POPULARITY
In this conversation, I speak with Alastair Paterson, CEO and co-founder of Harmonic Security. We talk about: Harmonic Security’s Unique Approach to AI Data Protection: How Harmonic Security’s Zero-Touch Data Protection uses small language models to identify and prevent sensitive data leaks, differentiating it from traditional DLP solutions. Challenges of AI Adoption & Enterprise Security Risks: How enterprises are struggling to adopt Generative AI safely, as employees unknowingly expose sensitive data. The risks of shadow AI usage, and why visibility into AI applications is essential for organizations. Harmonic’s Browser-Based Solution for Secure AI Adoption: How Harmonic Security’s browser-based extension provides real-time monitoring and intervention, allowing enterprises to track AI adoption, prevent data leaks, and enforce security policies without disrupting productivity. ➡️ Get a DEMO and Take Advantage of Harmonic's GenAI Securely ul.live/harmonic ➡️ Check out Harmonic's Data leakage report "From Payrolls to Patents"ul.live/harmonic-data-leaked00 Intro00:12 Guest Introduction - Alistair and Harmonic Security01:16 Background on Digital Shadows and Transition to Harmonic Security02:50 The Impact of ChatGPT and Generative AI on Security04:35 The Problem with AI Data Leakage and Enterprise Risks06:20 The Evolution of Data Protection: From DLP to AI Readiness08:45 The Challenge of Shadow AI in Enterprises10:30 Understanding Harmonic Security's Zero-Touch Data Protection12:15 How Harmonic Security Works - Browser Extension Overview14:40 Detecting Sensitive Data in AI Prompts16:50 Live Demo - Preventing Data Leaks in AI Chatbots19:35 Visibility and Monitoring of AI Usage Across the Enterprise22:10 Risk Classification and Training Data Considerations24:05 Policy Enforcement and Customization Options26:30 Future Developments - Expanding Coverage Beyond AI Apps28:15 Final Thoughts and Where to Learn MoreBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
In today's episode of English Plus Podcast, we dive into three compelling topics that will make you think twice about how you approach life's biggest challenges. First, we tackle the question, What happens when you kill all your enemies? Is there such a thing as truly winning, or does eliminating your enemies simply perpetuate a vicious cycle of conflict and vengeance? Next, we explore one of humanity's greatest mysteries: What happens after we die? From ancient beliefs to modern scientific theories, we'll look at the many possibilities of what lies beyond our final breath. Finally, we uncover the hidden impact of cyberbullying on mental health. In today's digital world, where cruelty is just a click away, we'll examine how online harassment leaves deep emotional scars and what we can do to support those affected. Each segment is followed by our Vocabulary in Context section, where we break down key words and phrases to help you enrich your everyday language. Plus, we've included reflective questions at the end of each segment to keep the conversation going. To unlock the full episode and gain access to our extensive back catalogue, consider becoming a premium subscriber on Apple Podcasts or Patreon. And don't forget to visit englishpluspodcast.com for even more content, including articles, in-depth studies, and our brand-new audio series now available in our English Plus Podcast's shop! Join Danny as he unpacks these fascinating topics and leaves you with plenty of food for thought. Tune in and enjoy!
In the age of unprecedented digital surveillance, nothing stays hidden. Modern technology, once hailed as the liberator of communication and convenience, has woven an intricate web of mass surveillance where no action or memory is private. Every email, text, call, and even location pings from our devices are swept up by powerful global entities without the faintest trace of discretion. These data points are no longer mere packets of information—they have become the essence of our lived experiences, silently cataloged and stored indefinitely. From the intimate moments captured unknowingly on webcams to the precise geolocation data shared between cell towers, every digital interaction is stored in a permanent record, a digital diary of our lives. The ethical lines once held between national security and individual privacy have blurred beyond recognition, with the very organizations tasked with protecting us now spying on us. This realization came to a technologist deeply embedded in the intelligence community, witnessing firsthand the indifference of these powers to the moral implications of their reach. In a world where every moment becomes a permanent record, the question arises—how do we wish to live when we can no longer forget? With no real boundaries between right and wrong, the future is a place where our own data is weaponized against us, leaving generations to grapple with the consequences of complete transparency.
In this conversation we discuss:
In this invigorating episode, join me as I welcome Nick Pags, a renowned Growth Mindset Expert, Certified Behavioral Change Specialist, and Inspirational Speaker, whose insights into personal transformation are reshaping the way we approach success and fulfillment. Nick's unique blend of high-energy coaching and empathetic understanding has empowered countless individuals, from aspiring entrepreneurs to C-Suite executives, to unlock their potential and redefine their paths in life.Our conversation dives deep into the challenges and pitfalls of our modern digital landscape, particularly the overwhelming influence of social media. Nick eloquently dissects how our online habits can obscure our self-awareness and hinder personal growth. His perspective offers a refreshing counter-narrative to the prevalent digital culture, encouraging listeners to rediscover their authentic selves away from the glare of screens. This discussion is not just an exploration but a call to action – to break free from the digital shadows that cloud our true selves and to find fulfillment in the real, tactile world.What sets this episode apart is Nick's captivating approach to personal development, blending his expertise in behavioral change with real-world applications. He offers actionable insights on how we can honor ourselves by stepping back from social media's grasp, finding balance, and nurturing our true passions and interests. This episode is a beacon for anyone seeking to navigate the complexities of living in a digitally dominated era while striving to maintain a genuine sense of self. Tune in for an enlightening journey with Nick Pags, as we explore the path to self-discovery and the art of living a truly fulfilled life.Key Points From This Episode: Empowerment and Personal Agency [00:00:00]The Importance of Magnesium [00:00:28] Introducing Guest Nick Pags [00:03:59] Discovering Personal Purpose [00:05:15]The Impact of Personal Growth on Others [00:06:41]Pursuing Passion in Professional Life [00:08:38]The Role of Individual Purpose [00:09:06]The Uniqueness of Every Individual [00:12:10] Overcoming Fear and Taking Action [00:15:29]The Risks of Playing It Safe [00:19:21] Clearing Intuition Channels [00:21:17]The Trap of Social Media Consumption [00:24:39] Creating Experiences from Within [00:33:27]Intentional Use of Social Media [00:35:10]The OneSec App for Mindful Social Media Use [00:37:01]The Power of Awareness and Intentionality [00:41:23]Breathwork as a Consciousness Practice [00:45:11]The Analogy of Racing and Consciousness [00:49:41]The Ferrari Mind and the Importance of Brakes [00:51:48]The Art of Saying No [00:54:20]Wrapping Up and Thoughts on Conscious Living [00:57:19]The Power of Self-Knowledge [00:58:08]Looking to discover your science and optimize your life?APPLY FOR HEALTH OPTIMIZATION COACHINGhttps://calendly.com/andrespreschel/intro-call-with-andresLinks Mentioned in Today's Episode:Click HERE to save on BiOptimizers MagnesiumPeopleOfficial Website: Nick PagsInstagram: @iamnickpagsBooks and References"Psycho-Cybernetics" by Maxwell Maltz: This book discusses self-image and its impact on one's life.Find it on book retailers like Amazon.Support the show
Have you ever reflected on how social media is affecting our lives? Imagine exploring the landscape of this digital age with our beloved metaphysical minister and dear friend, Danielle M Holdman. With her, we reminisce about the joyous celebration of PJ's birthday and our thrilling experience at the Sherry Shepherd Show. With a special thank you to Patrick Hester for making that possible.We also share a rather intriguing tale about a foot sent to Blair. Yet the meat of our discussion lies in the realm of social media, its impact on our relationships, and the undercurrent of cultural conditioning shaping us and future generations.Unrealistic expectations, unattainable dreams, and overwhelming content—sounds familiar? Navigating the labyrinth of social media, we share our experiences of digital detox and muscle through the struggle to maintain positivity amidst the online chaos. With Danielle, we reflect on the role of content creators and consumers alike, the delicate balance between integrity and virality, and the potential shadows being cast on younger generations wrestling with their digital identities.As our lively chat draws to a close, we delve into the darker side of social media—the virtual courtroom for public humiliation, the violation of sacred bonds for likes and shares, and the karmic price one may have to pay. In the end, we yearn for the lost art of old-school conversation, encourage exploring the vibrant social scene beyond our screens, and stress the importance of protecting our digital identities. So join us in this soulful journey, let's learn to navigate the digital age together, preserving our mental peace and cherishing human connections that transcend the virtual realm.Support the showFollow US IG: https://www.instagram.com/highlymelanatedpodcast Twitter: https://www.twitter.com/H_MelanatedPod YouTube: https://www.youtube.com/channel/UCb2VbyoW6KaMxQo5onYluXAIF YOU WANT TO BE A GUEST OR KNOW SOMEONE WHO WOULD BE A GREAT CHOICE, HIT US UP!!!FEEL FREE TO EMAIL US @highlymelanatedpodcast@gmail.com
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Reliaquest is a very successful commercial company, and it has a set of skills that can be directly applied to the federal government. Today's interview is with Michael McPherson. He worked for the FBI for over 25 years, and he chose to work for Reliaquest because he believes its technology matrix offers the best hope for securing all networks, that included federal. During the interview, he explains why he believes this combination works. First, his background can assist federal agencies to prioritize extant risks. Second, Reliaquest's track record in the commercial world gives it skills in scaling and security optimization that are in defense inside the beltway. Finally, Reliaquest has recently acquired a company called Digital Shadows This gives Reliaquest an unusual viewpoint on activities going on the Dark Web. Malicious actors, origins of attacks, and methods can be conveyed to the Reliaquest platform to give federal leaders a wider range of threat information. Continuous improvement is a phrase that is popular in the agile and DevOps world. This idea applies to your agency's cyber posture. Once a system is placed that can manage, detect, and respond to threats – it must be updated regularly. Reliaquest has proven in the highly competitive commercial world that its system can act as a force multiplier to respond to cyber-attacks.
Cyber Security Matters, hosted by Dominic Vogel and Christian Redshaw
Senior VP of Cyber Defense at Optiv, Jason Lewkowicz, is today's guest on the Cyber Security Matters podcast, hosted by Dominic Vogel and Christian Redshaw. Jason is an experienced senior executive with over two decades in various aspects of business, specializing in; information security, risk governance, crisis management, technology consulting, outsourcing and operations. Jason holds certifications from ISACA, ISC2 and Open Text/Guidance Software. He has presented at industry-recognized conferences and local law enforcement information sessions over the past ten years. He has served on advisory boards for; Symantec, McAfee, Digital Shadows and FireEye/Mandiant. Jason received his undergraduate degree from DePaul University in Chicago. In this episode, we will cover the following: - What “applied security” means - Why business leaders and cyber security need to have a collaborative relationship - How cyber security can support your company's goals - What key milestones organizations should be hitting in their cyber security journey #cybersec #technology #business ep: 157
In the first episode of our cybersecurity mini-series, Dave chats with Donna Estrin, a PR and communications expert with vast experience at cyber firms large and small. After cutting her comms teeth in the PR agency world, Donna moved into tech, beginning her cybersecurity career handling analyst relations for McAfee. She then helped Neustar transform from a traditional telecommunications company to a high-tech security, data and marketing services company, before working on WhiteHat Security's acquisition by NTT and VMware's acquisition of Lastline.Most recently, Donna led comms for ReliaQuest when they acquired Digital Shadows, before departing to launch her new consultancy firm, Estrin Communications.From analyst, press and media relations to thought leadership, the role of communications is so vital in growing brand reputation and equity. Dave and Donna chat about:how to achieve this in a market that's as saturated as cybersecuritywhat really matters to CISOs, and how to engage them by being helpful and adding valuewhat genuine and authentic thought leadership really meanswhy analysts are so important, and how to build successful relationships with themthe key cybersecurity trends that we need to be aware of going into 2023Not only is Donna the perfect guest to get insight into all of the above and more - but she hails from Shaped By's home city of Bristol! We've invited her for one of our famous local craft beers next time she's over from her home in California.Stay tuned for more cybersecurity specials coming very soon, as we dive deeper into this fascinating industry that's so integral to protecting the way we all live and work.
ShadowTalk host Chris alongside guests Dani and Kim give you the latest in threat intelligence. This week they cover: -LockBit Arrest -Big Tech Layoffs -Black Friday Vulnerability Risks ***Resources from this week's podcast*** Black Friday Webinar https://www.reliaquest.com/resource/webinar/soc-talk-keeping-black-friday-cyber-threats-at-bay/?utm_source=Digital+Shadows&utm_medium=On-Demand+Webinar Keeping One Step Ahead of Black Friday Cyber Threats https://www.digitalshadows.com/blog-and-research/keeping-one-step-ahead-of-black-friday-cyber-threats/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don't forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.
Introduction: In this episode, we focus on the intersection of geopolitical, socioeconomic, and cyber risk. We ask leading risk experts, how the intersectionality of these three macro risk factors impacts the safe operation of ships at sea today? We discuss the motivations behind cyber-attacks, in particular nation state espionage and ransomware attacks? And; finally, we gain a better understanding of what is meant by a threat informed cyber risk management strategy and question what this looks like in practice for maritime risk managers. Speakers: Tom Scriven is a Strategic Consultant at Mandiant based in the UK, specialising in Security Operations and Threat Intelligence advisory services. His first role in IT security was for the Royal Navy as a Communications Technician, before moving to support key UK government departments in security operations. He has significant experience as a trusted advisor to sensitive areas of government, and has consulted for major corporate entities, including in critical national infrastructure sectors, to undertake major cyber security assessments and implement complex cyber security transformation programmes. Tom has worked with large multinational companies to assess their security programmes, providing prioritised recommendations and roadmaps to enhance security posture and effectiveness. Dr Jamie Collier is a Senior Threat Intelligence Advisor at Mandiant. He is also active within academia as an Associate Fellow at the Royal United Services Institute (RUSI). Before joining Mandiant, he was the Cyber Threat Intelligence Team Lead at Digital Shadows and completed a PhD in Cyber Security at the University of Oxford. Jamie was previously based at MIT as a Cyber Security Fulbright Scholar and has experience working with the NATO Cooperative Cyber Defence Centre of Excellence, Oxford Analytica, and PwC India.
This episode, in the first segment Matt McGuirk, Solution Architect at Source Defense, joins to discuss Understanding Web Application Client-Side Risk! Then, we are joined by Ian Glazer, the SVP of Product Management, Identity at Salesforce, to talk about Salesforce's Journey Towards Complete Customer MFA! Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn, JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN, & more! Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw276
This episode, in the first segment Matt McGuirk, Solution Architect at Source Defense, joins to discuss Understanding Web Application Client-Side Risk! Then, we are joined by Ian Glazer, the SVP of Product Management, Identity at Salesforce, to talk about Salesforce's Journey Towards Complete Customer MFA! Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn, JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN, & more! Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw276
Thoughts on RSA2022. New research from Digital Shadows breaks down key areas of concern for us. I find some vulnerable databases on the web (some are "security vendors"...uh oh). We are still failing at the basics, and the password is eating our lunch, why is this still a problem? A great new blog from the S/R team at Forrester on the economy and the security market. Did AI just go sentient? Those thoughts and more on this episode!
Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn, JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw276
Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn, JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw276
Bienvenido a ShadowTalk en Español! En este episodio, Stefano y Dani van a discutir: * Lapsus$: Un grupo inusual en el negocio de la extorsión cibernética * Cómo Lapsus$ conducen sus ataques * Ataques de alto perfil y la brecha de Okta *** Si hoy has escuchado algo que te resulte curioso, no olvides consultar el contenido disponible en la sección de archivos adjuntos más abajo *** Los blogs de Digital Shadows en Lapsus$: Meet Lapsus$: An Unusual Group In The Cyber Extortion Business https://www.digitalshadows.com/blog-and-research/meet-lapsus-an-unusual-group-in-the-cyber-extortion-business/ The Okta Breach: What We Know So Far https://www.digitalshadows.com/blog-and-research/the-okta-breach-what-we-know-so-far/ Come siempre, si teneis algún comentario sobre este episodio o si queréis saber mas de algún tema, escribenos a shadowtalk@digitalshadows.com y estaremos muy felices para tomar sus preguntas!
This week we have a very special guest and 2021's Marketo Champion of the Year, Chiara Riga! Chiara joins us to talk about how to be more strategic in marketing ops at your organization. She takes us through her journey as a BDR to MOps pro and how those insights have helped her have a better understanding of roles throughout the company and how having empathy for other teammates' problems can help make the wider team function more strategically. Whether you are a manager or a VP, there are ways in which you approach your work and focus on the impact on the business that can really set you apart and Chiara takes an example of a project to show tangible ways how to do this. Tune into this episode for a stimulating conversation on MOps, RevOps, and more! And be sure to follow Chiara on LinkedIn here: https://www.linkedin.com/in/chiarariga/ (https://www.linkedin.com/in/chiarariga/)
ShadowTalk host Chris alongside Kim and Xue are covering the key takeaways from this year's NCSAM and share several best-practice pieces released by the security experts at Digital Shadows throughout the month including: * Managing Your Digital Shadow * Phight the Phish * Putting Cybersecurity First ***Resources from this week's podcast*** Managing Your Digital Shadow: https://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-week-1-managing-your-digital-shadow/ Phight the Phish: https://www.digitalshadows.com/blog-and-research/week-2-ncsam-fight-the-phish/ Explore, Experience, Share: https://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-week-3-explore-experience-share/ Putting Cybersecurity First: https://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-cybersecurity-first/ ENISA 2021 Threat Landscape: Initial Thoughts https://www.digitalshadows.com/blog-and-research/enisa-2021-threat-landscape/ IABs in Q3 2021: https://www.digitalshadows.com/blog-and-research/initial-access-brokers-in-q3-2021/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don't forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.
For the final webinar in season four of our Founders Series, Emily Francis spoke to James Chappell, Co-founder and Chief Innovation Officer of Digital Shadows - a market leader in protecting businesses from digital risks. We learnt about the company and James' journey as a Co-Founder. www.taylorvinters.com/the-founders-series
Alleged hackers are arrested and millions of dollars recovered in a global police operation. Is the tide finally turning in the battle against ransomware attacks? Jane Wakefield speaks to James Chappell from cybersecurity firm Digital Shadows. Plus companies like Facebook have virtual reality at the heart of their plans for the metaverse, but is augmented reality a better bet? We speak to Magic Leap, the company that hopes its AR glasses will become as essential to our digital lives as our phones. And just a few companies run the cloud that powers most of the websites we use. What happens when they fail? Presented by Jane Wakefield with BBC tech reporter Chris Vallance.
In this episode, I talk about the latest cybersecurity threats you should be aware of as a founder of a small business (what your startup essentially is). Alastair Paterson, Co-founder and CEO of a cybersecurity company Digital Shadows, joined me to answer your questions about the dark web and more. How has the global pandemic affected the cybersecurity landscape? How security threats can impact your success as a startup? What are the latest phishing techniques you should be aware of as a founder? Watch the video to get the answers to all these questions - and make sure you are better equipped to tackle the latest cybersecurity threats your business is facing. Make sure to also: - Follow me on Twitter (https://twitter.com/RyanFloyd) for a lot more content on building SaaS B2B startups, as well as venture capital and entrepreneurship in general - Subscribe to my blog at https://ryanfloyd.org/, where I talk about why I invest in certain companies and broader tech industry issues - Check out my #AskAVC YouTube channel this podcast is based on About Ryan Floyd Ryan is a founding Managing Director of Storm Ventures where he invests in and works with, early-stage enterprise SaaS startups. His primary focus is applications and cloud infrastructure-related companies. He is always interested in hearing from passionate technology entrepreneurs. Ryan is a skilled writer and commentator on all things SaaS. He's written for Techcrunch, Sifted, Thrive Global and is a regular contributor to The UK Newspaper. He's the host of the recently launched #AskAVC YouTube channel aimed at enterprise entrepreneurs. In each episode he tackles a different issue relating to building and scaling B2B startups - topics such as how to pitch to an investor and how to combat sales churn. When he's not working with his portfolio founders, Ryan is active with Code2040, a nonprofit organization that creates pathways to educational, professional, and entrepreneurial success in technology for underrepresented minorities. And occasionally he finds time for surfing! --- Send in a voice message: https://anchor.fm/ask-a-vc/message
This week In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches two premium services streams, Praetorian launches and Open Source security scanner, Tigera addresses demand for security of containers and Kubernetes, API Security 101, CVSS scores, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw239
This week, in our first segment, we welcome Allie Mellen, Industry Analyst at Forrester Research, to talk about Humanizing Security Operations! Then, we welcome Darren Guccione, CEO & Co-Founder of Keeper Security, to talk! Finally, In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches two premium services streams, Praetorian launches and Open Source security scanner, Tigera addresses demand for security of containers and Kubernetes, API Security 101, CVSS scores, and more! Show Notes: https://securityweekly.com/esw239 Visit https://securityweekly.com/keepersecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches two premium services streams, Praetorian launches and Open Source security scanner, Tigera addresses demand for security of containers and Kubernetes, API Security 101, CVSS scores, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw239
This week, in our first segment, we welcome Allie Mellen, Industry Analyst at Forrester Research, to talk about Humanizing Security Operations! Then, we welcome Darren Guccione, CEO & Co-Founder of Keeper Security, to talk! Finally, In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches two premium services streams, Praetorian launches and Open Source security scanner, Tigera addresses demand for security of containers and Kubernetes, API Security 101, CVSS scores, and more! Show Notes: https://securityweekly.com/esw239 Visit https://securityweekly.com/keepersecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Digital Shadows' CISO Rick hosts this edition of ShadowTalk. He is joined by special guest Gert-Jan Bruggink. They discuss: ● Gert-Jan's origin story ● Legos ● Threat intelligence-based pen testing and red-teaming ● Writing better threat landscape reports
Today we have one of the pioneers of the European tech ecosystem on to discuss how the European early-stage VC landscape has changed since its early days – and how their fund, Passion Capital, has unlocked access to investors with their latest fundraise.Eileen Burbidge, a Founding Partner of Passion Capital, and I had a fascinating conversation about all things VC, opening up access to the asset class to individual investors, what it means for the future of venture capital, and Eileen's love of Arsenal and why she's not a fan of the European Super League.Eileen has built a reputation as the go-to VC for seed stage companies in the UK and Europe – and for good reason.Her aptly named fund, Passion Capital, has built a name for itself as one of the top early-stage funds in the UK because of her passion for rolling up her sleeves, much like she did in her days as an operator at Skype, Apple, Yahoo!, and Sun Microsystems.I won't forget when we met last year at her office – she had just stepped out of non-stop meetings with one of her growth-stage companies, where she was helping them figure out team and talent questions.Not every seed stage VC has the ability to stay involved as their companies grow nor does this type of work, but that's what separates Passion from the pack.Eileen is just as much at home in her office, which doubles as a co-working space for Passion portfolio companies, as she is in 10 Downing Street, where she has been named the UK Treasury's Special Envoy for FinTech, has been appointed by the Chancellor as the Chair of Tech Nation, and was awarded an MBE in the 2015 Queen's Birthday Honors for her services to businesses.So maybe it's no surprise why she's been described as “The Queen of British VCs” by Fortune Magazine.She's certainly backed many of the British startup royalty at early-stage, being a Seed investor in Monzo Bank, where she still serves on the board, Tide Bank, GoCardless, Digital Shadows, Marshmallow, Butternut Box, and a number of others.Eileen has also had an illustrious career as an operator, working for Apple, Yahoo, and Sun Microsystems in the early days of the internet before moving to London in 2004 to become one of Skype's earliest employees and Head of Product. She then founded Passion in 2011 as one of the first Seed funds in London, serving a critical market need for the entrepreneurial ecosystem in London. She's now trailblazing once again by being one of the first funds to open up their LP base to the crowd, where they have partnered with Seedrs to allow individuals to invest into Passion's latest fund.She's also an independent non-executive board director at Dixons Carphone, a 10B pound revenue electrical and telecoms retailer and on the Transformation & Innovation Advisory Board at UniCredit.Thanks Eileen for being a pioneer in the European VC ecosystem and bringing innovative structures in venture capital to LPs.I hope you enjoy.
This week in the Enterprise News, Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces Kubernetes Open Beta in InsightVM, LogRhythm Releases Version 7.7, Imperva unveils new data security platform built for cloud, Acronis releases a new version of Acronis Cyber Protect Cloud, Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform, What's Behind the Surge in Cybersecurity Unicorns? Cisco Umbrella unlocks the power of SASE and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw223
This week, In the first segment, Ryan Noon from Material Security join us for a discussion on Zero Trust! Next up, John Loucaides joins for an interview on firmware attacks, and what enterprises need to do! In the Enterprise Security News:Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces Kubernetes Open Beta in InsightVM, LogRhythm Releases Version 7.7, Imperva unveils new data security platform built for cloud, Acronis releases a new version of Acronis Cyber Protect Cloud, Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform, What's Behind the Surge in Cybersecurity Unicorns? Cisco Umbrella unlocks the power of SASE and more! Show Notes: https://securityweekly.com/esw223 Segment Resources: Assessing Enterprise Firmware Security Risk in 2021 - https://eclypsium.com/2021/01/14/assessing-enterprise-firmware-security-risk-in-2021/ https://github.com/chipsec/chipsec The Top 5 Firmware Attack Vectors - https://eclypsium.com/2018/12/28/the-top-5-firmware-and-hardware-attack-vectors/ https://material.security/blog/email-is-too-important-to-protect-like-a-tsa-checkpoint https://www.cnbc.com/2021/03/09/microsoft-exchange-hack-explained.html Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://securityweekly.com/materialsecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, In the first segment, Ryan Noon from Material Security join us for a discussion on Zero Trust! Next up, John Loucaides joins for an interview on firmware attacks, and what enterprises need to do! In the Enterprise Security News:Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces Kubernetes Open Beta in InsightVM, LogRhythm Releases Version 7.7, Imperva unveils new data security platform built for cloud, Acronis releases a new version of Acronis Cyber Protect Cloud, Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform, What's Behind the Surge in Cybersecurity Unicorns? Cisco Umbrella unlocks the power of SASE and more! Show Notes: https://securityweekly.com/esw223 Segment Resources: Assessing Enterprise Firmware Security Risk in 2021 - https://eclypsium.com/2021/01/14/assessing-enterprise-firmware-security-risk-in-2021/ https://github.com/chipsec/chipsec The Top 5 Firmware Attack Vectors - https://eclypsium.com/2018/12/28/the-top-5-firmware-and-hardware-attack-vectors/ https://material.security/blog/email-is-too-important-to-protect-like-a-tsa-checkpoint https://www.cnbc.com/2021/03/09/microsoft-exchange-hack-explained.html Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://securityweekly.com/materialsecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week in the Enterprise News, Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces Kubernetes Open Beta in InsightVM, LogRhythm Releases Version 7.7, Imperva unveils new data security platform built for cloud, Acronis releases a new version of Acronis Cyber Protect Cloud, Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform, What's Behind the Surge in Cybersecurity Unicorns? Cisco Umbrella unlocks the power of SASE and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw223
ZDNet Security Update: Danny Palmer talks to Rick Holland, CISO at Digital Shadows, about what happens when law enforcement and cybersecurity companies take down underground forums. Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome! It is now up to 100s of thousands of organizations that have been affected by this Microsoft Exchange Server Vulnerability and it was so large that you could drive a freight train through it. Oh yes -- Microsoft did issue a patch but that did not fix the problem which was the backdoor that the bad guys installed. Nation-states, especially China and Russia have been spying on us an it will take a lot of research to determine what information they were able to get their hands on and what damage they can do with that information. We have deep fakes in the news again and there is more so be sure to Listen in. For more tech tips, news, and updates, visit - CraigPeterson.com. --- Tech Articles Craig Thinks You Should Read: Tens of thousands of US organizations hit in ongoing Microsoft Exchange hack Samsung just out-Googled the Pixel at guaranteeing Android updates Google’s Getting Rid of Third-Party Cookies, But Their Replacement Is a Terrible Idea Google claims it will stop tracking individual users for ads Tesla asks fans to lobby the government on its behalf Make Deepfake Videos of Your Ancestors, But Consider Your Data Privacy When Making MyHeritage 'Deepfakes' China’s and Russia’s spying sprees will take years to Unpack A new type of supply-chain attack with serious consequences is flourishing --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] If you've been listening to me for a while, you may not believe this, but I've got a recommendation here on Android phones. Coming up we're going to talk about Google's new replacement for cookies, and a little bit about what Teslas' been up to. I don't like this. I have never been a fan of Android phones, and you know why I haven't been a fan? The biggest problem with Android phones is the lack of security updates. That really does concern me a lot. Google also has not been the best when it comes to the Playstore and making sure that everything on the store is actually safe. Here is some very promising news for people who like the Android platform or maybe dislike the Apple platform for one reason or another. Frankly, there's a lot of reasons there too. Samsung has always been the leader when it comes to keeping their number one phones updated in the past. I've always said, make sure you can get updates. Samsung with its Galaxy phones has been good for about two years. They provide you with the security updates you need with some patches. Even if Google comes out with a patch, most of the phones out there that are running Android, do not get the updates. Ever. Some of these phones are older, they don't bother supporting them. Some manufacturers drop support within months after you buy the phone. Samsung has been good for about two years. So my rule of thumb has always been, if you're going to buy Android, if you gotta do it. Stick with Samsung and stick with their number one model. It is now promising four years of security updates for more than 130 Galaxy phones. That's pretty big when you consider that frankly, Android phones have been the butt of many a joke over the years. Samsung is working pretty hard to make sure that they are really able to deliver for the Galaxy owners. Now, this is cool because Samsung just early, I think, this year it was that the Samsung promise that most new Galaxy phones would be getting about three generations of Android version updates. Now, that amounts to a few years, as a rule, the generations in the Android world are pretty much about a year. Google has been providing updates for its own phone that it has. They provided to these other companies, like Samsung, to then take it and modify it to fit what they want and then they provide it to you. So, three generations are good. Now, they have said four years of security updates. Now, that's a pretty impressive promise. What they're trying to do is compete with Apple that has historically provided about five years of support. There's a big difference, obviously between two years and five years, but there isn't as much of a difference between four years' worth of security updates, and the five, six, seven years that Apple has been doing depending on what kind of security updates. That's very impressive. Of course, Samsung just a year ago wasn't guaranteeing anything in terms of updates. Most new phone purchases were good for a year or two of updates, but only the Pixel, which is made by Google and Android. One base phones were on the record about how long you could be getting updates from the manufacturer. Now Samsung is doing one better than Google. Remember, Google is the guy that actually provides the Android operating system. Google's only guaranteed three years of version and security updates for Pixel phones and that's not very many phones. Frankly, Google Pixel is not been selling well. It's the standard that all of the Android manufacturers use in order to have a kind of proof of concept. So this is what it should look like. This just should be how it acts. I'm looking at this list here. This thing is huge of all of these phones from Samsung that is going to be supported, here. You've got the Galaxy foldable devices. The whole family of folds. The Galaxy S series and starts at the S 10 plus moving on to the S 20, S 25 G, S 20 plus blah, blah, blah. A bunch of different S 20 models and the S 21. That's pretty darn good. That's a lot of phones. Also, the Galaxy Note series, starting at the Note 10, all the way up to the current Note, 20 ultra-five GS the Galaxy AA series. Again, certainly, the 10 going up to eight 45, the Galaxy AMS, the up through the Galaxy X covers series and again tab series, which has been pretty popular for a lot of people. If you're thinking about picking up one of your Android phones here soon, maybe you should give a second thought to the Galaxy. Now, they're guaranteeing that they're going to provide these security updates for you for four years. Yeah. Yeah. Okay, a guarantee we'll see how long that lasts. The other problem is how quickly are they going to get it out? You'll see Apple devices, who just this week they had a security patch, they pushed it out and they expect to see 70, 80% of all of the phones with that security patch installed within a week. That's your Apple iPhones. Google comes out with a security patch. They push it out. It has to go to the vendors like Samsung and then the vendor like Samsung has to take that add the device drivers that need for all of these models. Think about that for a minute. That's a lot of device drivers. That's a lot of different models. I think it's going to take them a while to do that and then they'll get it to you. That security update that comes from Google, we've seen takes six months in the past before it gets on to your phone. If you're looking at. Security, if that's a real concern of yours and sure should be particularly after this disaster of a company called Microsoft and their windows products. Particularly now this Microsoft exchange server bug. I'm so upset with Microsoft, but you know what? We'll get into that a little bit later. The Samsung, the galaxies, the Google Androids are not designed for all of the safety and security that you really do need, frankly. When you think about the models were talking about 130 models that Samsung is going to be providing new updates for. Okay. When we look at Apple and the iPhone models let me see how many iPhone models are there out there. I'm going to Google that right now, even as we're talking. So 2007, that is when they first came up with them. Okay. So since the very first iPhone, according to the pho iPhone Wiki, there have been 29 models of the iPhone. 29. Two nine. How many did I say Samsung is going to be updating? 130. So who has an easier time of providing updates, security, updates, testing the updates, pushing the updates, having people install the updates, the company that in the last, how many years has been making iPhones yet since 2007? Okay. So all the way up to 2021, that's a lot of years. Versus the Android who has been making these Galaxy's for many years, but is only going to be providing updates back to the Galaxy S 10 from 2019. That covers the 130 models. Are you getting what I'm selling here? Are you buying it? Yeah, it's impossible. Really? For Samsung, even with all that, they're trying to do here. They're trying to help out. It's impossible for them to keep up with security-based unless they have this massive team. I don't expect that they do have a massive team that's going to be working in parallel. 130 teams, one for each phone. That just isn't happening. So again, if security is a concern, Android is not the way to go. If, for some reason you morally, ethically, religiously cannot use an iPhone and then have a solid look at Samsung because of this promise they came up with, here in the last two weeks, of four years of security updates for more than 130 phones. Finally, there is an Android phone that will have security updates at some point in time, versus what we've had over the years of really, you can only count on it for one or two years. It's just not worth it. Not a good thing. Hey, I am sending out on my newsletter, not just my show Notes, but I have also been sending out one or two other emails a week that have some very narrow training. What I've been doing is making audiograms for you guys. This is a video that is of me speaking, explaining something. On that video, you can see all of the words you can read along, which is great for people who are hearing impaired, or maybe you want to have that computer muted for whatever reason. It makes it easy. You can find me on YouTube, just go to Craig peterson.com/youtube, and you can catch those audiograms. You can also get them. If you are an active subscriber to my newsletter, active means you open it. You read it. I know you do. If I don't consider you active you just don't get this extra information. So, make sure you open those emails. A lot of us have been complaining about cookies and tracking for a long time. Google has finally heard us? I'm not sure about this. We're going to talk about third-party cookies, right now. Hi, everybody. Thanks for joining me, Craig Peterson here. Well, third-party cookies are where you go to a website, and that web browser kind of squeals on you, shall we say. What happens is Google, for instance, is trying to track you as you go online. As you go between websites. They're calling this kind of an advertising surveillance industry on the web. Frankly, this third-party cookie has really been an important part of this whole surveillance industry. What it does now is it allows a website to have a look at where you have been online. When I say it allows a website, it's really Google, that's doing the tracking. Obviously, you're going to a website, Google doesn't own every website out there. In fact, it barely owns any, when you look at the number of websites that are out on the internet. So Google has this whole concept of if you're visiting this site and you have visited this site and this other site, I know something about you. So it sells that information because it's seeing the pattern, right? That's the whole idea behind the advertising. Phasing out these tracking cookies and these other persistent third-party identifiers have been something people have been trying to get rid of for a very long time. The Electronic Frontier Foundation you'll find them online@eff.org has been jumping up and down trying to get everybody to pull up their socks if you will. One of the first players to really jump into this was Apple. Apple has pretty much told the whole industry, you got to stop doing some of this tracking. Some of the tracking is okay. Again, how many times have I said, if I'm looking for a Ford F-150 then I don't mind seeing ads for the Ford F-150. Why would I want to see ads for a motor scooter when I'm looking for a pickup truck. Frankly, if I'm looking for an F-150, I expect to see ads maybe for a Chevy Silverado or a Dodge truck, does that make sense to you? I'm looking for something and that's when I'm interested in seeing it. Google is now jumping on this bandwagon because Apple has said we are going to be doing a couple of things. We are going to be forcing you, app developers, to tell everybody exactly what you are doing with their information, what you're tracking, who you're selling it to, what it's being used for. That's a very big deal. It's got the whole advertising industry very worried. Google is coming along saying, okay, Apple will do you a little bit of one better. Of course, the biggest complaint from Facebook who ironically has been buying newspaper ads, if you can believe that. Google has been destroying the newspaper industry and now it's going to newspapers to try and get people to stop Apple from destroying Facebook's industry by blocking some of the advertising tracking that Facebook has been doing. Now, what Google is doing is looking to replace these third-party cookies. How were they going to do that? They are already doing a few rather sneaky things. For instance, they fingerprint your browser. Your browser has a fingerprint because you have certain extensions on your browser that you've added. You have your computer, which has an operating system that has a certain version. It has a certain amount of memory. It has a certain amount of disc storage. A lot of the private information, personal information about your computer can be gleaned by a website. One of the things they've been doing this, you're blocking cookies. No problem. I can still figure out who you are and they don't necessarily know exactly who you are, but they have a very good idea. One of the proposals Google has come out with is called the federated learning of cohorts, which is very ambitious and could be the replacement, if you will, for these third-party cookies that could be the most harmful. What it is is a way to make your browser do the profiling. Itself. Historically they've been able to track your browser as you go around and then they have to pull all of that information together. They pull it together and they come up with a picture of you and who you are. Yeah. You're interested in buying a pickup truck, particularly an F150. This is an example. That picture gets detailed about you, but it's something that the advertisers have to put together. What this flock or federated learning of cohorts is doing is it's boiling down your recent browsing activity into a category. They're calling this a behavioral label, and then they're sharing it with websites and advertisers. The idea is basically your web browser itself is going to put you in one or more buckets and the websites that you're visiting and the advertisers that are advertising on those websites will be able to get that label that your browser has put on you. Yeah, you like that? So what EFF is saying is that this could exacerbate many of the worst non-privacy problems with behavioral ads, including discrimination and predatory targeting. You can guess what those things mean, right? They're calling this a privacy sandbox, right? It's always the opposite. If Congress is passing a bill, that is a COVID relief bill, you can bet that there's very little to do with COVID relief in the bill. Wait a minute, actually, that's true. There's only 9% of the money in this almost $2 trillion spending plan. 9%, that actually goes to COVID relief. Instant COVID relief bill. Same thing here with Google, right? This is the privacy sandbox and it's going to be better, Google says. In the world, we have today where data brokers and ad tech giants, track and profile everybody with complete impunity. Just like Equifax has. Just like Equifax lost our personal identifiable information, our social security numbers, or addresses or names or date of birth, et cetera, et cetera. Yeah. Yeah. Okay. We pay a small fine. Yet. We go on. Are they out of business? Have they lost business? In fact, they gained business because people have been paying Equifax to monitor their credit. Oh my gosh. That framing that Google is talking about is based on a false premise that you have to choose between tracking and new tracking. Does that sound familiar? Yeah. It's not an either-or. We really should be rejecting this whole new federated learning of cohorts proposal Google has come out with. You can bet that Apple is going to reject this outright because it's really rather terrible. If you care about your privacy on the other hand again, I look at it and say I want an F-150. I don't mind ads for pickup trucks, so what's wrong with that? Okay. There's two sides to this. I just don't like them calling me by name when I walked past a billboard. Stick around, we'll be right back. I'm a fan of much of what Elon Musk has done, what he's trying to do when it comes to technology, and being a proponent of technology. I'm not fond of Elon Musk taking over $3 billion from the taxpayers though. Hi, everybody. I appreciate you spending a couple of hours with me here on the weekend. There's so much to cover. Elon Musk it was $3 billion that he had received in government subsidies. Now we're looking at this, according to good jobs, first.org. We're looking at $4.9 billion dollars that Elon Musk has received basically from the taxpayer. It's really sad when you get right down to it. Now, Tesla got money from taxpayers he's paid some of it back. It's really the government trying to name a winner. There's a lot of competing technologies. There's even non-electric cars out there. How many of you even aware of this? That use, for instance, hydrogen instead of electricity. Now there's, of course, with any technology there's complications here and there. Hydrogen is absolutely amazing. It's an electric car. You fill it up with hydrogen and the only byproduct of the burning, if you will, the hydrogen, is water. In fact, it doesn't burn the hydrogen. It combines it with oxygen to make the water and produce electricity all at the same time. Very cool. There are some prototypes out already on the roads out in California and some other places around the world. When the government's giving out billions of dollars to electric cars, they're effectively naming a winner. Aren't they? Does that make sense? I don't think so. We've got to have a free market and this is not a way to have a free market. It's just like with solar, wind, some of these other technologies where the government is taking our tax dollars and is saying this particular technology, and even worse, look at Solyndra, look at some of these others just absolute debacles. Now, even worse they give money to a specific company within a certain industry. That is not a good thing. Government has a terrible record at picking winners. Even investors, you look at people who are angel investors and who are venture capitalists. They are lucky. If they make money in one of 10 of their investments. It is not a great way for them to make money. A professional investor does terribly. Imagine how poorly a politician does. The politician is going to be listening to the people knocking on their door, saying here's some money for next time you run for the house or Senate. Or locally, in local elections, it even happens. That is a very bad thing. It's been proven again, and again over particularly in the last about 140 years. Governments' terrible about picking winners. Yet they do it every day of the week. Tesla has gotten money, right? Some, of its tax benefits, some of it is actual cash. The bottom line, they've some great technology. Now what's happening is Tesla is asking Tesla fans to lobby the government on its behalf. Great article by Rachel Kraus over on Mashable about this week. I love it. She says a Tesla fan. Your mission. Should you choose to accept it is to go to bat politically for the company. Check this out online. You might want to too because Tesla has launched a new online portal called the Tesla engagement platform. CNBC spotted this about a week ago, and this is a hub where Tesla posts actions its users can take like contacting government officials when there is a potential law that would affect the company. In fact, it says in a blog post on this hub Tesla built. Engage Tesla is a new platform for both Tesla's public policy team and Tesla owners clubs. Its goal is to create a digital Homebase for all of our work and to make it easier for Tesla community members to learn what's top of mind for us. Take meaningful action and stay in the loop. We hope you'll enjoy our, excuse me, will we hope you'll join us in getting involved? Oh my gosh. So, I'm on Engage Tesla, it is at engage.tesla.com. Very pretty pictures. By the way, of some of these new Tesla cars, very cool cars. I would absolutely drive one of these things. One exception, I don't like the handles. I talked about that a couple of years back. About door handles on the outside. Having been in emergency medicine for a while. EMS, I can tell you, in accidents, you want something you can grab onto and have serious leverage. The doors get bent, things happen. There's at least one case I'm aware of where someone got trapped inside the car that was involved in an accident and then burned to death because the people who were trying to rescue him could not get him out of the car because there are no door handles to pull on. Yes. I know the handles come out automatically when everything's working right. I'm talking about the most extreme of problems here. Anyhow, I'm digressing again. Uber is doing much the same thing, by the way. It isn't just Tesla. Uber is, in fact, they had their drivers this was October last year, sue Uber over what these drivers called pressure to vote and advocate for the proposition in California. Not a good thing when you get right down to it. It is it's a real problem when you look at this in detail now. I'm not sure it's a terrible problem, but I do have a serious problem with companies soliciting the government in order to get things like tax subsidies in order to get special favors. A lot of people do too. Look at all of the people who were upset with Tesla for trying to get a tax holiday for its battery plant and for some of its other facilities and things that they're doing. By the way, there is currently a post on this Tesla engagement platform asking Nebraska residents to contact lawmakers about a law coming up for a vote that would enable Tesla to open showrooms and service stations in the state where it's currently prohibited. Now I brought that one up, particularly because I think again, free market. There's no reason in today's world. No legitimate, let me put it that way, reason to have dealerships. I think we should be able to buy a vehicle directly from a manufacturer. If they want to have certified repair shops, knock yourselves out, but we don't need somebody sitting there anymore in a dealership. Same thing with most of these distributorships. I think we have been shown that a car can be ordered online, configured, online shipping to us. We can be pretty darn happy with it. By the way, that they are shipping it to us in our state gives them what's called a legal nexus. So, they do have a presence in the state. They can be sued in the state if there is a problem. This whole thing in Nebraska, I don't think there should be dealerships that are exclusively provided the right to sell vehicles within the state. My opinion. All right. Hey, stick around. Cause we will be back. We're going to talk a little bit about deep fakes. This is cool because MyHeritage is doing something that's scaring a few people. You're listening to Craig Peterson. Make sure you check out my website, Craig peterson.com and sign up. You might've seen some of these deep fakes out there. Videos where it's putting Elon Musk's face on people or others in videos. Did you know that there's audio as well? They're using it to bring back our ancestors. Hi guys. I really appreciate you listening to me. There is a website out there called MyHeritage and it's very popular. It's a site that allows you to do a genealogical examination of yourself, a little look at DNA, they'll look at your family tree. They've got some research stuff up there. They have something new called Deep Nostalgia and I think this is very cool. It really introduces some interesting problems, frankly. This allows you to animate a face in a photo. It's unnerving. When you have a look at this thing. You can check it out, again. MyHeritage.com/deep-nostalgia N O S T A L G I A. In case you're wondering how to spell it. They require you to create an account on their site and then you upload the photograph. It takes that photograph and it has them pose it's really uncanny. I'm looking at a picture black and white that was taken it's right there on their site of a couple. I would guess this is a 1960-ish-era photograph based on the hairstyles and the glasses. It's just so weird because they have this photo. It's a head-on face-on photo and they've animated it so that the woman in this photo she's moving her head around. She's smiling. This is a really great smile. She blinked. She moves her head up and down and looks over to her and looks back again. Wowsers. It is absolutely amazing. You might want to check it out. It's a form of artificial intelligence that's doing this. Of course, it has to make a bunch of assumptions. So if you look, you don't even have to look that closely, but if you look fairly closely at the picture, you'll see some detailed problems with her hair, the ends of her hair. At the top of her head, because you can't see the whole top of her head in the original picture. You can obviously not see both sides of her face or her head because that particular picture just a straight-on shot. It's making it up as it goes. We're seeing deep fakes more and more. We're going to see a real problem, coming up in another couple of years, certainly by the time 2024 arrives with deep fakes. We've already got Russians influencing our elections. Of course, not as much as the oligarchs out in Silicon Valley have been influencing our elections, but they are already influencing us in a very big way. China, as well, imagine what'll happen when they start producing deep fakes of our presidential candidates saying things or doing things that they have never said nor done. What I did is. I figured I want to give you guys an example. Audio seems to be a little bit harder for the deep fakers than some of the videos. At least the technology and audio hasn't quite come as far. I'm going to play for you right now. A deep fake of my voice. This is not my voice, you're about to hear. Then I'm going to play a completely computer-generated deep, fake. So let's go here. I'm going to play my voice right now. This is an example of a deep fake using my voice. Did you catch that? That wasn't me. That was a computer again. I'm going to play it for you one more time. This is an example of a deep fake using my voice. Now you can hear some of the problems with it. If you listen really closely that it's not really me, but it's close enough that if you weren't paying a whole lot of attention, you would not notice that it really wasn't me saying something. Expect within the next year, that type of technology to get to the point where you won't be able to tell. So think about it. What would happen? If a tape was released, talking about, Mitt Romney for instance, saying half of the voters that are never going to vote for me anyway, and that was recorded. I guess, by one of the waiters, it was at an event. If you took this voice of mine and you created a deep fake, cause all you need is about five seconds worth of someone's voice to make a deep fake. You had politician X, let's say that Hillary is running again for precedent, okay in 24. You could have her say almost anything. The audio quality might not be up to it, but with most of these recordings that are made on people's cell phones either, is it. I want to play another deep fake. This is a completely fabricated female voice. This is an example of a deep fake using a completely generated voice. Yes, indeed. I created that. I can make her say anything I want to. Help me. Craig is holding me hostage inside his computer. Yeah. This is going to be a huge problem in the future. There are concerns about what they are doing over at MyHeritage. Look at some of these pictures. Here's one it's cool. It's unnerving. Here's again, a guy with a family, this one's in color, he's got a right ear, the really pops out there, but he's looking around. Have you used an iPhone and taken a picture and they call them live pictures. You can see the person right before the shutter is closed. You can see the person moving around. It's really a little video right in front of the picture. That's what these things look like. Ah, here's this little kid he's looking around. Here's one, a very old one. Oh my goodness, it is creepy. You got to check this out online. MyHeritage is.com/deep nostalgia. Now here's where the concern comes in. In an article on Life Hacker. By David Murphy, he is talking about taking these old pictures could be very old pictures of somebody sitting around somewhere, uploading it to the site. Then you get a little bit of nostalgia. I get creepy nostalgia that only comes from this static image now moving around on your screen. I don't get it, really, I don't myself. I think that it's just plain creepy, but if you decide to do it, cause it is cool. Okay. You probably should use a temporary account to make it to make your account over on MyHeritage and maybe also delete the photos that you upload and turn into these deep fakes. So many other websites out there, if you do go ahead and upload it, they go and claim the rights to it because it's a derivative piece. They made this little video from your photos. So, that's not your photo anymore. It's now theirs. It gives them a royalty-free worldwide perpetual and non-exclusive license to host copy, post, and distribute the content. It could be a problem, but I can tell you one thing that definitely would be a problem, that is if you use a username and the password you've used elsewhere. Now, I have to bring this up because most of us are using the same password on every website or maybe, yeah we're really smart. We got three passwords and we vary them. I did that for years, but that was many decades ago. We just can't do that anymore. If you are going to make an account on MyHeritage or anywhere else, make sure you don't use a password that you've used anywhere else because it is a problem. Ultimately, it's a real problem for you and you can't believe your eyes or your ears anymore. You share these pictures. I don't know that they allow you to download them because I did not put my own pictures up there. If these pictures are watermarked. Delete your account. Click that blue link under the big grid text to get started. That's supposed to delete anything anyways. You can figure it out but have a look anyway, it's in my newsletter that comes out on Sunday morning. There'll be a link in there that you can click on and see what they've been able to do. Remember. When it comes to particularly things coming up in this next election where it really matters who we vote for, it really matters. Other countries have a very big opinion about who we should be electing to office. Look at what happened with Rep Swalwell out in California. Here's a guy who was running for mayor the Chinese socialist government decided they would put a honeypot into his campaign. So they got this woman who was trained in seducing people. They seduced Swalwell and she raised money for him, for his campaign as mayor and stuck with him over the years, all the way until he was in Congress. Then in Congress, she helped him get onto the very influential committee in Congress, where he had full access to our government secrets. Certain secrets that are. She apparently was feeding all the information right back to China. That is not a good thing, not a good thing at all. It goes to how much. China is willing to do to directly influence and infiltrate our government and our businesses. If they will assign one of their spies to seduce a mayor of a small city in California, and then help elevate him to Congress and to the chairmanship in Congress. By the way, The speaker of the house, Nancy Pelosi has not removed him from that seat. She's got a Chinese spy problem herself. That's another story. They're willing to do anything. It's going to be a rough little time here going forward. Let me tell you these deep fakes are getting more and more real. I'll be right back with a whole lot more. You're listening to Craig Peterson. I've been talking about this on the radio all week, at least since midweek. I want to talk about it now, and why I am so upset with Microsoft. I can hardly contain myself. This is crazy. This is Craig Peterson here. You heard it right. The guy that's very upset with Microsoft. What shall I say? We're going to be getting into that in just a couple of minutes. This is a real problem. What are we supposed to do? We have bad guys now doing what is called supply chain attacks. The simple way to explain this is you have someone who is supplying software for you. It could be Microsoft. We heard about something, that happened very recently with SolarWinds and how they had software that they were providing their customers, which included government agencies. All kinds of them. It included many businesses. A lot of managed services providers were hacked by this. A very, very big problem, because they were trusting the software that came from SolarWinds, and that software had been digitally signed, so they knew it was legitimate. Everything's good. Nothing to worry about here, let's go on with our lives. However, the reality was that the SolarWinds software had been hacked many months prior to anybody really noticing. It was hacked in such a way that when SolarWinds provided their software to their customers were now infected. Now, you might look at it and say SolarWinds, they should be signing their software. They should be watching the chain of custody for their software. They did, in both cases, they were signing it digitally so that their customers knew, okay, this is legit. This is really from us. You can install it. It's good. But you're checking the signature didn't do any good. You were still going to be hacked because it was in SolarWinds software. Microsoft has been providing us with software for many years. I helped develop some of the Windows NT code ways back when. Their new technology, that's what the current versions of Windows are based on. I can remember way back then, just what a mess it was I couldn't believe the way they did so many things. It was just absolutely crazy. Of course, David Cutler, VMS guy, for those of you who remember all of that, really spearheaded that NT project. There were a lot of VMS systems in it, but then Microsoft ripped them out. They ripped them out because they didn't want to have to support an operating system that enforced security. VMS has been a very secure operating system is written by true programming professionals, not interns, as it was exposed with Microsoft, having interns develop one of their versions of their operating system, like 80% of it. It was crazy. That was only found out because of discovery. Yet Microsoft is sitting on cash. A whole lot of cash. It's billions of dollars. Let me see. I'm looking up right now. Microsoft is sitting on $136 billion in cash, right now, according to MacroTrends. Now, were they using that cash, that $136 billion in cash, to make their products more secure? Doesn't look like it does it. They had such a huge hole. You could drive a freight train through. The Chinese were able to infiltrate, in fact, many of our machines. This isn't tens of thousands of our machines, this isn't just something like ransomware, where you know about it because Hey, they're asking a ransom, right? They're threatening they're going to release our secrets, our software, our personal information. If we don't pay up it wasn't one of those things. What they did is they got onto these machines in education. In other words, school districts. Hospitals, doctor's offices, government agencies, including defense department guys, Homeland security guys. Okay. Our businesses all the way across the world. They put back doors on. What a backdoor is. it is something that allows them to go to your machine anytime they want? In this case do pretty much anything they want it to. Microsoft comes out with fixes this last week. This is specifically for the Microsoft exchange server. By the way, if you're running Microsoft Exchange server, either locally in your business or in the cloud, you have this bug. They released a patch that supposedly closes the hole. It was used by the Chinese to install permanent back doors and what did they not do? They didn't remove the back doors that the Chinese had put in. What's Microsoft saying to us then, are they saying, Hey, listen, you're fools for buying our software. I don't think they're saying that. I am at the point now where I'm saying that we are fools for trusting Microsoft. We're fools for trusting these companies that have a product to sell. All they're trying to do is sell the product. Look at what's been happening with some of these antivirus products. Look at what's happening with these VPN products. They have the software to sell and they're going to sell it. They're not going to tell you the whole truth, nothing but the truth. Forget about it. They're going to do anything they can to sell you the product. So are Microsoft people. Are people getting fired for buying Microsoft? It's like IBM in the seventies and the eighties, you never got fired for buying IBM. People should be fired for buying Microsoft. If you have a Microsoft Exchange server, not only do you need to make sure you install all of the patches. There were four critical Microsoft exchange servers, zero-day vulnerabilities patch. In other words, things that they hadn't been able to patch it and know about yet. Supposedly, right? There are articles I've read that say they've known about at least one of these vulnerabilities for a year plus. There are other vulnerabilities Microsoft knows about that they haven't bothered closing the door on. They are in our supply chain. They are getting us the software that we need and they're signing it and it's installed in it. We're upgrading our machines. Sometimes the upgrades that they provide, the security patches actually work, in this case. It may close the door. What it's not doing is providing us with a way out of this huge mess. Velma agrees with me here. Okay. No, she absolutely does. They released fixes on March 2nd. Microsoft has been saying they've been used in limited and targeted attacks against law firms, infectious disease researchers, defense contractors, policy think tanks among other victims. Yeah. Yeah. How is it a problem? I don't see it. Oh, my goodness. Companies are seeing abuses of these Microsoft exchange server problems starting in January. There are reports that I found out there online. There are three clusters of vulnerabilities. Tens of thousands of US-based organizations are running Microsoft exchange servers that have been backdoored by these threat actors, who we are thinking are Chinese. They are stealing administrative passwords. They're exploiting these critical vulnerabilities in the email systems and calendaring application. They've done nothing, Microsoft to disinfect the system's already been compromised. Can you believe this? I got this from Krebs on security. They were the first ones to report this mass hack and Krebs has got some great stuff they have had for many years now, frankly. Brian Krebs put the number of compromised US organizations, at least at 30,000 worldwide. Krebs said that there were at least a hundred thousand hacked organizations. Now, an organization is a government agency. It could be a hospital, could be a doctor's office, could be a business, right? Anything is an organization, tens of thousands in the U. S. This is the real deal. This is a very big deal. You have to assume if you are running a Microsoft Exchange server, this is the server that is used for email. This is how small businesses often run. Their email is an exchange server. This is how hospitals and government agencies, et cetera, run their exchange server, which is ridiculous. I have never purposely used an exchange server, right? If there's any way around it I've always has gone to something better, a Unix-based system. Postfix, almost anything rather than the incredibly buggy software from Microsoft. It is just horrible. Anyway, you have to assume that you were compromised between near the end last week of February and the first week of March. Absolutely incredible limited targeted attacks. This isn't something that was just absolutely widespread. They went after companies because they knew they could get something out of the companies, a very skilled hacking group from China. They're focused primarily on stealing data from US-based infectious disease researchers. As I said, law firms, right? Higher education institutions, defense contractors, policy, think tanks and NGOs. It's absolutely incredible what they've been doing and we cannot put up with it anymore. I want to put a little word here. If you are a business and you have been using Microsoft exchange server restore from a backup. I would say in the January timeframe, you'd probably be safe. Probably, didn't have any back doors in January. Hopefully, you've got a backup that goes back that far. Okay. Then find something else. Don't use this. Microsoft does not care. You cannot have $136 billion cash on hand, and not spending serious amounts on security. You can't tell me they care. Because frankly, I don't think they do. Hey, go online. Craig peterson.com get some of the free training, other things, and I'm offering right there. Craig peterson.com. Hey, welcome back everybody we're talking right now about InfoSec, information security. Have you thought about maybe taking up a bit of a new career? Well, there are some estimated 2 million open jobs in this one? This is Craig Peterson. Thanks for joining me today. This article appeared in dark reading. Now, dark reading is an online magazine, right? It's a website. And they had this article that I absolutely had to read because it reminded me of someone I know. One of our listeners, who decided he needed a new career. He'd lost his job. He'd been out of work for over a year and he had been managing a retail camera shop and they shut it down. He was stuck. What do I do? He'd been listening to the show for a long time. He decided he wanted to go into information security. He took some courses on it and he got himself a job. A full-time job being the chief IT security guy for this company after just a few months. So that tells you how desperate these companies are. Kind of jerking his chain a little bit, but not right, because he just barely had any background. If you want me to connect you with him, if you are serious about thinking about one of these careers, I'll be glad to forward your request to him, just to see if he's willing to talk to you. Just email me M e@craigpeterson.com and make sure you mentioned what this is all about. So I know what's going on. Ran Harel, who is security principal and product manager over at Semperis said, when I was growing up, I was quite an introvert, by the way, that sounds like a lot of us in it. I didn't realize until much later on in my career, just how great the security and tech community is looking back. I realize how quickly I could have solved so many issues, by just asking on an IRC channel or forum. IRC is an internet relay chat, a bit of a technical thing, but it's an online chat. I would tell my former self, the problem you are facing now is probably been dealt with multiple times in the past year alone. Don't be afraid to ask the InfoSec community and then learn from them. That's absolutely true. I found an online IRC channel basically, and they were set up just to talk about CMMC is this new standard that department of defense contractors are having to use. As you probably know, we have clients that are manufacturers and make things for the Department of Defense and they have to maintain security. It's been interesting going in there answering questions for people and even asking a couple of questions. It is a great resource. This particular kind of IRC is over on discussion. You can find them all over the place. Reddit has a bunch of sub- Reddits. It's dealing with these things, including, by the way, getting into an InfoSec career. So keep that in mind. There's lots of people like myself that are more than willing to help because some of the stuff can get pretty confusing. All right. The next one. Is from Cody Cornell, chief security officer, and co-founder over at swimlane. He said, apply for jobs. You are not qualified for everyone else is. Man. I have seen that so many times everybody from PhDs all the way on, down throughout a high school and who have sent me applications that they were not even close to qualified for. Now, you can probably guess with me, I don't care if you have a degree. All I care about is can you do the work. Can you get along with the team are you really going to pull your weight and contribute? I have seen many times that the answer to that is no, but I've seen other times where, wow, this person's really impressive. So again, apply for jobs you're not qualified for because everybody is. Security changes every day. New skills techniques and the needs of organizations are always shifting. And to be able to check every box from an experience and skills perspective is generally impossible. Looking back at 20 years of jobs in the security space, I don't believe that I was ever a hundred percent qualified for any of them, but felt confident that I could successfully do them. So keep that in mind. Okay. Again, imposter syndrome, we're all worried about it. This applies to more than just InfoSec. This applies to every job, every part of life, we all feel as though were impostors and that we're not really qualified, but the question is, can you figure it out? Can you really do it? Next up here is Chris Robert, a hacker in residence, he calls himself over at Semperis and he says, overall, the most important lessons that I'd tell my younger self are not tech-based. Rather they focus on the human aspect of working in the cybersecurity industry. I think cybersecurity professionals in general, tend to focus on technology and ignore the human element, which is a mistake and something we need to collectively learn from and improve. I agree with him on that as well. However, we know humans are going to make mistakes, so make sure you got the technology in place that will help to mitigate those types of problems. Next up, who's got, Marlys Rogers. She's CISO over at the CSAA insurance group that's a lot of four-letter acronyms. You are nothing without data. Data is queen. Coming from an insurance person, right? Without hard data, you can only speak to security in more imagined ways or ways. The board and C-suite are aware of in the media cost-benefit is only achievable with related data points. Demonstrating how much we are fighting off and how the tools, processes, and people make that happen. Next up we have Edward Frye, he's CSO over at our Aryaka. When I first started out, I was fairly impatient and wanted to get things done right away. While there are some things that need to be done right now, not everything needs to be done. Now have the ability to prioritize and focus on the items that will have the biggest impact. I think one of the biggest lessons I've learned along the way is while we may need to move quickly, this race is a marathon, not a sprint. Patience is essential for security pros. I can certainly see that one. Chris Morgan, senior cyber threat intelligence analyst over at Digital Shadows, despite the way that many in media liked to portray cyber threats, not everything will bring about the end of the world. For those getting into incident response and threats, try to have a sense of perspective and establish the facts before allowing your colleagues to push too quickly towards remediation mitigation, et cetera. Expectation management amongst senior colleagues is also something you'll frequently have to do to avoid them breaking down over a mere phishing site. The quote, one of my former colleagues try to avoid chicken, little central. I've seen that before as well. The next one is things are changing daily and the last one is a perception of security is still a challenge. So great little article by Joan Goodchild. You'll see it in my newsletter, which we're trying to get out now Sunday mornings. You can click through the link if you'd like to read more. As you can see. 2 million open jobs while between one and 3 million, depending on whose numbers you're going at in cybersecurity. You don't have to be an expert. As I said, one of our listeners went from not knowing much about it at all. He can install windows. That's it. To having a job in cybersecurity in less than six months, stick around. We'll be right back. I'm doing a special presentation coming up next month for the New England Society of Physicians and Psychiatrists. We're going to be talking a little bit about what we will talk about right now. What can you do to keep your patient information safe? What can we do as patients to help make sure our data's safe. Hi, everybody. You'll also find me on pretty much every podcast platform out there. Just search for my name, Craig Peterson. I have a podcast and it makes it pretty easy. I've found some of them don't understand if you try and search for Craig Peterson, tech talk, some of them do. I've been a little inconsistent with my naming over the years, but what the heck you can find me. It's easy enough to do. I've got this new kind of purple-ish logo that you can look for to make sure it's the right one. And then you can listen to subscribe, please subscribe. It helps all of our numbers. You can also, of course, by listening online with one of these devices, help our numbers too. Cause it's you guys that are important. The more subscribers we have, the way these algorithms work, the more promotion we'll get. I think that's frankly, a very good thing as well. What do you do if you need to see a doctor, that question has a different answer today than it did a year ago. I won't be able to say that in about another month, right? Because mid March is when everything changed last year, 2020, man, what a year? To see a doctor nowadays, we are typically going online aren't we. You're going to talk to them. So many doctors have been using some of these platforms that are just not secure things like zoom, for instance, which we know isn't secure. Now, the fed kind of loosens things up a little bit under the Trump administration saying, Hey. People need to see doctors. The HIPAA PCI rules were loosened up a little bit in order to make things a little bit better. Then there's the whole DSS thing with HIPAA. All of these rules are just across the board are loosened up. That has caused us to have more of our information stolen. I'm going to be talking a little bit about this FBI, actually multi-agency warning that came out about the whole medical biz and what we need to be doing. Bottom line, Zoom is not something we should be using when we're talking to our doctors. Now, this really bothers me too. Zoom is bad. We know that it's not secure and it should not be used for medical discussions, but Zoom has been private labeling its services so that you can go out and say, Hey, zoom, I want to use you and I'm going to call it my XYZ medical platform. People have done that. Businesses have done that. Not really realizing how insecure Zoom is. I'm going to give them the benefit of the doubt here. You go and you use the XYZ medical platform and you have no clue of Zoom. Other than man, this looks a lot like Zoom, that's the dead giveaway. Keep an eye out for that because a lot of these platforms just aren't secure. I do use Zoom for basic webinars because everybody has it. Everybody knows how to use it. I have WebEx and the WebEx version of it is secure. In fact, all the basic versions, even of WebEx are secure and I can have a thousand people on a webinar or which is a great way to go. It's all secure end to end. Unlike again, what Zoom had been doing, which is it might be secure from your desktop, but it gets to a server where it's no longer secure. That kind of problem that telegram has, frankly. If you are talking to your doctor, try and use an approved platform. That's how you can keep it safer. If you're a doctor and you have medical records be really careful. Zoom has done some just terrible things from a security standpoint. For instance, installing a complete web server on a Mac and allowing access to the Mac now via the webserver. Are you nuts? What the heck are you doing? That's just crazy. Just so insecure. This is all part of a bigger discussion and the discussion has to do with Zero trust architectures. We're seeing this more and more. A couple of you, Danny. I know you reached out to me asking specifically about zero trust architectures. Now Danny owns a chain of. Coffee shops and his family does as well. He says, Hey, listen, what should I do to become secure? So I helped them out. I got him a little Cisco platform, and second Cisco go that he can use as much more secure than the stuff you buy the big box retailers or your buying at Amazon, et cetera, and got it all configured for him and running. Then he heard me talk about zero-trust and said, Hey, can I do zero-trust with this Cisco go, this Muraki go, is actually what it is and the answer is, well so here's the concept that businesses should be using, not just medical businesses, but businesses in general and zero trust means that you do not trust the devices, even the ones that you own that are on your network. You don't trust them to be secure. You don't trust them to talk to other devices without explicit permission. Instead of having a switch that allows everything to talk to everything or a wifi network where everything can talk to everything, you have very narrow, very explicit ways that devices can talk to each other. That's what zero-trust is all about. That's where the businesses are moving. There's zero trust architecture, and it doesn't refer to just a specific piece of technology. Obviously, we're talking about the idea that devices, and even on top of that, the users who are using the devices only have the bare minimum access they need in order to perform their job. Some businesses look at this and say that's a problem. I'm going to get complaints that someone needs access to this and such. You need that because here's what can happen. You've got this data that's sitting out there might be your intellectual property. You might be a doctor in a doctor's office and you've got patient records. You might have the records from your PCI your credit card records that you have. I put on. Those are sitting there on your network that is in fact a little dangerous because now you've got something the bad guys want. It's dangerous if the bad guys find it and they take it, you could lose your business. It's that simple. They are not allowing you to use the excuse anymore because of COVID. That excuse doesn't work anymore. The same thing's true with the credit card numbers that you have the excuse of I'm just a small business. It's not a big deal. Doesn't work anymore. They are taking away your credit card privileges. We had an outreach from a client that became a client, that had their ability to take credit cards taken away from them because again, there was a leak. So we have to be careful when you're talking and you have private information, or if you don't want your machine to be hacked, do not use things like Zoom. I covered this extensively in my Improving Windows Security course. So keep an eye out for that as well. If you're not on my email list, you won't find out about this stuff. Go right now to Craig peterson.com. If you scroll down to the bottom of that homepage and sign up for that newsletter so you can get all of what I talk about here and more. Hey, thanks to some hackers out there. Your application for unemployment benefits might've been approved and you didn't apply for it in the first place. Turns out somebody stealing our information again. Hi everybody. Craig Peterson here. This is a big concern of mine and I've often wondered because I have not been receiving these stimulus checks. I did not get the first round. I did not get the second round and I contacted the IRS and the IRS says depends on when you filed for 2019. Oh my gosh. Of course, I was a little late filing that year. They still haven't caught up. I guess that's good news, right? That the IRS data processing centers are terrible. It goes back to aren't you glad we don't get the government we pay for is the bottom line here, but I've been concerned. Did somebody steal my refund? Did somebody steal my unemployment benefits, did somebody steal my stimulus checks? It is happening more and more. There is a great little article talking about this, where someone had stolen the author's John personal information again. Now we probably all have had our personal information stolen, whether you're aware of it or not. As usual, I recommend that you go to have I been poned.com and pwnd is spelled, pwn, D have I been poned.com and find out whether or not your data has been stolen and is out there on the dark web. They have a really good database of a lot of these major hacks. Many of us have been hacked via these credit bureaus and one in particular Equifax who have all kinds of personal information about us, had it all stolen. It's easy enough for people to steal our identities file fake tax returns. That's why the IRS is telling you, Hey, file your return as soon as possible. That way when the bad guys file, we'll know it's the bad guys' cause you already filed it. As opposed to you file your tax return and the IRS comes back and says, Oh, you already filed. We already sent you a refund or whatever. You already filed it. That is a terrible thing to have to happen because now you have to fight and you have to prove it wasn't you. How do you prove a negative? It's almost impossible. At least in this case, hopefully, the check was sent to some state 50 States away, another side of the world. So you can say, Hey, listen, I never been there, then they can hopefully track where it was deposited. Although now the bad guys are using these websites that have banks behind them, or maybe it's a bank with a website that is designed for people to get a debit card and an account just like that. That, in fact, is what was used to hack my buddy. My 75-year-old buddy has been out delivering meals and had his paychecks stolen through one of those. These fraudulent job claims are happening more and more. It's really a rampant scam. We've had warnings coming out from the FBI and they have really accelerated during the lockdown because now we've had these jobless benefits increased, people, making more money staying in their home than they made on the job. Disincentives for working, frankly. He's saying here the author again, John Wasik, that a third of a million people in his state alone were victims of the scam. This is an Illinois. This is where he lives. A third of the people in the state of Illinois, including several people that he knew. We've got some national tallies underway. I don't know if you've seen these. I've seen them on TV and read about them, California. It is crazy. People were applying for California unemployment that didn't live in the state at all, would come into the state and once you're there in the state pick up the check, right? Cause that's all they were doing. Some people have been caught with more than a million dollars worth of California unemployment money. Of course, it wasn't a check, it was actually a debit card. The same basic deal and California is estimating that more than $11 billion was stolen. Can you imagine that tens of millions of people could have been scammed because of this? This is the third time the author had been a victim of identity theft and fraud. He wanted to know how could they get his information. Well, I've told you, check it out on, have I been pwned. It'll tell you which breaches your information was in. It does it based on your email address. It'll also tell what type of data was stolen in those breaches. So it's important stuff. I think you should definitely have a look at it. He is very upset and I can understand it. Data breaches last year, more than 737 million data files are ripped off according to act.com. Frankly, that was a digital pandemic, with more and more of us working at home. I just talked about the last segment. Your doctor's office and you are talking to your doctor. How now? Cause you don't go into the office. There are so many ways they can steal it. The FBI's recording now a 400% increase in cybercrime reports that we had this mega hack of corporate and government systems. This whole thing we've talked about before called the SolarWinds hack, although it was really more of a Microsoft hack, and it went out via SolarWinds as well as other things. Be careful everybody out there. If you find yourself in these breach reports, have I been pwned make sure you go to the website. Set yourself up with a new password. At the very least use a password manager. I just responded to an email before, when it went on the air today, from a listener who was talking about two-factor authentication. He's worried about what you're to use. I sent him my special report on two-factor authentication, but it is the bottom line, quite a problem. Again, Use one password, use two-factor authentication with one password. Don't use SMS as that and you'll be relatively safe. I don't know I can't say do this and you'll be safe. I don't think there's any way to be sure your safe. Having these organizations, businesses, government agencies hacked all the time that don't seem to care about losing our data, right? Oh, it's a cost of doing business, some of these businesses, and I've talked to them, they'll look at it and say, how much will it cost us in fines if our data is stolen? Versus, how much will it cost us to keep our data relatively safe? For even a larger small company, a hundred employee company, you're talking about something that is going to be costing you about 25 grand a month. That's if it's outsourced. If you're trying to do it yourself and a hundred-person company, you can easily be spending a hundred grand a month. It's expensive to do. They'll look at it and say, okay, this is going to cost us a million dollars a year, odds are, it'll be two years, maybe three before we're hacked. That's this statistic, although you're rolling the dice, it might be tomorrow that you get hacked. $3 million versus our fines are going to be about a million dollars. We'll just take the fine. That to me is just disgusting. How can these people live with themselves? I don't know. Maybe it's just me. I'm going crazy. That leads us to this New York Times article I was talking about on the radio this week. The New York Times article talking about how the United States, really, we are losing control of information warfare. Our warriors have been working at the national security agency and the FBI. They leave those agencies and go to work for private contractors. The tools that we've been using to hack other people have been stolen. The tools that we're paying to be developed, we meaning the US taxpayer, the tools that we have paid to develop aren't even being used, and that mega attack I was just talking about. That's an example of one of these attacks that would have been stopped had we been using the tools that the federal government paid for. It's just crazy. What's going on? So here's the bottom line, everybody you can't trust most of these vendors that are out there. They have a product to sell. They don't have the best solution for you, right? They really don't. If they cared about you they would not be selling you antivirus software because it does not work. If Microsoft cared about you, they would have come out with their anti-malware stuff. Windows defender, years and years ago. They would have redesigned Microsoft Office and Microsoft Windows, as well, because those were huge security holes. Look at Adobe. They've been the source of the most security problems of anything out on the market, bar none. Flash was terrible. Java, another example of something that's been a terrible security hole for years. These businesses are trying to get a product to market as quickly and as inexpensively as possible. Quick is usually the number one goal. It has to be inexpensive for them to develop it. T
Welcome! It is another busy week on the technology front. We discuss Facial Recognition and some of the problems with false positives and how you can see if your pictures are included in some of these websites. Then we discuss Amy Klobachers anti-trust legislation against big tech. Then we get into Info-Sec Careers and something you might want to know before considering a career move. We also discuss Zero-Trust and why you must be thinking about that if you want to be secure and there is even more, so be sure to Listen in. For more tech tips, news, and updates, visit - CraigPeterson.com. --- Tech Articles Craig Thinks You Should Read: Strengthening Zero Trust Architecture Here’s a Way to Learn if Facial Recognition Systems Used Your Photos Scalpers aren’t the main reason you can’t find a new console What I Wish I Knew at the Start of My InfoSec Career Chrome users have faced 3 security concerns over the past 24 hours Klobuchar targets Big Tech with biggest antitrust overhaul in 45 years I Fought the Dark Web and the Dark Web Won How the United States Lost to Hackers --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We're going to talk a little bit about scalpers. They're not the main reason you can't find a new gaming console. I've had a number of people ask about getting into information security. I'm going to give you some tips about what I wish I knew at the start of my career. Hello everybody. Craig Peterson here. I want to start out by talking a little bit about the facial recognition systems and there are a lot of concerns, legitimately, a lot of concerns because now our privacy is getting worse and worse. I'm going to talk next week a little bit, at least it's on my schedule about what's happening with GPS and pros and cons to it because there are some very concerning things about GPS. Much of our business and private lives is based on GPS, nowadays. You're in a plane, you're in a boat, trains, I guess don't use GPS a whole lot, but we depend on them in our cars, everywhere. We'll talk a little bit about that next week. When it comes to facial recognition, it has come to the forefront. Now we know that, for instance, London, England was probably the most surveilled city in the world. I don't think that's anywhere near true now, considering what the Chinese have been doing to their citizens. No, I probably shouldn't call them citizens. I'm not sure what the right thing would be to call them, but the people living over there in China are under a constant eye. They're even watching them over there for jaywalking and they use facial recognition systems to automatically send them a ticket. Oh, also this social credit score they have over there where if you do jaywalk or do something else, you get points taken off of your social credit score. If your score reaches a certain point, you can't even take public transportation anymore. That's how they're controlling people. One of the many ways that they're controlling people in China. These facial recognition systems are used there. We know they've been in use in London where they're trying to track people and reverse engineer crimes, someone commits a crime. There are sensors that listen for gunshots, for instance, and then they will just backtrack all of the people that were in the area. Okay. Watching them where they work, as you remember, it's being recorded. So you're here now, where did you come from? Some of that same type of technology was used in Washington, DC for what happened on January six, with the riot of well, 80 people. Some riot. We're also now aware of what was done in Oregon and in Washington state and New York City where they were tracking people as well now. Did they get charged? Did they go to jail? They were using facial recognition systems and they were figuring out where they were, where they had been. They were also looking forward to the fact, because unlike China, where they want to know where everybody is and they've got this whole social credit system. What we were doing is finding people who were committing serious crimes. The police obviously don't want to go into that area because there are so many rioters and they were armed with all kinds of things, the baseball bats, but they had frozen bottles of water. No, I don't know. I threw a bottle of water at him. You had. That thing, deep, frozen, in a deep freeze, below zero degrees, which is way cold Fahrenheit. You brought it with you and you use that liter bottle to bash someone over the head. We saw this again and again. So you find those people. You don't arrest them right away. You don't send the police in. No reason to put their lives in any more danger than they are everyday, normally. Then what you do is track them as they leave. Now when they were leaving, they were using facial recognition to figure out who was there and where did they go? That facial recognition technology then was able to track them down. Once they got into an area where there weren't a lot of rioters or no rioters about to get in their car, or however it is, they got there, they arrested them. Of course, some of these rioters, real rioters, right? Where there's hundreds of people rioting, not 80. They were able to track them down. Some of them were arrested, some of them were charged. In a lot of these cases, the mayor said, no, don't do anything. Just let them I was going to set them riot, but that's not how they phrased it. I'm trying to remember how they phrased it. So we are seeing. Facial recognition used in law enforcement. It's one thing to track them either. What happens over in London where a crime is committed and they now track everybody back to figure out where did they come from? What car did they get into? Did they get out of it initially? Then what was the license plate number and who owns that car? Crime-solving that way, where they don't necessarily recognize your face. They don't know it's you. However, now we're finding more and more of that happening, where the systems recognize your face and they know it's you, and they know what your social media accounts. They know obviously where you live, it's all tied in. A lot of cases is tied in via your driver's license or now these federally mandated national ID cards that so many people are carrying around. Apparently, I'll have to carry around to next time I get my license because my state has finally decided they are not going to issue regular driver's licenses anymore, which definitely bothers me. I'm sure you can figure that out too. How were they identifying people? It's one thing to see a face and okay. There's the face here. Okay. There's a face there. There's okay. Here. Okay. So he just got into this car to leave. That's one thing, right? I think that's pretty legit. You don't have a particular right to privacy when you're in a public place. In fact, you have no right to privacy when you enter a public place. So I don't have a problem with that. Now we're using artificial intelligence and we've talked about some of them before, Clearview is a great example, clearview.ai. Here's a company that some would argue illegally captured scraped. What kind of her kind of wording you want to use pictures of people all from all over the internet and the police can subscribe to their service and Clearview says, Oh no, we only let police at it, although there's evidence that would suggest otherwise. They're allowing all kinds of third parties access to the database, but you can put a person's picture into their software. Their software, by the way, includes a mobile app, so it can be done on the street and you know who they are. Now, this is getting RoboCop-ish. If e you've ever seen the movie Robocop. Actually, there's a series of these things with the Ed two Oh nines. What happened is the police officer could go out and he'd be patrolling in the streets and he come across some people in the computer in that kind of the heads up display would figure out, okay, that's this person they've been arrested 20 times a felony, this and that, and okay that person was shoplifting with their names and addresses and things right there in the screen. That's been a theme of science fiction movies for very long time. I interviewed probably about a decade ago, a guy out at the consumer electronic show who had a very cool device that you could wear. It was designed for policemen and it was like a pair of big goggles back in the day, right? This is before Google glass and some of these other things came out, but they were able to with this the heads-up display put anything you wanted on it. So it's coming, it's not here yet. It's going to be here even more in the future. If you want to check if your photo is part of all of this stash and there are billions literally of photos that Clearview AI has out there, but you can check at least the basics. So many of us use this website online that allowed us to upload our photos and share them with friends and relatives and family, and put it together, and have a really great little album that you could share with people. That was on a site called flicker. Today, many of us are uploading our photos to Amazon or to Google. Apple, of course, has many of them. What happened with flicker is they went out of business. They got sold and resold few times. What they ended up doing is selling the pictures online. There's people I talked about this a couple of years ago, this guy driving down the highway and he sees a billboard with his picture on it, not the sort of thing that he was expecting that's for sure. It's probably not something you expected when you uploaded your photos to flicker. So take a minute. Go to a website called exposing.ai. This particular website is specifically aimed at flicker photos. It'll tell you if it has found your picture. So you can, you put in your flicker username and they'll let you know if your flicker photos have been taken and used for facial recognition by a few different companies. Dive face, face scrub, mega phase Pippa, VGG face, and many others. You can just put in your username. You can put in a tag that you tagged that photo when you uploaded it, or the URL of a photo. If you have a photo, it is online and it's yours and you want to see if anybody else is using it somewhere on the internet. The easy way to do this is to go to Google image search. You can upload the image, you can give it the URL of the image, and it'll tell you if it finds matching images or at least images that are close to it online. Stick around. Visit me online Craig Peterson dot com. During the lockdown, we've had a lot of things that have become difficult to get your hands on. Turns out that includes various types of games like your PS5's, but it extends a whole lot further than that. Hi everybody. Craig Peterson here. Here we go, man, another fallout from the whole lockdown thing. This is a pretty darn big deal because it's affected the entire computer industry. We've heard a lot of complaints about how difficult it's been to get a Sony PlayStation five or a Microsoft X-Box series SX. They both hit store shelves last year, but they have been almost impossible to find at any of the major retailers. There's a great little article that was in ARS Technica, and they put together a graph based on some data obtained from E-bay. This data was looking at the availability and costs specifically of the PS five. Now, this is a fairly advanced computer, frankly, in order to play these video games, of course, it's got a lot of graphics capability built right into this silly thing. It seems that there were a certain number of consoles sold on certain days at certain prices. You can see this massive price increase. It just jumped right up in November. Pretty much stayed up there in the thousand dollars plus range. Isn't that amazing. It went down in January and is more or less flat right now. You can get them on eBay for about 380 bucks right now. Why is that? What's been going on here. We've got scalpers. Obviously, a thousand dollars is a lot higher than the $380 you can get it for right now. It turns out that there is a huge problem and the problem we're seeing is affecting the entire computer world. There are certain chips for which there is a shortage. Why is there a shortage? Well, it had to do with the lockdown. Companies were trying to figure out, okay, how many of these devices am I going to sell when everybody's locked down? They miscalculated, frankly. It wasn't a problem with supply. It was that these companies that had been ordering these components cut their orders back or stopped them entirely. You've got Sony and others out there, Microsoft's console as well, trying to find the parts. They have had a very hard time. Well, what happens when it's hard to find something? Either the quality is going to go down to keep the price the same or the price is going to go up. There's only a couple of ways that it really can go. They're estimating right now that these constraints on the supply chain are probably going to last for a few more months. We've seen it big time in the computer world, particularly in the storage space. You may not be aware of it, but there are, of course, hard disks that aren't really disks called SSD, which is a solid-state disk. Okay. You probably know about that. I wrote up a thing, in fact, Because people were asking me about what to buy, to upgrade their computers. If you have a slower computer, putting an SSD in is usually a very good idea, but there are many grades of SSDs. In fact, I've got a little document. If you want it to send an email to me@craigpeterson.com. I'll be glad to send you a copy. I wrote this for one of our clients. It drives me crazy. They need a new computer, in this case, a desktop. So they say, Hey Craig, can you guys go ahead and work us up a quote? So we look at what they're using the computer for. We look at the longevity of that computer so that they get the best bang for their buck and usefulness. How useful is it going to be? Is it going to be offline just five minutes a day, by the way, adds up to over $2,000 a year for just an average salary of a data entry worker. It adds up pretty quickly if it goes down. We put together this proposal and this was for a customed Dell machine and we specify all of the components that go into it. That's an important thing to remember because these components all have varying levels of quality. We sent them the quote and we've done this before, right? Who's the fool here, them or us. They said no. I went to the Dell site and I got this special going on and then I can get the same computer for 300 bucks. Not true. It's not true. Now, you guys are the best and brightest, right? This sort of stuff, you can't compare a Yugo to a beautiful Cadillac right there. There's no comparison between the two, but that's what they were doing. They needed an F150 in order to haul stuff but instead of getting the F150, they just got a little hatchback that they can maybe throw a couple of things in the back, but they needed a big bed pickup truck. That just drives me crazy. So I wrote this probably three or four-page long, a thing explaining why you need to buy the right kind of hardware. Why the stuff that they're selling you at a discount isn't going to work for you and things need to be included, include things like the hardware encryption and SSDs. Again, I'll send you this report if you want it. Just let me know, call me@craigpeterson.com. I started this whole thing because we're talking about SSDs. SSDs are not all created equal. Some of these SSDs store one bit per little bubble, if you will. Some of them store two bits on them store three-bit bits. They're all constrained in their lifetime based on how many writes are occurring to that disc. You've got to look at that as well to figure it out. Now, of course, I got into SSDs because we were talking about the capacity in manufacturing and the shortage that we're seeing right now. If some of these game consoles, there is a shortage in all of these types of disks, there's even a shortage of memory and certain CPUs. The disc shortage started a few years ago when there was massive flooding in Indonesia. That's where a lot of the hard disks are made. Now, these are the things that spin, right? Now we've got new technology that lets us pack more data into the SSDs. Whereas we were seeing the hard disk go up in size. I remember my first one was, I think it was five megabytes. It was just, Whoa, how could I have used five Meg and then 10 megabytes? Of course, hard disks, reasonably priced ones tend to 12 terabyte drives and again, multiple different types of drives. There's the more server-oriented that if there's an error on the disk, the disc stays alive and it repairs itself in real-time in the background. Then there's the stuff you get as consumers where if the disc starts failing, the whole disc goes offline until it fits fixes itself. Then there's real crap. The ones like these green drives from Western digital, that I do not like. I just had confirmation on that this week that are even cheaper, but all of these are hard to get right now. We will see eventually all of these supplies back in line. The manufacturers can make them. The whole lockdown hasn't really been a problem for them. The problem has been that people aren't ordering because they're afraid during the lockdown that people wouldn't be buying computers. Of course, we found the opposite to be true. Didn't we. People were buying these consoles to play video games. Buying computers to work from home. Trying to buy network security stuff as well. That's really changed the whole thing. When we get back, let's get into we'll get into the InfoSec career a little bit later if you miss it. If you're thinking about getting into information security. Make sure you go online to Craig peterson.com. So you can catch that. We'll talk about that, but let's do something I think that might affect a lot of people and that's Chrome users, three security problems in the last week. Hey, you guys are the best and brightest. You know what I think about Google and Google Chrome? Just this last week, over one 24 hour period, Chrome had three security problems. We're going to talk about that right now. Hi, everybody. Craig Peterson here. Google is evil. I've established that I think, before, the things they do, the things they have been doing to us. Remember their motto used to be, don't be evil. They removed that from the website a couple of years ago. Now, no longer don't be evil. Nowadays they're doing pretty much everything they can to, maybe be evil is a little strong a word, but they're pretty much-doing everything they can to get as much information about you and sell it. Do you remember his goal? Larry Page when they were starting it up. The goal was okay, where we are going to get all of the world's information and democratize it. Make it available for everyone, anyone out there who wants to get at it. Frankly, it's been pretty good until fairly recently. At which point I switched over to duck duck go. Chrome is another one of their products. Microsoft frankly, jumped right onto the Chrome bandwagon. What they ended up doing over Microsoft is taking Google's open-source version of the base of Chrome. They call it chromium. It's the guts, if you will, of the Google Chrome browser and they made it available to anyone that wants to get their hands on it. So Microsoft got their hands on it and messed around with it a little bit. As Microsoft is wont to do. They came up with their Edge browser. The latest Edge is really Google Chrome in disguise. There are others out there too. You probably know if you've been through one of my courses when I'm talking about browsers. The Epic browser is a pretty good browser. It is designed to be more or less safe. But we go into that a lot more detail. In which cases is it not et cetera. Some people have used the Tor browser, which ties into the Onion network that provides even more anonymity. So there are options. Of course, Safaris available from Apple for almost every platform now. It is a very fast browser and it does a lot to try and keep your data secure. The same thing's true with Firefox. In the Improving Windows Security Course, I go into the problems with each one of these, including Firefox and what you have to consider. This past week we had a bit of an issue. If you attended my webinars last year. This would have been in 2020. I went through some of the privacy plugins that you can use for your browser. You might remember that one of them was something called the Great Suspender. Highly recommended at the time. Got to add that in there because I don't want you to just go grab it. It was recommended. I used it, extensively on a bunch of different browsers, because what the Great Suspender did is save your machine's memory CPU, frankly, even a little bit of disc I/O when you were on a tab on your web browser, your tab would just respond. Normally everything looks good, but if you're like me, you probably opened another tab or maybe another window and then another tab or another window. You just dig deeper and deeper as you're looking into something, trying to figure something out. You might have 20 or 30 or 40 or 50 tabs. Open each one of those tabs represents a different thread, a different process, basically on your computer. That means it's using memory, it's using CPU and it might be also hitting your disk, using your disk. The Great Suspenders said wait a minute, now you haven't used this tab in whatever you set it for, I usually had it about 15 minutes. What I'm going to do now, Yes, I'm going to take a snapshot of this page. I am going to just release all of the resources that were associated with the page. If you go back to that tab, all you have now is a snapshot, just a picture of what was on the page. You can see what was on the page and depending on how you configure the Great Suspender, I had it set up so that if I activated a tab again, it would automatically reload that page. You could have had it so that if you got to that picture and you really wanted it, you'd click on it and it would reload the page. Very. Handy. It allowed you to have hundreds of potentially of tabs open quote-unquote, when in fact they weren't open and they weren't using hardly any resources at all. The Great suspender this last June was sold. The original person who wrote this thing, and it's a great little really great, actually a little piece of software decided that he wanted to make some money off of it. Why not? He sold it. It's unclear as to who actually owns it or controls it right now and who he sold it to because the name of the account, the developer account, is the Great Suspender. So that's not going to help you at all. It started showing some signs of what Google and what people are calling malice, under this new ownership. There was a thread in GitHub that was published in November and GitHub is where so much of this code is stored, right. It started to show some signs of frankly, of malice under this new ownership. They said that a new version contained malicious code that tracked users and manipulated web requests. Now the Great Suspender did normally manipulate web requests, in order to keep everything flowing and smooth. So you might go to a website and then it suspends it, and it might use a different URL and the URL is going to cause the Great Suspender inside your browser to be called. Okay. So I'm not sure what they mean about the manipulation here, but Google removed it. It's gone like that and no warning or anything else just within the last week. They completely removed the Great Suspender, not just from the store, they removed it from your machines where you were using it. It said this - the extension contains malware, that's the only warning they gave. That is the only background they gave. They really haven't said a whole lot. People, by the way, who were using the Great Suspender were really left in a lurch because any suspended tabs when Google went bye-bye, any suspended tabs you had were a lost. How's that for a terrible thing? Absolutely terrible. There is a Reddit thread out there that you can see. They talk about how you can get your tabs back. So if you had followed my advice back then and put it on, good for you. However, the problem is that it turned out to ultimately be malicious. So that's a big deal. Remember I said three security problems in 24 hours, Google on Thursday, released a Chrome update that fixes what it called a zero-day vulnerability in the browser. This is another buffer, overflow problem. If you're programming, you know what that means in version eight, which is Google's open-source Javascript engine, and they rated it as high. Again, Google didn't say much about what the vulnerability was. Probably didn't want to encourage people to try and use it, but they said it was existing in the wild. That's not very good. Then sync abuse, a security researcher reported on Thursday as well. Hackers were using malware that abused the Chrome sync feature to bypass firewalls so the malware could connect to command and control servers. Not good. If you are using, if you have Chrome, I have it because I have to, cause I have to test things out. If you are using it, make sure it is up to date. Most of the time Chrome will update itself, but this week is one where you should double-check Chrome and make sure it really has been updated. Cause these are some pretty nasties. All right. I'm sure you're familiar with Senator Amy Klobuchar. She ran for President, under of course the Democrat ticket, this last election cycle. She is targeting big tech, at least. That's what she says. We'll talk about the reality. Hello everybody. Craig Peterson here. Thanks so much for joining us today. I really appreciate it. And I appreciate hearing from you as well. Any questions? I have so much information to give you guys we're starting some training courses, free email training, just everything me@craigpeterson.com. Any questions as well and visit me online at Craig peterson.com. Senator Amy Klobuchar, is a Democrat from Minnesota and she has introduced a bill here in Congress and supposedly big tech is in her crosshairs. Now I think that's really funny because it's not in reality. Okay. Here's an article from ARS Technica a very good website, by the way, on some of the tech. It says not only our major firms, such as Apple, Amazon, Facebook, and Google under investigation for allegedly breaking existing antitrust law. A newly proposed bill in the Senate would make it harder for these and other firms to become so troublingly large in the first place. If you've been listening to me for a while, I have friends that have been absolutely destroyed by some of these big tech firms. Where companies have gone ahead and then announced a product because they found, Oh, wait a minute. These guys over here, they're doing pretty darn well with that product. Let's see if we can't figure out if there's really a market forward or not end up, they're competing with us. So here's what we'll do. Let's go ahead and announce. We're going to have a product and it's going to be better than their product, and you can get it from us and you can rely on us. Don't pay attention to that small company over there. They are entirely unreliable. All of a sudden that small company's sales plummet because people are waiting for big co to come up with their version of whatever it might be. Then they'll compare it to and maybe buy it a bit later on. That's a way that many of these companies have grown and grown in a very big way. Senator Klobuchar introduced this bill called Clara. Should have called it Clarice. The competition and anti-trust law enforcement reform act. This would be the largest overhaul to the US antitrust legislation in almost 50 years if it became law. It's interesting because her statement says while the United States once had some of the most effective antitrust laws in the world. Our economy today faces and massive competition problem. I'm a little confused here. It looks like she is asking for competition. I don't know. I don't understand it. I thought she was one of these far-left ones. I remember the debates quite well. They're looking at expanding resources. In other words, give them more money at the federal trade commission, the department of justice in their antitrust division. They're looking to pursue a review of more mergers, more aggressively. Now my knee jerk reaction is, these big companies usually we'll fail. They usually just keep getting greedier and bigger. Look at what happened to GM. They went bankrupt and unfortunately, they use tax dollars to bail them out. Chrysler has gone bankrupt twice, and they've used our tax dollars to bail them out. I don't think that's a good idea. Remember our tax dollars mean our time. We have to put in our time, we can't spend with our families. Time, we cannot spend on vacation. Time we cannot spend relaxing. It takes our time now, where we have to work to make money, to give to the government, to bail out companies that are failures. What the government decided to do rather than let these bigger companies fail as they ultimately always do. If you're old enough, you'll remember back in the seventies and eighties, IBM, too big to fail. They owned the business, the computer business in the sixties and seventies, and they just fell off the edge. Didn't they? That usually happens. I'm not sure a hundred percent is going to happen with the social media companies but I suspect they are. Look at what's happening right now. If you have kids that are under 20, do they have a Facebook account? Even in their thirties, under 20-year-olds, they don't use Facebook anymore. Facebook is likely to die off unless they change in a big way. So what's Facebook do? They buy competitors. They buy WhatsApp. We've talked about WhatsApp before and my thoughts on that. They buy Instagram. They buy competitors and they use competitors too. Change their business model a little bit and move laterally rather than vertically. That's not a bad idea in business. Frankly, most businesses expand their product line, expand their way of doing things by acquiring successful small businesses. So I get that. I think that's wonderful. But what the Senator is proposing is that we have the government decide if a business should be allowed to acquire another business. There is a line in there where I agree with her. I'm not a hundred percent sure where that line should go. We've had antitrust laws here in the United States since 1800s, a very long time. The Sherman act short and simple back then it made it illegal to monopolize or attempt to monopolize or conspire to monopolize the market. I liked that one. How about if you're defining the market? There's two sides to this, one side often overlooked. You've got the side of the supplier. You've got Facebook or GM or whoever. You say Facebook is the 800-pound gorilla. They own this market. So what should you do about Facebook? That's what she's trying to figure out here. What should we do? They're saying we should have a government regulator decide if it's a monopoly or not. We know how well that ends up working. You end up with a revolving door, the regulators working for the corporations, and then going back to the regulators right back and forth. It's absolutely crazy. That side of it. There is another side and this other side is frankly not that new, but it has gotten worse more recently. It's called a monopsony. What this is where you have a lot of suppliers. So you'd have a whole lot of Facebook' for instance, but only one purchaser. You said, Craig, what are you talking about? We're the best and brightest. I'm not quite sure where you're going with this. Here's where we're going. Monopsony is typified by Walmart. Walmart is well-known as a company that you do not want to sell to. If you're a small business, you look at it, say, Oh yeah we got Walmart. They're going to sell our product. Okay. Okay. Great for you. It's not wonderful. Walmart took out every rubber hose they had, and they beat the supplier over the head and shoulders and back until they capitulated. Walmart was routinely criticized for this forcing vendors to lower prices until it became unsustainable. I can think of a few of these products right off the top of my head. Do you remember Rubbermaid, right? It was the. The dominant force for those rubber containers at Walmart. Then all of a sudden it wasn't there anymore. Do you remember that? Because they couldn't sell it to Walmart at the prices Walmart wanted it at. That's one way Walmart keeps the prices low. With this monopsony problem. We're talking about a lot of companies that make competing products, but there's really one 800 pound gorilla. That's buying it. Walmart has a huge share of the US retail market. Of course, now they've been one-upped by our friends over at Amazon. Amazon is there now in that kind of the same position. If you're going to sell something, you pretty much have to have it on Amazon. Amazon's basically going to dictate how much you can sell it for. Isn't that interesting. By the way, that word monopsony dates back almost a hundred years as well. Antitrust laws have never addressed the idea of this kind of anti-competitive behavior from the bottom-up direction. It's an interesting way. So what do I think is the way to go on all of this stuff? First of all, we'll see if it ever becomes law. They tried something similar with a bill back in 2019, and it didn't get very far. With the Democrats controlling the white house, the house of representatives, and the Senate. The idea of reform being passed is more feasible, but there's one other side to this. This goes back to my friends who have had their businesses effectively stolen by large companies. That is when we're looking at more regulation, which is exactly what she's proposing. More regulators, more money going to the regulators. They're making the entire marketplace harder. If you're a small company and do you have to comply with all of these new rules, you now have to make all of these regulators happy. What are the odds? You're going to be able to do that compared to the big guys. The big guys can quite easily afford all of the attorneys, all of the regulatory compliance people, everybody that's needed. But you can't. So the big companies love this sort of thing because the regulations make it easier for them to keep competitors out of the market. They're keeping competitors out of the market. We've already established that they're buying competitors, so they don't have to compete with them. Now we're going to make matters worse with this Klobuchar bill. By doing what? By increasing regulation, making it harder to compete. I propose that we'll actually have more monopolies after this. I would much rather just keep it simple and watch out for monopolies. If a company makes mistakes and is going under, let it go under. Any parts of that company that have any value will be sold. That's what bankruptcy laws all about. If, someone who's thinking about maybe getting into an information security career. Or maybe you're looking at another career because right now there are millions of jobs open in InfoSec. We're going to talk about it. What do I wish I knew? Hi everybody, Craig Peterson here. Thanks so much for joining me. You probably know that I have been in information security for a very long time. It started out as I had to protect my own company. When I got nailed 30 years ago with what was called the Morris worm. If you've been on any of my webinars where I do a little background, you heard my story there. It just scared me to death. I almost lost a bunch of clients because of this worm. The worm is a piece of software that gets onto a computer and then spreads to other computers. Nowadays, we have a lot of things that act like worms. For instance, ransomware gets in and starts to spread. We have all kinds of bad guys that are doing the same thing. They'll get onto a machine in your network. Then they'll manually start looking around and seeing what you have, what file servers you have. Oh, let's connect to the G drive or whatever you call that file server drive or shared drive. They will look through your files and just the rest of the story, right? You guys are the best and brightest. You really are. So here's where I come down. I think there is a lot of opportunities here and I did a little presentation for a mastermind group. I'm a member of last week. I talked about a guy that became a friend of mine who is in his late fifties is right around 60 years old and decided he needed a new career. His prior career had literally disappeared. They had just been destroyed. He was in retail and he was managing a store and he had a lot of clients. Of course, that job went away and he was looking for, what do I do next? He's been listening to me for a very long time on the radio and decided that maybe he should look into an InfoSe career. So he did. I used him as a case study with my mastermind group. What should people be looking to do and how can I help them? So I figured let's do this because I saw an article in Dark Reading. That's one of my favorite websites for all of these articles on security. They were talking about exactly that, what should I be doing now, if I want a security career? What are the things I should know and do? The author of this is Joan Goodchild, an easy name to pronounce. What happened to her? She points out, do you know information security can be really rewarding? I absolutely agree with that. It is a thankless job, you miss one thing and something gets in. Someone brings it from home you don't quite have everything in place or everything up to date. The biggest problem I've seen and I see with this friend of mine that I talked about in the mastermind is that we don't think we know enough. It's something called imposters syndrome. You've probably heard of it. It exists in a lot of different facets of our lives, not just in careers. So he has imposter syndrome, as do a lot of people who are in cybersecurity because there's so much to know. That's why I've said forever businesses cannot do cybersecurity. Antivirus isn't going to work for you. Basic firewalls are not going to work for you. Even if you have the right equipment in place if you don't know how to manage it and set it up. All of this stuff, it's just not possible to do. Maybe you should look at a security career, cybersecurity. Let's run through some of the things that she put in there. Of course, I'll add my little side things, but she asked a bunch of people in cybersecurity, specifically what do you wish you would have known when you first started. Here's Gregory Touhill, president of Applegate, federal Brigadier general retired in first, us CSO under president Barack Obama, CSO is the chief information security officer for the federal government. He said. I love this quote. Cybersecurity is a full-contact team sport. There is no single person who is an expert on all of the various aspects of the area of the discipline. Once I got over myself and recognize that I couldn't do it all, I focused on building the right team of experts to solve issues before they become problems. That revelation triggered great future success. So there you go. I think that's absolutely phenomenal to remember. You're going to have imposter syndrome if you decide to go into this, but the bottom line is to work with a team. If you can find a vendor like me, that knows what they're doing, that has people that can help you out because you cannot just be out there yourself. Next point here. This is from Wayne Pruitt, cyber-range, technical trainer in North America. I've seen him before. He's been on one of my webinars where I was teaching about cybersecurity. To be effective in cybersecurity you need to have an understanding of all areas of information technology. Boy, is that true? If an analyst does not understand how a web application communicates with a database on the backend, how will he know if the traffic he's seen is normal or malicious? Without this understanding, analysts are just relying on security tools to make the determination. Hopefully, those tools are configured correctly. Sometimes you have to learn the basics. Don't understand the more complex. Again, this goes into you've got to have a team. You have to have multiple people who can help out at different levels because frankly, you can't know it all. Going back to that the general Brigadier general, he had such a good point. Next up is a chief strategist at Point 3 security. Her name is Chloe Messdaghi. I really wish I knew how little diversity and inclusion were practiced. When I first entered the industry, many of us in our current organizations are now working for to improve the situation are gaining ground. But within my first year, I felt like I had entered the 1940s. I personally think this is ridiculous. Men are attracted to certain things and certain careers, women, the same thing. There are some careers that are dominated by women and some that are men. One of my daughters works with me and she is a cybersecurity analyst and she's just finishing some more training. In fact, our people tend to spend about a third of their time in training and she's very good and it has nothing to do with the fact that my daughter's a girl. So come on, quit seeing sex and seeing the race everywhere. It's just crazy. It's out there and she's right there aren't many women that are in this career. Next up here, Lakshmi Hanspal. She is CSO of a company called Box whom I have used before. They've got some very good products for file sharing. I switched over to Dropbox. I like some of the stuff a little bit better having come from a traditional stuff background. It was not until I entered higher leadership roles and began formulating hiring strategies that I realized the more diverse teams solve the toughest challenges, skills, such as critical thinking, how to manage risk trade-offs and cybersecurity not being a zero-sum game are extremely fundamental and understanding and thriving in the security industry. It is obvious she spent some time writing that and trying to put in lots of big words. She is right. We when we're talking about diversity in this case, what she's talking about are the diversity of skills, critical thinking, managing trade-offs, and understanding that we all have to work together on a team in the cybersecurity field. I thought she had a really great point. Next up, we have Josh Rickard security research engineer over at Swimlane. I wish I knew and understood that an organization's priorities are guide rails for information security teams, as with most starting in InfoSec. I wanted to solve all the security issues I came across, but this is impossible. Understanding business priorities while communicating potential risks is critical. Okay. But helping the business with those priorities gives you credibility. Wow. I'm going to save that one, frankly, because that is something that we all need to remember. I've had people on my team that was just a hundred percent focused on doing the right thing, quote unquote, on the cybersecurity front, and to them, the right thing was to make sure there are no holes. So I can see that from a certain perspective. And again, back to the diversity of thought, having someone like that on your team is a good idea, but it does have to be tempered. Mary Writz VP product development over at ForgeRock. When I started 20 years ago as a penetration tester at IBM. I wondered how I even got the job because I did not feel qualified in hindsight. No one was truly qualified because it was such a young domain. I was hired because of my technical background, my curiosity, my interest, fast forward, 10 years, I was teaching a technical audience how to build hunt teams and I expect everyone in the audience knew more than me. A gentleman in the audience raised his hand and said, you're assuming we know what we're doing, but we don't. After we all laughed, we shared our notes and learned from each other. Wow. So insightful here, because again, she's pointing out. The curiosity requirement. I think if you're not curious, you're not going to spend the time it takes to investigate and to learn more. We're going to cover a few more. You're listening to Craig Peterson and online@craigpeterson.com. We're talking right now about InfoSec, information security. Have you thought about maybe taking up a bit of a new career? Well there are some estimated 2 million open jobs in this one. Of course, this is Craig Peterson. We were just talking about this article that appeared in dark reading. Now, dark reading is an online magazine, right? It's a website. And they had this article that I absolutely had to read because it reminded me of someone I know. One of our listeners, who decided he needed a new career. He'd lost his job. He'd been out of work for over a year and he had been managing a retail camera shop and they shut it down. He was stuck. What do I do? He'd been listening to the show for a long time. He decided he wanted to go into information security. He took some courses on it and he got himself a job. A full-time job being the chief IT security guy for this company after just a few months. So that tells you how desperate these companies are. Kind of jerking his chain a little bit, but not right, because he just barely had any background. If you want me to connect you with him, if you are serious about thinking about one of these careers, I'll be glad to forward your request to him, just to see if he's willing to talk to you. Just email me ME@craigpeterson.com and make sure you mentioned what this is all about. So I know what's going on. Ran Harel, he's a security principal and product manager over at Semperis said, when I was growing up, I was quite an introvert, by the way, that sounds like a lot of us in it. I didn't realize until much later on in my career, just how great the security and tech community are looking back. I realize how quickly I could have solved so many issues, by just asking on an IRC channel or forum. IRC is an internet relay chat, a bit of a technical thing, but it's an online chat. I would tell my former self, the problem you are facing now is probably been dealt with multiple times in the past year alone. Don't be afraid to ask the InfoSec community and then learn from them. That's absolutely true. I found an online IRC channel basically, and they were set up just to talk about CMMC is this new standard that department of defense contractors are having to use. As you probably know, we have clients that are manufacturers and make things for the Department of Defense and they have to maintain security. It's been interesting going in there answering questions for people and even asking a couple of questions. It is a great resource. This particular kind of IRC is over on discuss. You can find them all over the place. Reddit has a bunch of subreddits. It's dealing with these things, including, by the way, getting into an InfoSec career. So keep that in mind. There's lots of people like myself that are more than willing to help because some of the stuff can get pretty confusing. All right. The next one. Is from Cody Cornell, chief security officer, and co-founder over at swimlane. He said, apply for jobs. You are not qualified for everyone else is. Man. I have seen that so many times everybody from PhDs all the way on, down throughout a high school and who have sent me applications that they were not even close to qualified for. Now, you can probably guess with me, I don't care if you have a degree. All I care about is can you do the work. Can you get along with the team are you really going to pull your weight and contribute? I have seen many times that the answer to that is no, but I've seen other times where, wow, this person's really impressive. So again, apply for jobs you're not qualified for because everybody is. Security changes every day. New skills techniques and the needs of organizations are always shifting. And to be able to check every box from an experience and skills perspective is generally impossible. Looking back at 20 years of jobs in the security space, I don't believe that I was ever a hundred percent qualified for any of them, but felt confident that I could successfully do them. So keep that in mind. Okay. Again, imposter syndrome, we're all worried about it. This applies to more than just InfoSec. This applies to every job, every part of life, we all feel as though we're impostors and that we're not really qualified, but the question is, can you figure it out? Can you really do it? Next up here is Chris Robert, a hacker in residence, he calls himself over at Semperis and he says, overall, the most important lessons that I'd tell my younger self are not tech-based. Rather they focus on the human aspect of working in the cybersecurity industry. I think cybersecurity professionals in general, tend to focus on technology and ignore the human element, which is a mistake and something we need to collectively learn from and improve. I agree with him on that as well. However, we know humans are going to make mistakes, so make sure you got the technology in place that will help to mitigate those types of problems. Next up, we've got Marlys Rogers. She's CISO over at the CSAA insurance group that's a lot of four-letter acronyms. You are nothing without data. Data is queen. Coming from an insurance person, right? Without hard data, you can only speak to security in more imagined ways or ways. The board and C-suite are aware of in the media cost-benefit is only achievable with related data points. Demonstrating how much we are fighting off and how the tools, processes, and people make that happen. Next up we have Edward Frye, he's CSO over at our Aryaka. When I first started out, I was fairly impatient and wanted to get things done right away. While there are some things that need to be done right now, not everything needs to be done. Now have the ability to prioritize and focus on the items that will have the biggest impact. I think one of the biggest lessons I've learned along the way is while we may need to move quickly, this race is a marathon, not a sprint. Patience is essential for security pros. I can certainly see that one. Chris Morgan, senior cyber threat intelligence analyst over at Digital Shadows, despite the way that many in media liked to portray cyber threats, not everything will bring about the end of the world. For those getting into incident response and threats, try to have a sense of perspective and establish the facts before allowing your colleagues to push too quickly towards remediation mitigation, et cetera. Expectation management amongst senior colleagues is also something you'll frequently have to do to avoid them breaking down over a mere phishing site. The quote, one of my former colleagues try to avoid chicken, little central. I've seen that before as well. The next one is things are changing daily and the last one is the perception of security is still a challenge. So great little article by Joan Goodchild. You'll see it in my newsletter, which we're trying to get out now Sunday mornings. You can click through on the link if you'd like to read more. As you can see. 2 million open jobs while between one and 3 million, depending on whose numbers you're going at in cybersecurity. You don't have to be an expert. As I said, one of our listeners went from not knowing much about it at all, he can install windows that's it, to having a job in cybersecurity in less than six months. I'm doing a special presentation coming up next month for the New England Society of Physicians and Psychiatrists. We're going to be talking a little bit about what we will talk about right now. What can you do to keep your patient information safe? What can we do as patients to help make sure our data's safe. You'll also find me on pretty much every podcast platform out there. Just search for my name, Craig Peterson. I have a podcast and it makes it pretty easy. I've found some of them don't understand if you try and search for Craig Peterson, tech talk, some of them do. I've been a little inconsistent with my naming over the years, but what the heck you can find me. It's easy enough to do. I've got this new kind of purple-ish logo that you can look for to make sure it's the right one. And then you can listen to subscribe, please subscribe. It helps all of our numbers. You can also, of course, by listening online with one of these devices, help our numbers too. Cause it's you guys that are important. The more subscribers we have, the way these algorithms work, the more promotion we'll get. I think that's frankly, a very good thing as well. What do you do if you need to see a doctor, that question has a different answer today than it did a year ago. I won't be able to say that in about another month, right? Because mid-March is when everything changed last year, 2020, man, what a year? To see a doctor nowadays, we are typically going online, aren't we? You're going to talk to them. So many doctors have been using some of these platforms that are just not secure things like zoom, for instance, which we know isn't secure. Now, the fed kind of loosen things up a little bit under the Trump administration saying, Hey. People need to see doctors. The HIPAA PCI rules were loosened up a little bit in order to make things a little bit better. Then there's the whole DSS thing with HIPAA. All of these rules are just across the board are loosened up. That has caused us to have more of our information stolen. I'm going to be talking a little bit about this FBI, actually multi-agency warning that came out about the whole medical biz and what we need to be doing. Bottom line, Zoom is not something we should be using when we're talking to our doctors. Now, this really bothers me too. Zoom is bad. We know that it's not secure and it should not be used for medical discussions, but Zoom has been private labeling its services so that you can go out and say, Hey, zoom, I want to use you and I'm going to call it my XYZ medical platform. People have done that. Businesses have done that. Not really realizing how insecure Zoom is. I'm going to give them the benefit of the doubt here. You go and you use the XYZ medical platform and you have no clue of Zoom. Other than man, this looks a lot like Zoom, that's the dead giveaway. Keep an eye out for that because a lot of these platforms just aren't secure. I do use Zoom for basic webinars because everybody has it. Everybody knows how to use it. I have WebEx and the WebEx version of it is secure. In fact, all the basic versions, even of WebEx are secure and I can have a thousand people on a webinar or which is a great way to go. It's all secure end to end. Unlike again, what Zoom had been doing, which is it might be secure from your desktop, but it gets to a server where it's no longer secure. That kind of problem that telegram has, frankly. If you are talking to your doctor, try and use an approved platform. That's how you can keep it safer. If you're a doctor and you have medical records be really careful. Zoom has done some just terrible things from a security standpoint. For instance, installing a complete web server on a Mac and allowing access to the Mac now via the webserver. Are you nuts? What the heck are you doing? That's just crazy. Just so insecure. This is all part of a bigger discussion and the discussion has to do with Zero trust architectures. We're seeing this more and more. A couple of you, Danny. I know you reached out to me asking specifically about zero trust architectures. Now Danny owns a chain of. Coffee shops and his family does as well. He says, Hey, listen, what should I do to become secure? So I helped them out. I got him a little Cisco platform, and second Cisco go that he can use as much more secure than the stuff you buy the big box retailers or your buying at Amazon, et cetera, and got it all configured for him and running. Then he heard me talk at about zero trust and said, Hey, can I do zero trust with this Cisco go, this Muraki go, is actually what it is and the answer is, well so here's the concept that businesses should be using, not just medical businesses, but businesses in general and zero trust means that you do not trust the devices, even the ones that you own that are on your network. You don't trust them to be secure. You don't trust them to talk to other devices without explicit permission. Instead of having a switch that allows everything to talk to everything or a wifi network where everything can talk to everything, you have very narrow, very explicit ways that devices can talk to each other. That's what zero trust is all about. That's where the businesses are moving. There's zero trust architecture, and it doesn't refer to just a specific piece of technology. Obviously, we're talking about the idea that devices, and even on top of that, the users who are using the devices only have the bare minimum access they need in order to perform their job. Some businesses look at this and say that's a problem. I'm going to get complaints that someone needs access to this and such. You need that because here's what can happen. You've got this data that's sitting out there might be your intellectual property. You might be a doctor in a doctor's office and you've got patient records. You might have the records from your PCI your credit card records that you have. I put on. Those are sitting there on your network that is in fact a little dangerous because now you've got something the bad guys want. It's dangerous if the bad guys find it and they take it, you could lose your business. It's that simple. They are not allowing you to use the excuse anymore because of COVID. That excuse doesn't work anymore. The same thing's true with the credit card numbers that you have the excuse of I'm just a small business. It's not a big deal. Doesn't work anymore. They are taking away your credit card privileges. We had an outreach from a client that became a client, that had their ability to take credit cards taken away from them because again, there was a leak. So we have to be careful when you're talking and you have private information, or if you don't want your machine to be hacked, do not use things like Zoom. I covered this extensively in my Improving Windows Security course. So keep an eye out for that as well. If you're not on my email list, you won't find out about this stuff. Go right now to Craig peterson.com. If you scroll down to the bottom of that homepage and sign up for that newsletter so you can get all of what I talk about here and more. Hey, thanks to some hackers out there. Your application for unemployment benefits might've been approved and you didn't apply for it in the first place. Turns out somebody stealing our information again. Hi everybody. Craig Peterson here. Hey, this is a big concern of mine and I've often wondered because I have not been receiving these stimulus checks. I did not get the first round. I did not get the second round and I contacted the IRS and the IRS says depends on when you filed for 2019. Oh my gosh. Of course, I was a little late filing that year. They still haven't caught up. I guess that's good news, right? That the IRS data processing centers are terrible. It goes back to aren't you glad we don't get the government we pay for is the bottom line here, but I've been concerned. Did somebody steal my refund? Did somebody steal my unemployment benefits, did somebody steal my stimulus checks? It is happening more and more. There is a great little article talking about this, where someone had stolen the author's John personal information again. Now we probably all have had our personal information stolen, whether you're aware of it or not. As usual, I recommend that you go to have I been poned.com and pwnd is spelled, pwn, D have I been poned.com and find out whether or not your data has been stolen and is out there on the dark web. They have a really good database of a lot of these major hacks. Many of us have been hacked via these credit bureaus and one in particular Equifax who have all kinds of personal information about us, had it all stolen. It's easy enough for people to steal our identities file fake tax returns. That's why the IRS is telling you, Hey, file your return as soon as possible. That way when the bad guy's file, we'll know it's the bad guys cause you already filed it. As opposed to you file your tax return and the IRS comes back and says, Oh, you already filed. We already sent you a refund or whatever. You already filed it. That is a terrible thing to have to happen because now you have to fight and you have to prove it wasn't you. How do you prove a negative? It's almost impossible. At least in this case, hopefully, the check was sent to some state 50 States away, another side of the world. So you can say, Hey, listen, I never been there, then they can hopefully track where it was deposited. Although now the bad guys are using these websites that have banks behind them, or maybe it's a bank with a website that is designed for people to get a debit card and an account just like that. That, in fact, it's what was used to hack my buddy. My 75-year-old buddy has been out delivering meals and had his paychecks stolen through one of those. These fraudulent job claims are happening more and more. It's really a rampant scam. We've had warnings coming out from the FBI and they have really accelerated during the lockdown because now we've had these jobless benefits increased, people, making more money staying in their home than they made on the job. Disincentives for working, frankly. He's saying here the author again, John Wasik, that a third of a million people in his state alone were victims of the scam. This is an Illinois. This is where he lives. A third of the people in the state of Illinois, including several people that he knew. We've got some national tallies underway. I don't know if you've seen these. I've seen them on TV and read about them, California. It is crazy. People were applying for California unemployment that didn't live in the state at all, would come into the state and once you're there in the state pick up the check, right? Cause that's all they were doing. Some people have been caught with more than a million dollars worth of California unemployment money. Of course, it wasn't a check, it was actually a debit card. The same basic deal and California is estimating that more than $11 billion was stolen. Can you imagine that tens of millions of people could have been scammed because of this? This is the third time the author had been a victim of identity theft and fraud. He wanted to know how could they get his information. Well, I've told you, check it out on, have I been poned. It'll tell you which breaches your information was in. It does it based on your email address. It'll also tell what type of data was stolen in those breaches. So it's important stuff. I think you should definitely have a look at it. He is very upset and I can understand it. Data breaches last year, more than 737 million data files are ripped off according to act.com. Frankly, that was a digital pandemic, with more and more of us working at home. I just talked about the last segment. Your doctor's office and you are talking to your doctor. How now? Cause you don't go into the office. There are so many ways they can steal it. The FBI's recording now a 400% increase in cybercrime reports that we had this mega hack of corporate and government systems. This whole thing we've talked about before called the SolarWinds hack, although it was really more of a Microsoft hack, and it went out via SolarWinds as well as other things. Be careful everybody out there. If you find yourself in these breach reports on, have I been poned make sure you go to the website. Set yourself up with a new password. At the very least use a password manager. I just responded to an email before, when it went on the air today, from a listener who was talking about two-factor authentication. He's worried about what to use. I sent him my special report on two-factor authentication, but it is the bottom line, quite a problem. Again, Use one password, use two-factor authentication with one password. Don't use SMS as that and you'll be relatively safe. I don't know I can't say do this and you'll be safe. I don't think there's any way to be sure your safe. Having these organizations, businesses, government agencies hacked all the time that don't seem to care about losing our data, right? Oh, it's a cost of doing business,
ShadowTalk hosts Kacey, Alec, and Charles, bring you the latest in threat intelligence. This week they cover: - New Chinese APT group, FunnyDream, conducts a sophisticated cyber espionage campaign targeting SE Asian government entities. - Ransomware operators want to be heard - Ragnar Locker turns to Facebook and Egregor begins printing ransom notes. - Is Egregor the new Maze? Let's unpack this. - Plus, the team talks about their favorite Thanksgiving dish, plus a side of football Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-20-november ***Resources from this week’s podcast*** FunnyDream: https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdf Ragnar Locker: https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/ Egregor: https://www.bleepingcomputer.com/news/security/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted/ Darkside Blog: https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/ Triangle InfoSecCons - Cybercrime Trends with Digital Shadows CISO Rick: https://www.youtube.com/watch?v=owBgVgiWFXM Ransomware Trends in Q3 Webinar: https://resources.digitalshadows.com/webinars/ransomware-trends-in-q3 Holiday Cybercrime Blog: https://www.digitalshadows.com/blog-and-research/holiday-cybercrime-retail-risks-and-dark-web-kicks/ Digital Shadows in Security Mag: https://www.securitymagazine.com/articles/93950-cybercriminal-forum-offers-wisconsin-voter-data-for-free
In our latest episode of Security Nation, Rick Holland joined the podcast to discuss how his past informs his present, particularly when it comes to sourcing and hiring the best talent. Rick elaborates on how a lack of direct reports—for several years across multiple companies—led to a bit of imposter syndrome when he became CISO at Digital Shadows and suddenly was tasked with staffing and managing a team. Sometimes smaller talent pools can lead to inspired hiring choices. Stick around for our Rapid Rundown, where Tod delves into Samy Kamkar's NAT slipstreaming mechanism in which an attacker can trick a router into opening straight-shot ports to any listening service on a machine.
This week, first we talk Enterprise News, discussing how Anchore Rolls Out Open Source DevOps Tools, Rapid7 Cloud Identity and Access Management Governance Module for DivvyCloud, Digital Shadows launches access key alerts, Microsoft Azure customers can now implement Datadog as a monitoring solution for their cloud workloads, and Ping Identity unveils PingOne Services! In our second segment, we welcome Cris Neckar, CISO of Spring Labs, to discuss Trading Least Privilege for Security Theater! In our final segment, we welcome Jen Ayers, VP of OverWatch at Crowdstrike, for an interview on the 2020 Threat Hunting Report: Insights from the CrowdStrike OverWatch Team! Show Notes: https://securityweekly.com/esw201 Visit https://securityweekly.com/crowdstrike to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Anchore Rolls Out Open Source DevOps Tools, Rapid7 Cloud Identity and Access Management Governance Module for DivvyCloud, Digital Shadows launches access key alerts, Microsoft Azure customers can now implement Datadog as a monitoring solution for their cloud workloads, and Ping Identity unveils PingOne Services! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw201
This week, first we talk Enterprise News, discussing how Anchore Rolls Out Open Source DevOps Tools, Rapid7 Cloud Identity and Access Management Governance Module for DivvyCloud, Digital Shadows launches access key alerts, Microsoft Azure customers can now implement Datadog as a monitoring solution for their cloud workloads, and Ping Identity unveils PingOne Services! In our second segment, we welcome Cris Neckar, CISO of Spring Labs, to discuss Trading Least Privilege for Security Theater! In our final segment, we welcome Jen Ayers, VP of OverWatch at Crowdstrike, for an interview on the 2020 Threat Hunting Report: Insights from the CrowdStrike OverWatch Team! Show Notes: https://securityweekly.com/esw201 Visit https://securityweekly.com/crowdstrike to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Anchore Rolls Out Open Source DevOps Tools, Rapid7 Cloud Identity and Access Management Governance Module for DivvyCloud, Digital Shadows launches access key alerts, Microsoft Azure customers can now implement Datadog as a monitoring solution for their cloud workloads, and Ping Identity unveils PingOne Services! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw201
Libby manages global HR & Talent at Digital Shadows, a company specializing in Digital Risk Protection. She joined Digital Shadows in 2015 as their first People/HR hire and has built out their talent functions across London, the US, Singapore & Germany. Here are some of the topics we'll discuss on this episode of People Analytics: Remaining connect with your team and staying aligned Celebrating the wins together and encouraging friendly competition Celebrate that which makes each of your teams unique Gaining clarity around what you can control as an HR professional Resources Digital Shadow's Careers Page Digital Shadow's Blog WorkLife Podcast with Adam Grant LifeLabs Learning The Pomodoro Technique Profit from the Positive by Margret Greenberg & Senia Maymin (Book) Connecting with Libby Connect with Libby on LinkedIn
Belarus shuts down its Internet after its incumbent president’s surprising, perhaps implausible, no...really implausible landslide reelection. Papua New Guinea undergoes buyer’s remorse over that Huawei-built National Data Centre it sprung for a couple of years ago. Versions of Chrome found susceptible to CSP rule bypass. Zoom is taken to court over encryption. Patch Tuesday notes. Ben Yelin looks at mobile surveillance in a Baltimore criminal case. Carole Theriault returns to speak with our guest, Alex Guirakhoo from Digital Shadows with a look at dark web travel agencies. And card-skimmers hit a university’s online store. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/155
Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology, Cloudflare releases Workers Unbound, a secure serverless computing platform, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw192
This week, we talk Enterprise News, discussing how Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology, Cloudflare releases Workers Unbound, a secure serverless computing platform, and more! In our second segment, we welcome Om Moolchandani, Chief Technology Officer of Accurics, to Learn about a new paradigm dubbed immutable security! In our final segment, we air a pre recorded interview with Neira Jones, Ambassador at Emerging payments Association, discussing Compliance and Fraud Prevention in FinTech! Show Notes: https://securityweekly.com/esw192 Visit https://securityweekly.com/accurics to learn more! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, discussing how Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology, Cloudflare releases Workers Unbound, a secure serverless computing platform, and more! In our second segment, we welcome Om Moolchandani, Chief Technology Officer of Accurics, to Learn about a new paradigm dubbed immutable security! In our final segment, we air a pre recorded interview with Neira Jones, Ambassador at Emerging payments Association, discussing Compliance and Fraud Prevention in FinTech! Show Notes: https://securityweekly.com/esw192 Visit https://securityweekly.com/accurics to learn more! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology, Cloudflare releases Workers Unbound, a secure serverless computing platform, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw192
This week, Digital Shadows team Viktoria, Demelza, Adam and Stefano cover: -PAN-OS Vulnerability (CVE-2020-2021): Impact & Mitigation -Magecart Developments: Lazarus Group tied to Magecart -FBI arrests “Hushpuppi” for alleged BEC Cybercrime Scheme -Photon ATO Research: Overview + Key takeaways Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10-july-2020
Change Makers: Leadership, Good Business, Ideas and Innovation
Eileen Burbidge is a Partner at Passion Capital, the pre-eminent early-stage technology venture fund based in London. She brings extensive operational experience to her investment activities gleaned from business and product roles at Yahoo!, Skype, Apple and elsewhere. On behalf of Passion, Eileen has served as non-executive director on a number of fast growing SMEs including Monzo Bank, Digital Shadows, Tide, Butternut Box, Prowler.io and Focal Point Positioning, among others. In addition to Passion Capital, Eileen was until 2020 the Chair of Tech City UK, which is the British government-backed organisation supporting the digital economy across the UK. She is also the UK Treasury’s Special Envoy for FinTech appointed by the Chancellor; Tech Ambassador for the Mayor of London’s office and served on former UK Prime Minister David Cameron’s Business Advisory Group.
Rashee Pandey, Head of Partnerships at Innovate Finance is in Conversation with Alastair Paterson, CEO and Founder of Digital Shadows, on Minimising Risk in a Digital Age and much more. Tune in every Friday for the latest episode of Coffee with Innovate Finance! --- Send in a voice message: https://anchor.fm/innfin/message
This week, we talk Enterprise News, to talk about how BeyondTrust Announces Integration with the SailPoint Predictive Identity Platform, Check Point Launches CloudGuard Cloud Native Security, CyberArk Alero enhancements provide secure privileged access for remote users, Digital Shadows announces new capabilities to identify and remediate unwanted code exposure, and more! In our second segment, we welcome back Ferruh Mavituna, CEO of Netsparker, to talk about Debunking DAST Myths and Short-Term Strategies To Fixing Vulnerabilities! In our final segment, we welcome Jason Fruge, Vice President, Business Application Cybersecurity at Onapsis, to talk about Emerging Security Threats to Your Digital Supply Chain! Show Notes: https://wiki.securityweekly.com/ESWEpisode188 To learn more about Netsparker, visit: https://securityweekly.com/netsparker To request a complimentary assessment, visit https://securityweekly.com/onapsis Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
BeyondTrust Announces Integration with the SailPoint Predictive Identity Platform, Check Point Launches CloudGuard Cloud Native Security, CyberArk Alero enhancements provide secure privileged access for remote users, Digital Shadows announces new capabilities to identify and remediate unwanted code exposure, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode188
This week, we talk Enterprise News, to talk about how BeyondTrust Announces Integration with the SailPoint Predictive Identity Platform, Check Point Launches CloudGuard Cloud Native Security, CyberArk Alero enhancements provide secure privileged access for remote users, Digital Shadows announces new capabilities to identify and remediate unwanted code exposure, and more! In our second segment, we welcome back Ferruh Mavituna, CEO of Netsparker, to talk about Debunking DAST Myths and Short-Term Strategies To Fixing Vulnerabilities! In our final segment, we welcome Jason Fruge, Vice President, Business Application Cybersecurity at Onapsis, to talk about Emerging Security Threats to Your Digital Supply Chain! Show Notes: https://wiki.securityweekly.com/ESWEpisode188 To learn more about Netsparker, visit: https://securityweekly.com/netsparker To request a complimentary assessment, visit https://securityweekly.com/onapsis Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
BeyondTrust Announces Integration with the SailPoint Predictive Identity Platform, Check Point Launches CloudGuard Cloud Native Security, CyberArk Alero enhancements provide secure privileged access for remote users, Digital Shadows announces new capabilities to identify and remediate unwanted code exposure, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode188
SPY Historian Vince Houghton sat down with Rick Holland, Chief Information Security Officer (CISO) and Vice President of Strategy for Digital Shadows, to discuss the latest cyber trends and developments
Rick Holland (CISO at Digital Shadows) joins Harrison to share his thoughts on the Iranian cyber threat and what it means for cyber defenders. What should security practitioners be concerned with within the cyber sphere? Rick and Harrison discuss: - How threat du jour thinking isn’t an adequate defense model - Communicating up the chain of command effectively - Attack Techniques used by Iranian State Actors - What you can do proactively as a Security Practitioner - Why haven’t we seen any significant cyberattacks yet? We’re continuing to monitor the situation, so check back at https://www.digitalshadows.com/blog-and-research/ for more info from our team. ***Resources This Episode*** Rick’s blog on the topic: https://www.digitalshadows.com/blog-and-research/iranian-cyber-threats-practical-advice-for-security-professionals/ Rich Gold’s blog on Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework: https://www.digitalshadows.com/blog-and-research/mapping-the-asd-essential-8-to-the-mitre-attck-framework/
Brian Neely, CIO and CISO at American Systems and Rick Holland, CISO at Digital Shadows join Harrison for a discussion around how Brian approaches cybersecurity as a defense contractor. American Systems has been delivering complex IT and engineering solutions to national priority programs since 1975 and has some interesting use cases. The group discusses: - Top cybersecurity concerns as a third party defense contractor - Advice for listeners with similar threat models where sophisticated, well-resourced adversaries are targeting your environment - Where digital risk protection comes into play including asset exposure, site impersonation, phishing campaigns, and brand misuse online - Managing 2FA company-wide - And more! Resources from this Episode: 2FA research: https://resources.digitalshadows.com/whitepapers-and-reports/two-factor-in-review
What practical steps should organizations and the professionals within them be thinking about in this new world? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digital Shadows, interviews Bob Anderson, CEO at Cyber Defense Labs and James Chappell, co-founder and Chief Innovation Officer at Digital Shadows. In part 2, the team looks at: - Steps you can take into your programs today as a security or business leader - Advice for boards on how to do to deal with breaches - Knowing your data - What do organizations need to be doing when it comes to understanding and protecting their digital footprint? - Mistakes organizations make in the response stage Bob Anderson’s Bio: Anderson is a former national security executive, serving 20+ years with the Federal Bureau of Investigation (FBI). During this time, Anderson served in several senior level positions, ultimately rising to become executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch where he oversaw all FBI criminal and cyber investigations worldwide, international operations, critical incident response, and victim assistance. Anderson has directed strategic initiatives and operations for high-profile international investigations in partnership with several Fortune 50 companies, along with U.S. Departments of Defense, Justice, Energy, and Treasury, the U.S. Intelligence Community, and other federal agencies. Having been directly involved in investigating and prosecuting some of the most famous spies in U.S. history as part of his law enforcement career, Anderson is an expert in cybercrimes, counterintelligence, economic espionage, theft of proprietary information and trade secrets, critical incident management, and has been retained as an expert witness in several ongoing litigations.
It seems like we read about new breaches every day. What’s changing? How is exposure and the adoption of digital technology changing the breach landscape? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digital Shadows, interviews Bob Anderson, CEO at Cyber Defense Labs (https://cyberdefenselabs.com/) and James Chappell, co-founder and Chief Innovation Officer at Digital Shadows. In Part 1, the team looks at: - How the breach landscape has evolved - The role of the dark web in a data breach - Are we seeing more breaches or are they getting reported more? - And other war stories from the folks in the room In Part 2, the team will give guidance and suggestions for enterprises trying to deal with the threat landscape. Stay tuned! *** About Bob Anderson: Anderson is a former national security executive, serving 20+ years with the Federal Bureau of Investigation (FBI). During this time, Anderson served in several senior level positions, ultimately rising to become executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch where he oversaw all FBI criminal and cyber investigations worldwide, international operations, critical incident response, and victim assistance. Anderson has directed strategic initiatives and operations for high-profile international investigations in partnership with several Fortune 50 companies, along with U.S. Departments of Defense, Justice, Energy, and Treasury, the U.S. Intelligence Community, and other federal agencies. Having been directly involved in investigating and prosecuting some of the most famous spies in U.S. history as part of his law enforcement career, Anderson is an expert in cybercrimes, counterintelligence, economic espionage, theft of proprietary information and trade secrets, critical incident management, and has been retained as an expert witness in several ongoing litigations.
This week, Matt and Paul discuss how Synopsys and Ixia announce a collaboration to enable scalable networking SoC validation, Digital Shadows announces significant updates to its SearchLight platform, Check Point introduces high-performance security gateways, and nine steps to lock down corporate browsers! In our second segment, we welcome Luis Giraldo, VP of Strategy at Kaseya, to talk about Unified IT and the capabilities of Kaseya's IT Complete Platform! In our final segment, we welcome Michael Aiello, Director of Product Management of Google Cloud Security, to talk about Security Responsibility in the Hybrid and Multi-Cloud! To learn more about Kaseya, visit: https://securityweekly.com/kaseya Full Show Notes: https://wiki.securityweekly.com/ES_Episode146 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul discuss how Synopsys and Ixia announce a collaboration to enable scalable networking SoC validation, Digital Shadows announces significant updates to its SearchLight platform, Check Point introduces high-performance security gateways, and nine steps to lock down corporate browsers! In our second segment, we welcome Luis Giraldo, VP of Strategy at Kaseya, to talk about Unified IT and the capabilities of Kaseya's IT Complete Platform! In our final segment, we welcome Michael Aiello, Director of Product Management of Google Cloud Security, to talk about Security Responsibility in the Hybrid and Multi-Cloud! To learn more about Kaseya, visit: https://securityweekly.com/kaseya Full Show Notes: https://wiki.securityweekly.com/ES_Episode146 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Christian (@Chrencken14) and Travis (@puppyozone) sit down with Harrison (@pseudohvr) to discuss even more BlueKeep updates since last week, as a technical presentation gets uploaded to Github, inching us closer to a full-blown public PoC. the breach and subsequent release of documents from a contractor working with Russia’s FSB intelligence services, and research from the Digital Shadows team about a new marketplace we’ve had our eye on for a few months called Enigma. **Housekeeping note** We’re trying out a new format for the show, and we are keen to get some feedback from you listeners. Tweet @pseudohvr for comments or email messages@digitalshadows.com **Party alert** If you’re heading to Black Hat or Def Con - listen up. We have a party happening Wednesday night of Black Hat at Mandalay Bay you won’t want to miss. It’s right in the middle of the hotel, at Eyecandy Sound Lounge on August 7th, from 7-10pm. Make sure to get on the list before so you avoid the lines: https://info.digitalshadows.com/BlackHat-SecurityLeadersParty2019.html?SourceCode=podcast https://arstechnica.com/information-technology/2019/07/explainer-for-exploiting-wormable-bluekeep-flaw-posted-on-github/ https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708 https://www.zdnet.com/article/us-company-selling-weaponized-bluekeep-exploit/ https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/ https://www.digitalshadows.com/blog-and-research/a-growing-enigma-new-avc-on-the-block/
Sprint warns of data breach. Eclypsium announces discovery of server firmware supply chain problems. Bluetooth Low Energy may be less secure than thought. Congress hears about US census cybersecurity. Ransomware and continuity of operations. The FBI offers help decrypting GandCrab-affected files. Venafi on why financial services are especially affected by certificate issues. Congress asks to see NSPM 13. And an arrest is made in Bulgaria’s tax agency hack. Ben Yelin from UMD CHHS on the DOJ being required to make public attempts to break encryption in Facebook Messenger. Tamika Smith speaks with Alex Guirakhoo from Digital Shadows about scammers registering fake domains to try to capitalize on Facebook’s Libra cryptocurrency plans. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_17.html Support our show
Harrison interviews Deputy CISO at Accenture, Jason Lewkowicz, and CISO at Digital Shadows, Rick Holland. The group discusses the importance of working functionally as a security team, cyber response plans, and how to keep your security playbooks up to date. Jason also discusses how his team uses Digital Shadows SearchLight™ within their day to day processes. Heading to Black Hat and/or DefCon? Meet the ShadowTalk team at our party Wednesday night at Eyecandy Sound Lounge. Details and guest list here: https://info.digitalshadows.com/BlackHat-SecurityLeadersParty2019.html?SourceCode=shadowtalk
Harrison (@pseudohvr) is joined by Digital Shadows co-founder and Data Privacy Officer, James Chappell (@jimmychappell), as well as CISO Rick Holland (@rickhholland), to discuss the news this week around Marriott’s GDPR fines. The team talks through initial thoughts and observations, what it means for global privacy and regulation, and what we can expect moving forward. And if you have examples of best practices around breach notification, hit up our Photon Research team on twitter (@photon_research). Look out for a blog post in the coming weeks around this.
The US cyberattack against Iranian targets remains only indistinctly visible in the information fog of cyberwar. Iran’s APT33 seems to have altered its tactics after its operations against Saudi targets were described by Symantec at the end of March. An insurer and provider of vision and dental benefits investigates a “data incident.” Skids-on-skids, kids. Facebook talks information operations, and teases plans concerning identity. Notes on the labor market. Johannes Ullrich from the SANS Technology Institute and the ISC Stormcast podcast on malware C&C channels making use of TLS. Tamika Smith speaks with Harrison Van Riper from Digital Shadows about their recent report, “Too Much Information: The Sequel,” outlining the increase in data exposure over the past year. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_27.html Support our show
Alex and Christian join HVR this week to discuss the Linux malware “HiddenWasp” (along with HVR’s hatred of the insect), the BlackSquid malware, and updated campaign activity from TA505 and Turla threat groups. Then, Harrison sits down with Dr. Richard Gold, head of Security Engineering at Digital Shadows, to discuss Photon Research’s most recent report Too Much Information: The Sequel. Be sure to download the full report at https://info.digitalshadows.com/TooMuchInfoTheSequel-podcast.html and the intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-30-may-06-jun-2019
In this episode, we discuss how the concepts of of trust, privacy, transparency and identity are changing in the future with the director of Future Agenda in the UAE, Ali Draycott. We also talk about having our own digital replica that transfers data from the world we live in to the virtual world of the internet. Listen to #Pulse95Radio in the UAE by tuning in on your radio (95.00 FM) or online on our website: www.pulse95radio.com ************************ Follow us on Social. www.facebook.com/pulse95radio www.twitter.com/pulse95radio www.instagram.com/pulse95radio
Rick Holland: Analysts Make the Best CISOs In this week’s episode of InSecurity, Matt Stephenson has a chat with Rick Holland, CISO at Digital Shadows. Rick took a unique path to the CISO role, following a distinguished career as an analyst at Forrester. They touch on a myriad of subjects including Rick’s Security and Risk Playbook for CISOs Rick Holland is hard to miss online. You can hear him regularly on the Award Winning podcast ShadowTalk. He also blogs regularly and will get up to some mishceif on Twitter. If you are heading to RSA San Francisco, make sure to come and say hello to Rick, Matt and a lot of other interesting security folks Tuesday night at the Digital Shadows Security Leaders Party, Tuesday, March 5that 6.00 pm. Cylance will be at Booth #6145 in the North Hall. Swing by to see demos of Cylance’s Artificial Intelligence (AI) Platform which provides advanced endpoint protection and endpoint detection and response capabilities. Join us to see for yourself how the Cylance AI Platform delivers business value and outcomes you had been told were impossible. You can also snag some of our giveaways while you’re there, so come on by. About Rick Holland Rick Holland (@rickhholland) is the CISO and Vice President of Strategy at Digital Shadows. Rick has more than 15 years’ experience working in information security. Before joining Digital Shadows, he was a vice president and principal analyst at Forrester Research, providing strategic guidance on security architecture, operations, and data privacy. Rick also served as an intelligence analyst in the US Army. He is currently the co-chair of the SANS Cyber Threat Intelligence Summitand holds a B.S. in business administration from the University of Texas, Dallas. Rick regularly speaks at leading security conferences across the globe and has been interviewed by industry and business media including BBC News, CNN, Dark Reading, Motherboard, NPR, The Register and Wall Street Journal. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. Can’t get enough of Insecurity? You can find us wherever you get your podcasts including Spotify, Stitcher, SoundCloud, I Heart Radio as well as ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste Make sure you Subscribe, Rate and Review!
The Photon Research Team’s Rafael Amado, Richard Gold and Harrison Van Riper get together to discuss Digital Shadows’ latest research report, A Tale of Epic Extortions: How Cybercriminals Monetize Our Online Exposure. Whereas many of the cyber security issues covered by researchers may seem obscure and irrelevant to the majority of businesses and individuals out there, extortion is a topic with a real human impact, and one that can have physical, psychological and financial consequences. The team look at how extortionists are diversifying their methods, emboldened by the credentials, sensitive documents and technical vulnerabilities that we leave exposed online. Download the latest report at https://info.digitalshadows.com/ExtortionResearchReport-Podcast.html, and listen to the podcast to learn how to properly manage your online exposure and reduce extortion risks.
Alex and Jamie matched with Harrison in this Valentine’s week episode of ShadowTalk. We discuss why four different APT groups were observed using the same tooling, vulnerabilities in Apple’s iOS, and what everyone did for Valentine’s Day. Also, we have launched the Photon Research Team at Digital Shadows! Visit our announcement blog to learn more (https://www.digitalshadows.com/blog-and-research/photon-research-team-shines-light-on-digital-risks/) and follow the team on Twitter @photon_research! Full intelligence summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-07-feb-14-feb-2019
It's time for another Security Thing with Craig Peterson. Today, Craig discusses about the cybercrime gangs advertising the high paying cybercrime jobs that are available out there. These and more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles Cybercrime Gangs Advertise Fresh Jobs, Hacking Services --- Below is a rush transcript of this segment, it might contain errors. Airing date: 02/07/2019 High Paying Cybercrime Jobs Available Craig Peterson 0:00 Hey, good morning everybody. Craig Peterson here with A Security Thing, hey, if you aren't into security and trying to understand it and trying to fight against the bad guys, you're in the wrong place. Because that's all this is about is security. And today we have another real quick one that I think is important for everybody to understand. I heard in the ad the other day from this company that we've all heard their ads before. The company's called Lifelock. And you know, I already have a special report out about how to protect your data and keep it safe and how Lifelock is you know, essentially a waste of money. You can freeze your credit and it doesn't have to cost you a dime and all Lifelock does this come in afterwards and maybe help you clean up right? So should you do it? Shouldn't you do it? I don't know. I've got a special report about it and I've got an explainer video that I produced about it as well. And you can get that if you want. But anyhow. What they said in that ad was that there is a job offer right now out on the dark web for $700,000 for a hacker. $700,000 a year, supposedly. So knowing how Lifelock some time to says, played a little fast and loose with things in the past, and in fact, got sued by the federal government and a whole whole big mass, I decided I would look it up a little bit. Now, the dark web is a little more difficult, right? It's not like there is Google for the dark web. Yeah, there's some search engine-ish things out there that you can use and you can do a little poking around. So I did but I also look for articles that made a similar claim because at least then you've got something to go on. And sometimes it's an echo chamber, right? Like what happened with this whole Russian investigation thing with President Trump, where it was a democratic investigation that was entirely politically motivated. And then the it was they told it to a friend who told to a friend who told to a friend, and all of a sudden now the FBI, it's got to come in from six different sources, the same basic story. And you know, from playing broken telephone as a kid that the story changes a little bit, right, every time it's passed along. And of course, some people purposely change it. So of course, the FBI is going to get a bunch of different stories from bunch of different people and say, Oh, well, maybe there's something here, maybe we should look into it. So I expected to find at least that online. The Lifelock this commercial, they were saying $700,000 a year for a cyber hacker to try and steal people's personality. So I figured someone had to mention it. It had to be in the regular press somewhere, right? So I go and look at some of the left wing sites like the New York Times, and then Huffington Post and don't find anything there. And I look at some of the conservative sites that are out there. I look at Google, I do a Yahoo search. I do a Bing search, don't find anything. Try a couple of dark web search engines as they are. Couldn't find anything. So once again, that leaves me kind of wondering is Lifelock pulling in another fast one on us and it might be. But here's what we did find, a website called http://banksecurityinfo.com and this is talking about cyber crime gangs advertising fresh jobs for hacking services, and it goes through and lists a bunch of payments that they'll have.Now the the jobs it's not like a job Hey, you know, we'll pay you so much they do have some of those. In fact, this one hacking group out there according to Bankinfosecurity is offering full time employees a monthly salary of 50,000 pounds, likely rising to 70,000 pounds. Now, aren't those interesting numbers out there? So if you take 50,000 pounds, that's about what 65,000 US, and you multiply that by 12, you get $780,000. Tadah! I think I found where Lifelock might have gotten some of this stuff. So it's interesting. This is called dark overlord. In case you're wondering, and you want to go apply for a job. But there are a lot of offers out there. For hacking a web server, they'll pay you 220 to as much as $3,000. Keyloggers, 170 bucks. Denial of service attacks, and those vary from 350 to 2500 bucks. Hacking a personal computer 280 to 3500. Cell phones, it's about 500 bucks. Email hacking again, about 750 bucks. Social media account hacking about 500 bucks. Of course that varies as well. Change school grades 1200 to 3700 bucks. Wow. It's gotten expensive. And a FUD ransomware and decryptor, depends. 12 months 900 bucks. Six months 490. 1 month, 120. So interesting, right? And they're looking for fully undetectable ransomware. So there's some decent money out there who knows about these jobs? If these are legitimate. Multi lingual candidates are desirable. It'll add 5% of your salary or commission for fluency per language. Chinese, Arabic and German being particularly desirable. And must have a winning attitude. It sounds like something you would normally post doesn't it? so I figured you know if you're interested in security you'd like to know a little bit about this. Digital Shadows found this job advertisement out online and the dark markets really do persist but I got a warn you. Of course you can get serious US prison time if you're caught doing any of this stuff and that's probably why they pay so well. So the bad guys are out there. They're trying to get us and no surprise there we got to defend ourselves. Anyways that's today's Security Thing and we will be back tomorrow with another one and of course on Saturday with my regular radio show. Taking Sunday off per usual while at least from doing podcasts and I hope you keep an eye out for all these master classes I'm doing. http;//CraigPeterson.com/subscribe. Alright, have a great day. Talk to you later. Bye bye. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Message Input: Message #techtalk Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553
In this bonus edition of ShadowTalk, Dr Richard Gold and Rafael Amado discuss the recent BBC Russian Service investigation into Facebook accounts being sold online. As reported on Friday, at least 81,000 accounts with private messages were being advertised online. Digital Shadows assisted the BBC with its investigation. Richard and Rafael outline what we know so far, as well as answering some of the key questions raised by this story. For more, see our recent blog available at https://www.digitalshadows.com/blog-and-research/81000-hacked-facebook-accounts-for-sale-5-things-to-know/.
In this week’s Shadow Talk, Rafael Amado joins Michael Marriott to discuss Digital Shadows’ latest research on Business Email Compromise. We discuss how criminals are outsourcing this work, and how the exposure of 33,000 finance department credentials is increasing the ease for attackers. However, even without taking over accounts, criminals can get their hands on sensitive financial information. We dig into the 12.5 million exposed email archives that are available through misconfigured online file stores, including invoices, purchase orders, and payments. Finally, we provide advice for mitigating these risks.
Rick Holland, CISO of Digital Shadows, joins Richard Gold and Michael Marriott to discuss the latest cybersecurity news. In part one, we discuss the possible implications of Facebook security flaws affecting 50 million accounts. In part two, one year after reports of the Equifax breach surface, the UK arm has been fined £500,000 by the ICO. We look at the lessons learned.
In this episode: Sasha Shtern, local entrepreneur and blockchain investor, is our feature interview this week. News from: Old Spaghetti Factory, Intelisecure, Webroot, Coalfire, Ping Identity and a lot more! Don't miss your last chance to eat in a cable car The food isn't great, but I'll miss OSF. Colorado's economy is #1. Cory Gardner proposed a federal cyber bill, and the Colorado law has gone into effect. Cyberbullying sucks. Intelisecure is growing. Webroot teams up with Digital Shadows. Coalfire posts another great blog. And two MFA hot takes from Ping. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com Local security news: Join the Colorado = Security Slack channel Downtown Old Spaghetti Factory closing Colorado ranks No. 1 in 'best economy' states Apple’s latest acquisition of Colorado startup breathes new life into AR glasses rumors Gardner’s cybersecurity bill deals automatic sanctions, unless the president says no Who knew? Strict consumer data protection is now the law for businesses in Colorado -- with a Sept. 1 deadline to comply Not a 'Gotcha Law': How Corporate Legal Can Prep for Colorado's Cyber Law | Corporate Counsel Increasing frequency of cyberbullying prompts Loveland judge to take 'zero tolerance' approach Denver Business Journal 2018 Fast 50 finalists Digital Shadows SearchLight Enhances Threat Intelligence for its Clients by Integrating with Webroot BrightCloud® Threat Intelligence Services Coalfire Blog - AWS Slurp Github Takeover PingID + YubiKey: MFA the Hard (Token) Way Ping blog - Five preventable breaches make the case for MFA everywhere Job Openings: Ping Identity - Cloud Security Architect Ping - NOC/SOC Manager (SRE Manager, Cloud Operations) SomaLogic - VP of Information Security DISH - Senior Leader- Cybersecurity Comcast - Senior Director, Software Defined Network Security Products PDC Energy - Security Analyst ICF - Insider Threat Analyst PWC - Cybersecurity Incident Response - Director Red Canary - Content Manager, Information Security SecureSet - Network Security Instructor University of Denver - Faculty Director of Computer Science Professional Programs - Ritchie School of Engineering & Computer Science Upcoming Events: This Week and Next: SecureSet - Hacking 101: Social Engineering - 9/6 Colorado Springs Cybersecurity "First Friday" Social & Mixer - 9/7 CSA - CCSK Training - 9/7-9/8 Infragard - Identifying, Investigating, and Interrupting Targeted Cyber Attacks: An InstructionalCourse for Government employees - 9/10 ISSA Denver - September Chapter Meetings - 9/11-12 CTA - Insights Series | Blockchain Explained: What You Need to Know about Blockchain and Beyond - 9/13 SecureSet - Career Convos: Laura Baker - 9/13 SecureSet - Beginner’s Intro to Capture The Flag: Extended Mix - 9/14 Other Notable Upcoming Events C-Suite Awards Celebration 2018 - 9/25 CTA - Apex Awards - 11/7 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
This week, Paul and John Strand interview Rick Holland, CISO at Digital Shadows! In our Technical Segment, John Strand talks about Office 365 User Behavior Analytics! In the Enterprise News this week, we have updates from VMware, Caveonix, Qualys, Minerva Labs, Bitdefender, CrowdStrike, and more on this episode of Enterprise Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ES_Episode104 Visit https://www.securityweekly.com/esw for all the latest episodes! Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
Rick Holland has more than 15 years' experience working in information security. Paul and John talk to Rick about vulnerability management, WAFs, and advice to enterprise marketing. Full Show Notes: https://wiki.securityweekly.com/ES_Episode104 Visit http://securityweekly.com/esw for all the latest episodes!
This week, Paul and John Strand interview Rick Holland, CISO at Digital Shadows! In our Technical Segment, John Strand talks about Office 365 User Behavior Analytics! In the Enterprise News this week, we have updates from VMware, Caveonix, Qualys, Minerva Labs, Bitdefender, CrowdStrike, and more on this episode of Enterprise Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ES_Episode104 Visit https://www.securityweekly.com/esw for all the latest episodes! Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
Rick Holland has more than 15 years' experience working in information security. Paul and John talk to Rick about vulnerability management, WAFs, and advice to enterprise marketing. Full Show Notes: https://wiki.securityweekly.com/ES_Episode104 Visit http://securityweekly.com/esw for all the latest episodes!
This week it was revealed that six new domains registered by APT28, spoofing nonprofit, Senate, and Microsoft domains, have been sinkholed. With November’s US midterm elections fast-approaching, we dive into the latest threats and discuss how organizations can understand the threat posed to them by such malicious actors. Dr Richard Gold, Head of Security Engineering at Digital Shadows, joins Mike Marriott to discuss threat modeling; outlining the steps organizations can take to define their critical assets, understand the threat landscape, and create scenarios based on these. This enables organizations to identify security controls that are in place to mitigate, prevent and detect a specific threat actor's tradecraft, as well as uncover gaps in controls and establish a remediation plan.
SPY Historian Vince Houghton sat down with Rick Holland, Chief Information Security Officer (CISO) and Vice President of Strategy for Digital Shadows, to discuss the latest cyber trends and developments
Rick Holland, CISO at Digital Shadows, discusses the latest 2018 Forrester New Wave for Digital Risk Protection. He discusses how security leaders must avoid blind spots with a more complete risk picture.
Key Points From This Episode:An introduction to the work of Michael and Digital Shadows.Explaining the dark web and how it functions.Recent developments in the dark web market places.The service that Digital Shadows offers to its clients.Looking at file storage and the problems that these services create.How Michael’s organization goes about protecting other organizations from threats.Removing the criminal value of identifiers such as SS numbers.Some of the interesting ways customers are testing their security.The latest tactics of cyber crime for market place impersonations.The illegal work of ‘rippers’ and how they are flagged.The life cycle of cyber criminal personas.And much more!
CISO and VP of Strategy at Digital Shadows Rick Holland discusses his path in the information security industry, advancements in the threat intel space, and his passion for good bar-b-que.
It's 2 billion users now, Liinux beep, Digital Shadows finds fail files, cloud misconfiguration, AlterEgo, AI applications, Alexa sending payments, Tech, Ideas, Recommendation, Aphorism, and more…
Facebook verschärft Regeln für Politik-Werbung / T-Mobile Österreich speichert offenbar Kundenpasswörter im Klartext / 1,5 Milliarden Dokumente liegen offen im Netz / Ausgesucht von der M94.5-Online-Redaktion. Präsentiert von Greta Prünster.
This week, while James was out on family duty, I sat down on a Saturday morning with my good friend Will Gragido to talk security. Will is an industry old-timer (sorry buddy, we're old) and has some seriously valid opinions on many things. We discuss some interesting topics, and apologize for nothing. Highlights from this week's show include... It's conference season again... and time for more buzzword bingo Marketing people are the worst...except we're all complicit Threat Intelligence. Again. Still. Yep. Let's go hunting for threats - who should have a threat hunt team, and why Mergers, acquisitions, and the future of our industry Guest Will Gragido ( @WGragido ) - Will Gragido is a seasoned security professional with over 20 years’ experience in networking and information security. Will’s extensive background is the result of his service as a United States Marine, a consultant with the world renowned International Network Services, Internet Security Systems (now IBM ISS), McAfee, Damballa, Cassandra Security, RSA Netwitness, Carbon Black, Digital Shadows and now Digital Guardian where he leads the organization’s Advanced Threat Protection Product Line as its Director.
The Digital Shadows research team provides an overview of the latest news this week, including CVE-2018-4878 that’s now being used in a spam campaign, 23,000 website certificates set to be revoked, Memecached Server Used for DDoS Reflection, and updates on SamSam and DataKeeper ransomware variants.
The Digital Shadows research team provides an overview of the latest news this week, including new SWIFT attacks, more Business Email Compromise activity, the return of extortionist “thedarkoverlord”, Sam Sam and Saturn ransomware variants, and new reporting on APT-37.
The Digital Shadows team discusses the highlights of the past seven days, including the crypto currency mining “CoffeeMiner”, new Turla activity, and cyber threats to the Winter Olympics.
The Digital Shadows team discusses the highlights of the past seven days, including Meltdown and Spectre, the release of Satori code, OpNetNeutrality, OpIcarus and Monero mining malware.
This week I’m joined by Rick Holland, VP of Strategy for Digital Shadows. Rick is a Texan, so we kick things off right by talking BBQ. After that, we dive into his origin story where he describes his time in the Army and what he learned there. I also ask him about his time as a Forrester analyst and whether analyst firms are pay to play, and whether they have a negative impact on the security industry. Finally, we discuss the evolution of threat intelligence in the security field.
Building successful products, the most important startup question, and updates from McAfee, Slack, ThreatStack, JASK, and more startup security news! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode56 Visit http://securityweekly.com/category/ssw for all the latest episodes!
Building successful products, the most important startup question, and updates from McAfee, Slack, ThreatStack, JASK, and more startup security news! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode56 Visit http://securityweekly.com/category/ssw for all the latest episodes!
In today's podcast we hear about an international raid that took down the illicit Hansa Market—which, it turns out, the Dutch National Police had covertly taken over for about a week. Recovery from WannaCry and NotPetya continues its long slog. Banking malware is on the rise in the wild. Studies warn of power grid vulnerabilities. Devil's Ivy infests security cameras in the IoT. Digital Shadows offers a look at hackers' black markets and see similarities to the drug trade. Our newest partner Robert M. Lee from Dragos introduces himself and the ICS work he does. Guests are Leslie P. Francis and John G. Francis, coauthors of the book, “Privacy - What Everyone Needs to Know.”And our congratulations to Dr. Whitfielf Diffie, the newest Fellow of the Royal Society.
In today's podcast we continue to follow the Shadow Brokers, and we take a quick look into the shadowy world of hybrid warfare. No fresh leaks in this incident, but someone seems to be using seized Silk Road Bitcoin wallets to bid on leaked files. Election hacking worries persist, and concerns about secret ballots appear. Some users want a general strike against Tor. Point-of-sale malware and what to do about it. Industry notes. A new Wassenaar round will revisit cyber arms control next month. John Leiseboer from QuintessenseLabs addresses data redundancy and replication, and Michael Marriott from Digital Shadows tells us about the shady deer.io online market.
This week I speak with Alastair Paterson, CEO of Digital Shadows, a hot UK tech start-up who are flying in the field of digital security. Alastair shares his considerable experience to tell you exactly what you need to do to get a job with a tech start-up. We cover all aspects of the recruitment process at a small start-up, from how to get an internship, how to get the job itself, common mistakes people make, how to stand out from the crowd, and finally how then to negotiate yourself some equity.
Alastair Paterson is the Founder of Digital Shadows which offers a cyber-monitoring service that secures companies’ “digital footprints” and protects companies and individuals from cyber-attacks.