Podcasts about supply chain attacks

LINKS:  https://distrust.co/software.html - Software page with OSS software Linux distro: https://codeberg.org/stagex/stagex Milksad vulnerability:  https://milksad.info/ In this episode of Cybersecurity Today on the Weekend, host Jim Love engages in a captivating discussion with Anton Livaja  from Distrust. Anton shares his unique career transition from obtaining a BA in English literature at York University to delving into cybersecurity and tech. Anton recounts how he initially entered the tech field through a startup and quickly embraced programming and automation. The conversation covers Anton's interest in Bitcoin and blockchain technology, including the importance of stablecoins, and the frequent hacking incidents in the crypto space. Anton explains the intricacies of blockchain security, emphasizing the critical role of managing cryptographic keys. The dialogue also explores advanced security methodologies like full source bootstrapping and deterministic builds, and Anton elaborates on the significance of creating open-source software for enhanced security. As the discussion concludes, Anton highlights the need for continual curiosity, teamwork, and purpose-driven work in the cybersecurity field. 00:00 Introduction to Cybersecurity Today 00:17 Anton's Journey from Literature to Cybersecurity 01:08 First Foray into Programming and Automation 02:35 Blockchain and Its Real-World Applications 04:36 Security Challenges in Blockchain and Cryptocurrency 13:21 The Rise of Insider Threats and Social Engineering 16:40 Advanced Security Measures and Supply Chain Attacks 22:36 The Importance of Deterministic Builds and Full Source Bootstrapping 29:35 Making Open Source Software Accessible 31:29 Blockchain and Supply Chain Traceability 33:34 Ensuring Software Integrity and Security 38:20 The Role of AI in Code Review 40:37 The Milksad Incident 46:33 Introducing Distrust and Its Mission 52:23 Final Thoughts and Encouragement

Can Generative AI Be Secured? Amazon's Chief Security Officer Weighs In   In this episode of Eye on AI, Amazon's Chief Security Officer Stephen Schmidt pulls back the curtain on how Amazon is using AI-powered cybersecurity to defend against real-world threats. From global honeypots to intelligent alarm systems and secure AI agent networks, Steve shares never-before-heard details on how Amazon is protecting both its infrastructure and your data in the age of generative AI.   We dive deep into: Amazon's MadPot honeypot network and how it tracks adversaries in 90 seconds The role of AI in threat detection, alarm triage, and code validation Why open-source vs. closed-source models are a real security debate The critical need for data privacy, secure LLM usage, and agent oversight Amazon's $5M+ Nova Trusted AI Challenge to battle adversarial code generation Whether you're building AI tools, deploying models at scale, or just want to understand how the future of cybersecurity is evolving—this episode is a must-listen.   Don't forget to like, subscribe, and turn on notifications to stay updated on the latest in AI, security, and innovation.     Stay Updated: Craig Smith on X:https://x.com/craigss Eye on A.I. on X: https://x.com/EyeOn_AI (00:00) Preview (00:52) Stephen Schmidt's Role and Background at Amazon (02:11) Inside Amazon's Global Honeypot Network (MadPot) (05:26) How Amazon Shares Threat Intel Through GuardDuty (08:06) Are Cybercriminals Using AI? (10:28) Open Source vs Closed Source AI Security Debate (13:09) What Is Amazon GuardDuty (17:44) How Amazon Protects Customer Data at Scale (20:18) Can Autonomous AI Agents Handle Security? (25:14) How Amazon Empowers SMBs with Agent-Driven Security (26:18) What Tools Power Amazon's Security Agents? (29:25) AI Security Basics (35:34) Securing AI-Generated Code (37:26) Are Models Learning from Our Queries? (39:44) Risks of Agent-to-Agent Data Sharing (42:08) Inside the $5M Nova Trusted AI Security Challenge (47:01) Supply Chain Attacks and State Actor Tactics (51:32) How Many True Adversaries Are Out There? (53:04) What Everyone Needs to Know About AI Security  

Steve Summers speaks with SE Radio host Sam Taggart about securing test and measurement equipment. They start by differentiating between IT and OT (Operational Technology) and then discuss the threat model and how security has evolved in the OT space, including a look some of the key drivers. They then examine security challenges associated with a specific device called a CompactRIO, which combines a Linux real-time CPU with a field programmable gate array (FPGA) and some analog hardware for capturing signals and interacting with real-world devices. Brought to you by IEEE Computer Society and IEEE Software magazine.

David Mauro interviews ransomware negotiator, George Just, a former VP at Oracle and current CRO at Digital Asset Redemption (https://www.digitalassetredemption.com/), about how to deal with online extortion, understanding ransomware payments, and we uncover secrets to cyber crime discussions you need to know.Chapters00:00 The Reality of Cybercrime02:00 Introduction to Ransomware Negotiation03:04 The Journey into Cybersecurity06:13 Understanding Ransomware Attacks09:00 The Art of Negotiation with Threat Actors11:53 Case Studies in Ransomware Negotiation16:00 The Role of Cyber Insurance18:49 Incident Response Planning21:57 How To Deal With Online Extortion25:09 The Business of Ransomware30:04 Secrets To Cyber Crime Discussions33:19 Understanding Cybersecurity Threats36:03 Understanding Ransomware Payments39:09 Supply Chain Attacks and Data Exfiltration43:28 Proactive Cyber Defense Strategies47:05 The Importance of Threat Intelligence51:52 Preparing for Cyber IncidentsSend us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-4466

BONUS: AI and Cybersecurity - An Introduction to The Hidden Threats in Our Connected World with Dr. Eric Cole In this BONUS episode, we explore the evolving landscape of cybersecurity in the age of artificial intelligence. Dr. Eric Cole, a renowned cybersecurity expert and author of Cyber Crisis: Protecting Your Business from Real Threats in the Virtual World, shares critical insights about how AI is transforming security strategies. From the privacy concerns of our always-connected devices to practical tips for protecting your business and personal information, this conversation offers essential knowledge for navigating our increasingly digital world. The Double-Edged Sword of AI in Cybersecurity "We are giving away our IP, our data, and our privacy. The data set is what gives value to AI." The rise of artificial intelligence presents both opportunities and serious risks in the cybersecurity landscape. Dr. Cole emphasizes that while many focus solely on AI's benefits, we often overlook the fact that we're surrendering vast amounts of our sensitive information, intellectual property, and private data to AI providers. This data becomes the foundation of AI's value and capabilities, creating a significant privacy concern that many organizations fail to properly address. As we embrace these new technologies, we must carefully consider what information we're willing to share and what safeguards should be in place. Modern Attack Vectors: The Human Element "Attacks today are mostly social engineering. We end up having to retrain people to not trust their email." Today's cybersecurity threats have evolved beyond traditional technical exploits to focus primarily on social engineering—manipulating people into compromising their own security. Dr. Cole explains that modern attackers increasingly target the human element, requiring organizations to fundamentally retrain employees to approach communications with healthy skepticism. Particularly concerning are mobile threats, as our phones constantly record audio and other personal data. Dr. Cole warns that "free" apps often come with a hidden price: your privacy and security. Understanding these attack vectors is essential for developing effective defense strategies in both personal and professional contexts. Cybersecurity as a Business Enabler "Security is not a barrier, not an obstacle. Cybersecurity is a business enabler." Dr. Cole challenges the common perception that security measures primarily restrict functionality and impede business operations. Instead, he reframes cybersecurity as a critical business enabler that should be integrated into strategic decision-making. Organizations need to make deliberate decisions about the tradeoffs between security and functionality, understanding that proper security measures protect business continuity and reputation. Dr. Cole particularly warns about supply chain attacks, which have become increasingly prevalent, and emphasizes that awareness is the foundation of any effective protection strategy. He recommends centralizing data for easier security management and advises that client devices should minimize storing sensitive data. Mobile Phones: The Ultimate Tracking Device "You don't go anywhere without your cell phone. Your cell phone is never more than a foot from you it's with you wherever you go... which means if somebody wants to track and monitor you they can." We often worry about theoretical tracking technologies while overlooking the sophisticated tracking device we voluntarily carry everywhere—our mobile phones. Dr. Cole points out the irony that people who would never accept being "chipped" for tracking purposes willingly keep their phones within arm's reach at all times. These devices record our locations, conversations, messages, and activities, creating a comprehensive digital trail of our lives. With access to someone's phone, anyone can trace their movements for months and access an alarming amount of personal information. This risk is compounded when we back up this data to cloud services, effectively giving third parties access to our most sensitive information. Understanding these vulnerabilities is the first step toward more mindful mobile security practices. Business Opportunities in the Security Space "We have too much information, too much data. How can we use that data effectively?" The cybersecurity landscape presents significant business opportunities, particularly in making sense of the overwhelming amount of security data organizations collect. Dr. Cole identifies data correlation and effective data utilization as key investment areas. Modern security systems generate vast quantities of logs and alerts, but transforming this raw information into actionable intelligence remains a challenge. Companies that can develop solutions to effectively analyze, correlate, and extract meaningful insights from security data will find substantial opportunities in the market, helping organizations strengthen their security posture while managing the complexity of modern threats. Essential Training for Security-Conscious Developers "Go for secure coding courses. This helps us understand how software can be exploited." For software developers looking to build more secure applications, Dr. Cole recommends focusing on penetration testing skills and secure coding practices. Understanding how software can be exploited from an attacker's perspective provides invaluable insights for designing more robust systems. By learning the methodologies and techniques used by malicious actors, developers can anticipate potential vulnerabilities and incorporate appropriate safeguards from the beginning of the development process. This proactive approach to security helps create applications that are inherently more resistant to attacks rather than requiring extensive security patches and updates after deployment. About Dr. Eric Cole Dr. Eric Cole is the author of "Cyber Crisis, Protecting Your Business from Real Threats in the Virtual World." He is a renowned cybersecurity expert with over 20 years of experience helping organizations identify vulnerabilities and build robust defense solutions against advanced threats. He has trained over 65,000 professionals worldwide through his best-selling cybersecurity courses and is dedicated to making cyberspace a safe place for all. You can link with Dr. Eric Cole on LinkedIn, or visit his company's website Secure-Anchor.com. 

 This episode focuses on SaaS (Software as a Service) Supply Chain Attacks. We discuss what SaaS applications are most at risk, what the real danger of saas supply chain attacks are and most importantly how to defend and detect these attacks. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

On this week's episode of News & Views, sponsored by Vanta, the Fintech Times Podcast team speak about how almost 6 in 10 large UK financial services firms fell victim to at least one third-party supply chain attack in 2024, Project Nemo taking on Bankings accessibility challenge & Yuno launching the Mastercard payment passkey across Latin America to combat fraud.

Ah, supply chain attacks—the gift that keeps on giving... headaches, fines, and catastrophic data breaches. In this episode, we unwrap three cautionary tales of organizations caught in the tangled web of digital supply chain chaos. From unpatched vulnerabilities and sneaky software backdoors to hackers casually buying network access like it's an eBay auction, each story serves up a hard truth: you don't want to be part of a supply chain attack, you don't want to have a supply chain attack, and you definitely don't want to delay dealing with a supply chain attack. So grab your metaphorical flashlight and let's go spelunking into the murky caves of cybersecurity mishaps. More info at HelpMeWithHIPAA.com/490

Three Buddy Problem - Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite. Plus, thoughts on the US government's controversial guidance on VPNs, Chinese reports on US intel agency hacking, TP-Link sanctions chatter, Mossad's dramatic exploding beeper operation and the ethical, legal, and security implications of escalating cyber-deterrence. Also, a mysterious BeyondTrust 0-day! Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

Cybersecurity Year in Review: Future Challenges and Industry Insights Join host Jim Love and a panel of cybersecurity experts—Terry Cutler from Cyology Labs, David Shipley from Beauceron Security, and Laura Payne of White Tuque—as they review the key cybersecurity events of the past year. Topics discussed include the increasing cyber threats to universities, healthcare systems, and critical infrastructure; the importance of proper cybersecurity measures and employee training; the complexities of adopting quantum-safe encryption protocols; and the impact of AI and shadow IT on cybersecurity. The panel concludes with actionable advice for improving organizational cybersecurity posture in the coming year. 00:00

Three Buddy Problem - Episode 22: We discuss Volexity's presentation on Russian APT operators hacking Wi-Fi networks in “nearest neighbor attacks,” the Chinese surveillance state and its impact on global security, the NSA's strange call for better data sharing on Salt Typhoon intrusions, and the failures of regulatory bodies to address cybersecurity risks. We also cover two new Apple zero-days being exploited in the wild, the US Government's demand that Google sell the Chrome browser, and the value of data in the context of AI. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs) (SentinelLabs), Costin Raiu (https://twitter.com/craiu) (Art of Noh) and Ryan Naraine (https://twitter.com/ryanaraine) (SecurityWeek).

Cybersecurity Ventures predicts that the global annual cost of software supply chain attacks to businesses will reach a staggering $138 billion by 2031, up from $60 billion in 2025, and $46 billion in 2023, based on 15 percent year-over-year growth. Cybercrime Magazine produced a special 4-minute video report on the magnitude of these attacks, brought to you by Exiger. Watch at https://youtu.be/Osh5cn1ytg8. In this episode, host Paul John Spaulding is joined by Steve Morgan, Founder of Cybersecurity Ventures and Editor-in-Chief at Cybercrime Magazine, to discuss. The Cybercrime Magazine Update airs weekly and covers the latest news, interviews, podcasts, reports, videos, and special productions from Cybercrime Magazine, published by Cybersecurity Ventures. For more on cybersecurity, visit us at https://cybersecurityventures.com

What are the threats your cloud application and infrastructure are facing? While at NDC Oslo, Richard chatted with Daniela Cruzes and Romina Druta about their work building threat models for cloud-based applications. Daniela discusses how modeling helps to understand security concerns before applications are deployed and attacked - often, security retrofits are time-consuming and expensive, so thinking them through beforehand has enormous benefits. Romina dives into the supply chain side of threats - open-source libraries with backdoors, even down to development tools with malware. There are a lot of threats - but when you look, there are often great solutions as well. You'll need to collaborate with development to secure things, but security isn't optional and is worth fighting for.LinksCloud-Native Application Protection PlatformArgoVSCode Malicious Extention ThreatsRecorded June 12, 2024

Cassie Crossley, author of the book “Software Supply Chain Security: Securing the End-to-end Supply Chain for Software, Firmware, and Hardware,” is the VP, Supply Chain Security, Cybersecurity & Product Security Office at Schneider Electric. In this episode, she joins host Scott Schober to discuss software supply chain attacks. SecurityScorecard is the leading security rating company, used by more than 2,500 top companies. To learn more about our sponsor, visit https://securityscorecard.com

In episode 336 of the Shared Security Podcast, we discuss the Biden administration's recent ban on Kaspersky antivirus software in the U.S. due to security concerns linked to its Russian origins. We also highlight the importance of keeping all software updated, using recent examples of supply chain attacks that have compromised several popular WordPress plugins. […] The post The U.S. Bans Kaspersky Antivirus, WordPress Plugin Supply Chain Attacks appeared first on Shared Security Podcast.

Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.

Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the Security Swarm Podcast, our host Andy Syrewicze discusses the key findings from Hornetsecurity's Monthly Threat Report with guest Michael Posey. The Monthly Threat Report is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.   In this episode, Andy and Michael talk about recent security events such as the Cyber Safety Review Board's (CSRB) report assessment of the Storm-0558 attack, the FTC's reports on impersonation attacks, and an alarming potential supply chain attack on the XZ Utils package in open-source Linux distributions.  Key takeaways:  The cybersecurity landscape is evolving rapidly with a variety of threats, from supply chain attacks to impersonation scams.  Transparency and security diligence are crucial in preventing and mitigating cyber threats.  End-user training and awareness play a significant role in enhancing overall cybersecurity posture.  Timestamps:  (05:26) - Rising Trends in Email Threats and Cybersecurity Impersonation Tactics (15:26) - The Importance of Email Security and Supply Chain Attacks in Today's Cyber Landscape (18:12) - Uncovering the Storm-0558 Breach: Analysis and Recommendations (27:33) - FTC Reports on Impersonation Attacks and the Importance of End User Training in Cybersecurity (34:25) - Major Security Threat Uncovered in XZ Utils Package in Open Source Linux Distributions (40:22) - Insights on Cybersecurity Issues and Mitigations  Episode Resources:  The Full Monthly Threat Report for April 2024 Fully automated Security Awareness Training Demo 

Guests: Mary Walker, Security Engineer, Dropbox [@Dropbox]On LinkedIn | https://www.linkedin.com/in/marywalkerdfir/At Black Hat | https://www.blackhat.com/asia-24/briefings/schedule/speakers.html#mary-walker-47392Adrian Wood, Security Engineer, Dropbox [@Dropbox]On LinkedIn | https://www.linkedin.com/in/adrian-wood-threlfall/At Black Hat | https://www.blackhat.com/asia-24/briefings/schedule/speakers.html#adrian-wood-39398____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesOn this episode of On Location with Sean and Marco, Sean Martin hosts the show solo, discussing supply chain attacks through machine learning models with guests Mary Walker and Adrian Wood. Mary and Adrian, both security engineers at Dropbox, share insights on their journey in cybersecurity and research on exploiting machine learning models. They delve into the implications of machine learning models being used as software programs containing malware and the risks associated with model repositories.The conversation explores the ease of poisoning machine learning models and the importance of understanding the provenance of models for risk mitigation. Mary and Adrian emphasize the need for enhanced detection mechanisms for shadow AI and proactive measures for securing model repositories. Additionally, they discuss the impact of AI standardization and the legal implications surrounding AI development.The episode concludes with a call to action for listeners to engage in discussions on supply chain attacks, join Mary and Adrian for their talk at Black Hat Asia, participate in Q&A sessions, and contribute to the open-source tools developed by the guests.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________On YouTube:

Guests: Mary Walker, Security Engineer, Dropbox [@Dropbox]On LinkedIn | https://www.linkedin.com/in/marywalkerdfir/At Black Hat | https://www.blackhat.com/asia-24/briefings/schedule/speakers.html#mary-walker-47392Adrian Wood, Security Engineer, Dropbox [@Dropbox]On LinkedIn | https://www.linkedin.com/in/adrian-wood-threlfall/At Black Hat | https://www.blackhat.com/asia-24/briefings/schedule/speakers.html#adrian-wood-39398____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesOn this episode of On Location with Sean and Marco, Sean Martin hosts the show solo, discussing supply chain attacks through machine learning models with guests Mary Walker and Adrian Wood. Mary and Adrian, both security engineers at Dropbox, share insights on their journey in cybersecurity and research on exploiting machine learning models. They delve into the implications of machine learning models being used as software programs containing malware and the risks associated with model repositories.The conversation explores the ease of poisoning machine learning models and the importance of understanding the provenance of models for risk mitigation. Mary and Adrian emphasize the need for enhanced detection mechanisms for shadow AI and proactive measures for securing model repositories. Additionally, they discuss the impact of AI standardization and the legal implications surrounding AI development.The episode concludes with a call to action for listeners to engage in discussions on supply chain attacks, join Mary and Adrian for their talk at Black Hat Asia, participate in Q&A sessions, and contribute to the open-source tools developed by the guests.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________On YouTube:

In this edition of The Future of Cybersecurity Newsletter, we explore how CISOs can enhance their cybersecurity strategies by adopting aviation survivability fundamentals. This approach offers a fresh perspective on risk assessment, system resilience, and continuous improvement, drawing parallels between the structured rigor of aviation safety and the dynamic field of cybersecurity.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

In this edition of The Future of Cybersecurity Newsletter, we embark on a journey that connects the groundbreaking innovation of the blue LED with the ever-evolving challenges of cybersecurity. Shuji Nakamura's pioneering work in developing the blue LED not only revolutionized lighting technology but also provides invaluable lessons for tackling the complexities of modern cybersecurity. We explore how the persistence, interdisciplinary approaches, and innovative thinking that led to the blue LED's success can be mirrored in addressing cybersecurity threats.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

The current state of cybersecurity and the looming threats warrant serious attention. In this Brand Story episode of "Reflections from 2023", Nadav Avital, Head of Threat Research at Imperva, sheds intriguing light on this cyber landscape.Avital outlines prominent threats of 2023, highlighting the prevalence of distinct attacks such as supply chain and distributed denial of service attacks, and business logic attacks. He emphasizes that, to navigate the evolving threat landscape effectively, it is vital to look backward to look forward.Cyberattacks have presented consequential impacts on organizations, from monetary losses to operational disruption, and even reputational damage. For instance, Avital mentions how ransomware attacks and denial of service attacks have left businesses grappling with restoring systems, ransom payments and downtime, citing examples from real-life scenarios drawn from his observations.Imperva's Threat Research team takes on the monumental task of monitoring, analyzing, and protecting against these cyber threats. They utilize open-source intelligence, deep web resources and data from deployed sensors and customer networks. This multifaceted intelligence gets productized and integrated into Imperva's solutions, ensuring customers can focus on their businesses rather than worrying about cyber threats.However, the battle against cyber threats extends beyond just protective measures. Raising awareness through communication plays a crucial role in helping the broader business and cybersecurity community understand and tackle these threats. The sharing of research findings through various channels such as blogs, newsletters and reports, helps impart invaluable knowledge, equipping readers with the necessary context and understanding of the evolving threat landscape.Imperva's forward-thinking approach in harnessing different intelligence resources to create protective solutions demonstrates their unrivaled expertise in the realm of cybersecurity. As Avital pointed out, it's not solely about using advanced techniques for quality attacks but also about creatively using existing ones.As cyber threats continue to evolve, it's paramount for organizations and cybersecurity professionals to stay abreast of these trends. Resources and research made available by teams like Imperva's Threat Research serve as a goldmine of intelligence information commanding our attention. Make cybersecurity a priority, leverage resources at your disposal and stay a step ahead of threats. Connect with the Imperva Threat Research team and be part of their mission to secure cyberspace. Imperva's journey into innovations and solutions is one worth following and learning from as we continue moving forward in this cyber landscape. Note: This story contains promotional content. Learn more.Guest: Nadav Avital, Head of Threat Research at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/nadav-avital-a508244/On YouTube | https://www.youtube.com/channel/UCH5blYEvvzUcWD7ApRVP9YgResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Imperva Threat Research: https://www.imperva.com/cyber-threat-index/threat-research/Catch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The current state of cybersecurity and the looming threats warrant serious attention. In this Brand Story episode of "Reflections from 2023", Nadav Avital, Head of Threat Research at Imperva, sheds intriguing light on this cyber landscape.Avital outlines prominent threats of 2023, highlighting the prevalence of distinct attacks such as supply chain and distributed denial of service attacks, and business logic attacks. He emphasizes that, to navigate the evolving threat landscape effectively, it is vital to look backward to look forward.Cyberattacks have presented consequential impacts on organizations, from monetary losses to operational disruption, and even reputational damage. For instance, Avital mentions how ransomware attacks and denial of service attacks have left businesses grappling with restoring systems, ransom payments and downtime, citing examples from real-life scenarios drawn from his observations.Imperva's Threat Research team takes on the monumental task of monitoring, analyzing, and protecting against these cyber threats. They utilize open-source intelligence, deep web resources and data from deployed sensors and customer networks. This multifaceted intelligence gets productized and integrated into Imperva's solutions, ensuring customers can focus on their businesses rather than worrying about cyber threats.However, the battle against cyber threats extends beyond just protective measures. Raising awareness through communication plays a crucial role in helping the broader business and cybersecurity community understand and tackle these threats. The sharing of research findings through various channels such as blogs, newsletters and reports, helps impart invaluable knowledge, equipping readers with the necessary context and understanding of the evolving threat landscape.Imperva's forward-thinking approach in harnessing different intelligence resources to create protective solutions demonstrates their unrivaled expertise in the realm of cybersecurity. As Avital pointed out, it's not solely about using advanced techniques for quality attacks but also about creatively using existing ones.As cyber threats continue to evolve, it's paramount for organizations and cybersecurity professionals to stay abreast of these trends. Resources and research made available by teams like Imperva's Threat Research serve as a goldmine of intelligence information commanding our attention. Make cybersecurity a priority, leverage resources at your disposal and stay a step ahead of threats. Connect with the Imperva Threat Research team and be part of their mission to secure cyberspace. Imperva's journey into innovations and solutions is one worth following and learning from as we continue moving forward in this cyber landscape. Note: This story contains promotional content. Learn more.Guest: Nadav Avital, Head of Threat Research at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/nadav-avital-a508244/On YouTube | https://www.youtube.com/channel/UCH5blYEvvzUcWD7ApRVP9YgResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Imperva Threat Research: https://www.imperva.com/cyber-threat-index/threat-research/Catch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Microsoft drops the requirement for having 300 users or more and opens co-pilot to companies of any size, there's a huge increase in visits to “piracy sites”, Open source code and online hacking tools are fueling growth in supply chain attacks and Apple is now number 1 in smartphone sales.

In this episode of Enterprising Insights, Krista Macomber, Senior Analyst at The Futurum Group, joins host Keith Kirkpatrick, Research Director, Enterprise Applications, at The Futurum Group, for a conversation about enterprise cybersecurity, focusing on the current threats to organizations, how AI is changing the threat landscape, and best practices for organizations to harden their defenses. We'll also cover some recent news and newsmakers in the enterprise software market. Finally, we'll close out the show with our “Rant or Rave” segment, where we pick one item in the market, and we'll either champion or criticize it.

Free, ungated access to all 260+ episodes of “It's 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You're welcome to

Welcome to the CyBUr Smart Morning News Update Friday Op-Ed and a look at Supply Chain Attacks. They are becoming more prevalent and whether you are a small, medium, or large company or even just a home user, you need to be aware of what they are and how you can reduce your risk. Give a listen, tell a friend, share the link.  Have a good weekend. Thoughts/Comments/Questions always welcome at darren@thecyburguy.com

Free, ungated access to all 235+ episodes of “It's 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You're welcome to

What do you really know about your vendors? And about your vendors' vendors?To talk about supply chain attacks, and how to best mitigate and meet these risks, Robby is joined by a pair with a lot of experience on this topic: Roger Ison-Haug, CISO of StormGeo, and Martin Kofoed, CEO of Improsec.Martin and Roger discuss what a supply chain attack looks like these days, how to prepare for when a compromise happens, and how to get an overview of your organization's exposure. They also highlight the importance of knowing what happens if someone accesses your infrastructure, and fixing your basics.

In this episode, we welcome back Shay Nahari, VP of CyberArk Red Team Services. His discussion with host David Puner revolves around attacker innovation, focusing on key areas like cascading supply chain attacks and session cookie hijacking. Lean in as Nahari explains how the Red Team simulates real-world attacks to help organizations identify vulnerabilities and improve their security posture.  

Can Honeytokens be used in your supply chain security? Turns out we can! We spoke to Mackenzie Jackson ( @advocatemack ) from  @GitGuardian  about the benefits of using Honeytokens, which organisations can benefit from them and whats involved in deploying them and next steps once they are triggered. Episode YouTube: ⁠ ⁠⁠Video Link⁠⁠⁠⁠⁠ Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠) Guest Socials: Mackenzie Jackson (⁠ @advocatemack ⁠) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠ Spotify TimeStamp for Interview Question (00:00) Introduction (02:01) A bit about Mackenzie Jackson (02:37) What are Honeytokens? (03:35) Traditional threat detection (05:29) Honeytoken in action (07:02) Deployments for Honeytokens (09:46) Role of Honeytoken in Supply Chain (11:02) Deploying and managing Honeytokens (13:12) Incident response with Honeytokens (15:01) What companies should use Honeytokens? (16:05) What if the key is deleted ! Resources: You can find out more about Honeytokens & GitGuardian here! See you at the next episode!

In this episode, host Steve Morgan is joined by Mic McCully, Field CTO, and Jamie Smith, Product Marketing Director, at Snyk. Together, they discuss software supply chain attacks, what CISOs and security leaders need to know, and more. To learn more about our sponsor, Snyk, the developer security company, visit https://snyk.io

On this episode, David London and Adam Isles from the Chertoff Group stop by to discuss emerging risk topics such as AI, Supply Chain Attacks, and the new SEC regulations. Stick around and learn the tradecraft to better protect your company. Special Thanks to our Sponsors: The Chertoff Group: https://www.chertoffgroup.com.Note you can read more about their thoughts on AI here: https://www.chertoffgroup.com/managing-ai-risks/ Prelude: https://www.preludesecurity.com/ CPrime: Visit https://www.cprime.com/train to schedule an IT governance workshop to align expectations, capture priorities, and improve effective governance across your entire technology portfolio. Use the code CPRIMEPOD to get 15% off your training course purchase. Transcripts: https://docs.google.com/document/d/1tW0kOYCURXgRF-z7UqeQGga0zAkwGuZ9/ Chapters 00:00 Introduction 02:33 The SEC's Final Rule on Cybersecurity Disclosure 05:29 What is a Material Incident? 07:13 The Commission's Final Rule on Board Engagement in Cybersecurity Risk 10:03 The Four Day Rule for Incident Reporting 12:46 The Implications of the New Role of the CISO 15:46 The Ticking Clock on Disclosure 18:31 SolarWinds and the Software Chain Security Exposure 19:53 The Role of the Software Bill of Materials (SBOM) in the Software Supply Chain Security Challenges 21:29 The Rise of the SBOM 23:16 The Rise of Expectations in the U.S. Government 25:02 The Future of Software Security 27:22 The Progress of the CMMC Program 29:59 The SEC Disclosure Requirements: What to Expect From Your Board 31:57 How to Reduce Complexity in Your Software Development Lifecycle 34:05 How AI is Impacting Our Business and Cyber 37:32 How to Measure and Manage Cyber Risks Effectively 39:57 The SEC's Final Rule on Disclosure

We are thrilled to welcome back to our podcast our favorite cyber security experts at Pulsar Security, a CMAA Education Partner, for answers to our questions about supply chain vulnerabilities. Pulsar Security is a cybersecurity company whose mission extends to protect clubs and their members against malicious attacks. We define what a supply chain attack is and what it can look like and Patrick and Duane help us understand what measures clubs can take to protect their assets and information.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations, and civilian users in Ukraine and Poland.FortiGuard Labs investigation the researchers came across several Malicious Office documents designed to exploit known vulnerabilities.Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt.CheckMarx is reporting the first known targeted OSS supply chain attacks against the banking sector.The LimaCharlie SecOps Cloud Platform provides organizations with comprehensive enterprise protection that brings together critical cybersecurity capabilities and eliminates integration challenges and security gaps for more effective protection against today's threats.Watch the SecOps Cloud Platform panel discussions here: Introducing the SecOps Cloud PlatformThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Seemant Sehgal is the founder and CEO at BreachLock, developers of a world class, award-winning Penetration Testing as a Service platform. In this episode, he joins host Steve Morgan to discuss cyberattacks on supply chains, what CISOs should know, and more. To learn more about our sponsor BreachLock, visit https://breachlock.com

Ross John Anderson, Professor of Security Engineering at University of Cambridge, discusses software obsolescence with host Priyanka Raghavan. They examine risks associated with software going obsolete and consider several examples of software obsolescence, including how it can affect cars. Prof. Anderson discusses policy and research in the area of obsolescence and suggests some ways to mitigate the risks, with special emphasis on software bills of materials. He describes future directions, including software policy and laws in the EU, and offers advice for software maintainers to hedge against risks of obsolescence.

We look at new malware that uses a supply chain attack; we explain what this is, and why it is not uncommon. We discuss how hackers can open a certain company's garage doors from anywhere, and how a journalist got injured by a malicious USB drive that exploded. Show Notes: Apple's Worldwide Developers Conference returns June 5, 2023 Gordon E. Moore, Intel co-founder (and of “Moore's Law” fame) dies at age 94 How to securely dispose of old hard drives and SSDs SmoothOperator: 3CX VoIP app spreads Mac malware by Lazarus Group APT 3CX knew its app was flagged as malicious but took no action for 7 days North Korean hackers target security researchers with a new backdoor Journalist plugs in unknown USB drive mailed to him—it exploded in his face Open garage doors anywhere in the world by exploiting this “smart” device If your Netgear Orbi router isn't patched, you'll want to change that pronto You will not be jailed for 20 years if you use TikTok after its banned—despite internet fear-mongering Why is TikTok banned from government phones — and should the rest of us be worried? UK Joins U.S., Canada, Others in Banning TikTok From Government Devices Complete transcript of this episode Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.

Malware could detect sandbox emulations. A VEC supply chain attack. A new APT is active in Russian-occupied sections of Ukraine. An alleged Russian patriot claims responsibility for the D.C. Health Link attack. CISA and NSA offer guidance on identity and access management (IAM). Tim Starks from the Washington Post has analysis on the BreachForums takedown. Our guest is Ryan Heidorn from C3 Integrated Solutions with a look at the CMMC compliance timeline. And Baphomet backs out. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/55 Selected reading. ZenGo uncovers security vulnerabilities in popular Web3 Transaction Simulation solutions: The red pill attack (ZenGo) Stopping a $36 Million Vendor Fraud Attack (Abnormal Intelligence)  Bad magic: new APT found in the area of Russo-Ukrainian conflict (Securelist) Unknown actors target orgs in Russia-occupied Ukraine (Register) New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (The Hacker News) Partisan suspects turn on the cyber-magic in Ukraine (Cybernews) Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' (CyberScoop)  CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management | CISA (Cybersecurity and Infrastructure Security Agency CISA)  ESF Partners, NSA, and CISA Release Identity and Access Management Recommended Best Practi (National Security Agency/Central Security Service) Identity and Access Management: Recommended Best Practices for Administrators (NSA and CISA)  CISA Releases Updated Cybersecurity Performance Goals (Cybersecurity and Infrastructure Security Agency CISA)  CISA Releases Eight Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA) End of BreachForums could take a bite out of cybercrime (Washington Post) BreachForums says it is closing after suspected law enforcement access to backend (Record)