POPULARITY
Forecast: Expect increased malicious activity targeting enterprise network infrastructure and remote work platforms. In this episode of Storm⚡️Watch, the crew tackles some of the most pressing stories in cybersecurity and tech. First, we explore the case of Christian Marie Chapman, an Arizona woman who faces federal prison time for orchestrating a scheme that allowed North Korean IT workers to pose as U.S.-based employees. This operation, which generated over $17 million for North Korea, involved Chapman running a "laptop farm" that enabled remote access to U.S. company networks. The scheme not only compromised sensitive company data but also funneled money to North Korea's weapons programs. This story underscores the critical need for robust identity verification and background checks in hiring processes, especially in remote IT roles, to avoid inadvertently aiding malicious actors. Next, we discuss GreyNoise's findings on the active exploitation of a high-severity vulnerability in Palo Alto Networks PAN-OS (CVE-2025-0108). This authentication bypass flaw allows attackers to execute unauthorized PHP scripts, posing significant risks to unpatched systems. Organizations are urged to apply security patches immediately and restrict access to firewall management interfaces to mitigate potential breaches. GreyNoise's real-time intelligence highlights the importance of staying vigilant against evolving threats. In our featured segment, we sit down with Dennis Fisher, a celebrated journalist with over two decades of experience in cybersecurity reporting. Fisher shares insights from his career, including his work as co-founder of *Threatpost* and Editor-in-Chief at *Decipher*. Known for his analytical approach, Fisher has covered major cybersecurity events and delved into the motivations behind both attackers and defenders. His expertise offers a unique perspective on the complexities of information security. Finally, we touch on broader issues in vulnerability management and encryption policies. From GreyNoise's observations of exploitation surges in vulnerabilities like ThinkPHP and ownCloud to Censys' argument against weakening encryption standards, these discussions emphasize the need for proactive measures and smarter prioritization in cybersecurity strategies. Whether it's patching overlooked vulnerabilities or resisting calls to weaken encryption under the guise of security, staying informed is key to navigating today's threat landscape. Storm Watch Homepage >> Learn more about GreyNoise >>
Three Buddy Problem - Episode 31: Dennis Fisher steps in for Ryan Naraine to moderate discussion on a very busy week in cybersecurity. The cast dig into the wave of big research reports, the disbanding of the Cyber Safety Review Board (CSRB), the ongoing flood of exploits targeting security appliances from Ivanti and SonicWall, and the recent Lumen research on Juniper router backdoors. Plus, the challenges of coordinating disclosures, the tough realities of intelligence work, and the complex landscape of nation-state attacks -- especially around Chinese threat actors and Western defenses. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Dennis Fisher. Ryan Naraine (https://twitter.com/ryanaraine) in on work travel.
Send us a textDiscover the bold strategies shaping the future of Dayton with Mayor Dennis Fisher in this must-listen episode. Mayor Fisher, known for his forward-thinking approach, shares his vision for managing Dayton's rapid growth while prioritizing the community's character and economic sustainability. He offers insights into his successful initiatives for reducing the city's once-burdensome tax rates through fiscal responsibility and resident-focused budgeting. Mayor Fisher also addresses pressing public safety challenges, including efforts to curb crime and tackle the issue of reckless driving by boosting police presence and enhancing fire department staffing. Throughout, he openly contrasts his policies with those of his opponent, underscoring his commitment to aligning city decisions with the priorities of Dayton's residents.In a compelling dialogue about Dayton's water quality issues, Mayor Fisher outlines the proactive steps being taken to address the high iron content that affects residents' daily lives. Learn about the infrastructure improvements underway, including the installation of backup pumps and the substantial state and federal grants secured to fund a new water treatment facility. Set to launch this summer, this facility promises to deliver cleaner, iron-free water, improving both aesthetics and appliance longevity. Mayor Fisher reflects on the city council's achievements in budget management and tax reduction as he seeks re-election, emphasizing his dedication to meeting the evolving needs of Dayton's growing community.Support the show Thank you for listening to this episode of HuttCast, the American Podcast. We hope you enjoyed today's discussion and gained valuable insights. To stay updated on our latest episodes, be sure to subscribe to our podcast on your preferred listening platform. Don't forget to leave us a rating and review, as it helps others discover our show. If you have any comments, questions, or suggestions for future topics, please reach out to us through our website or social media channels. Until next time, keep on learning and exploring the diverse voices that make America great.
The Sony Pictures hack in 2014 by the North Korean Lazarus Group was a seminal event both in Hollywood and in the security community, bringing to light the capabilities and ambitions of North Korean attackers and showing the damage a leak of sensitive data can be. Brian Raftery joins Dennis Fisher to discuss his new Ringer podcast, The Hollywood Hack, that digs deep into the incident, its repercussions in Hollywood, and how it helped set the tone for how companies handle public data leaks.
Reddit's head of application security Matt Johansen joins Dennis Fisher to talk about the highlights of Black Hat USA, the challenges of sorting security priorities in a large enterprise, and how he's learned to take care of his mental health after many years in the security industry.
Rebekah Brown and John Scott-Railton of the Citizen Lab join Dennis Fisher to dive into their group's new report on highly targeted spear phishing campaigns by the Russian threat actor COLDRIVER and then discuss the emergence of a new, possibly related group called COLDWASTREL.
Dennis Fisher and Lindsey O'Donnell-Welch reflect on their week in Las Vegas at Black Hat and discuss the talks they liked, including Moxie Marlinspike's keynote and the Google Project Zero retrospective, and the other topics they found interesting, including vulnerability exploitation versus social engineering and the AI ecosystem.
AI and machine learning security expert Gary McGraw joins Dennis Fisher to discuss the concept of data feudalism in LLM foundation models, what the security implications of it are, and whether narrowly focused models may help address these issues.
Decipher editors Dennis Fisher and Lindsey O"Donnell-Welch are joined by Brian Donohue to dissect the Black Hat talks they're looking forward to, including sessions with H D Moore, Sherrod DeGrippo, and Moxie Marlinspike, and some talks they can't quite figure out from the titles.
The fallout from the CrowdStrike outage continues more than a week after the faulty update, so Huntress security researcher John Hammond joins Dennis Fisher to talk about the lessons learned from the incident, our fragile software ecosystem, and what cybersecurity practitioners can do differently next time.
Tyler Healy, CISO of Digital Ocean, joins Dennis Fisher to discuss the unique challenges of defending a huge platform, how AI is changing things for defenders, and what new challenges AI might bring in the near future.
Former NSA Deputy Director George Barnes joins Dennis Fisher to talk about his 35-year career at the agency, how he came to be intrigued by the cybersecurity world, the emergence of Cyber Command as a force inside the government, and what he sees as the priorities for defenders now.
Chris Hughes, co-founder of Aquia and a Cyber Innovation Fellow at the Cybersecurity and Infrastructure Security Agency, joins Dennis Fisher to talk about the challenges of supply chain security, working with the government to address systemic issues, and the importance of collaboration.
Dennis Fisher and Lindsey O'Donnell-Welch dig into the news of the TeamViewer corporate breach, attributed to APT29/Midnight Blizzard, and news of more victims from the Microsoft intrusion by the same group earlier this year.
Michael Mann's 1995 thriller Heat is considered by many people to be the best crime movie ever made. And hidden inside the intricate plot is a story of a lone hacker with a background at DARPA who uses his skills to set up scores for the crews in LA's underworld. Meg Gardiner, the co-author of Heat 2, and Casey Ellis, cofounder of Bugcrowd, join Dennis Fisher to dig into the technological and psychological details of this modern masterpiece. This is Deciphering Heat.Check out Meg's newest thriller, Shadowheart.
Amy Bogac, a longtime security executive with a deep background in systems administration and networking, joins Dennis Fisher to talk about how she came to security, how her background in communications informed her career choices, and the difficult conversations that need to occur before someone has to push the button during an incident.
Sarah Powazek, the Program Director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity, joins Dennis Fisher to talk about her work in setting up Cybersecurity Clinics at high education institutions around the country to help bring knowledge and skills to underserved organizations.
Caitlin Condon of Rapid7 joins Dennis Fisher to dive into the juicy tidbits from the Rapid7 Attack iNtelligence Report, including the rise in attacks on zero days, ransomware proliferation, and why network edge devices remain a major problem. Read the report here: https://www.rapid7.com/c/fr-2024-attack-intelligence-report-TY/1/
In this special episode, Dennis Fisher and Lindsey O'Donnell-Welch are joined by Brian Donohue of Red Canary to preview the RSA conference talks they're excited about and to try to make sense of some of the session titles that are maybe a little indecipherable.
Lindsey O'Donnell-Welch turns the tables on Decipher editor-in-chief Dennis Fisher in this episode of Memory Safe to find out how his background covering crime prepared him for the cybersecurity beat, why Ferris Bueller's Day Off is his favorite hacker movie, and how much the security world has changed in the last 20 years.
Cody Stokes, a security leader at Procellis Technology, joins Dennis Fisher to talk about his time in the Marine Corps, the challenges of breaking into the cybersecurity field, and the fulfillment he gets from helping to protect users.
Dan Lorenc, co-founder and CEO of Chainguard, joins Dennis Fisher to dig into the recent XZ Utils backdoor incident, the implications for the open source ecosystem, and what can be done to avoid similar incidents in the future. Then they discuss the problems facing NIST's National Vulnerability Database and the CVE ecosystem.
Rick Gordon of Tidal Cyber joins Dennis Fisher to discuss his path from the US Naval Academy to submarine officer to Wall Street and finally to the cybersecurity industry, where he's worked for the last 25 years. Dennis and Rick also talk about the importance of the community aspect of cybersecurity and why it's vital to the collective defense.
Brian Donohue of Red Canary joins Dennis Fisher to talk about some of the surprising findings from the company's new 2024 Threat Detection Report, including why identity based attacks continue to work so well and how attackers are approaching the shift to the cloud.
Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch talk about the BlackCat ransomware attack on Change Healthcare that has crippled the company and affected the ability of thousands of health care providers, pharmacies, and hospitals to get paid and submit claims.
Daniel Cuthbert, global head of cybersecurity research at Banco Santander, joins Dennis Fisher to talk about getting his first computer, a ZX Spectrum that he still owns (!), finding his way into hacking through IRC, his passion for photography, and his surprising alternate career path.
Jennifer Leggio, a longtime security industry executive who has served in many different roles, joins Dennis Fisher to talk about the shift in thinking among those in the security community, technical gatekeeping in security, her new consulting venture Moveable Feast, and finding your niche.
Dennis Fisher and Lindsey O'Donnell-Welch discuss the disruption of the LockBit ransomware operation by the FBI, Europol, and UK authorities, what it means for victims, and how it fits into the government's larger strategy to target cybercrime groups.
Software security and AI security expert Gary McGraw joins Dennis Fisher to discuss the findings of a new AI architectural risk analysis research paper that his Berryville Institute of Machine Learning did on LLMs, the risks of black box models, and what kind of regulation would be most effective at reducing those risks.
Kevin Tian and Rahhul Madduluri, co-founders of Doppel, join Dennis Fisher to discuss the emerging threats of AI-enabled phishing and brand impersonation and how AI can also be used to detect and stop these attacks.
James Doggett, CISO of Semperis and a longtime executive in the financial and insurance industries, joins Dennis Fisher to discuss his career arc and the challenges of being a CISO in today's highly scrutinized and pressure-filled environment.
Feross Aboukhadijeh, founder and CEO of Socket, joins Dennis Fisher to talk about the challenges of securing open-source projects, supply chain security, and the fragility of the open-source software ecosystem.
Shamla Naidoo, a veteran CISO and lawyer, joins Dennis Fisher to talk about her introduction to computing as a teen in South Africa, what she learned after discovering an attacker on her company network as an admin, and how she has structured her career to only work on projects she enjoys.
Dennis Fisher and Lindsey O'Donnell-Welch talk about some of things in the security community they're thankful for, and a couple of things they're not.
Kymberlee Price, co-founder of Zatik, joins Dennis Fisher to talk about her experience running security response programs at Microsoft, BlackBerry, and other companies, and how the changing security landscape helped lead her to start her own company.
In the premier episode of Memory Safe, Dennis Fisher talks with Michelle Finneran Dennedy, founder and CEO of Privacy Code, former CPO of Sun Microsystems and Cisco, and all around great person, about her early interest in technology, the influence of her father on her career, and why she's still doing security after all this time.
Dennis Fisher talks with Mat Donahue, a former FBI counterterrorism specialist and founder and CEO of Kodex, and Nick Selby, a technologist and law enforcement officer, about the challenges organizations face when responding to data requests from law enforcement agencies and how CISOs and legal teams can address them.
Alessio Setaro, CISO of Leroy Merlin Italy, joins Dennis Fisher to talk about his path to becoming a CISO, the challenges of breaking down silos in an organization, and why security is a people-first challenge.
Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch break down a busy news week, including Microsoft's revelations about the theft of its signing key, the Trickbot group sanctions, and some new Apple iOS zero days.
iVerify CEO Danny Rogers and COO Rocky Cole join Dennis Fisher to discuss the spinout of the iVerify mobile security tool as a standalone company, the scourge of mercenary spyware, and how enterprises can protect their users.
Katelyn Bowden and TC Johnson join Dennis Fisher to discuss the release of Veilid, a new protocol built by members of the Cult of the Dead Cow that is designed to bring true privacy and anonymity to users.
Decipher editors Lindsey O'Donnell-Welch and Dennis Fisher discuss the top sessions, keynotes and trends to look out for at Black Hat USA in Las Vegas next week.
Chris Kirsch, CEO of runZero, joins Dennis Fisher to talk about the problem of trying to secure what you don't know you have, asset management, and his history in the original crypto war.
Matt Johansen joins Dennis Fisher to discuss his path from infosec n00b to senior security roles at White Hat, Bank of America, Reddit, and his new newsletter and podcast venture, Vulnerable U.
Dennis Fisher is joined by Hazel Burton from the Cisco Talos team to talk about the importance of empathy in communications, her non-linear path to infosec, and how her improv comedy training has helped her in her roles.
Chris Wysopal and Cris Thomas of the L0pht join Dennis Fisher to talk about the 25-year-anniversary of the group's landmark Senate testimony, what's changed since then, and Cris's new book, How the Hackers Known as L0pht Changed the World.
Casey Ellis, founder and CTO of Bugcrowd, joins Dennis Fisher to discuss the newly formed Hacking Policy Council, the challenges of influencing security research policy and legislation, and what the council hopes to achieve.
Mike Hanley, CSO and SVP of engineering at GitHub, joins Dennis Fisher to talk about the company's move to enforce 2FA for all developers, the changing role of the CISO, and what's ahead for software supply chain security.
Chris Wysopal, CTO and founder of Veracode, joins Dennis Fisher to dive into the new White House National Cybersecurity Strategy and discuss what's missing, how practical the pillars are, and when these ideas may be implemented.
Courtney Nash joins Dennis Fisher to talk about the 2022 VOID Report on incidents, why mean time to resolve is no longer a meaningful metric, whether the duration of an incident matters, and how organizations can get better at responding to an analyzing incidents.