Podcasts about reversinglabs

This week, we are joined by Lucija Valentić, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly patches locally installed wallet software to redirect crypto transfers to attacker-controlled addresses. ReversingLabs researchers discovered that this package used obfuscated JavaScript to trojanize specific files in targeted wallet versions, enabling persistence even after the malicious package was removed. This incident highlights the growing threat of software supply chain attacks in the cryptocurrency space and underscores the need for vigilant monitoring of both open-source repositories and local applications. The research can be found here: ⁠⁠Atomic and Exodus crypto wallets targeted in malicious npm campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Lucija Valentić, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly patches locally installed wallet software to redirect crypto transfers to attacker-controlled addresses. ReversingLabs researchers discovered that this package used obfuscated JavaScript to trojanize specific files in targeted wallet versions, enabling persistence even after the malicious package was removed. This incident highlights the growing threat of software supply chain attacks in the cryptocurrency space and underscores the need for vigilant monitoring of both open-source repositories and local applications. The research can be found here: ⁠⁠Atomic and Exodus crypto wallets targeted in malicious npm campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest This diary explores a novel methodology for classifying malware by integrating entropy-driven feature selection with a specialized Convolutional Neural Network (CNN). Motivated by the increasing obfuscation tactics used by modern malware authors, we will focus on capturing high-entropy segments within files, regions most likely to harbor malicious functionality, and feeding these distinct byte patterns into our model. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Leveraging%20CNNs%20and%20Entropy-Based%20Feature%20Selection%20to%20Identify%20Potential%20Malware%20Artifacts%20of%20Interest/31790 Malware found on npm infecting local package with reverse shell Researchers at Reversinglabs found two malicious NPM packages, ethers-provider2, and ethers-providerz that patch the well known (and not malicious) ethers package to add a reverse shell and downloader. https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell Google Patched Google Chrome 0-day Google patched a vulnerability in Chrome that was already exploited in attacks against media and educational organizations in Russia https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

Privacy Aware Bots A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them. https://isc.sans.edu/diary/Privacy%20Aware%20Bots/31796 Critical Ingress Nightmare Vulnerability ingress-nginx fixed four new vulnerabilities, one of which may lead to a Kubernetes cluster compromise. Note that at the time I am making this live, not all of the URLs below are available yet, but I hope they will be available shortly after publishing this podcast https://www.darkreading.com/application-security/critical-ingressnightmare-vulns-kubernetes-environments https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities https://kubernetes.io/blog/ FBI Warns of File Converter Scams File converters may include malicious ad ons. Be careful where you get your software from. https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam VSCode Extension Includes Ransomware https://x.com/ReversingLabs/status/1902355043065500145

Karlo Zanki, Reverse Engineer at ReversingLabs, discussing their work on "Malicious PyPI crypto pay package aiocpa implants infostealer code." ReversingLabs' machine learning-based threat hunting system identified a malicious PyPI package, aiocpa, designed to exfiltrate cryptocurrency wallet information. Unlike typical attacks involving typosquatting, the attackers published a seemingly legitimate crypto client tool to build trust before introducing malicious updates. ReversingLabs used its Spectra Assure platform to detect behavioral anomalies and worked with PyPI to remove the package, highlighting the growing need for advanced supply chain security tools to counter increasingly sophisticated threats. The research can be found here: Malicious PyPI crypto pay package aiocpa implants infostealer code Learn more about your ad choices. Visit megaphone.fm/adchoices

Karlo Zanki, Reverse Engineer at ReversingLabs, discussing their work on "Malicious PyPI crypto pay package aiocpa implants infostealer code." ReversingLabs' machine learning-based threat hunting system identified a malicious PyPI package, aiocpa, designed to exfiltrate cryptocurrency wallet information. Unlike typical attacks involving typosquatting, the attackers published a seemingly legitimate crypto client tool to build trust before introducing malicious updates. ReversingLabs used its Spectra Assure platform to detect behavioral anomalies and worked with PyPI to remove the package, highlighting the growing need for advanced supply chain security tools to counter increasingly sophisticated threats. The research can be found here: Malicious PyPI crypto pay package aiocpa implants infostealer code Learn more about your ad choices. Visit megaphone.fm/adchoices

Your organization runs on commercial software far more than it does open source.  But all you are delivered is binaries.  What is your technical control to ensure that you are safe from this software? Such software is composed of: Open source libraries Proprietary code 3rd-party proprietary libraries You need to be able to see it, understand it, probe it for malware, backdoors, corruption, CVEs, KEVs, etc.  Well now you can.  SBOMs are just the beginning... Allan and Drew are joined by Sasa Zdjelar, Chief Trust Officer at ReversingLabs, who have spent 15 years solving this highly specific and highly challenging problem in cybersecurity. The show is not sponsored by ReversingLabs.  Allan and Drew wanted the world to know that they exist, and that this capability is now in-hand... Y'all be good now!

Cisco has identified a critical security flaw in its SSM On-prem. The world's largest recreational boat and yacht retailer reports a data breach. The UK's NHS warns of critically low blood stocks after a ransomware attack. Port Shadow enables VPN person in the middle attacks. Ivanti patches several high-severity vulnerabilities. FIN7 is advertising a security evasion tool on underground forums. Indian crypto exchange WazirX sees $230 million in assets suspiciously transferred. Wiz documents vulnerabilities in SAP AI Core. DDoS for hire team faces jail time. Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins us to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software." Playing red-light green-light with traffic light controllers.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins us to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software."  Selected Reading Cisco discloses a 10.0 CVSS rating vulnerability in SSM On-Prem (Stack Diary) Yacht giant MarineMax data breach impacts over 123,000 people (Bleeping Computer) UK national blood stocks in 'very fragile' state following ransomware attack (The Record) Port Shadow Attack Allows VPN Traffic Interception, Redirection (SecurityWeek) Ivanti Issues Hotfix for High-Severity Endpoint Manager Vulnerability (SecurityWeek) Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums (Security Affairs) WazirX reports security breach at crypto exchange following $230 million 'suspicious transfer' (TechCrunch) SAPwned: SAP AI vulnerabilities expose customers' cloud environments and private AI artifacts (Wiz Blog) Jail time for operators of DDoS service used to crash thousands of devices (Cybernews) Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

An alleged sinister hacking plot by China. CISA and the FBI issued a 'secure-by-design' alert. Ransomware hits municipalities in Florida and Texas. The EU sets regulations to safeguard the upcoming European Parliament elections. ReversingLabs describe a suspicious NuGet package. Senator Bill Cassidy questions a costly breach at HHS. A data center landlord sues over requests to reveal its customers. On our Industry Voices segment, Jason Kikta, CISO & Senior Vice President of Product at Automox, discusses ways to increase IT efficiency while avoiding tool overload & complexity. And Google's AI Throws Users a Malicious Bone. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Jason Kikta, CISO & Senior Vice President of Product at Automox, discusses ways to increase IT efficiency including automation & tool streamlining, IT automation/automated patching, and tool overload & complexity. You can learn more in Automox's 2024 State of IT Operations Research Report. Selected Reading Millions of Americans caught up in Chinese hacking plot (BBC) US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities (SecurityWeek) CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) St. Cloud most recent in string of Florida cities hit with ransomware (The Record) Hackers demand $700K in ransomware attack on Tarrant Appraisal District (MSN) The impact of compromised backups on ransomware outcomes (Sophos News) EU sets rules for Big Tech to tackle interference in European Parliament elections (The Record) Suspicious NuGet package grabs data from industrial systems (ReversingLabs) Senator demands answers from HHS about $7.5 million cyber theft in 2023 (The Record) Data center landlord refuses Fairfax County demand for tenant information (Washington Business Journal) Google's AI-powered search feature recommends malicious sites, including scams and malware (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Charlie Jones, Director of Product Management at ReversingLabs and subject matter expert in supply chain security, joins host Priyanka Raghavan to discuss tackling third-party software risks. They begin by defining different types of third-party software risks and then take a deep dive into case studies where third-party components and software have had cascading effects on downstream systems. They consider some frameworks for secure software development that can be used to evaluate third-party software and components – both as a publisher or as a consumer – and end by discussing laws and regulations with final advise from Charlie on how enterprises can tackle third-party software risks. Brought to you by IEEE Computer Society and IEEE Software magazine. This episode is sponsored by WorkOS.

ChatGPT goes off-script with Shakespearean flair, and cybersecurity becomes the beacon in guarding our maritime and water utility infrastructures. We unravel the complexities of software supply chain threats with a focus on the Python Package Index, and spotlight the latest vulnerabilities in ConnectWise's ScreenConnect. It's a journey through the cyber squalls and the efforts to anchor down our digital defenses. Featured Stories: ChatGPT's Shakespearean Spiral - Delving into the reasons behind ChatGPT's unexpected dive into nonsensical outputs. Read more on Ars Technica and Reddit. Bolstering Maritime Cybersecurity - How the Biden administration is strengthening America's maritime defenses against cyber threats. Cybersecurity at Sea: Strengthening America's Maritime Defenses. Protecting Water Utilities from Cyber Threats - A look into the new wave of cybersecurity measures for water utilities by CISA, the FBI, and the Environmental Protection Agency. The Stealthy Expansion of Software Supply Chain Threats - Unpacking a sophisticated cyber-attack via the Python Package Index. Discover more at ReversingLabs. Patch and Protect: ConnectWise ScreenConnect Update - Addressing the vulnerabilities reported in ScreenConnect and the steps for remediation. ConnectWise Security Bulletins. Join us as we dissect these pivotal moments in digital security and AI quirks, ensuring you stay informed and ahead of the curve in the ever-evolving world of technology. Only on Spotify. For the best listening experience, follow us on Spotify and dive into the digital depths with our insightful episodes on technology, cybersecurity, and the unexpected turns of AI. Transcript: Feb 22 [00:00:00] All right. Good morning listeners. And welcome back to the daily decrypt. Huge shout out to Jared Jones for his brand new release song played under the. Super sophisticated AI announcer. If you're looking for some music, if you're working hard all day in front of the computer and you're looking for some [00:01:00] music that doesn't have words and isn't too distracting, highly recommend looking up Jared Jones. J E R E D. You're going to find lots of sick bangers like that one. All right. But let's get into the news today. We're going to dive into a digital pandemonium as chat GPT, seemingly takes a Shakespearian swerve. Leaving user's puzzled with it's nonsensical Jabber. Meanwhile, the us government makes waves in cybersecurity. Anchoring down on maritime defenses against the rising tide of cyber threats, proving that when it comes to securing our ports, It's not just about the web. It's about the water. Speaking of water. We are also going to explore how America's water utilities are fortifying, their cyber defenses. Ensuring that the only things flowing through our pipes, our water and wifi. In the realm of software and vulnerabilities, we're gonna be talking about the Python package index or PI as I call it. And how it becomes a Trojan horse for cyber attackers highlighting the stealthy expansion of [00:02:00] threats within our digital supply chains. And lastly, if you stick around this long, we're going to just touch base on connect Wise's screen connect vulnerabilities. All right. So yesterday, Users on Reddit started reporting that chat GPT. What's going absolutely insane. The responses from techy, PT would start out pretty normal and then quickly devolve into what I would describe as someone with a dementia or Verna keys, aphasia. Thanks to all the Reddit users who posted their chats. They're very fun to read through. Various journalists have reached out to open AI, the makers of chatty Beatty. For comment and we're met just with direction to their status page. So no comment at this time has been released. But I have an example here of what ChatGPT was spitting out. And you can see by looking at the. Output. It's just [00:03:00] going through how it formulates its responses. It's creating noise and then refining that noise. So here. Is. An example of what it was doing yesterday. "The high, the high or the heart where the hair. The his, or the Howell hones, a hill, a heel or a hand where all the Astor and any, and all, or an ACE or a story or a strain at grok stands for, of you a visit or the verb there site. Is a stand, a state or a story the in or the in wit makes a must a may or a most." Part of that sounded kind of like the monologue from V for vendetta, which I'm not going to even try. To repeat, but if you haven't seen me for vendetta, highly recommended, Given the help the chat should. The T made composing this episode, it seems to be back to normal. But. It is a reminder at how. These quote, artificial intelligent. Chat bots are not perfect [00:04:00] and they can quickly devolve. So did, do you know that. Our planet is made up of mostly water. And so our, our bodies. Though these facts may seem startling. They're starting. To get the attention of government officials such as the Biden administration who yesterday released an executive order aimed at bolstering cybersecurity measures across the United States port facilities. This is sparked by increasing concerns over cyber threats, particularly from nation state actors like China. Who could cripple a lot of our infrastructure. By just taking down a few maritime ports. In an era where cybersecurity incidents can ripple through the global supply chain with devastating effect, the executive order represents a significant pivot towards enhancing the resilience of [00:05:00] maritime infrastructure. The us coast guard is now endowed with explicit authority to counter malicious cyber activities. Targeting the nation's Marine transportation system. This includes a mandate for the immediate reporting of any cyber threats or incidents that could compromise vessels, harbors, ports, or waterfront facilities. Part of the executive order involved reallocating over $20 billion towards port infrastructure over the next five years. And this is an aim to repatriate crane manufacturing, eh, which is a sector currently dominated by China, which manufacturers approximately 80% of the cranes used in us ports. So if you're wondering why focus on ports? Well, consider this America's ports are not just points of entry for goods. They're bustling hubs that can support 31 million American jobs and contribute $5.4 trillion to the economy. They're smooth operation is pivotal to our national security and economic prosperity. The threat of cyber attacks, particularly those that could be orchestrated by foreign adversaries. So as it [00:06:00] turns out, network ports, aren't the only ports cybercriminals are sneaking into. In the world of port. Cybersecurity, it looks like we're moving from pirate, infested waters. To cyber secure harbors. Ari a feeling safe yet. Speaking of water and making waves in the world of cybersecurity. The FBI SISA and the EPA. Released tips targeted specifically to water plants and water managing agencies. At an age where hackers seem to have the thirst for infiltrating our critical infrastructures. The spotlight has turned to our water utilities. This isn't just about keeping the water flowing. It's about ensuring that the only thing going down the drain is well water. And not our security. In recent years, several water treatment companies have been the target of ransomware attacks, which has led to significant disruptions. Such events compromise the safety and availability of drinking water, which is a serious risk to public health and [00:07:00] safety. These agencies. Are aiming to prevent such outcomes by helping utilities, bolster their defenses against malicious cyber activity. The article in our show notes, outlines eight top notch strategies to keep cyber threats at bay. From hiding key assets to changing passwords, as often as we're supposed to change our water filters. It seems like water utilities are being prepped for a stormy season in cyberspace. So what kind of attacks are they trying to prevent? Often hackers exploit vulnerabilities in the software and hardware that control water treatment processes. And by gaining unauthorized access, they can disrupt operations, demand, ransom, or even tamper with water quality. The guidance provided by SISA the EPA and FBI emphasizes the importance of regular updates and patches to address these vulnerabilities. Alongside training for staff to recognize and respond to cyber threats. Well, no system can be made completely invulnerable. The adoption of these recommended practices significantly reduces the risks [00:08:00] of successful cyber attacks, which is what we're going for. It is a lofty goal to completely eliminate cyber risk, but. The goal is to just do what we can. To make ourselves more secure. Alrighty, we're going to turn this a little bit more technical and talk about some recent vulnerabilities that have been discovered. Reversing labs. Released an article that discusses. A sophisticated cyber attack that leverages the Python package index or PI as I like to call it. To distribute malicious software through a technique known as DLL sideloading. In January of 2024. Carlos janky, a reverse engineer at reversing labs discovered two suspicious packages on PI. Named helper and NP six helper HTTP or. These packages were found to exploit DLL sideloading, which is a method where attackers execute malicious code on a computer without being detected by security [00:09:00] software. This technique was used to target legitimate pie packages, revealing a concerning trend in the misuse of open source platforms for cyber attacks. DLL sideloading typically involves replacement or of a dynamic link library or DLL with a malicious one. The attacker's goal is to trick the application into loading this malicious DLL. Thereby executing the harmful code. It contains. In this case, the malicious packages were designed to mimic legitimate ones, very closely, which fooled developers into incorporating them into their projects. So, this is pretty significant. It affects not just individual developers, but potentially the entire supply chain. As compromised packages could be integrated into a wide array of applications. The attackers utilized Typosquatting, which is a tactic where malicious packages are named similarly to legitimate ones. In an effort to deceive users into downloading them. Reversing labs investigation further revealed that these malicious packages downloaded additional payloads, including a legitimate [00:10:00] file from king soft core. And a malicious DLL designed to execute a second stage payload. For those interested in diving deeper into the specifics of this breach, including the technical details and indicators of compromise. We encourage you to check out the full article in our show notes for a comprehensive understanding of the attack, vectors and protective measures. And before we finish up for the day. We're just going to quickly circle back to the recent ConnectWise ScreenConnect vulnerabilities that were reported on February 13th. If you're running ScreenConnect on premises, you're going to need to update your servers to version 23.9 0.8 immediately. If you're in the cloud, there are no actions needed at this time. And ConnectWise is saying that there's no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken by on-premise partners to address these identified security risks. All right. That's all we've got for today. I hope you enjoyed Water puns as well as the new music by [00:11:00] Jared Jones. Today was probably my favorite episode I've done so far. So if you have any feedback Uh, please shoot me a message on Instagram. Shoot us a tweet on Twitter. Uh, We'd love to hear from you. We understand your feedback is an honor. And so we'd be honored to receive And I believe we were taking tomorrow off. So we will talk to you more next week. [00:12:00] [00:13:00]

In this episode of the Future of Application Security, Harshil speaks with Dave Ferguson, Director of Technical Product Management, Software Supply Chain Security at ReversingLabs, which offers software supply chain security analysis platform. They discuss the rising need for software supply chain security as a result of the complexities around how software is built today. They also talk about ways to identify novel attacks through analyzing software behaviors, how efforts like SBOMs and registries help increase transparency, and why software supply chain security needs to evolve from just looking for vulnerabilities. Topics discussed: How Dave's diverse background in security, as well as his piqued interest around the SolarWinds and 3CX attacks, led to his focus on software supply chain security today. How a product manager leads by working with development teams, meeting with customers, incorporating new features and integrations, and helping bring new solutions to market. How the complexities associated with building software today — like open source and automation — have increased the possibility of adversaries slipping in.  Why analyzing software behavior across previous builds and seeing what's changed can help flag novel attacks. Today's trends that are increasing transparency in software creation, including the rising demand for SBOMs and the possibility of trust registries for commercial software. Why software supply chain security approaches need to move beyond just looking at vulnerabilities to find ways to root out all malicious activity. DOWNLOAD: Today, most application security tools are designed to find vulnerabilities, not fix them. What is noise and what is risk? And, more importantly, how do you accelerate the remediation of the most critical vulnerabilities? The answer lies within one key metric — Mean Time to Remediate (MTTR) Taking a better strategy to decrease your MTTR and keep your organization safe can begin today — download the paper to learn how.

Blog: https://medium.com/asecuritysite-when-bob-met-alice/the-wacky-world-of-javascript-and-npm-protecting-the-software-supply-chain-not-25662cfd1b66 JavaScript is the best and the worst of computer programming. It is able to exist in both the front end (the browser) and in the back end (with Node.js). It basically saved the Web as we moved from static Web pages to delivering dynamic content. With JavaScript, we could then enable direct interaction with the user but also capture and process data when required. It was a stroke of genius that allowed the same code in a Web page to be used on the back end (Node.js). But, it is sloppy language and rather unpredictable. Many love its methods, as a simple npm (Node Package Manager) can install the required software and libraries without any fuss: npm install crypgraphy But this simplicity can lead to problems. And, for Python, the pip command makes it easy to install libraries: pip install cryptography But these can lead to back-door trojans if an adversary places a back door in one of the associated libraries. Along with this, we can get typosquatting, and where a developer might type: pip install crypgraphy and download a malicious library. For this, an adversary needs to get their code onto one of the trusted repositories for JavaScript and Python. Protecting the supply chain The SolarWinds attack should act as a lesson in the importance of protecting the software supply chain, as backdoors can be applied to trusted software. For this, an adversary could either break into a trusted software system and add a backdoor in the software and then, with a compromised private key, sign the update as being valid. Also, an adversary could add a backdoor to open-source software that might go unnoticed when built. And, so, software languages tend to vary greatly in their control of libraries. With Rust, for example, we have Cargo, and which is a strongly versioned package manager. This will build a Rust program with a strict linkage of libraries to a given version — rather than taking the up-to-date version. All of the code is compiled strictly against versions of the binding to the code. Golang is less tightly defined and uses a git pull of the current version and stores it locally on a machine. A new git pull is required to update the version. The problem with npm and pip Now, it has been reported by Phylum that a new stealthy malware is spreading within npm [here]: With this, they reported on 31 July 2023 that there were suspicious activities on npm, and that 10 “test” packages were published. The research team found that they were part of a targeted malware attack — and which focused on exfiltrating source code and confidential information. This involved several iterations of updates before the final malware was constructed, as it shows that adversaries can focus on small incremental updates rather than showing the complete code at a single instance. This can allow malicious code to go undetected — and where the increments look like sensible updates. Overall, the packages had sensible-looking names —and an example of “npm typosquatting”. A recent example included the creation of a package named “aabquerys”, which is similar to the valid package of “abquery” [here]. With is it was found that it installs a legitimate EXE (wsc_proxy.exe) and which is digitally signed with a valid certificate but where is can be used as a side loader for malware. With a side loader, a valid and trusted program is run, but where it loads malicious code. In the malware version, a malicious file named wsc.dll is placed in the same place as wsc_proxy.exe, and which loads wsc.dll when invoked (Figure 1). Figure [here] And pip, too, does not have a great track record for protecting against malicious packages. A recent report from ReversingLabs involves the integration of the Python Package Index (PyPI) repository and includes the identification of 24 malicious packages that link to three popular open-source tools: vConnector, eth-tester and databases [here]. The target for these seems to be for cryptocurrency-focused developers. Conclusions Watch the versions of your code, as you could be a trojan for others. A backdoor compiler, for example, is one of the most difficult threats to detect, and it can infect a whole lot of systems that you may be responsible for.

Ashlee Benge from ReversingLabs discussing their research titled "Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks." Researchers recently discovered over a dozen malicious packages published to the npm open source repository. These packages are targeting Microsoft 365 users and appear to target application end users while also supporting email phishing campaigns. Research supports that the malicious campaign encompassed more than a dozen files designed to steal sensitive user credentials. The research states "This most recent campaign caught our attention because of a number of features and characteristics in related npm packages that correlate with malicious intent." The research can be found here: Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

Ashlee Benge from ReversingLabs discussing their research titled "Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks." Researchers recently discovered over a dozen malicious packages published to the npm open source repository. These packages are targeting Microsoft 365 users and appear to target application end users while also supporting email phishing campaigns. Research supports that the malicious campaign encompassed more than a dozen files designed to steal sensitive user credentials. The research states "This most recent campaign caught our attention because of a number of features and characteristics in related npm packages that correlate with malicious intent." The research can be found here: Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks Learn more about your ad choices. Visit megaphone.fm/adchoices

In this week's episode, we welcome Jeff Fleischer, the Global Head of Sales at Team Cymru, as he unveils the secrets of curiosity-driven success and exceptional leadership in the world of cybersecurity. KEY TAKEAWAYS FROM THIS EPISODE Embrace a CEO Mindset: Take Ownership of Success As a sales leader, think like a CEO and take full responsibility for your role. Proactively identify areas for improvement that align with the company's overall objectives. Show initiative in optimizing revenue and customer retention to drive the organization's success. Align with Financial Goals: Drive Sustainable Growth Understanding the company's financial strategy is vital for a sales leader. Whether it's focusing on cash flow, EBITDA, or other metrics, align your sales approach to contribute to the company's long-term growth and financial well-being. Foster Open Communication: Collaborate for Collective Achievement Break down communication barriers and actively engage with other departments to gain insights into their perspectives and strategies. By promoting open communication, you can discover new opportunities, overcome challenges, and find solutions that benefit the entire organization. Demonstrate Genuine Curiosity and Networking: Build Strong Relationships As a successful sales leader, showcase your authentic passion for the industry and the products you offer. Cultivate curiosity and actively network to establish valuable connections beyond immediate sales goals. Strong relationships can lead to innovative ideas, potential partnerships, and growth opportunities. Focus on the Greater Good: Contribute to Overall Company Success Shift your focus from individual achievements to the greater good of the company. Consider how your actions contribute to the organization's overall success and well-being. Prioritizing collective growth fosters a positive and motivated environment that drives success for everyone involved. THIS WEEK'S GUEST Jeff Fleischer is the Global Head of Sales at cybersecurity vendor Team Cymru. With a remarkable career spanning back to the mid-90s, Jeff has held senior positions with renowned companies like McAfee, DataMaxx, Wave Systems, PhishMe, and Reversinglabs before taking the reins at Team Cymru. Beyond his impressive sales and leadership journey, Jeff also serves as an advisor to startup vendors, leveraging his expertise to guide and support emerging businesses. Moreover, Jeff's altruistic spirit shines through his volunteer work with the Sunshine Kids Foundation. Join us as we delve into the extraordinary career and contributions of Jeff Fleischer in the cybersecurity industry. LinkedIN: https://www.linkedin.com/in/jeffreylfleischer/ Team Cymru: https://www.team-cymru.com/ YOUR HOST Simon Lader is the host of The Conference Room, Co-Founder of global executive search firm Salisi Human Capital, and podcast growth consultancy Viva Podcasts. Since 1997, Simon has helped cybersecurity vendors to build highly effective teams, and since 2022 he has helped people make money from podcasting. Get to know more about Simon at: Website: https://simonlader.com/ Make Money from Podcasting: https://www.vivapodcasts.com/podcastpowerups Twitter: https://twitter.com/simonlader LinkedIn: https://www.linkedin.com/in/headhuntersimonlader The Conference Room is available on: Spotify, Apple Podcasts, Amazon Music, iHeartRadio ...and everywhere else you listen to podcasts!

In this week's episode, host Natalie Pierce interviews Alberto Yépez, Co-Founder and Managing Director of Forgepoint Capital, a leading cybersecurity-focused venture capital firm, about incorporating environmental, social, and governance (ESG) initiatives into all they do, including the firm's investing principles.Our first episode of the year highlights the growing importance of ESG considerations in the venture capital industry and the steps that firms like Forgepoint Capital are taking to integrate these principles and initiatives into their investment strategies and operations. Forgepoint also provides examples in its portfolio like CyberCube, which is taking actionable steps towards ESG goals.To learn more, check out Forgepoint's blog on ESG and get a copy of Forgepoint's ESG Handbook.

In this episode of the Security Ledger podcast, brought to you by ReversingLabs, we interview Danny Adamitis (@dadamitis) of Black Lotus Labs about the discovery of ZuoRAT, malware that targets SOHO routers – and is outfitted with APT-style tools for attacking the devices connected to home networks. As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.  [MP3] Cyber attacks on small office and home office (or SOHO) routers aren't new. Back in 2016, the malware known as Mirai made headlines across the world by infecting hundreds of thousands of weekly protected SOHO routers and DVR devices and stringing them into […] The post Episode 244: ZuoRAT brings APT Tactics to Home Networks appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesEpisode 241: If Its Smart, Its Vulnerable a Conversation with Mikko HyppönenEpisode 241: If Its Smart, Its Vulnerable a Conversation wit Mikko HyppönenEpisode 242: Hacking the Farm (and John Deere) with Sick Codes

In this week's episode, we'll be going back and revisiting some of the best advice that our guests have given in the area of sales and sales leadership BRIAN STONE Full Podcast (episode 05): https://open.spotify.com/episode/5qh2XalEKrI5ByKzC8pQY2?si=tYPkdAanQ-aqCN-godk1lQ Brian Stone is a world-leading global head of sales. He has a track record of scaling Cybersecurity companies from $10 million to over $150 million, having led sales for companies including PhishMe (Cofense), Risklens, Cymulate and NetAbstraction. BOB KRUSE Full Podcast (episode 53): https://open.spotify.com/episode/7BK1GzuYk6GdifjrjnoloL?si=23n3vOpeRoegOnRyKwmG-g Bob Kruse is the CEO and co-founder of seed-funded cybersecurity vendor Revelstoke. He has been a Go To Market leader in cyber security for 20 years. Highlights include playing a pivotal role in taking FireEye (FEYE) public and in the $560m acquisition of Demisto by Palo Alto Networks. GORDON LAWSON Full Podcast (episode 51): https://open.spotify.com/episode/5DwKR7Q5IJsYFGii4MDk6C?si=IL3nyiAjSIejLxLIn4y3Hg Gordon Lawson built a successful sales and sales leadership career in the cybersecurity industry, with organizations such as Pictometry, PhishMe, ReversingLabs and RangeForce. He is currently CEO of a highly disruptive cybersecurity vendor NetAbstraction. AARON ANSARI Full Podcast (episode 65): https://open.spotify.com/episode/4KuuVrHp5ptTuAXGBGDS7z?si=VeDJhiqFRAi37yA3Et_lKw Aaron Ansari is the Chief Revenue Officer of RangeForce, a leading cybersecurity SaaS vendor. Before that he was VP Sales of Cloud Conformity until its acquisition in 2019 by Trend Micro, and Director of Sales for PhishMe where more than doubled its customer base. MARK STRUTNER Full Podcast (episode 66): https://open.spotify.com/episode/0tF0aeQMNQRFcjAswEWzsS?si=gT2j_YUwSUKfc0ZL6a6Quw Mark Strutner is the VP Global Sales of Skyline ATS and formerly VP Worldwide Sales of Lastline, who are now part of VMWare and successfully led sales teams at early stage cyber security vendors.

There's international consensus on the cyberattack against Viasat. Kaspersky remains under investigation. The Nerbian RAT is out. NPM dependencies are exploited, but to what end? Caleb Barlow examines Russia's future on the internet. Our guest is Deepen Desai from Zscaler with the latest phishing research. And new advisories from CISA and its partners. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/91 Selected reading. Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques (Proofpoint) NPM dependency confusion hacks target German firms (ReversingLabs) npm Supply Chain Attack Targeting Germany-Based Companies (JFrog) Adminer in Industrial Products (CISA) Eaton Intelligent Power Protector (CISA)  Eaton Intelligent Power Manager Infrastructure (CISA)  Eaton Intelligent Power Manager (CISA) AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere (CISA)  Mitsubishi Electric MELSOFT GT OPC UA (CISA)  CISA Adds One Known Exploited Vulnerability to Catalog (CISA)  Alert (AA22-131A) Protecting Against Cyber Threats to Managed Service Providers and their Customers (CISA) Protecting Against Cyber Threats to Managed Service Providers and their Customers (CISA) Russia downed satellite internet in Ukraine -Western officials (Reuters)  US and its allies say Russia waged cyberattack that took out satellite network (Ars Technica)  Western powers blame Russia for Ukraine satellite hack (The Record by Recorded Future)  Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union (European Council)  Attribution of Russia's Malicious Cyber Activity Against Ukraine - United States Department of State (United States Department of State)  U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors (CISA) Russia behind cyber-attack with Europe-wide impact an hour before Ukraine invasion (GOV.UK) Estonia joins the statement of attribution on cyberattacks against Ukraine (Ministry of Foreign Affairs, Republic of Estonia)  Statement on Russia's malicious cyber activity affecting Europe and Ukraine (Canada.ca)  Attribution to Russia for malicious cyber activity against European networks (Australian Government Department of Foreign Affairs and Trade)  Russia hacked an American satellite company one hour before the Ukraine invasion (MIT Technology Review)  NSA Probing Reach of Software From Russia's Kaspersky in US Systems (Bloomberg) 

In Episode 2 of Tattoos, Code, and Data Flows, Matt Rose interviews Mario Vuksan, CEO & Co-Founder of ReversingLabs which provides modern security teams with visibility into every associated malware file, location, and threat with the speed, accuracy, and scale required for today's digital enterprise. Mario shares his thoughts about what he sees as gaps in the modern enterprise's security program, why people need to get away from checkbox diplomacy, and how the security world is actually addressing things as soon as possible. Join us by listening to this podcast episode and by hitting the like button, subscribing to the podcast, and leaving a review! We appreciate you listening, and hope you enjoy the episode.

In this week's episode, we welcome the Chief Executive Officer of NetAbstraction, Inc., Gordon Lawson to discuss his approach to business growth, sales leadership, hiring, and managing people both within and outside a sales structure. KEY TAKEAWAYS FROM THIS EPISODE: Key things to look for when hiring a sales team, How being a leader in the military can prepare you for leadership in the private sector Determining whether people are good or not for your team Advice on stepping into a leadership role for the first time Three key tips for successfully managing a business THIS WEEK'S GUEST Gordon Lawson has nearly two decades of experience in the cyber security sector, focusing on global enterprise business development. He is a graduate of the United States Naval Academy and a veteran of the US Navy. After leaving the military he built a successful sales and sales leadership career in the cybersecurity industry, with organisations such as Pictometry, PhishMe, ReversingLabs and RangeForce. He is currently CEO of a highly disruptive cybersecurity vendor NetAbstraction. For more information, or to get in touch with Gordon, check out: Website: www.netabstraction.com LinkedIn: https://www.linkedin.com/in/gordon-lawson-58679710/ YOUR HOST Simon Lader is the host of The Conference Room, Co-Founder of global executive search firm Salisi Human Capital, and online coaching firm Salisi Academy. Since 1997, Simon has helped Senior Executives achieve Life Transformation through finding their ideal job and consulted with leading enterprise software and cybersecurity vendors to build highly effective teams. Get to know more about Simon at: Podcast: https://theconferenceroompodcast.com Website: https://simonlader.com/ Blog: blog.salisi.com Twitter: https://twitter.com/simonlader LinkedIn: https://www.linkedin.com/in/headhuntersimonlader Spotify: https://open.spotify.com/show/3dd0obQSM8cYRV0HCxiuF0

This week in the Enterprise News: Latent AI, Optiv Security Launches Next-Gen Managed XDR, An Intriguing Update to Mandiant Advantage, ReversingLabs raises $56M to combat software supply chain, Morphisec Announces New Incident Response Services, & more!   Show Notes: https://securityweekly.com/esw238 Visit https://www.securityweekly.com/esw for all the latest episodes!

This week in the Enterprise News: Latent AI, Optiv Security Launches Next-Gen Managed XDR, An Intriguing Update to Mandiant Advantage, ReversingLabs raises $56M to combat software supply chain, Morphisec Announces New Incident Response Services, & more!   Show Notes: https://securityweekly.com/esw238 Visit https://www.securityweekly.com/esw for all the latest episodes! 

This week, Paul, Tyler, and Adrian talk about the Different Approaches To Vulnerability Management! In the Enterprise News: Latent AI, Optiv Security Launches Next-Gen Managed XDR, An Intriguing Update to Mandiant Advantage, ReversingLabs raises $56M to combat software supply chain, Morphisec Announces New Incident Response Services, & more! Finally, we air two pre-recorded interviews from BlackHat 2021 with Carolin Solskär from Detectify and TJ Punturiero from Offensive Security!   Show Notes: https://securityweekly.com/esw238 Visit https://securityweekly.com/offsec to learn more about them! Visit https://securityweekly.com/detectify to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://twitter.com/securityweekly Follow us on Facebook: https://facebook.com/secweekly

This week, Paul, Tyler, and Adrian talk about the Different Approaches To Vulnerability Management! In the Enterprise News: Latent AI, Optiv Security Launches Next-Gen Managed XDR, An Intriguing Update to Mandiant Advantage, ReversingLabs raises $56M to combat software supply chain, Morphisec Announces New Incident Response Services, & more! Finally, we air two pre-recorded interviews from BlackHat 2021 with Carolin Solskär from Detectify and TJ Punturiero from Offensive Security!   Show Notes: https://securityweekly.com/esw238 Visit https://securityweekly.com/offsec to learn more about them! Visit https://securityweekly.com/detectify to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://twitter.com/securityweekly Follow us on Facebook: https://facebook.com/secweekly

Threat hunters are under increased pressure to rapidly analyze, classify, detect and respond to malicious files. ReversingLabs is stepping forward to address these needs with its new Malware Lab Solution. The ReversingLabs Malware Lab solution powers the next generation of threat hunting by delivering a unique combination of static and dynamic analysis capabilities at scale to identify malicious files including those in the software supply chain. This segment is sponsored by Reversing Labs. Visit https://securityweekly.com/ReversingLabs to learn more about them!   The development life cycle as we know it is rapidly changing, and today's AppSec testing needs to keep up with shorter and faster processes. A shift-left approach is no longer enough to protect web assets - you need much more dynamic tools and ways of working. This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw233

Threat hunters are under increased pressure to rapidly analyze, classify, detect and respond to malicious files. ReversingLabs is stepping forward to address these needs with its new Malware Lab Solution. The ReversingLabs Malware Lab solution powers the next generation of threat hunting by delivering a unique combination of static and dynamic analysis capabilities at scale to identify malicious files including those in the software supply chain. This segment is sponsored by Reversing Labs. Visit https://securityweekly.com/ReversingLabs to learn more about them!   The development life cycle as we know it is rapidly changing, and today's AppSec testing needs to keep up with shorter and faster processes. A shift-left approach is no longer enough to protect web assets - you need much more dynamic tools and ways of working. This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw233

This week, in our first segment, we welcome Suha Akyuz, Application Security Manager at Invicti Security, to discuss “Why DAST? from the Project Management Perspective”! In the Enterprise News, Atos launches thinkAI, AWS welcomes Wickr to the team, U.S. DoD approves two (ISC)² certifications as requirements for staff, & JFrog to acquire Vdoo! Finally, we wrap up the show with two micro interviews from RSAC featuring Mario Vuksan, CEO of ReversingLabs, & Rickard Carlsson, CEO Detectify!   Show Notes: https://securityweekly.com/esw233 Visit https://securityweekly.com/ReversingLabs to learn more about them! Visit https://securityweekly.com/detectify to learn more about them! Visit https://securityweekly.com/netsparker to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, in our first segment, we welcome Suha Akyuz, Application Security Manager at Invicti Security, to discuss “Why DAST? from the Project Management Perspective”! In the Enterprise News, Atos launches thinkAI, AWS welcomes Wickr to the team, U.S. DoD approves two (ISC)² certifications as requirements for staff, & JFrog to acquire Vdoo! Finally, we wrap up the show with two micro interviews from RSAC featuring Mario Vuksan, CEO of ReversingLabs, & Rickard Carlsson, CEO Detectify!   Show Notes: https://securityweekly.com/esw233 Visit https://securityweekly.com/ReversingLabs to learn more about them! Visit https://securityweekly.com/detectify to learn more about them! Visit https://securityweekly.com/netsparker to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

T-Mobile discloses data breach CISA updates SolarWinds guidance Emotet strikes Lithuanian health infrastructure Thanks to our sponsor ReversingLabs Newly created digital data that supports productivity is growing greater than forty percent annually. With more employees working remote and businesses reliant on this digital content, what steps are you taking to ensure this data is secure? Learn more about how ReversingLabs can help establish secure digital business processes today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.

Google Docs bug exposes users private documents Kawasaki discloses security breach, potential data leak Brexit deal warns of security dangers of Netscape Communicator Thanks to our sponsor ReversingLabs We’ve seen a 430% growth in next generation cyber attacks actively targeting open-source software projects. Worse yet, contemporary malware implements evasive techniques to avoid detection by AV and Sandbox technologies. What can you do to stay on top of these new threats? Learn more about how ReversingLabs can help your software development teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.

Defending the COVID-19 vaccine supply chain Cellular aggregation tool detailed in police records CISA releases malware detection tool for Azure and Microsoft 365 Thanks to our sponsor ReversingLabs The SolarWinds attack has highlighted the need to scan “gold” software images prior to their release or consumption, and look for software tampering, invalid digital signing, and build quality issues. Do you have the right controls in place to assess these risks? Learn more about how ReversingLabs can help your security and release teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.

Microsoft resellers seen as Russian cyberattack mules GoDaddy employees fail holiday bonus phishing test SolarWinds releases updated advisory for new SUPERNOVA malware Thanks to our sponsor ReversingLabs Less than thirty percent of organizations have a formal threat hunting program, yet threat hunting has shown to improve overall security postures by over ten percent. What actions are you taking to upskill your security staff and bring threat hunting practices into your daily security practices? Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.

Treasury Department’s senior leaders were targeted by SolarWinds hack Draft lawsuit alleges Google and Facebook agreed to team up against antitrust action Three VPN providers with criminal ties taken down Thanks to our sponsor ReversingLabs Ransomware is responsible for causing the most destructive amount of downtime - more than seventeen hours. Are you equipped to fight ransomware? Do you have the latest intelligence and indicators of compromise to block these attacks? Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo For the stories behind the headlines, head to CISOseries.com.

Attackers staged a dry-run against SolarWinds in October 2019 NSO Group spyware reportedly used against journalists CIA agents exposed with stolen data Thanks to our sponsor ReversingLabs Open source packages from repos such as PyPI, npm, RubyGems and NuGet can be complex, and contain tens of thousands of files. Are you confident these files are safe before you include them in your builds? What steps are you taking to reduce third-party risk? Learn more about how ReversingLabs can help your software and security teams today, and watch an on-demand demo at reversinglabs.com/demo For the stories behind the headlines, head to CISOseries.com.

SolarWinds supply chain attack updates Trump officials plan to split up Cyber Command and NSA Google explains the cause of its recent outage Thanks to our sponsor ReversingLabs Seventy seven percent of organizations are increasing investments in automation to simplify and speed response times. How are you leveraging Machine Learning and AI to solve cyber skills shortages and mitigate risks to your business? Learn more about how ReversingLabs can automate threat analysis and accelerate security response today. Watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.

Ex-Homeland Security adviser: 'We're being hacked' Ignore Facebook 'Christmas bonus' come-on Twitter to start removing COVID-19 vaccine misinformation Thanks to our sponsor ReversingLabs A ransomware attack occurs every 10 seconds. What are you doing to detect hidden malware and expose key Indicators of compromise before they exploit your business. Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.

Trump considers clemency for Silk Road founder Researcher warned of SolarWinds security issues last year What can the US do to prevent cyberattacks? Thanks to our sponsor ReversingLabs A ransomware attack occurs every 10 seconds. What are you doing to detect hidden malware and expose key Indicators of compromise before they exploit your business. Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.

Microsoft seizes SolarWinds domain – quarantine starts today Twitter will use Amazon Web Services to power user feeds Data breach at Canadian financial services firm highlights perils of insider threats Thanks to our sponsor ReversingLabs 96% of commercial applications include open source components. Is open source software putting your supply chain at risk? Learn more about how ReversingLabs can inspect your new software packages and open source components today, and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.

SolarWinds Orion carrying malware Multiple US agencies impacted by SolarWinds supply-chain attack New EU data use legislation could lead to big tech fines Thanks to our sponsor ReversingLabs Cybersecurity staffing shortages exceed 3 million security professions globally, and the skills gap continues to widen. Learn how ReversingLabs automates the time-consuming task of analyzing malware, and how its explainable threat intelligence scales your security team to address complex cyberthreats. Watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.

Adrozek malware can infect over 30K Windows PCs a day Subway UK finds TrickBot on its menu Ransomware in schools grew in 2020, more on the way in 2021 Thanks to our sponsor ReversingLabsToday the most advanced threats lay hidden…deep within files and objects. In only milliseconds, ReversingLabs is able to analyze the world’s most complex files, providing security executives with the risk insights they need to ensure business resiliency, while enabling a security staff of just a few to act as if they’re a staff of hundreds, armed with an intelligence that eliminates your biggest risks. Learn more about how ReversingLabs can help your security teams make better risk based decisions by watching an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.

Huawei failed to address network security flaws US Treasury Department warns about fines for ransomware payments H&M fined for GDPR violations Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence.  In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems.     Learn more by watching an on-demand demo at reversinglabs.com/demo For more, head to CISOSeries.com

Facebook faces down QAnon, bogus election ads, and privacy on the Gram Who took down 911 in 14 states on Monday? Controversial data company Palantir’s stock is up following Wall Street debut Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence.  In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems.     Learn more by watching an on-demand demo at reversinglabs.com/demo For more, head to CISOSeries.com

French shipping giant hit with ransomware attack Ransomware operators release personal information on Las Vegas students Android 12 will play nice with third-party apps stores Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence.  In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems.     Learn more by watching an on-demand demo at reversinglabs.com/demo For more, head to CISOSeries.com

TikTok’s latest court win means videos still available - for now Universal Health Services hospitals hit country-wide by Ryuk ransomware Windows XP and Windows Server 2003 source code leaked online Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence.  In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems.     Learn more by watching an on-demand demo at reversinglabs.com/demo For more, head to CISOSeries.com

China’s biggest chip maker hit by US sanctions Elon Musk unhappy over Microsoft’s exclusive licensing of OpenAI Google removes 17 Android apps doing WAP billing fraud from the Play Store Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence.  In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems.     Learn more by watching an on-demand demo at reversinglabs.com/demo For more, head to CISOSeries.com

Stories From Our Event Coverage And From Around The World Sometimes we are there, sometimes we are not — either way, we still get the best stories. Black Hat USA 2020 Recap And What Is Happening Next | With Kymberlee Price And Steve Wylie Guests: - Kymberlee Price, BHUSA Review Board - Steve Wylie, Black Hat General Manager The game is never over. We just reach milestones. This year's Black Hat Conference USA certainly got to a big one. Participants from the business, research, and hacker communities came together - virtually, for the first time - for the 2020 edition of the Las Vegas-based event. As discussed during the kick-off podcast, this virtual event presented the opportunity to expand the audience in many different ways and bring a whole new level of engagement to the table. This is precisely what happened: the event drew in attendees from 117 countries and a sizeable first-time attendee. As both Kymberlee and Steve pointed out, the online interaction was probably the biggest challenge and the most difficult thing to replicate. They pulled this off: many experienced virtual "lobby con" both inside and outside the conference platform, with like-minded individuals, members of the data science community, and the blackhat Review Board members. Beyond the content itself, there's a lot to be learned for how we will consume content moving forward and how we will likely expect to engage with each other in a world where in-person-only events may be a thing of the past. Steve and Kymberlee provide some interesting insights into the future of Black Hat in this context. The future of conferences looks hybrid, and that is a good thing. ______________________________ Learn more about this channel's sponsors: - Cequence: itspm.ag/itspcequweb - ReversingLabs: itspm.ag/itsprvslweb - Semperis: itspm.ag/itspsempweb Be sure to catch all of our Black Hat USA 2020 virtual coverage here: https://www.itspmagazine.com/itspmagazine-event-coverage Interested in sponsoring our coverage? You can explore podcast sponsorship options here: https://www.itspmagazine.com/podcast-series-sponsorships

Mario Vuksan, CEO and Co-Founder of ReversingLabs discusses modern digital objects, made up of layers of structured code and data, are central to the exchange or storage of information and are becoming increasingly complex. This interview is sponsored by ReversingLabs. To learn more about them, visit: https://www.reversinglabs.com/ Chris Wysopal, Co-Founder, CTO & CISO of Veracode, discusses how DevSecOps has moved security front and center in modern development. Yet security and development teams are driven by different metrics, making it challenging to align on objectives. The move to microservices-driven architecture and the use of containers and serverless has shifted the dynamics of how developers build, test, and deploy code. This interview is sponsored by Veracode. To learn more about them, visit: https://www.veracode.com/   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw194

Mario Vuksan, CEO and Co-Founder of ReversingLabs discusses modern digital objects, made up of layers of structured code and data, are central to the exchange or storage of information and are becoming increasingly complex. This interview is sponsored by ReversingLabs. To learn more about them, visit: https://www.reversinglabs.com/ Chris Wysopal, Co-Founder, CTO & CISO of Veracode, discusses how DevSecOps has moved security front and center in modern development. Yet security and development teams are driven by different metrics, making it challenging to align on objectives. The move to microservices-driven architecture and the use of containers and serverless has shifted the dynamics of how developers build, test, and deploy code. This interview is sponsored by Veracode. To learn more about them, visit: https://www.veracode.com/   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw194

This week, first we talk Enterprise News, discussing how Attivo Networks Announces New Integration with IBM Security Resilient, GreatHorn improves email security with better visibility and intelligent protection, Elite Intelligence Ascends to the Cloud With Recorded Future and Microsoft Azure, Thycotic Releases Privileged Access Management Capabilities for the New Reality of Cloud and Remote Work, Datadog has acquired Undefined Labs, a testing and observability company for developer workflows, and more! In our second segment, we air two pre-recorded interviews from Security Weekly Virtual Hacker Summer Camp with Chris Wysopal from Veracode and Mario Vuksan from ReversingLabs! In our final segment, we air two more pre-recorded interviews from Virtual Hacker Summer Camp with Danny Jenkins from ThreatLocker and Stephen Boyer from BitSight!   Show Notes: https://securityweekly.com/esw194   To learn more about BitSight, visit: https://securityweekly.com/bitsight To learn more about ThreatLocker, visit: https://www.securityweekly.com/threatlocker To learn more about ReversingLabs, visit: https://www.reversinglabs.com/ To learn more about Veracode, visit: https://www.veracode.com/   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, first we talk Enterprise News, discussing how Attivo Networks Announces New Integration with IBM Security Resilient, GreatHorn improves email security with better visibility and intelligent protection, Elite Intelligence Ascends to the Cloud With Recorded Future and Microsoft Azure, Thycotic Releases Privileged Access Management Capabilities for the New Reality of Cloud and Remote Work, Datadog has acquired Undefined Labs, a testing and observability company for developer workflows, and more! In our second segment, we air two pre-recorded interviews from Security Weekly Virtual Hacker Summer Camp with Chris Wysopal from Veracode and Mario Vuksan from ReversingLabs! In our final segment, we air two more pre-recorded interviews from Virtual Hacker Summer Camp with Danny Jenkins from ThreatLocker and Stephen Boyer from BitSight!   Show Notes: https://securityweekly.com/esw194   To learn more about BitSight, visit: https://securityweekly.com/bitsight To learn more about ThreatLocker, visit: https://www.securityweekly.com/threatlocker To learn more about ReversingLabs, visit: https://www.reversinglabs.com/ To learn more about Veracode, visit: https://www.veracode.com/   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

A Their Story conversation with Sean Martin, Marco Ciappelli, and ReversingLabs' VP of Product Management, Erik Thoen. Not A Crystal Ball But A Glass Box To Keep You Safe | A ReversingLabs Story | #3 The last time we got together with ReversingLabs was during RSA Conference San Francisco 2020. Back then, we spoke with Mario Vuksan And Tyson Whitten to learn about how the black box of machine learning and artificial intelligence is giving InfoSec professionals a few headaches. A lot has remained the same on this front. Still, a lot has changed since then for many organizations’ SOC teams: work from home environments, disruptive digital and business transformation, rapid cloud deployments, and the ever-dreaded “do more with less budget” operational tactic — to mention just a few. These changes didn’t make yesterday’s problem go away. It’s more likely that these many forced changes have created numerous new sets of issues piled on top of the old ones in the SOC room such as increased exposure to new threats and increased attack surfaces and activities — all combined with either a lack of visibility into how new technologies deployed to the infrastructure work or over-visibility with too much data to understand. Thankfully, there is a bright side, an alternative path, a yellow brick road to a place where these problems can be managed. That path is enabled through adaptability, resiliency, and explainability — giving the SOC teams the ability to efficiently identify, investigate, and respond to file-based threats and attacks that would otherwise require lengthy investigations or result in events and incidents dropped on the cutting room floor. It can be summed up by the basic, yet powerful, concept of transparency. The black box can be turned into a transparent box that allows us to make better decisions, educated calls, and establish better routes to follow. We are not saying that it is a magic crystal ball that gives the team all of the answers — in reality, do you want that anyway? What you need is transparency that allows you to pick and scan a file, any file, regardless of where it originates, where it is headed, and what the user and systems need to do with it. Transparency will give you the help you need to make an educated decision. Transparency is the path to explainable intelligence — the path to better information security. There is no wizard of Oz — didn’t you hear the news? Have a listen to this episode, share it, and look back to the others to catch the other chapters in this story: https://itspmagazine.com/their-stories/the-reversinglabs-story-chapter-3-with-erik-thoen And, be sure to visit ReversingLabs at https://itspm.ag/itsprvslweb to learn more about their offering. Enjoy!

Podcast: ITSPmagazine | Technology. Cybersecurity. Society.Episode: ICS Village & CISA Talk DEFCON And The Future Of Critical Infrastructure | Bryson Bort & Bryan WarePub date: 2020-08-04Stories From Our Event Coverage And From Around The World Sometimes we are there, sometimes we are not — either way, we still get the best stories. ICS Village & CISA Talk DEFCON And The Future Of Critical Infrastructure | Bryson Bort & Bryan Ware | DEFCON 2020 #SafeMode Event Coverage Guests: - Bryan Ware, CISA - Bryson Bort, Co-Founder ICS Village People around the world rely on local, state, national - and sometimes international - services enabled by critical infrastructure and related devices, systems, and applications. Sometimes they realize it - sometimes not. Many times, the services are taken for granted, only noticed when they go offline or otherwise malfunction. The bottom line, humanity id dependent upon critical infrastructure and we need to take an active role to ensure all stakeholders and leaders recognize the cyber risk it possesses such that proper risk mitigation, attack protection and incident response measures are identified and implemented. That's the goal both of our guests are driving during this conversation: Bryan Ware from the government, public sector perspective, and Bryson Bort from the commercial, private sector perspective. As was evident during the conversation the current and future states of cybersecurity for our IT, OT, ICS and critical infrastructure at large depends on raising awareness, support research, enabling security-by-design at the directly at development layer, and interconnectivity between critical infrastructure elements (water, power, health, travel, etc.) AND between critical infrastructure constituents (government, academia, commercial, and society). There's too much to recap here in this very important conversation. Have a listen, enjoy, share, and then spend some time with the ICS Village team and the CISA team as the conversations continue in both places. Of course, we'll be part of those conversations as well - it's far too important a topic to sit this one out. ______________________________ Learn more about this channel's sponsors: - Cequence: itspm.ag/itspcequweb - ReversingLabs: itspm.ag/itsprvslweb - Semperis: itspm.ag/itspsempweb Be sure to catch all of our DEFCON #SafeMode 2020 Coverage here: https://www.itspmagazine.com/itspmagazine-event-coverage Interested in sponsoring our coverage? You can explore podcast sponsorship options here: https://www.itspmagazine.com/podcast-series-sponsorshipsThe podcast and artwork embedded on this page are from ITSPmagazine | Technology. Cybersecurity. Society., which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Stories From Our Event Coverage And From Around The World Sometimes we are there, sometimes we are not — either way, we still get the best stories. ICS Village & CISA Talk DEFCON And The Future Of Critical Infrastructure | Bryson Bort & Bryan Ware | DEFCON 2020 #SafeMode Event Coverage Guests: - Bryan Ware, CISA - Bryson Bort, Co-Founder ICS Village People around the world rely on local, state, national - and sometimes international - services enabled by critical infrastructure and related devices, systems, and applications. Sometimes they realize it - sometimes not. Many times, the services are taken for granted, only noticed when they go offline or otherwise malfunction. The bottom line, humanity id dependent upon critical infrastructure and we need to take an active role to ensure all stakeholders and leaders recognize the cyber risk it possesses such that proper risk mitigation, attack protection and incident response measures are identified and implemented. That's the goal both of our guests are driving during this conversation: Bryan Ware from the government, public sector perspective, and Bryson Bort from the commercial, private sector perspective. As was evident during the conversation the current and future states of cybersecurity for our IT, OT, ICS and critical infrastructure at large depends on raising awareness, support research, enabling security-by-design at the directly at development layer, and interconnectivity between critical infrastructure elements (water, power, health, travel, etc.) AND between critical infrastructure constituents (government, academia, commercial, and society). There's too much to recap here in this very important conversation. Have a listen, enjoy, share, and then spend some time with the ICS Village team and the CISA team as the conversations continue in both places. Of course, we'll be part of those conversations as well - it's far too important a topic to sit this one out. ______________________________ Learn more about this channel's sponsors: - Cequence: itspm.ag/itspcequweb - ReversingLabs: itspm.ag/itsprvslweb - Semperis: itspm.ag/itspsempweb Be sure to catch all of our DEFCON #SafeMode 2020 Coverage here: https://www.itspmagazine.com/itspmagazine-event-coverage Interested in sponsoring our coverage? You can explore podcast sponsorship options here: https://www.itspmagazine.com/podcast-series-sponsorships

Stories From Our Event Coverage And From Around The World Sometimes we are there, sometimes we are not — either way, we still get the best stories. Bringing The Red Team And Blue Team Villages Virtually Together At DEFCON #SafeMode | DEFCON 2020 #SafeMode Event Coverage Guests: - Fred Wilmot - Russell Mosley - @Munin The Red Team Village and the Blue Team Village had big plans to continue their tradition of bringing together people with a mindset for attack and defense, respectively. They even had big plans to have an open wall between the two villages, effectively creating a "purple" space in the middle for the two villages to interact with each other. Bring of DEFCON #SafeMode, and these plans change a bit. Just how much? And what can you expect from each side of the attack/defense coin? Listen to our guests, Russell Mosley (Blue Team), @Munin (Blue Team), and Fred Wilmot (Red Team) to get the complete low-down. Enjoy! ______________________________ Learn more about this channel's sponsors: - Semperis: itspm.ag/itspsempweb - Cequence: itspm.ag/itspcequweb - ReversingLabs: itspm.ag/itsprvslweb Be sure to catch all of our DEFCON #SafeMode 2020 Coverage here: https://www.itspmagazine.com/itspmagazine-event-coverage Interested in sponsoring our coverage? You can explore podcast sponsorship options here: https://www.itspmagazine.com/podcast-series-sponsorships

Stories From Our Event Coverage And From Around The World Sometimes we are there, sometimes we are not — either way, we still get the best stories. AppSec Village Goes Virtual #SafeMode At DEFCON 2020 | A Conversation With Organizers And Keynotes Guests: - Fredrick Lee - Liora Herman - Erez Yalon Software runs the world. It runs our businesses, It runs the shops we visit. It helps produce the products we buy. It automates our homes. It controls our planes, trains, and automobiles. It even runs the International Space Station and recent trips to the ISS and Mars. Because software is so embedded in everything we do and experience in life, it's clearly a critical element in securing our current and future digital worlds. Last year at DEFCON, a dedicated team of application security professionals launched the inaugural AppSec Village. It was wildly successful and the crew was ready to bring on the 2nd installation to life in 2020 ... until DEFCON was canceled (no, really, it was, and is) - instead, DEFCON #SafeMode was born. It was a tough decision for the team to figure out how best to proceed with the new virtual world they'd have to spin up. There was even a moment where they thought it might not be possible to pull it off in time. But, what do you think came to the rescue here, giving them the opportunity to successfully bring the 2nd annual AppSec village to life for DEFCON #SafeMode? You guessed correctly if you said "software." With the recent changes in the work where more people are working from home, schooling from home, shopping from home, and more - it also changes how software is built, deployed, and used - making it equally important to bring an AppSec Village that addresses these challenges and opportunities and more. Go on - launch that app, have a listen, and enjoy the conversation. ______________________________ Learn more about this channel's sponsors: - Semperis: itspm.ag/itspsempweb - Cequence: itspm.ag/itspcequweb - ReversingLabs: itspm.ag/itsprvslweb Be sure to catch all of our DEFCON #SafeMode 2020 Coverage here: https://www.itspmagazine.com/itspmagazine-event-coverage Interested in sponsoring our coverage? You can explore podcast sponsorship options here: https://www.itspmagazine.com/podcast-series-sponsorships

Stories From Our Event Coverage And From Around The World Sometimes we are there, sometimes we are not — either way, we still get the best stories. Universities Explore A Path For A Safe And Secure Healthcare Ecosystem | Black Hat USA 2020 Coverage Guests: - Seth Fogie, Information Security Director, Penn Medicine - Alan Michaels, Director, Electronic Systems Lab, Virginia Tech Hume Center - Mitchell Parker, CISO, Indiana University of Health The healthcare train is barreling down the tracks of society, fueled by new technologies and massive amounts of data. Security companies offer products and services for traditional protection/detection/response but many miss the mark on the interconnected core of the healthcare ecosystem: healthcare apps, devices, data, and 3rd-party vendors. Upon further inspection, the safety train may be running wild in the healthcare space. And that's exactly why we decided to bring these 3 Black Hat presenters together. They each: - come from universities focused on tech-enabled medical research - have their own take on the opportunities and challenges the healthcare ecosystem faces today and into the future - bring their own perspectives on how best to proceed with technological advancements while remaining true to the core of the vision for healthcare -- keeping the patient alive and as healthy as possible How did we get here and how do we get out of the mess we've built for ourselves? What does the future hold for patient care given the influx of connected medical devices, remote/home care, the use of artificial (AI), and robotics? The big question, though, is... do we scrap the current train model we have in place and start again? Join the conversation now to get a glimpse into the future of a safe and secure healthcare ecosystem. Go! ______________________________ Learn more about this channel's sponsors: - Semperis: itspm.ag/itspsempweb - Cequence: itspm.ag/itspcequweb - ReversingLabs: itspm.ag/itsprvslweb Be sure to catch all of our Black Hat 2020 Virtual Coverage here: https://www.itspmagazine.com/itspmagazine-event-coverage Interested in sponsoring our coverage? You can explore podcast sponsorship options here: https://www.itspmagazine.com/podcast-series-sponsorships

Stories From Our Event Coverage And From Around The World Sometimes we are there, sometimes we are not — either way, we still get the best stories. Election Security: Securing America's Future | With Christopher Krebs, CISA | Black Hat USA 2020 Coverage Guest: CISA Director, Christopher Krebs Seems that now, more than ever, we found ourselves in a situation where the outcome of a Democratic election could be manipulated by external actors — or at least we are very worried that it is a possibility. We know for a fact that various sorts and levels of cultural propaganda have been tried for many decades, but it has never been as powerful as it has been since the advent of the Internet and social media. At this point, we know that not only is it possible; it is also a fact. But what about physical alteration or intervention on the actual voting systems that take place inside a country? Is that something we need to worry about? Yes. Has it happened before? Probably not. Could an electronic system be hacked by internal or external players? Yes, of course. Does an electronic vote made via the Internet amplify this risk? Yes. Do we need to stick to paper ballots? Probably. Should we - despite our technology - go back to the pebbles voting system used by the early Democracies of the Ancient Greek? Maybe not. But, for now, we should stick with paper and any means that allows us to audit to ensure that we know that what we count is what the majority of the citizens actually wanted -- and for which they cast their vote. How we got here... well, that is another story. Listen to this podcast we had with Christopher Krebs, Director at the Cybersecurity and Infrastructure Security Agency (CISA) as he presents his upcoming session at Black Hat 2020 Virtual Edition; and so much more. ______________________________ Learn more about this channel's sponsors: - Semperis: itspm.ag/itspsempweb - Cequence: itspm.ag/itspcequweb - ReversingLabs: itspm.ag/itsprvslweb Be sure to catch all of our Black Hat 2020 Virtual Coverage here: https://www.itspmagazine.com/itspmagazine-event-coverage Interested in sponsoring our coverage? You can explore podcast sponsorship options here: https://www.itspmagazine.com/podcast-series-sponsorships

Stories From Our Event Coverage And From Around The World Sometimes we are there, sometimes we are not — either way, we still get the best stories. Black Hat USA 2020 Virtual | What Is Going On this Year? With Black Hat General Manager Steve Wylie It seems like it was yesterday that we crossed the desert and headed to Black Hat as ITSPmagazine (does anyone remember our original full name?). It wasn't yesterday, though. That was 6 years ago and we like to refer to this event as the official birth of the publication. A lot has changed since then, but our coverage of this event is a tradition that we celebrate each and every year. Part of this tradition and something that usually gets us started with the on-location preparation is a pre-event chat with Black Hat's General Manager, Steve Wylie. This year we only stick with one part of the tradition (no trek across the desert this year), as the event is fully virtual and there is no on-location happening in Las Vegas. While we will miss being there, here is what we won't miss as it's all still happening: training, tracks, an amazing conversation about election security, healthcare, mobile, digital transformation, and obviously, cybersecurity's new world connected to the work-from-home new normal. Listen to our chat with Steve to find out all that the Black Hat virtual experience has to offer. To get it started, enjoy this conversation. And, thanks for joining us for what is essentially our 6th birthday. Cheers! ______________________________ Learn more about this channel's sponsors: - Semperis: itspm.ag/itspsempweb - Cequence: itspm.ag/itspcequweb - ReversingLabs: itspm.ag/itsprvslweb Be sure to catch all of our Black Hat 2020 Virtual Coverage here: https://www.itspmagazine.com/itspmagazine-event-coverage Interested in sponsoring our coverage? You can explore podcast sponsorship options here: https://www.itspmagazine.com/podcast-series-sponsorships

Today's guests, Richard Henderson from Lastline and Mario Vuksan of ReversingLabs share their incredible insights into the complex ecosystem that is the Internet. They share real-life stories of cybercrime and the engineering and human challenges of Defending the Digital Universe. They are great examples of "Unsung Cyber Heroes".

Thank you for joining us at the intersection of technology, cybersecurity, and society. In this episode, Sean and Marco are coming to you from the RSA Conference in San Francisco and are joined by Remi Cohen and Lan Jenson. If you are old enough or enjoy "vintage" cartoons, you may be familiar with The Jetsons—a 1960s/1980s TV show about a family living in a futuristic place called Orbit City. The architecture is Googie style, technology is absolutely everywhere, and all homes and businesses are high up in the sky supported by very tall columns. No need, in this conversation, to dig into the possible environmental or societal catastrophe that may have forced this solution. And, let's keep it as a joke about how that, in the year 2020, there is no such city; and why we are not living that life? There isn’t a single answer, as this is—just like with every other technological topic—both a global conversation that has the common thread of development and well-being of humanity…and a local conversation with as many different angles that are defined by the cultural diversities, various needs, and short/medium-term goals we may find in different parts of the globe. In this session, we spoke about surveillance, privacy, safety, IoT, resilient ecosystems, education, and the roles of individuals, communities, nonprofit groups, governments, businesses, and all decision-makers that must come together to drive this change. All of this in the interest of those that will ultimately either be damaged or could benefit from the present and future smart city transformation: the citizens. Because, ultimately, the value of a society is not measured by the amount and advancement of its technology, but rather how such technology improves communities, reduces social problems, and creates the most quality of life for all. Now that would be something I would consider smart. We'd like to take a moment to thank our RSAC 2020 coverage sponsors for their belief in what we do and their support - we are ever so grateful and would encourage you to check out their company listings on ITSPmagazine to learn more about their offerings. - ReversingLabs: https://www.itspmagazine.com/company-directory/reversinglabs - Devo: https://www.itspmagazine.com/company-directory/devo - BlackCloak: https://www.itspmagazine.com/company-directory/blackcloak - WeSecureApp: https://www.itspmagazine.com/company-directory/wesecureapp - SecureStack: https://www.itspmagazine.com/company-directory/securestack For more stories from RSA Conference 2020, be sure to visit https://www.itspmagazine.com/rsa-conference-usa-2020-rsac-san-francisco-coverage

Thank you for joining us at the intersection of technology, cybersecurity, and society. In this episode, Sean and Marco are coming to you from the RSA Conference in San Francisco and are joined by Sara Boddy and Jason Elrod. We are human. They are robots. What will life be like when we co-exist with each other? There are several consumer-grade “robots” that people may be familiar with: the most obvious is the automated vacuum cleaner. If one considers the success rate of this technology—consider complex building layouts and dogs that have a propensity to shed a lot—we’re not quite yet living in a perfectly-set world full of robots. And let us be honest: what does that mean anyway? Taking this view to the commercial world—where considerable investments in robotics and automation can drive huge returns, we begin to see how the technology “could” be used in our daily lives. The problem is, in order to have quality technology, we must get beyond the throw-away society we’ve established. Take this a step further—or perhaps, right down the middle but with a closer approach to a human-driven technology—and we could find that we land in the world of healthcare where robots are already automating tasks that doctors and nurses don’t need to do, improving the quality of specific procedures and daily monitoring; or, can’t perform otherwise, due to environmental and physical constraints. As we explore this world where robots meet humans—or vice versa—there are many things to consider: economics, technology, society, and ethics, among other things. Fortunately, for this chat, we have a wide range of experience and wisdom from our guests—Sara Boddy and Jason Elrod—as we can look at the capabilities and risks these technologies bring to the table, coupled with how we will need to adapt to a world where we will share tasks—and associated responsibilities—with things that are not human. Where do we end up in 5 years? Ten years? Beyond that? This is not about a robot that can clean the floor; this is about moving towards a society where robotics and AI will enable us to extend our humanity beyond the limits of our current human capabilities. A full-scale deployment is not to close, but robotics and AI are among us as we type, and the big revolution may happen sooner than we are ready. This is why we need these conversations—many of them. Intrigued? Yeah, me too—and I was there. Enjoy. We'd like to take a moment to thank our RSAC 2020 coverage sponsors for their belief in what we do and their support - we are ever so grateful and would encourage you to check out their company listings on ITSPmagazine to learn more about their offerings. - ReversingLabs: https://www.itspmagazine.com/company-directory/reversinglabs - Devo: https://www.itspmagazine.com/company-directory/devo - BlackCloak: https://www.itspmagazine.com/company-directory/blackcloak - WeSecureApp: https://www.itspmagazine.com/company-directory/wesecureapp - SecureStack: https://www.itspmagazine.com/company-directory/securestack For more stories from RSA Conference 2020, be sure to visit https://www.itspmagazine.com/rsa-conference-usa-2020-rsac-san-francisco-coverage

Thank you for joining us at the intersection of technology, cybersecurity, and society. In this episode, Sean and Marco are coming to you from the RSA Conference in San Francisco and are joined by Chloé Messdaghi, Tanner Emek, and Jeff Boothby. We all use the Internet and Internet-connected devices. So, who needs hackers’ rights? We all do. We've had several conversations here on ITSPmagazine over the years where we talk about cybersecurity research, ethical hacking, why this role in InfoSec exists, how bug bounties work. The benefits the hackers' work brings to society. In today's conversation, we take a much more direct view into the role and the impact that current laws and a lack of understanding outside of the InfoSec industry can have—and does have—on the ethical hackers' lives… and, ultimately, in our society. We must recognize that ethical hackers aren't cybercriminals—the work that they do matters. As we look for ways to protect our homes, our cars, the stores where we shop—not to mention that we want to have a safe Internet as well—we must come to terms with the reality that hackers are part of the solution, not part of the problem. Not convinced? Have a listen and decide for yourself. We'd like to take a moment to thank our RSAC 2020 coverage sponsors for their belief in what we do and their support - we are ever so grateful and would encourage you to check out their company listings on ITSPmagazine to learn more about their offerings. - ReversingLabs: https://www.itspmagazine.com/company-directory/reversinglabs - Devo: https://www.itspmagazine.com/company-directory/devo - BlackCloak: https://www.itspmagazine.com/company-directory/blackcloak - WeSecureApp: https://www.itspmagazine.com/company-directory/wesecureapp - SecureStack: https://www.itspmagazine.com/company-directory/securestack For more stories from RSA Conference 2020, be sure to visit https://www.itspmagazine.com/rsa-conference-usa-2020-rsac-san-francisco-coverage

Thank you for joining us at the intersection of technology, cybersecurity, and society. In this episode, Sean and Marco are coming to you from the RSA Conference in San Francisco and are joined by Laz, Deborah Blyth, and Nils Puhlmann. CISOs are people too—and they dream just like the rest of us. The question is: What do they dream about? CISOs, arguably, have one of the toughest jobs in the InfoSec industry. Oftentimes, you’ll hear people ask them “what keeps you up at night?” suggesting that they only have nightmares. However, as note above, CISOs are people too—and they dream just like the rest of us. So, to mix things up a bit—changing the narrative from negative to positive—we discuss what the CISO dreams about for the executive-level role, both in the near-term and the long-haul. This is a conversation I’ve been dreaming about having for quite a while and my dream finally came true as Laz, Deborah Blyth, and Nils Puhlmann—current and former CISOs—joined us during RSA Conference 2020 to look at their role, their teams, their processes, their technologies, the culture, and so much more. These are a few of the highlights from the conversation: - How employees and citizens play a role in the CISO role - Reducing complexity in technology, both operationally and conversationally - The value of culture across the organization at all levels; what does it take to get there? - Changing the way we measure success for the role (and who is responsible for evaluation) - Funding... what's the reality here? Ultimately, the CISO community needs to continue to work together, but also needs to find ways to strengthen their relationship with others at the board level, executive level, and operational level. Additionally, it's clear that the overall view and function of the role also needs to continue to mature if we are going to attract new talent to take on this critical position. We'd like to take a moment to thank our RSAC 2020 coverage sponsors for their belief in what we do and their support - we are ever so grateful and would encourage you to check out their company listings on ITSPmagazine to learn more about their offerings. - ReversingLabs: https://www.itspmagazine.com/company-directory/reversinglabs - Devo: https://www.itspmagazine.com/company-directory/devo - BlackCloak: https://www.itspmagazine.com/company-directory/blackcloak - WeSecureApp: https://www.itspmagazine.com/company-directory/wesecureapp - SecureStack: https://www.itspmagazine.com/company-directory/securestack For more stories from RSA Conference 2020, be sure to visit https://www.itspmagazine.com/rsa-conference-usa-2020-rsac-san-francisco-coverage

Thank you for joining us at the intersection of technology, cybersecurity, and society. In this episode, Sean and Marco are coming to you from the RSA Conference in San Francisco and are joined by Malia Mason, Jessica Bair, and Neil "Grifter" Wyler. It’s the fourth day and things are nearly wrapping up with conversations that focused on -- you guessed it -- the human element. Here are a few of the highlights: - Highlights from the RSA Conference SOC - Humans aren't perfect; experts can make rookie mistakes - Point of view from an RSAC first-timer - Overview of WiCyS - A look back in time comparing RSAC of year's past to this year's conference Be sure to join us each day for a new update from RSA Conference. We'll have different guests and different topics -- we will always bring the human element. We'd like to take a moment to thank our RSAC 2020 coverage sponsors for their belief in what we do and their support - we are ever so grateful and would encourage you to check out their company listings on ITSPmagazine to learn more about their offerings. - ReversingLabs: https://www.itspmagazine.com/company-directory/reversinglabs - Devo: https://www.itspmagazine.com/company-directory/devo - BlackCloak: https://www.itspmagazine.com/company-directory/blackcloak - WeSecureApp: https://www.itspmagazine.com/company-directory/wesecureapp - SecureStack: https://www.itspmagazine.com/company-directory/securestack For more stories from RSA Conference 2020, be sure to visit https://www.itspmagazine.com/rsa-conference-usa-2020-rsac-san-francisco-coverage

Thank you for joining us at the intersection of technology, cybersecurity, and society. In this episode, Sean and Marco are coming to you from the RSA Conference in San Francisco and are joined by Thom Langford, Andrea Frost, Javvad Malik, and Chris Pierson. It’s the third day and things are really kicking in with conversations focused on the human element. Here are a few of the highlights: - View of RSAC as a first-timer - Who inspired us at the conference - Success in the Engagement Zone - Diverse roles in the industry - The value of connecting and networking with people Be sure to join us each day for a new update from RSA Conference. We'll have different guests and different topics -- we will always bring the human element. We'd like to take a moment to thank our RSAC 2020 coverage sponsors for their belief in what we do and their support - we are ever so grateful and would encourage you to check out their company listings on ITSPmagazine to learn more about their offerings. - ReversingLabs: https://www.itspmagazine.com/company-directory/reversinglabs - Devo: https://www.itspmagazine.com/company-directory/devo - BlackCloak: https://www.itspmagazine.com/company-directory/blackcloak - WeSecureApp: https://www.itspmagazine.com/company-directory/wesecureapp - SecureStack: https://www.itspmagazine.com/company-directory/securestack For more stories from RSA Conference 2020, be sure to visit https://www.itspmagazine.com/rsa-conference-usa-2020-rsac-san-francisco-coverage

Thank you for joining us at the intersection of technology, cybersecurity, and society. In this episode, Sean and Marco are coming to you from the RSA Conference in San Francisco and are joined by Steve Schlarman, Allison Ockerbloom, and MK Palmore. It’s the second day and things are starting to shape up with conversations focused on the human element. Here are a few of the highlights: - The importance of storytelling for humanity - Welcome to Digiville - Representing the underrepresented - Winning can mean the other side loses Be sure to join us each day for a new update from RSA Conference. We'll have different guests and different topics -- we will always bring the human element. We'd like to take a moment to thank our RSAC 2020 coverage sponsors for their belief in what we do and their support - we are ever so grateful and would encourage you to check out their company listings on ITSPmagazine to learn more about their offerings. - ReversingLabs: https://www.itspmagazine.com/company-directory/reversinglabs - Devo: https://www.itspmagazine.com/company-directory/devo - BlackCloak: https://www.itspmagazine.com/company-directory/blackcloak - WeSecureApp: https://www.itspmagazine.com/company-directory/wesecureapp - SecureStack: https://www.itspmagazine.com/company-directory/securestack For more stories from RSA Conference 2020, be sure to visit https://www.itspmagazine.com/rsa-conference-usa-2020-rsac-san-francisco-coverage

Thank you for joining us at the intersection of technology, cybersecurity, and society. In this episode, Sean and Marco are coming to you from the RSA Conference in San Francisco and are joined by Alyssa Miller, Mark Albertson, and Caroline Wong. While we cover a gazillion topics during this short chat, the human element certainly remained a common thread throughout. Here are a few of the highlights: - Election security: are we doing enough? - A technological race to detect and protect against deepfakes - The state of the cybersecurity profession - The role of the individual in protecting themselves - The scale of issues in the world of application security Be sure to join us each day for a new update from RSA Conference. We'll have different guests and different topics -- we will always bring the human element. Watch the video here: https://vimeo.com/393632360 We'd like to take a moment to thank our RSAC 2020 coverage sponsors for their belief in what we do and their support - we are ever so grateful and would encourage you to check out their company listings on ITSPmagazine to learn more about their offerings. - ReversingLabs: https://www.itspmagazine.com/company-directory/reversinglabs - Devo: https://www.itspmagazine.com/company-directory/devo - BlackCloak: https://www.itspmagazine.com/company-directory/blackcloak - WeSecureApp: https://www.itspmagazine.com/company-directory/wesecureapp - SecureStack: https://www.itspmagazine.com/company-directory/securestack For more stories from RSA Conference 2020, be sure to visit https://www.itspmagazine.com/rsa-conference-usa-2020-rsac-san-francisco-coverage

A Their Story interview with Sean Martin and Marco Ciappelli Guests: Mario Vuksan and Tyson Whitten The organization telling us their story today is ReversingLabs. Does the Black Box of Machine Learning and Artificial Intelligence Give You A Headache? The lack of visibility into how new (dare we say, “next-gen”) information technologies work—the black box effect—is beginning to give pause to many organizations looking to leverage such technologies to help them succeed with their IT security management programs. Without a view into how the data is analyzed paired with a lack of visibility for how the results can be connected back to the operations—and the business—means that organizations are forced to blindly trust that their vendors are doing the best things, the right thing. The situation is undoubtedly an issue when your SecOps team is trying to deal with threats their infrastructure faces—it gets amplified when you bring their third-party ecosystem into play. And, it goes wildly off the rails and out of control when you attempt to take the human out of the equation to employ a variety of automation techniques to address some of the “routine” challenges faced daily. So, how come we can’t get this visibility? What’s holding us back? Have a listen to Mario’s and Tyson’s view to hear how they see these headaches being treated in the not-so-distant future. Learn more about ReversingLabs on ITSPmagazine here: https://www.itspmagazine.com/company-directory/reversinglabs For more stories from RSA Conference 2020, be sure to visit https://www.itspmagazine.com/rsa-conference-usa-2020-rsac-san-francisco-coverage

Digital life, real life, complexity, risk, and keeping the flow. As the former Secretary at the Department of Homeland Security, our guest today, Juliette Kayyem, has probably seen some things that most people and organizations would have serious nightmares about. Truth is, once you have to deal with complex systems, the reality is made of the scenarios she has seen; the best way to deal with them is to focus on risk reduction and on maintaining the operational flow—of the system itself. We must accept the fact that our world has become connected—in many ways—and our societies more interdependent with one another: specifically looking at technology, cultures, and society—and the challenges they bring when trying to protect ourselves, our communities, our companies, our industries, and our countries. In the specifics of her talk at RSAC 2020, Juliette and Admiral James Stavridis will focus on cybersecurity, elections, and geopolitics. If there’s one thing that is keeping us from winning this battle against cybercrime, according to Juliette, it’s likely that the IT security industry has created a culture that paints a picture of specialization—that this is all a bit of black magic—and if you don’t have the right skills or know the right person (and can pay them handsomely), you’re in for a long, bumpy, nasty ride. On the other hand, it is collaboration and cooperation amongst many different players that can create a future full of positive results. The bottom line is that, despite all the challenges, the InfoSec journey doesn’t have to feel like an old, run-down rollercoaster. Here some of the points we discussed: - As an executive team, how often do you talk with your fellow C-suite partners? Is it the same for the CFO as the CSO? Is the same for the CMO as the CISO? - Do you know what your core mission is that you’re trying to protect? - The role of social media in providing free speech and yet jeopardizing privacy. - We would all hope that protecting the election process is a core mission for the government—is it though? - Is the digitalization of our society helping or damaging democracy? - Plus a whole lot more … Of course, we also discuss more of the keynote fireside chat Juliette is doing with Admiral James Stavridis during the RSA Conference. You can learn more about their session by search the RSA Conference website for Geopolitical Risks, Elections and Cybersecurity. It takes place: Thursday, February 27 | 1:30 PM - 2:20 PM | South Stage But, for now, enjoy the conversation we had with Juliette. You’ll be glad you did! _________ Our RSAC USA 2020 coverage is made possible by the generosity of our sponsors. Be sure to visit their company page to learn more about them: > BlackCloak: https://www.itspmagazine.com/company-directory/blackcloak > Devo: https://www.itspmagazine.com/company-directory/devo > ReversingLabs: https://www.itspmagazine.com/company-directory/reversinglabs > SecureStack: https://www.itspmagazine.com/company-directory/securestack > WeSecureApp: https://www.itspmagazine.com/company-directory/wesecureapp For all of our RSAC USA 2020 coverage, visit: https://www.itspmagazine.com/rsa-conference-usa-2020-rsac-san-francisco-coverage To learn about our event coverage sponsorship opportunities, please visit: https://itspmagazine.com/event-coverage-sponsorship

By Sean Martin & Marco Ciappelli It’s the Ally of the Year Awards 2020 CelebrationAnd, we are starting the celebration now! The AYA 2020 Celebration in San Francisco takes place on Sunday, February 23, 2020. Please join us in celebrating allies who work to advance equality and make a substantive difference for women in technology. To kick our celebratory coverage off for this event, we have the pleasure of chatting with the event’s leader, Carmen Marsh, along with one AYA committee member and judge, Jessica Robinson. These are the categories: Company AYA: Significant contribution by a single company to create an inclusive work cultures that welcome, support, and retain women in technology.   Male Ally of the Year: Significant personal contribution to co-creating opportunity and building a personal brand for accountability & trust for women in cybersecurity & privacy.   Educator AYA: Significant contribution by an educational entity that has made significant progress in educating about gender equality for women in technology.   Program AYA: Significant contribution by a program that has made significant progress in building a community of supporters that continuously cultivate an attitude of encouragement for women. Non-profit AYA: Significant contribution of a non profit which mission has made a large impact on building an inclusive society for women in the working world. Recruiter AYA: Significant contribution by a single recruiter or recruiting company making gender equality the priority.  Media AYA: Significant contribution by media outlet with the most extensive coverage of women in technology. We talk about the different categories, the submission and judging process, and the amazing committee that helped to make this awards program and event happen. We are honored to be part of and to support this event as it shows that it is the numbers that make us stronger—all of us working together can bring the positive change we need. Ultimately, as Jessica points out, it’s about making an impact—taking from conversation to action—taking this from action to positive impact. We can get there. Join us! ____________ Our RSAC USA 2020 coverage is made possible by the generosity of our sponsors. Be sure to visit their company page to learn more about them: > BlackCloak: https://www.itspmagazine.com/company-directory/blackcloak > Devo: https://www.itspmagazine.com/company-directory/devo > ReversingLabs: https://www.itspmagazine.com/company-directory/reversinglabs > SecureStack: https://www.itspmagazine.com/company-directory/securestack > WeSecureApp: https://www.itspmagazine.com/company-directory/wesecureapp For all of our RSAC USA 2020 coverage, visit: https://www.itspmagazine.com/rsa-conference-usa-2020-rsac-san-francisco-coverage To learn about our event coverage sponsorship opportunities, please visit: https://itspmagazine.com/event-coverage-sponsorship

By Sean Martin & Marco Ciappelli The theme for this year’s RSA Conference, which our podcast guests are going to tell us all about, is one that's right up our alley here on ITSPmagazine—The Human Element. And, there's a lot going on during the week of RSAC, all designed to help educate and connect the InfoSec professional and community as they look to arm themselves to be successful in their roles and happy and healthy in their InfoSec lives. The value of face-to-face conferences are designed to bring people together so they can make connections with the rest of the community didn’t go unnoticed by this year’s RSA Conference organizers. This was something that was really top of mind for them as they defined the conference to offer a more personalized experience for the attendees in many creative ways. As we discuss these attributes with our guests—Linda Gray Martin and Britta Glade—we also get additional insights from them regarding what the conference attendees should expect, including: - Some keynote session picks - Some Learning Lab picks - What the Engagement Zone is all about - College Day and other programs for students of nearly all ages And it’s going to be an epic year—check out some of these stats: - Expect to mingle with ~43,000 attendees over the course of the five days - Roughly 500 sessions - Approximately 700 speakers - Around 700 exhibitors - A multitude of different learning experiences, networking opportunities, and special events So, what are you waiting for? Have a listen to Linda and Britta to learn more—then join us and the rest of the community in San Francisco. See you there! ____________ Our RSAC USA 2020 coverage is made possible by the generosity of our sponsors. Be sure to visit their company page to learn more about them: > BlackCloak: https://www.itspmagazine.com/company-directory/blackcloak > Devo: https://www.itspmagazine.com/company-directory/devo > ReversingLabs: https://www.itspmagazine.com/company-directory/reversinglabs > SecureStack: https://www.itspmagazine.com/company-directory/securestack > WeSecureApp: https://www.itspmagazine.com/company-directory/wesecureapp For all of our RSAC USA 2020 coverage, visit: https://www.itspmagazine.com/rsa-conference-usa-2020-rsac-san-francisco-coverage To learn about our event coverage sponsorship opportunities, please visit: https://itspmagazine.com/event-coverage-sponsorship

A Their Story interview with Marco Ciappelli & Sean Martin Guest: Mario Vuksan, Founder and CEO, ReversingLabs The organization telling us their story today is ReversingLabs. This is a story that started about ten years ago; however, in some ways it goes back a bit further than that—and perhaps we will never catch up with the present. Is a story about a different approach to cybersecurity that has, at its core, a profound desire to understand how technology works and evolves; that places security center-stage in every discipline related—not only to computer science—but to all activities connected to the well-being and progressive development of our society. This is a story about the importance of decoding the past and breaking things apart to learn how they have been conceptualized and constructed; doing so as a means for us to understand their history, internalize their meaning, and to build better versions in the future. It is what reversing problems is all about. Digging back into how things came to be. When you apply this concept to cybersecurity you can open an entirely new universe to explore in a different way; a universe made of source code, compilers, and binary structures; all of which needs to be studied, understood, analyzed, and re-built. Doing so will enable us to examine our past and present and build for the future capitalizing on the vast wealth of knowledge that now we have available. Intrigued? So were we. Have a listen. ___________________________ Learn more about ReversingLabs on ITSPmagazine here: https://www.itspmagazine.com/company-directory/reversinglabs Learn more about Their Story podcasts here: https://www.itspmagazine.com/their-infosec-story

Nikola Arežina je grafički i veb dizajner, osnivač Fruskac.net platforme. Školovao se u Novom Sadu a prvo poslovno iskustvo stekao u Coba&Accociates gde je zajedno sa studiom pokrenuo portal Designed.rs. Trenutno se bavi multimedijom i radi na razvoju korisničkog interfejsa za ReversingLabs proizvode. Poslednjih godina radio je i kao art direktor dva velika festivala (SHARE i Festival uličnih svirača). Deo je internacionalnog žirija za evaluaciju veb sajtova webbyawards.com / iadas.net.

Winning arguments, turning insight into execution, avoiding the "Yes" dilemma, and updates from Bitdefender, McAfee, Barracuda Networks, Pwnie Express, ReversingLabs, and more! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode64 Visit http://securityweekly.com/category/ssw for all the latest episodes!

Zach Schlumpf of IOActive joins us. In our article discussion, we talk about winning arguments, turning insight into execution, and avoiding the "Yes" dilemma. In the news, we have updates from Bitdefender, McAfee, Barracuda Networks, Pwnie Express, ReversingLabs, and more on this episode of Startup Security Weekly! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode64 Visit https://www.securityweekly.com/ssw for all the latest episodes!

Winning arguments, turning insight into execution, avoiding the "Yes" dilemma, and updates from Bitdefender, McAfee, Barracuda Networks, Pwnie Express, ReversingLabs, and more! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode64 Visit http://securityweekly.com/category/ssw for all the latest episodes!

Zach Schlumpf of IOActive joins us. In our article discussion, we talk about winning arguments, turning insight into execution, and avoiding the "Yes" dilemma. In the news, we have updates from Bitdefender, McAfee, Barracuda Networks, Pwnie Express, ReversingLabs, and more on this episode of Startup Security Weekly! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode64 Visit https://www.securityweekly.com/ssw for all the latest episodes!