summer-vacation/ (7 cybersecurity tips for your summer vacation!) — Naked Security. https://www.sanas.ai/demo (Sanas demo.) https://www.prnewswire.com/news-releases/sanas-raises-32m-for-breakthrough-ai-technology-for-real-time-accent-translation-301572710.html (Sanas Raises $32M for Breakthrough AI Technology for Real-Time Accent Translation) — Sanas press release. https://spectrum.ieee.org/ai-accent-translator (This 6-Million-Dollar AI Changes Accents as You Speak) — IEEE Spectrum. https://www.newscientist.com/article/2288976-call-centre-workers-can-use-ai-to-mimic-your-accent-on-the-phone/ (Call centre workers can use AI to mimic your accent on the phone) — New Scientist. https://www.computerworld.com/article/2548265/a-little-less-accent--a-little-more-customer-service.html (A little less accent, a little more customer service ) — ComputerWorld. https://accentadvisor.com/what-is-accent-reduction/ (What Is Accent Reduction? ) — Accent Advisor. https://colinmorris.github.io/blog/compound-curse-words (Compound pejoratives on Reddit – from 'buttface' to 'wankpuffin') — Colin Morris. https://en.wikipedia.org/wiki/Melissa_(computer_virus) (Melissa computer virus) — Wikipedia. https://www.dedhamhall.co.uk/ (Dedham Hall.) https://poly.cam/capture/42434A6D-7BAB-4CAC-9059-73E914D703CA (3D capture of Carole Theriault) — Polycam. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://bitwarden.com/smashing/ (Bitwarden)– Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://www.smashingsecurity.com/solcyber (SolCyber) – SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren't being discriminating about who they're attacking, how can you settle for anything less? https://www.gigamon.com/smashing (Gigamon) - Gigamon's latest report into the state of ransomware. Support the show: You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on...

The CyberWire
Potential cyber threats to agriculture. Cyber phases of Russia's hybrid war. REvil prosecution at a stand (and it's the Americans' fault, say Russian sources). Microsoft mitigates Follima.

The CyberWire

Play Episode Listen Later May 31, 2022 27:45 Very Popular


Sanctions, blockades, and their effects on the world economy. Western nations remain on alert for Russian cyber attacks. REvil prosecution has reached a dead end. Microsoft issues mitigations for a recent zero-day. John Pescatore's Mr. Security Answer Person is back, looking at authentication. Joe Carrigan looks at new browser vulnerabilities. Notes from the underworld. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/104 Selected reading. In big bid to punish Moscow, EU bans most Russia oil imports (AP NEWS)  EU, resolving a deadlock, in deal to cut most Russia oil imports (Reuters The E.U.'s embargo will bruise Russia's oil industry, but for now it is doing fine. (New York Times)  Russia's Black Sea Blockade Will Turbocharge the Global Food Crisis (Foreign Policy)  Russia's Invasion Unleashes ‘Perfect Storm' in Global Agriculture (Foreign Policy)  ‘War in Ukraine Means Hunger in Africa' (Foreign Policy) Afghanistan's Hungry Will Pay the Price for Putin's War (Foreign Policy) Remote bricking of Ukrainian tractors raises agriculture security concerns (CSO Online) Major supermarkets 'uniquely vulnerable' as Russian cyber attacks rise (ABC) Italy warns organizations to brace for incoming DDoS attacks (BleepingComputer) Whitepaper - PIPEDREAM: CHERNOVITE's Emerging Malware Targeting Industrial Environments (Dragos). Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks (IT Security News)  Putin horror warning over 'own goal' attack on UK coming back to haunt Kremlin (Express.co.uk)  Putin plot: UK hospitals at risk of chilling ‘sleeper cell' attack by Russia (Express)  Will Russia Launch a New Cyber Attack on America? (The National Interest)  Hackers wage war on Russia's largest bank (The Telegraph)  REvil prosecutions reach a 'dead end,' Russian media reports (CyberScoop)  Microsoft Office zero-day "Follina"—it's not a bug, it's a feature! (It's a bug) (Malwarebytes Labs). Microsoft Word struck by zero-day vulnerability (Register)  Clop ransomware gang is back, hits 21 victims in a single month (BleepingComputer) Conti ransomware explained: What you need to know about this aggressive criminal group (CSO Online) 

CSO Perspectives (public)
Microsoft Azure around the Hash Table.

CSO Perspectives (public)

Play Episode Listen Later Mar 21, 2022 20:02


Microsoft Azure adoption with cybersecurity first principle strategies. The cloud revolution is here. How well can we implement our first principle strategies within each environment? Do we need to embrace other security platforms to get it done? In this session, Rick and the Hash Table review Microsoft Azure through the lens of first principle thinking. They review how Azure supports, or doesn't support, strategies of resilience, zero trust, intrusion kill chains, and risk assessments. The Hash Table gives their detailed technical experiences and strategies using Azure to support cybersecurity. Two members of the CyberWire's Hash Table of experts - Rick Doten, Carolina Complete Health CISO and Mark Simos, Microsoft's Lead Cybersecurity Architect - discuss Microsoft Azure security through a first principle lens. Can Azure deployments satisfy our requirements for zero trust, intrusion kill chain prevention, resilience, and risk assessment? Cybersecurity professional development and continued education. You will learn about: Microsoft Azure services and security tools, infrastructure as code, Azure strategies that support cybersecurity first principles CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more Microsoft Azure and cybersecurity first principles resources, check the topic essay. Selected Reading: S1E9: 01 JUN: Cybersecurity first principles – resilience. “A Look Back At Ten Years Of Microsoft Azure,” by Janakiram, Forbes, 3 February 2020. “Azure AD Overview,” by John Savill, YouTube, 2020. “Azure Security Benchmark,” msmbaldwin, Microsoft.com, 2021.  “Azure Virtual Network FAQ,” KumudD, Microsoft.com, 26 June 2020.  “Azure Virtual Network Overview,” by John Savill, YouTube, 4 February 2020. “Microsoft Azure: Security,” Microsoft. “Microsoft: How 'zero trust' can protect against sophisticated hacking attacks,” by Liam Tung, ZDNet, 20 January 2021. “Secure Score in Azure Security Center,” memildin, Microsoft.com, 5 January 2021. “Thinking about Resiliency in Azure,” by John Savill, YouTube Video, June 2019. “Top SolarWinds Risk Assessment Resources for Microsoft 365 and Azure,” by Susan Bradley, CSO Online, 13 January 2021. “Zero Trust Deployment Center,” by Gary Centric, Microsoft.com, 30 September 2020.

Mingis on Tech
What is the NIST Cybersecurity Framework? How risk management strategies can mitigate cyberattacks

Mingis on Tech

Play Episode Listen Later Dec 23, 2021 18:27


Recently, U.S. Cyber Command confirmed it has acted against ransomware groups, underscoring the importance of cybersecurity to national security. Effective risk management frameworks, such as the NIST Cybersecurity Framework, can help organizations assess risk and mitigate or protect against ransomware attacks or other cyber incidents. Cynthia Brumfield, analyst, CSO Online contributor and author of the new book, "Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework", joins Juliet to discuss what the NIST framework is and how IT teams can apply its advice to best protect their organizations.

The Gate 15 Podcast Channel
The Gate 15 Interview EP 15. Mark Arena, Intel 471, Cyber Intelligence Expert and CEO, Intel 471

The Gate 15 Podcast Channel

Play Episode Listen Later Sep 20, 2021 47:47


In this episode of The Gate 15 Interview, Andy Jabbour talks with Mark Arena, CEO, Intel 471. In the discussion we address: Mark's background Intel 471 Cyber threats Future threats And more! “It all goes down to password reuse… enforce two-factor authentication on everything…” – Mark Arena Mark on Twitter: @markarenaau.  Mark on LinkedIn. https://www.linkedin.com/in/mark-arena-36a86516/ Intel471 on Twitter: @Intel471Inc.  Intel471 on LinkedIn. https://www.linkedin.com/company/intel-471/ A few references mentioned in or relevant to our discussion include:  Intel 471: https://intel471.com  Intel 471's Cyber Underground General Intelligence Requirements Handbook. https://intel471.com/resources/cu-girh-download-request Upcoming Intel 471 video podcast! Intel 471 CTI experts will examine recent developments in the cyber underground through the lens of the media & telecommunications sector. Check it out: 28 Sep 2021, 11am (see registration link for time zone options). Register here: https://hubs.la/H0WW0Gn0.  Top FBI official says there is 'no indication' Russia has taken action against hackers, The Hill, 14 Sep 2021. (https://thehill.com/policy/cybersecurity/572184-top-fbi-official-says-there-is-no-indication-russia-has-taken-action) “Based on what we've seen, I would say there is no indication that the Russian government has taken action to crack down on ransomware actors that are operating in the permissive environment that they have created there… We've asked for help and cooperation with those who we know are in Russia who we have indictments against, and we've seen no action, so I would say that nothing's changed in that regard,” - FBI Deputy Director Paul Abbate, via The Hill  Russia is fully capable of shutting down cybercrime, CSO Online, 14 Sep 2021. (https://www.csoonline.com/article/3632943/russia-is-fully-capable-of-shutting-down-cybercrime.html) Australian Cyber Security Centre Essential Eight. (https://www.cyber.gov.au/acsc/view-all-content/essential-eight) “While no set of mitigation strategies are guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies from the ACSC's Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.”  Thoma Bravo Makes Strategic Investment in Intel 471 Announcement, 08 Sep 2021. (https://intel471.com/company/press-releases/thoma-bravo-makes-strategic-investment-in-intel-471)

Open Tech Talks : Technology worth Talking| Blogging |Lifestyle
96 - Cloud Security with CIS Benchmarks Part 2

Open Tech Talks : Technology worth Talking| Blogging |Lifestyle

Play Episode Listen Later Aug 22, 2021 16:49


It is 2nd part of the session on CIS Benchmarks and controls for Cloud. The Center for Internet Security is a nonprofit organization with the mission to 'identify, develop, validate, promote, and sustain best practice solutions for cyber defense.' Experts and IT professionals from different governments, institutes, and businesses across the globe are participating and finalizing the controls based on the consensus decision-making model. Now let us link this to why it is essential for every one of us and every organization. I have got a chance to read the article on data breaches affecting millions of users and some of the biggest breaches in recent times published by CSOonline with the title “The 15 biggest data breaches of the 21st century.” CIS Benchmarks The CIS Controls consists of a recommended best practices to secure systems and devices, and CIS Benchmarks are rules for hardening specific operating systems, middleware, software applications, and network devices. The CIS Controls and the CIS Benchmarks are developed using a consensus-based approach by communities of experts. CIS controls have been mapped to many other standards and regulatory frameworks, for example. the NIST Cybersecurity Framework (CSF), the ISO 27000, PCI DSS, HIPAA, and many others. The decision must consider an organization's requirements, evaluation criteria, and architecture principles. In CIS 8 the number of controls is reduced to 18 from 20 in CIS 7. CIS 8 contains 153 Safeguards, which were called sub-controls in CS7 and they were 171 sub-controls You'll Learn: CIS Security areas to assist you in preparing cloud security architecture In Part 1 (Session no 95) What is the role of CIS and how it is playing to ensure secure internet What are CIS Benchmarks & benefits? What are the seven core categories of CIS Benchmarks? Basics of CIS Controls 7 & CIS Controls 8 What different cloud vendors provide you to meet CIS Benchmarks? In Part 2 (Session no 96) What are the 18 controls of the version CIS 8 Resources: 95- Cloud Security with CIS Benchmarks Center for Internet Security CIS Benchmarks The 18 CIS Controls CSOonline “The 15 biggest data breaches of the 21st century.” 5 of the Top Questionnaires for IT Vendor Assessments CIS Foundations Benchmark for Oracle Cloud 94- How to develop a cloud migration strategy? 93- Cloud Migration Workload Assessment 91- Workload Migration to Cloud – Getting Started

Open Tech Talks : Technology worth Talking| Blogging |Lifestyle
95- Cloud Security with CIS Benchmarks

Open Tech Talks : Technology worth Talking| Blogging |Lifestyle

Play Episode Listen Later Aug 17, 2021 35:03


The Center for Internet Security is a nonprofit organization with the mission to 'identify, develop, validate, promote, and sustain best practice solutions for cyber defense.' Experts and IT professionals from different governments, institutes, and businesses across the globe are participating and finalizing the controls based on the consensus decision-making model. Now let us link this to why it is essential for every one of us and every organization. I have got a chance to read the article on data breaches affecting millions of users and some of the biggest breaches in recent times published by CSOonline with the title “The 15 biggest data breaches of the 21st century.” CIS Benchmarks The CIS Controls consists of a recommended best practices to secure systems and devices, and CIS Benchmarks are rules for hardening specific operating systems, middleware, software applications, and network devices. The CIS Controls and the CIS Benchmarks are developed using a consensus-based approach by communities of experts. CIS controls have been mapped to many other standards and regulatory frameworks, for example. the NIST Cybersecurity Framework (CSF), the ISO 27000, PCI DSS, HIPAA, and many others. The decision must consider an organization's requirements, evaluation criteria, and architecture principles. In CIS 8 the number of controls is reduced to 18 from 20 in CIS 7. CIS 8 contains 153 Safeguards, which were called sub-controls in CS7 and they were 171 sub-controls You'll Learn: CIS Security areas to assist you in preparing cloud security architecture What is the role of CIS and how it is playing to ensure secure internet What are CIS Benchmarks & benefits? What are the seven core categories of CIS Benchmarks? Basics of CIS Controls 7 & CIS Controls 8 What different cloud vendors provide you to meet CIS Benchmarks? Resources: Center for Internet Security CIS Benchmarks The 18 CIS Controls CSOonline “The 15 biggest data breaches of the 21st century.” 5 of the Top Questionnaires for IT Vendor Assessments CIS Foundations Benchmark for Oracle Cloud 94- How to develop a cloud migration strategy? 93- Cloud Migration Workload Assessment 91- Workload Migration to Cloud – Getting Started

CISO Insider
S2E1 - A Passion for Security with Mitch Zahler

CISO Insider

Play Episode Listen Later May 26, 2021 35:08


Even Financial Chief Information Security Officer Mitch Zahler kicks off Season 2 of CISO Insider with insights into how living through the last year of COVID has impacted cybersecurity, why concise communication is essential for security leaders, and a great story on the first CISO — all about how security got a seat at the executive table. Follow Mitch on LinkedIn: https://www.linkedin.com/in/mitchzahler/  Follow Even Financial: https://www.evenfinancial.com/  Read some of Mitch's writing on CSO Online: https://www.csoonline.com/author/Mitch-Zahler/  Nightfall is the industry's first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack & GitHub as well as IaaS platforms like AWS. Learn more about Nightfall AI on our website: https://nightfall.ai/about/  Listen and subscribe on Apple Podcasts or your favourite podcast player for free! And leave us a review if you're enjoying the show. This podcast is created and sponsored by Nightfall AI. Please share your questions and feedback with us at marketing@nightfall.ai  Follow us on social media: Facebook https://www.facebook.com/NightfallAI  Twitter https://twitter.com/NightfallAI  LinkedIn https://www.linkedin.com/company/nightfall-ai  Instagram https://www.instagram.com/nightfall_ai/  Follow CISO Insider executive producer and host Chris Martinez on LinkedIn https://www.linkedin.com/in/chris-martinez-communications/  Follow CISO Insider producer and interviewer Michael Osakwe on LinkedIn https://www.linkedin.com/in/michael-osakwe-15543b22/  Special thanks to Wendel Topper for podcast production support. Follow Wendel's work at https://createk.us/  Thanks for listening!

Unfilter
352: America is Back

Unfilter

Play Episode Listen Later Mar 4, 2021 54:36


Dropping bombs and making lists. The details about Biden's strike in Syria, plus the moments you need to hear from the FBI Director's Senate testimony. Video: 352: Live - UnfilterTube (https://unfilter.tube/videos/watch/efed5a81-d4ce-46ea-98df-8f874fbfc5b0) 352: Overtime - UnfilterTube (https://unfilter.tube/videos/watch/5f4433a9-69ec-47e4-b800-59c361e8c2a4) Links: Why building backdoors into encryption won't make us safer - Help Net Security (https://www.helpnetsecurity.com/2020/05/26/backdoor-encryption/) Senate’s encryption backdoor bill is ‘dangerous for Americans,’ says Rep. Lofgren | TechCrunch (https://techcrunch.com/2020/09/20/encryption-backdoor-bill-dangerous-lofgren/) Any encryption backdoor would do more harm than good. BlueLeaks is proof of that. (https://tutanota.com/blog/posts/why-a-backdoor-is-a-security-risk/) The Dangers of Government-Mandated Encryption Backdoors - Security Boulevard (https://securityboulevard.com/2020/10/the-dangers-of-government-mandated-encryption-backdoors/) Why An Encryption Backdoor for Just the "Good Guys" Won't Work - Just Security (https://www.justsecurity.org/53316/criminalize-security-criminals-secure/) New Republican bill latest in long line to force encryption backdoors | CSO Online (https://www.csoonline.com/article/3564553/new-republican-bill-latest-in-long-line-to-force-encryption-backdoors.html) Encryption backdoors are a threat to consumers' data privacy | Fortune (https://fortune.com/2021/01/18/encryption-backdoor-data-privacy-security-law/) FBI Director Says Extremists Flocking to Encrypted Apps Poses New Challenges - Nextgov (https://www.nextgov.com/cybersecurity/2021/03/fbi-director-says-extremists-flocking-encrypted-apps-poses-new-challenges/172397/) High-performance computers are under siege by a newly discovered backdoor | Ars Technica (https://arstechnica.com/information-technology/2021/02/high-performance-computers-are-under-siege-by-a-newly-discovered-backdoor/) All About Encryption Backdoors - Hashed Out by The SSL Store™ (https://www.thesslstore.com/blog/all-about-encryption-backdoors/) US joins six countries in new call for backdoor encryption access - The Verge (https://www.theverge.com/2020/10/12/21513212/backdoor-encryption-access-us-canada-australia-new-zealand-uk-india-japan) COVID In Colorado: Gov. Jared Polis Envisions A ‘Very Close To Normal’ Summer – CBS Denver (https://denver.cbslocal.com/2021/03/02/colorado-covid-normal-summer/) High alert as new QAnon date approaches Thursday | TheHill (https://thehill.com/policy/technology/541306-high-alert-as-new-qanon-date-approaches-thursday) Texas governor lifts state's mask mandate, business ... (https://news.trust.org/item/20210302195147-7blpz) Exhausted Texas ICU Nurse Says She’s Scared About The Upcoming End To The State Mask Order – CBS Dallas / Fort Worth (https://dfw.cbslocal.com/2021/03/03/exhausted-texas-icu-nurse-scared-end-state-mask-order/) Biden blasts Texas, Mississippi over lifting COVID restrictions as 'Neanderthal thinking' - MarketWatch (https://www.marketwatch.com/story/biden-blasts-texas-mississippi-over-lifting-covid-restrictions-as-neanderthal-thinking-2021-03-03) Nancy Pelosi Net Worth | Celebrity Net Worth (https://www.celebritynetworth.com/richest-politicians/democrats/nancy-pelosi-net-worth/) Nutrients | Free Full-Text | Vitamin D Insufficiency May Account for Almost Nine of Ten COVID-19 Deaths: Time to Act. Comment on: “Vitamin D Deficiency and Outcome of COVID-19 Patients”. Nutrients 2020, 12, 2757 (https://www.mdpi.com/2072-6643/12/12/3642) Biden administration still hasn't briefed top senators on Syria strike - POLITICO (https://www.politico.com/news/2021/03/02/syria-strike-biden-senators-briefing-472735) FBI chasing 2,000 domestic terror cases, Christopher Wray testifies (https://www.usatoday.com/story/news/politics/2021/03/02/fbi-director-christopher-wray-face-questions-deadly-capitol-riot/6868467002/) White supremacists on par with ISIS as ‘top threat,’ FBI director says at Captiol riot hearing | The Independent (https://www.independent.co.uk/news/world/americas/us-politics/wray-senate-hearing-capitol-riot-white-supremacists-b1810615.html) COVID-19 US: A THIRD of all military personnel refuse to receive vaccine | Daily Mail Online (https://www.dailymail.co.uk/news/article-9316827/A-military-personnel-refusing-receive-COVID-19-vaccine.html) Military May Revisit Making COVID-19 Vaccines Mandatory After FDA Grants Approval | Military.com (https://www.military.com/daily-news/2021/03/01/military-may-revisit-making-covid-19-vaccines-mandatory-after-fda-grants-approval.html) According to CDC, 96 percent of schoolchildren still unsafe for full-time, in-person learning | TheHill (https://thehill.com/changing-america/enrichment/education/541258-according-to-cdc-96-percent-of-schoolchildren-still) Biden says U.S. will have enough COVID vaccine supply for all adults by end of May - CBS News (https://www.cbsnews.com/news/biden-covid-19-pandemic-statement-watch-live-stream-today-2021-03-02/) States easing virus restrictions despite experts' warnings (https://apnews.com/article/states-ease-virus-restrictions-despite-warnings-3599a9631d08de3945f5c95f000e5611) Gov. Greg Abbott says it’s time to open Texas 100%, end statewide mask mandate (https://www.dallasnews.com/news/politics/2021/03/02/abbott-hints-at-exciting-news-tuesday-that-could-include-rollback-of-texas-covid-19-restrictions/) FBI Director Wray Testifies At Senate Hearing On Capitol Riot | NBC News - YouTube (https://www.youtube.com/watch?v=o0UNwm4gaOQ) Doctor appears in court video call while performing surgery (https://apnews.com/article/doctor-zoom-court-while-in-surgery-324f0dd573e15fe7506846590b472db4) Newsom appears to post TikTok inside restaurant, denies eating there | Fox News (https://www.foxnews.com/politics/newsom-appears-to-post-tik-tok-inside-restaurant-in-county-where-indoor-dining-is-not-allowed) Trump wins Washington Times-CPAC straw poll - Washington Times (https://m.washingtontimes.com/news/2021/feb/28/trump-wins-washington-times-cpac-straw-poll/) CPAC: Trump teases 2024 run and denounces Biden at rightwing summit | CPAC | The Guardian (https://www.theguardian.com/us-news/2021/feb/28/cpac-donald-trump-speech-rightwing-summit-florida) US drops key obstacle to global digital tax: Treasury (https://news.yahoo.com/us-drops-key-obstacle-global-173148199.html) EU coronavirus summit: Vaccine certificates expected by summer | News | DW | 25.02.2021 (https://www.dw.com/en/eu-coronavirus-summit-vaccine-certificates-expected-by-summer/a-56701869) Vaccination 'passports' may open society, but inequity looms (https://apnews.com/article/coronavirus-vaccination-passports-7a8ce11ce37c309d97969ab71df26e62) Why Opening Restaurants Is Exactly What the Coronavirus Wants Us to Do — ProPublica (https://www.propublica.org/article/why-opening-restaurants-is-exactly-what-the-coronavirus-wants-us-to-do) Judge in Google case disturbed that 'incognito' users are tracked - BNN Bloomberg (https://www.bnnbloomberg.ca/judge-in-google-case-disturbed-that-even-incognito-users-are-tracked-1.1569065) Psaki questioned legal basis to bomb Syria years before Biden strike (https://www.businessinsider.com/psaki-questioned-legal-basis-bomb-syria-years-before-biden-strike-2021-2) The wave of covid bankruptcies has begun (https://www.msn.com/en-us/money/companies/the-wave-of-covid-bankruptcies-has-begun/ar-BB1e2NdQ) Biden's first airstrike 'kills 17' in revenge attack on Iran-backed Guardians of Blood militia in Syria (https://www.the-sun.com/news/2409605/joe-biden-first-airstrike-iran-backed-militia-syria/) EXCLUSIVE-U.S. carries out airstrike against Iranian-backed ... (https://news.trust.org/item/20210225224858-6eitm) Russia says U.S. gave only a few minutes’ warning before strike in Syria (https://www.msn.com/en-us/news/world/russia-says-us-gave-only-a-few-minutes-e2-80-99-warning-before-strike-in-syria/ar-BB1e2YGL) U.S. carries out airstrike in Syria after rocket attacks - POLITICO (https://www.politico.com/news/2021/02/25/us-airstrike-syria-rocket-attacks-471680) Twitter Deletes Dozens of Russian Accounts for “Undermining Faith in NATO” (https://www.mintpressnews.com/twitter-deletes-accounts-for-undermining-faith-in-nato/275641/) Soldier indicted for conspiring with neo-Nazi group seeks dismissal because grand jury wasn't racially diverse - U.S. - Stripes (https://www.stripes.com/news/us/soldier-indicted-for-conspiring-with-neo-nazi-group-seeks-dismissal-because-grand-jury-wasn-t-racially-diverse-1.663177) Vaccination 'passports' may open society, but inequity looms (https://apnews.com/article/coronavirus-vaccination-passports-7a8ce11ce37c309d97969ab71df26e62) Psaki questioned legal basis to bomb Syria years before Biden strike (https://www.businessinsider.com/psaki-questioned-legal-basis-bomb-syria-years-before-biden-strike-2021-2)

CyberHub Engage Podcast
Ep. 104 - Brent hutfless, CISO at Wind Creek Hospitality

CyberHub Engage Podcast

Play Episode Listen Later Feb 17, 2021 87:17 Transcription Available


In this episode of CISO Talk, James Azar hosts Brent Hutfless as the two discuss Brent's path into cybersecurity and leadership and the art of practicing cybersecurity. Should we start to view cybersecurity like Medicine… you won't want to miss the discussion around this topic and its conclusion!   Tune in to this amazing podcast and make sure to subscribe and comment Brent's Bio: I have built and led information security and technology programs, projects and teams for over a decade. By identifying risks and developing a mitigation strategy that fits the business, organizations move beyond the fear, uncertainty and doubt surrounding cyber security. Before transitioning into gaming and hospitality in 2017, I worked in manufacturing, healthcare, training, education, aviation, and defense related industries. For me, leadership means listening to ideas, encouraging professional development, promoting collaboration, and supporting the efforts and people that lead to success. A Navy veteran, I was fortunate to serve with dynamic leaders and great mentors who I have tried to emulate as my career has progressed. Presenting topics like hacking, the dark web, identity theft, and the reach of foreign espionage provides interesting opportunities to educate, entertain and promote conversations that lead to change. Published articles on CSOonline, Peerlyst, LinkedIn, Tripwire, and have contributed to textbooks and a peer-reviewed study on PTSD resiliency. ★ ABOUT ME ★ I lived overseas for three years, have been to four of the six habitable continents, and look forward to visiting the other two. Beyond spending time with my family, my hobby is classic cars. I am currently restoring a 1966 Chevy Impala, with a 1929 Model A Ford waiting in the wings. Fun fact: disassembled cars take up 3 times the space of a complete car. I overcame much of my fear of heights by rock climbing on the sheer cliff faces of Tarifa, Spain with friends… great scenery and a lot of encouragement helped. I have performed two wedding ceremonies for family and friends, an amazing and humbling experience that I will always cherish.   Brent's Linkedin Profile: https://www.linkedin.com/in/hutfless/   CISO Talk is supported by these great partners please make sure to check them out: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub  Whistic: www.whistic.com/cyberhub   **** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Tech Town Square, Other Side of Cyber and CISOs Secrets James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ James on Parler: @realjamesazar Telegram: CyberHub Podcast   ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter   ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen Here: https://linktr.ee/CISOtalk   The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

7 Minute Security
7MS #447: Cyber News - The End of 2020 as We Know It Edition

7 Minute Security

Play Episode Listen Later Dec 23, 2020 58:34


Merry Christmas! Happy holidays! Please enjoy the last cyber news edition of 2020, brought to us by our good pal Gh0stHax. Stories covered include: You've probably heard this by now, but FireEye had a breach that was truly sophisticated. Here's a really nice plain English breakdown of the situation for folks who may not be interested in the deep technical details. Chris Krebs, former CISA director, sues Trump campaign lawyer after death threats CSOOnline has a nice article on 4 security trends to watch for in 2021 which we may or may not agree with!  

Cyber Security & Cloud Podcast
CSCP S02E04 - Data Driven Social Engineering with Joe Gray

Cyber Security & Cloud Podcast

Play Episode Listen Later Jun 22, 2020 59:00


  Episode In this episode, we talk with Joe Gray, a resident expert of OSINT and a returning guest on the podcast. Joe has a lot of interests, and we explore some of them in this podcast. We started the conversation on how to get a master at Harvard university, then we moved on Machine learning, Social engineering and how to get a car for cheap The podcast is brought you by the generosity of NSC42 Ltd, your cybersecurity partner. Cybersecurity is a complex and different for every organization, and you need the best-tailored service to make sure your customer's data is safe and sound so that you can focus on what's important, focusing on your clients and bringing the best and safest experience. 
NSC42 Ltd can help you during your cloud transformation, cybersecurity assessment for your compliance checklist on-premises and on the cloud. Want to know more? Visit www.nsc42.co.uk to get your free quote.   BIO: Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior OSINT Specialist at Qomplx, Inc. and previously maintained his own blog and podcast called Advanced Persistent Security. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. As a member of the Password Inspection Agency, Joe has placed 2nd in the HackFest Quebec Missing Persons CTF, 5th in the Global Missing Persons CTF IV, both powered by TraceLabs, 2nd in the BSides Atlanta OSINT CTF, and 3rd Place in the 2018 & 2019 NOLACon OSINT CTFs. Joe has independently placed 2nd in the HackFest Quebec SECTF, 4th Place in the DerbyCon OSINT CTF, and 2nd Place in Hacker Jeopardy at Hack in Paris. Joe has contributed material for the likes of TripWire, AlienVault, ITSP Magazine, CSO Online, Forbes, and Dark Reading as well as his own platforms. Joe is the author of a few OSINT tools, such as WikiLeaker and the forthcoming tools DECEPTICON and INTERCEPTICON. Get his books on Amazon https://www.amazon.com/Joe-Gray/e/B0872CK3S3?ref_=dbs_p_pbk_r00_abau_000000   Francesco is an Executive, Public Speaker, out of the box thinker. Francesco is the Executive director of NSC42 Ltd a UK based cybersecurity consultancy. As an executive, he loves to stay close to the technology but to keep it simple. Francesco is data and result-driven Cyber Security Executive/vCISO highly regarded for planning and executing strategic infosec improvement programs that protect data and technical assets, reduce security risks, and align with long-term organisational goals. Francesco held a number of strategic position ranging from Head of Application Security to Head of Security Architecture. Extensive experience with implementing security across multi-cloud providers (Amazon AWS, Microsoft Azure, Google Cloud). Francesco defines himself as driven to elevate the cybersecurity world one organization at a time, embracing an innovative approach to application security to protect the engineering environment. Recognized as a motivational, influential leader who guides high-performing teams to deliver projects on time and exceeding quality expectations, while instilling a culture of best practices and collaboration. Builds lasting relationships with board members and C-level executives. Delivers education and training to members at all levels of an organisation, building awareness for security initiatives while fostering a common security purpose. Internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelise the importance of cloud security and cutting-edge technologies on a global scale.   Social Media Links Follow us on social media to get the latest episodes: Website: www.cybersecuritycloudpodcast.com You can listen this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ 
Twitter: https://twitter.com/podcast_cyber  
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ 

UNSECURITY: Information Security Podcast
UNSECURITY Episode 81: A Reflection on Six Hard Truths, InfoSec News

UNSECURITY: Information Security Podcast

Play Episode Listen Later May 26, 2020 66:38


On Monday, May 25, CSO Online published an article outlining the "six hard truths that security pros must learn to live with." Evan and Brad take episode 81 to break down their list and provide their reactions to each. Check it out and let us know what you think at unsecurity@protonmail.com.

Mingis on Tech
Is end-to-end encryption for video conferencing important?

Mingis on Tech

Play Episode Listen Later Apr 23, 2020 14:39


More people are relying on video conferencing software to do their jobs and chat with friends and family. This uptick in use highlighted some security concerns like “Zoombombing” and the lack of end-to-end encryption in popular video conferencing/collaboration tools. CSO Online's J.M. Porup joins Juliet to discuss what end-to-end encryption is, why it's important for video calls and what privacy expectations users should have when using these tools.

Mingis on Tech
Why new remote work policies attract hackers

Mingis on Tech

Play Episode Listen Later Apr 14, 2020 14:46


With widespread mandated work from home policies due to the coronavirus, many employees are working remotely for the first time. In some cases, employers had never intended their employees to be remote-only, and they may lack key work from home tools. And that makes these enterprises particularly vulnerable to hackers. CSO Online's J.M. Porup joins Juliet to discuss why deploying MFA, VPNs and company laptops armed with MDM are important security practices. They also discuss how hackers may gain entry into your corporate networks and how to minimize that risk now.

Mingis on Tech
What's the difference between the deep web and the dark web?

Mingis on Tech

Play Episode Listen Later Feb 24, 2020 11:45


We hear the terms "deep web" and "dark web" thrown around a lot... but what do they actually mean? And what's the difference between the two? CSO Online writer J.M. Porup joins Juliet to dispel rumors and discuss what sets the deep web and dark web apart from the rest of the web.

CISO-Security Vendor Relationship Podcast
Do's And Don'ts of Trashing Your Competition

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Nov 12, 2019 42:55


All links and images for this episode can be found on CISO Series (https://cisoseries.com/dos-and-donts-of-trashing-your-competition/) We want to malign our competitors, but just don't know how mean we should be. Miss Manners steps in on the latest episode of CISO/Security Vendor Relationship Podcast. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and special guest co-host, Mark Eggleston (@meggleston), CISO, Health Partners Plans, and our guest is Anahi Santiago (@AnahiSantiago), CISO, ChristianaCare Health System. We recorded in front of a live audience at Evanta's CISO Executive Summit in Philadelphia on November 5th, 2019. Recording CISO/Security Vendor Relationship Podcast in front of a live audience at Evanta's CISO Executive Summit in Philadelphia (11-05-19) Thanks to this week's podcast sponsors Trend Micro, Thinkst, and Secure Controls Framework. Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. For more information, visit www.trendmicro.com. The Secure Controls Framework (SCF) is a meta-framework – a framework of frameworks. This free solution is available for companies to use to design, implement and manage their cybersecurity and privacy controls in an efficient and sustainable manner. Our approach provides a comprehensive solution to manage complex compliance needs. Most companies find out way too late that they’ve been breached. Thinkst Canary changes this. Find out why the Thinkst Canary is one of the most loved products in the business and why the smartest security teams in the world run Canary. Visit https://canary.tools. On this week’s episode Why is everyone talking about this now? Greg van der Gaast, former guest who runs security at The University of Salford, initiated a popular LinkedIn discussion on the topic of human error. According to his colleague Matthew Trump of the University of Sussex, in critical industries, such as aerospace, oil & gas, and medical, “human error” is not an acceptable answer. You simply have to prevent the incident. If not, a mistake can be both a regulatory violation and lethal. But people are a part of the security equation. It’s unavoidable. We know zero erros is impossible, but can you accept “human error” as a fail point? Hey, you’re a CISO, what’s your take on this? Listener David said, “One thing I have experienced at my last two jobs is integrating with a ‘global’ security team whose security program is effectively and functionally inferior to our own. In these occasions, the global security team wanted us to remove current safeguards, processes/procedures and tooling that reduced the preparedness and effectiveness of our security program and introduced risk(s) that we have not been exposed to in years. All of these changes were always touted as a ‘one team’ initiative but never once was due diligence on security posture taken into account. “What is the best way to go about a consolidation like this? Do you not mess with a good thing and ask the ‘better’ security program to report up incidents, conform to compliance check boxes etc. or as a CISO do you sign off on a risk acceptance knowing that the operating company is now in a worse state of security.” “What’s Worse?!” We’ve got two rounds of really bad scenarios. What annoys a security professional Geoff Belknap, former guest and CISO of LinkedIn, appreciates a vendor’s desire to “bring like minds” together around food or drink, but the invite is not welcome on a weekend. Belknap feels that the weekend intrudes into a CISO’s personal/family space. There was a lot of debate and disagreements on this, but there were some solutions. One mentioned a vendor invite that included round trip Lyft rides and childcare. Oh, they did something stupid on social media again Jason Hoenich, CEO of Habitu8 posted on LinkedIn that he didn’t appreciate Fortinet writing about security training for CSO Online, something for which Jason’s business does and for which he believes Fortinet does not have any expertise. It appears this was a sponsored article, but Jason didn’t point to the article nor did he isolate specifically what he felt was wrong with Fortinet’s advice. Here at the CISO Series, we like Jason and Habitu8. They’ve been strong contributors to the community. But complaining and not pointing to any concrete evidence is not the best way to convince an audience. Earlier this year we saw something similar with the CEO of Crowdstrike going after the CEO of Cybereason claiming an underhanded sales tactic that was not specified nor anyone at Cybereason knew what he was talking about. Is it OK to go after your competition in a public forum? If so, what’s the most professional and respectful way to handle it? It’s time for the audience question speed round Our Philadelphia audience has questions and our CISOs had some answers. We rattle off a quick series of questions and answers to close the show.

Mingis on Tech
Printers: The overlooked security threat in your enterprise | TECHtalk

Mingis on Tech

Play Episode Listen Later Nov 7, 2019 19:38


Printers, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online's J.M. Porup discuss the threats to these devices, plus how to secure them and protect your network.

Cyber Security Interviews
#072 – Vinny Sakore: This Was Crime

Cyber Security Interviews

Play Episode Listen Later Jul 8, 2019 39:05


NetDiligence (https://netdiligence.com/) team in 2017 as their Chief Technology Officer. Prior to joining NetDiligence Vinny served as Verizon’s HIPAA Security Officer. His previous experience includes stints as Chief Technology Officer for two healthcare technology companies. Vinny is a featured speaker nationally and internationally on the topics of Cyber Risk, Mobile Technology, and Information Security. He is a regular presenter at organizations and events such as the NetDiligence Cyber Risk forums, Information Security Forum (ISF), International Association of Privacy Professionals (IAPP), Healthcare Information Management Systems and Society (HIMSS), and the Risk Information Management Society (RIMS). Vinny has been quoted in numerous publications, including CSO Online, Wall Street Journal, and Information Security Magazine. He serves on a number of not-for-profit boards and also teaches cybersecurity courses at Messiah College. In this episode, we discuss the difference between privacy and security, talking to the board about cybersecurity, preparing for the cyber tsunami, government regulation, threat intel, aggregating insurance data, and so much more. Where you can find Vinny: LinkedIn (https://www.linkedin.com/in/vinnysakore/) Twitter (https://twitter.com/VinnySakore) Blog (http://juntoblog.net/)

Security In Five Podcast
Epsiode 490 - Tools, Tips and Tricks - Security Recruiter Directory

Security In Five Podcast

Play Episode Listen Later May 10, 2019 3:08


If you are looking for your next CISO or the hard to find security engineer this episode will be for you. CSOOnline puslished a Security Recruiter Directory to help recruiters, security leaders and job seekers get connected.  Security Recruiter Directory. Be aware, be safe. *** Support the podcast with a cup of coffee *** - Ko-Fi Security In Five Don't forget to subscribe to the Security In Five Newsletter. —————— Where you can find Security In Five —————— Security In Five Reddit Channel r/SecurityInFive Binary Blogger Website Security In Five Podcast Page - Podcast RSS Twitter @binaryblogger iTunes, YouTube, TuneIn, iHeartRadio,

Reduce Cyber Risk Podcast
RCR 035: Recorded Future

Reduce Cyber Risk Podcast

Play Episode Listen Later May 6, 2019 35:29


Description: Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience. In this episode, Shon will talk about recent Security News: CSO Online:  Public SAP Exploits PC Mag:  Wall Street Market Shuttered Executive Order to Grow Cybersecurity Our Cybersecurity Training for the Week is:  Recorded Future Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  Wikipedia: o ]https://en.wikipedia.org/wiki/Recorded_Future Recorded Future o https://www.recordedfuture.com/ o https://www.recordedfuture.com/intelligence-goals-library-overview/ CSO Online o https://www.csoonline.com/article/3393440/public-sap-exploits-could-enable-attacks-against-thousands-of-companies.html#tk.rss_all PC Mag o https://www.pcmag.com/news/368151/police-shut-down-the-wall-street-market-a-top-dark-web-site Dark Reading o https://www.darkreading.com/risk/new-executive-order-aims-to-grow-federal-cybersecurity-staff/d/d-id/1334609?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple NIST.gov o https://www.nist.gov/itl/applied-cybersecurity/nice/resources/nice-cybersecurity-workforce-framework ISC2 Training Study Guide o https://www.isc2.org/Training/Self-Study-Resources

Inside The Media Minds
Inside the Media Minds Episode 17: Fahmida Rashid, Decipher

Inside The Media Minds

Play Episode Listen Later Dec 18, 2018 28:50


In this episode, Christine talks with Decipher's Fahmida Rashid. Fahmida discusses how she got into journalism, her predictions on what will dominate headlines in 2019, and much more! "I am an award-winning technology journalist with experience covering nearly every aspect of the technology industry, my primary focus is writing about cybersecurity and privacy. I've written in various formats, including newspapers, online media, and magazines. I am currently a senior managing editor at Decipher, covering security for an enterprise IT audience. I write about cloud security and networking, application security, DevOps, and all the areas in between. Previously, as the senior writer at InfoWorld and CSO Online, I focused on technical analysis and commentary for IT and security professionals. As the Editor-in-Chief of RSA Conference, I developed year-round content to engage with the infosec community on a more regular basis. I was a senior writer at eWEEK, senior technical editor for CRN Test Center, and a reporter covering networking infrastructure for Forbes.com. I started my journalism career writing business news at Women's Wear Daily."

media chief forbes minds devops decipher rsa conference infoworld eweek cso online women's wear daily fahmida rashid
An Indianapolis Business Podcast: Off the Circle
Episode 36: Author and CIO Jeffrey Ton: How IT Leadership Has Evolved

An Indianapolis Business Podcast: Off the Circle

Play Episode Listen Later Sep 10, 2018 46:25


On this episode, we interview Jeffrey Ton, a Hoosier native who has worked in IT for over 35 years. Jeff has written hundreds of blog posts about technology and technology leadership and most recently published his first book, Amplify Your Value: Leading IT with Strategic Vision (https://amzn.to/2oY3u9c). His articles have appeared on Forbes, CSO Online, People Development Magazine, Intel’s IT Peer Network, and his own blog, Rivers of Thought (https://riversofthought.net/). Throughout his career in business, Jeff has developed and fine tuned his leadership skills to become a business focused leader who drives results. He brings a strategic view of business and identifies innovative approaches to achieve business objectives by leveraging technology where and when appropriate. Adept at building and leading teams, both in-line and cross-organizational, he has been a catalyst for change across the businesses he has served. In this discussion, we speak about the evolution of the IT industry, its products and services. Jeff's insight into the business is incredible. Regionally, he's also launched the Indy CIO Network that holds monthly lunch and dinners with over 250 CIOs in attendence. Special Guests: Frank Leonard and Jeffrey Ton.

Leaders Of Transformation | Leadership Development | Conscious Business | Global Transformation
189: Ashwin Krishnan: The Moral Compass For Cybersecurity – Should We or Shouldn't We?

Leaders Of Transformation | Leadership Development | Conscious Business | Global Transformation

Play Episode Listen Later Jun 11, 2018 45:56


Ashwin Krishnan is a technology expert with over two decades of experience in cybersecurity and cloud technologies. Formerly Senior Vice President of Products and Strategy at HyTrust, a late stage security startup, Ashwin is now a reformed high tech executive turned freelance Cyber Moralist and Tech Demystifier. He is the host of The Moral Compass Podcast, and a regular columnist for CSOOnline.com, ITSPMagazine, ThriveGlobal and Qrius. He also contributes to publications such as LightReading.com, Securitynow.com, CIOreview.com, SDxcentral.com, Virtual-Strategy.com, SoftwareMag.com, TEISS.co.uk and CloudTweaks.com, and is further quoted in publications including Erpscan.com, DigitalGuardian, FutureOfEverything.com, TalkinCloud.com, EnterpriseProject, MRC  and SiliconIndia.com. A recognized thought leader, his speaking engagements have included the Mobile World Congress, CSA World Congress, ISACA,RSA Security Conference, VMWorld, Telecom Industry Association, and Product Camp Silicon Valley. In our eye-opening discussion with Ashwin, he sheds light on the impact of cybersecurity on our day-to-day lives and our businesses. Massive amounts of data are being collected and stored – how is it being protected and used? Who is responsible if/when things go wrong? Ashwin addresses these questions and more, as we delve into the complex world of technology, artificial intelligence and automation. We are getting there faster than most realize. Whether you are a small business owner, an industry leader, or simply a consumer in today's society, this episode will enlighten and engage you in an important conversation about the morality and ethics of cybersecurity and what it means to us today. Key Takeaways We are at the cusp of something dramatic. We have gotten to where we're at by the efforts of humans. Now, humans are being outpaced by machines, however they lack fundamental human concepts of ethics and moral values. A lot of research is being done on cyber morality and its impact, but it's not yet translating into the business world. Twitter can already predict the onset of depression based on the words you use repeatedly. The question is, “What they do with that information? Who do they inform?” It is getting easier to manufacture numbers of followers. Which begs the question, “If my competitors are doing it, should I or shouldn't I?” There are 3 stages of Artificial Intelligence: Data insights, Prediction, and Action. The morale framework needs to be applied at all stages. At what point goes a human need to step in to make the right decision? The problem is the amount of data – it will be impossible. We're getting there faster than people realize. Uber is going towards driverless vehicles and trucks. An important question to ask is, “What biases are getting built into autonomous vehicles?” Small companies need to pay attention to the information they are collecting and storing and how the data is being put into application. They can use a 3rd party, but who will ultimately be accountable if something goes wrong? Resources The Moral Compass Podcast Connect With Ashwin Krishnan Website LinkedIn Twitter Facebook

Security In Five Podcast
Episode 252 - URGENT The FBI Recommends To Reboot Your Routers Now, Do It

Security In Five Podcast

Play Episode Listen Later Jun 4, 2018 4:50


A followup episode from last week's Episode 247, the FBI has released an alert that urges all home and small offices to reboot their routers. This is in response to the wide spread of the VPNFilter malware.  The article I referenced is from CSOOnline and has specific routers that are vulnerable but every router should be rebooted just to be safe.    Be aware, be safe. ------------------------------------ Website - https://www.binaryblogger.com Podcast Page - http://securityinfive.libsyn.com Podcast RSS - http://securityinfive.libsyn.com/rss Twitter @binaryblogger - https://www.twitter.com/binaryblogger iTunes - https://itunes.apple.com/us/podcast/security-in-five-podcast/id1247135894?mt=2 YouTube - https://www.youtube.com/binaryblogger TuneIn Radio - Security In Five Channel Spotify - Security In Five Podcast Page Email - contactme@binaryblogger.com  

Salted Hash
Can AI help bridge the IT security skills gap? | Salted Hash Ep 27

Salted Hash

Play Episode Listen Later May 23, 2018 10:27


Host Steve Ragan reports from the show floor at RSA 2018, taking with Oliver Tavakoli, CTO at Vectra Networks, and author of the Thinking Security blog on CSOonline.com, about the types of IT security work that can be off-loaded to artificial intelligence systems.

Smashing Security
020: Phishing for Donald Trump

Smashing Security

Play Episode Listen Later May 10, 2017 30:45


Gizmodo's attempt to reveal Donald Trump's administration ineptitude when it comes to cybersecurity fails to impress. Mac users are warned that the HandBrake DVD-ripping app has been compromised by malware.  And will the US Army insist IT security professionals spend months ironing their bedsheets..? All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul Ducklin from Sophos. Show notes: Here's How Easy It Is to Get Trump Officials to Click on a Fake Link in Email - Gizmodo. Opinion: Some thoughts about Gizmodo's Phishing story - CSO Online. Mac video app HandBrake – now with free spyware - Naked Security. OS X malware spread via signed Transmission app... again - Graham Cluley. DOD’s new Internet strategy boosts role in defending “US interests” - Ars Technica. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Special Guest: Paul Ducklin.

Bill Murphy's  RedZone Podcast | World Class IT Security
What is Your Plan for: Super-Vulnerabilities, Brand Take-down, & Incident Response? | Episode #30

Bill Murphy's RedZone Podcast | World Class IT Security

Play Episode Listen Later Oct 27, 2015 44:20


In this podcast episode I interview Bill Brenner, who is an expert at digesting threat intelligence information and making this information available to a wide pool of people from C-Suite Executives to coders and developers. Bill is a Senior Technical writer for Akamai and has been a writer for CSO Online, and Liquid Matrix Security Digest. Additionally, he created and writes in a blog called the OCD Diaries where he discusses mental health issues with IT Executives and staff within the technology industry. Top 3 items for an IT Security Decision Maker to be concerned about moving forward: Super-vulnerabilities like Heartbleed, Shellshock, Poodle and OpenSSL - Identify the risks these pose your assets within your company and remediate them. Incident Response – Remember to develop a BCP/DR plan for IT Security Incidents Protect Your Brand – Which hacking groups don’t like your company or brand that leave you vulnerable to DDoS, cyber espionage, and ransomware style of attacks? You will also learn some of the best sources for IT Security threat information: Securosis Mike Rothman - Securosis Rich Mogull - Securosis Adrian Lane - Securosis Blogs and Podcasts: Jack Daniel - Tenable Security Bsides movement NAISG – National Information Security Group CSO Online State of the Internet Security podcasts Security Kahuna podcasts Vulnerability Information Sources: Threat Post CSO Online Security Ledger – Paul Roberts CSI Group SANS Institute - Internet Storm Center Humanity in Security - Mental Health The importance of good mental health in the IT Security profession as it relates to depression, anxiety, coping with stress, OCD, Asperger’s, Autism. The OCD Diaries – An opportunity to destigmatize mental illness and to give people in our industry a life raft and share tools that can help them. Taking your mental disorders and turning them into super powers! Additional Show Notes Communicating what threat intelligence researchers are seeing directly to a more complex audience and hitting it at all levels - geared towards the larger security industry or community What does alignment between product managers and the threat intelligence team mean? The data [Akamai] receives is coming from the deployment of their products in the field. “Taking what we are seeing from our technology deployments and sizing it up against what other companies see and you know at the end of it giving people a bigger picture so that they can take actions that they need to take. Sharing of research is crucial – the benefits of information sharing between companies and how it helps keep out the bad guys. You can't take the information that you receive internally and makes proper sense of it without comparing it with what's going on elsewhere. How can we get to the point where it’s actually actionable sharing? What does it mean to have a third-party attack? A common platform like WordPress can have third-party widgets and plugins that they didn’t create and essentially those can be malware or exploit kits of some sort so we need to be aware that they can be leveraged. Be aware of where the vulnerabilities are. The next step with SSL and moving towards TLS – pros and cons. How to reach Bill Brenner:LinkedInFacebookTwitterAkamai BlogThe OCD Diaries Former Publications:Liquid Matrix Security DigestCSO Online What is Your Plan for: Super-Vulnerabilities| Brand Take-down| & Incident Response| Humanity in Security - RedZone All methods of how to access the show are below: Listen on iTunes (for iPhones etc.) Listen to it on Stitcher (This is for Android Phone Users. Download the Stitcher app here) Stream it on Libsyn Listen to it on Soundcloud (This is for listening via PC/Mac Browser) Please subscribe here to Bill Murphy’s Redzone Podcast on iTunes Subscribe to my RSS Feed here Link to LinkedIn blog post This episode is sponsored by the CIO Scoreboard, reducing the complexity of your IT Security initiatives. Sign up for a demo here. Leave a podcast review here How do I leave a review? Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT Business Leader. Follow Bill on LinkedIn and Twitter. Subscribe here for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly.    

Hurricane Labs InfoSec Podcast
But Wait, Where's the Logjam Logo?!

Hurricane Labs InfoSec Podcast

Play Episode Listen Later May 27, 2015 65:25


Welcome back to the Hurricane Labs InfoSec Podcast. This is Episode .03: The "But Wait, Where's the Logjam Logo?" Edition, featuring Kelsey Clark (Marketing Person), Corey Ham (Penetration Tester), Tom Kopchak (Senior Security Engineer & Operations Team Lead), and Amanda Berlin (Network Security Engineer). Listen in to this animated and informational discussion, for the latest InfoSec Hacks and Headlines, Hot Topic Talk, and What We're Arguing About this week.ANNOUNCEMENTSWe are hiring! Looking for your next best IT career move? Apply with us today! Position openings include:Network Security Operations AnalystsSplunk/Big Data AdministratorsSplunk ConsultantsIan Gillespie has published the first part of his new blog-screencast tutorial series. So, check it out: Custom Error Viewing in Splunk Part 1: Listening for Search EventsAwesome job to Amanda Berlin for being featured in a CSO Online article. See what she has to say on the topic of Social Engineering: Social Engineering: Even Shakespeare understood security's weakest link Have you developed an impressive Splunk app? Enter the Splunk Apptitude App Contest for the chance to gain bragging rights for your innovation, along with some nice pocket change. Enter the Splunk Apptitude App ContestTOP INFOSEC HACKS & HEADLINES HOT OFF THE PRESSLogjam Vulnerability Logjam Encryption Flaw Threatens Secure Communications On WebNSA "Irritant Horn" Hacking Project NSA hijacked app stores to hack phones NetUSB FlawNetUSB flaw leaves 'millions' of routers, IoT devices vulnerable to hackingVENOM Bug The VENOM "virtual machine escape" bug - what you need to know New Google Chrome Extension Google's latest experiment brings new superpowers to Chrome browsers Washington Post HackedWashington Post Hacked by Syrian Electronic Army Uber Plain Text Password Problem Uber in hot water again - this time over plaintext passwords in emailsTODAY’S HOT TOPIC TALKThanks to Logjam, we are diving into the topic of 'Encryption.' During this discussion, we will be talking about tech giants urging the US government to retain strong encryption, how often should things and/or what things should be encrypted, whether or not encryption is going to be dead eventually, and more. Amanda also gives a brief overview of her recent blog post about vsftpd (very secure FTP daemon). If you're interested in finding out more, take a look: Dealing with the Dinosaurs of IT: Setting up vsftpd on UbuntuOther related articles: Tech Firms, Activists Press US on Encryption When Encrypted Communication Is Not Good Enough6 questions to ask when choosing an encryption solution READY TO ARGUE?Question of the day: Are airplane hackers good or bad? Aviation experts dispute hacker's claim he seized control of airliner mid-flightCorey also suggested a Carnal0wnage article that does a good job describing 'stunt hacking.'Check it out: Let's Call Stunt Hacking What it is, Media WhoringUNTIL NEXT TIME!If you have opinions on airplane hackers, or anything else we've discussed, join our conversation and talk to us on Twitter: @hurricanelabs

DEF CON 22 [Materials] Speeches from the Hacker Convention.
Mark Stanislav & Zach Lanier - The Internet of Fails - Where IoT Has Gone Wrong and How We're Making It Right

DEF CON 22 [Materials] Speeches from the Hacker Convention.

Play Episode Listen Later Dec 13, 2014


The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right Mark Stanislav Security Evangelist, Duo Security Zach Lanier Sr. Security Researcher, Duo Security This presentation will dive into research, outcomes, and recommendations regarding information security for the "Internet of Things". Mark and Zach will discuss IoT security failures both from their own research as well as the work of people they admire. Attendees are invited to laugh/cringe at concerning examples of improper access control, a complete lack of transport security, hardcoded-everything, and ways to bypass paying for stuff. Mark and Zach will also discuss the progress that their initiative, BuildItSecure.ly, has made since it was announced this past February at B-Sides San Francisco. Based on their own struggles with approaching smaller technology vendors with bugs and trying to handle coordinated disclosure, Mark and Zach decided to change the process and dialog that was occurring into one that is inclusive, friendly, researcher-centric. They will provide results and key learnings about the establishment of this loose organization of security-minded vendors, partners, and researchers who have decided to focus on improving information security for bootstrapped/crowd-funded IoT products and platforms. If you're a researcher who wants to know more about attacking this space, an IoT vendor trying to refine your security processes, or just a consumer who cares about their own safety and privacy, this talk will provide some great insights to all of those ends. Mark Stanislav is the Security Evangelist for Duo Security. With a career spanning over a decade, Mark has worked within small business, academia, startup and corporate environments, primarily focused on Linux architecture, information security, and web application development. He has presented at over 70 events internationally including RSA, ShmooCon, SOURCE Boston, and THOTCON. His security research has been featured on web sites including CSO Online, Security Ledger, and Slashdot. Mark holds a B.S. in Networking & IT Administration and an M.S. in Information Assurance, both from Eastern Michigan University. Mark is currently writing a book titled, "Two-Factor Authentication" (published by IT Governance). Twitter: @markstanislav Web: https://www.duosecurity.com ; http://www.uncompiled.com; http://builditsecure.ly Zach Lanier is a Senior Security Researcher at Duo Security. Though an old net/web/app pen tester type, he has been researching mobile and embedded device security since 2009, ranging from app security, to platform security (especially Android); to device, network, and carrier security. He has presented at various public and private industry conferences, such as BlackHat, DEFCON, INFILTRATE, ShmooCon, RSA, Amazon ZonCon, and more. He is also a co-author of the "Android Hacker's Handbook" (published by Wiley). Twitter: @quine Web: https://www.duosecurity.com ; https://n0where.org ; http://builditsecure.ly

Akamai - Security Podcast
Bill Brenner talks with Dave Lewis

Akamai - Security Podcast

Play Episode Listen Later Dec 4, 2013 12:21


In this episode of the Akamai Security Podcast, I talk to colleague, friend and Security Advocate Dave Lewis (@gattaca, on Twitter). We talk about the past, present and future of his Liquidmatrix site, life in his new role and the big issues he's helping customers address. We also talk about all the blogging he's doing over at CSOonline.com.

security web security dave lewis cso online bill brenner
Liquidmatrix Security Digest Podcast
Liquidmatrix Security Digest Podcast - Episode 2D

Liquidmatrix Security Digest Podcast

Play Episode Listen Later Jul 11, 2013 69:08


Episode 0x2D Nobody loves us. It's all about us this week. Well, not really. It's more about getting the world to get off the crazy train. Upcoming this week... Lots of News Kittens Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and There will NOT be a DEEP DIVE And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary The web is a bad bad place SSL: Intercepted today, decrypted tomorrow (or why you need to use PFS) (but PFS TLS has a peformance impact) The Future of Civil Disobedience Online OECD complaint against finfisher The personal side of taking on the NSA: emerging smears Breaches Facebook exposes itself Opera's breach lady sings 47k student teachers in Florida exposed SCADA / Cyber, cyber... etc So you want to be a CIP consultant. Australia decides not to be American DERP South Korea misidentifies China as cyberattack origin Mailbag Hi, Greetings! Would you be interested to reach out to your target market for your Marketing Initiatives like Email Marketing, Tele Marketing, Direct Mailing and Fax Campaigns? Our list comes with the following information such as: First Name, Last Name, Title, Email, Tele-phone Number, Mobile Number, Company, Current Address, Country State/Province, City, Zip Code, Employee size, Sales; SIC Code/Industry, NAICS and Web Address. If you are interested please send me your target audience and geographical area, so that I can get back to you with exact counts and list details. Best Regards, Linda Lead Generation Briefly -- NO ARGUING OR DISCUSSION ALLOWED Burp trips and tricks PDF Cyanogen mod gets secure messaging Running a Hackerspace Raspberry Pi bot tracks hacker posts to vacuum up passwords and more MITM via PPTP Hacking monopoly Pentagon's failed flash drive ban policy: A lesson for every CIO Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave now will be writing for CSO Online and will be attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago and Hackfest in Quebec City. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. In Closing Word of the Week -- Cyberlympics - I think it means CTF, but I'm not sure. Check it out here. Movie Review -- Firewall! Because you know that Harrison Ford can type 120 words per minute. everyday is CTF! go set up a team Hackfest registration is open Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013 Seacrest Says: Good night Kitten Creative Commons license: BY-NC-SA

CERIAS Security Seminar Podcast
Gary McGraw, Building Security In Maturity Model (BSIMM)

CERIAS Security Seminar Podcast

Play Episode Listen Later Oct 7, 2009 51:27


As a discipline, software security has made great progress over the last decade. There are now at least 46 large scale software security initiatives underway in enterprises including global financial services firms, independent software vendors, defense organizations, and other verticals. In 2008, Brian Chess, Sammy Migues and I interviewed the executives running nine initiatives using the twelve practices of the Software Security Framework as our guide. Those companies among the nine who graciously agreed to be identified include: Adobe, The Depository Trust and Clearing Corporation (DTCC), EMC, Google, Microsoft, QUALCOMM, and Wells Fargo. The resulting data, drawn from real programs at different levels of maturity was used to guide the construction of the Building Security In Maturity Model (BSIMM). This talk will describe the observation-based maturity model, drawing examples from many real software security programs. A maturity model is appropriate because improving software security almost always means changing the way an organization works---people, process, and automation are all required. While not all organizations need to achieve the same security goals, all successful large scale software security initiatives share common ideas and approaches. Whether you rely on the Cigital Touchpoints, Microsoft's SDL, or OWASP CLASP, there is much to learn from practical experience. Since its March release, the BSIMM is being expanded to include BSIMM Europe, BSIMM II, and BSIMM Lite. Use the BSIMM as a yardstick to determine where you stand and what kind of software security plan will work best for you. About the speaker: company: http://www.cigital.compodcast: http://www.cigital.com/silverbulletpodcast: http://www.cigital.com/realitycheckblog: http://www.cigital.com/justiceleaguebook: http://www.swsec.compersonal: http://www.cigital.com/~gemGary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Java Security, Building Secure Software, Exploiting Software, Software Security, and Exploiting Online Games; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean¹s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors, produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT), and produces the Reality Check Security Podcast for CSO Online.