Podcasts about verizon dbir

Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction 01:16 Accessing the DBIR Report 02:38 Key Takeaways from the DBIR 03:15 Third-Party Breaches 04:32 Ransomware Insights 08:08 Exploitation of Vulnerabilities 09:39 Credential Abuse 12:25 Espionage Attacks 14:04 System Intrusions in APAC 15:04 Business Email Compromise (BEC) 18:07 Human Risk and Security Awareness 19:19 Industry-Specific Trends 20:06 Multi-Layered Defense Strategy 21:08 Data Leakage to Gen AI

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• CISA gets a deputy director as it braces for major layoffs• FB-ISAO's Collaboration With Those Who are Lone Defenders• Crypto/Blockchain: o A Record-Breaking Year for Cybercrime: Key Findings from the FBI's 2024 IC3 Reporto Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookieo XRP supply chain attack: Official NPM package infected with crypto stealing backdooro Risky Biz News - R0AR crypto-heisto Crypto ISAC: Ensuring The Security, Efficiency, and Resiliency Of Cryptoo The Gate 15 Interview EP 57 – Adriana Villasenor on info sharing, resilience, and racingMain Topics:Big 3! Risky Bulletin: FBI IC3, Verizon DBIR, Google M-Trends reports are out—here's the conclusions!• Verizon 2025 Data Breach Investigations Report• M-Trends 2025: Data, Insights, and Recommendations From the Frontlines• FBI Releases Annual Internet Crime ReportCasino hackers say they've got maps to slot machine vault and server room. A ransomware gang claims that it's holding hostage the blueprints to a $700 million casino. If true, they may know more about the vaults, server rooms, and security cameras than the people building it. Hackers target Catawba Two Kings Casino, threaten to release blueprintsVancouver Vehicle Ramming; 11 killed - Suspect charged with murder over Vancouver Filipino festival car ramming, police say victims were aged five to 65• A man is charged with murder after SUV rams a crowd in Vancouver's 'darkest day'• Vancouver ramming attack: Police determine attack was 'deliberate' but not 'terrorism' - 'Shocking'• A look at some recent deadly attacks involving vehicle rammings• 4 Killed When a Car Crashes Through an Illinois After-School Center; The victims' ages ranged from 7 to 18, the police said. Several others were injured.Quick Hits:• May Day Protests: o Workers in 600+ US Cities to Protest 'Billionaire Takeover' on May Dayo 50501 events• ‘No longer welcome to be alive': Man threatened Trump, Elon Musk and Tesla owners in ‘Declaration Of War' emails that claimed ‘newsworthy killings' were coming, DOJ says• Spanish distributor says restoring power after huge outage could take 6-10 hours. Portugal also hit• New U.S. Secret Service Research Highlights Connection Between Domestic Violence and Mass Attacks • FBI PSA - FBI Seeking Tips about PRC-Targeting of US Telecommunications & The Persistent Threat of Salt Typhoon: Tracking Exposures of Potentially Targeted Devices• Countries shore up their digital defenses as global tensions raise the threat of cyberwarfare• Scams & Fraud: o FBI PSA - Cyber Criminals Impersonating Employee Self-Service Websites to Steal Victim Information and Funds o Foreign intel job scams target current, former DoD employeeso Think that text message is from USPS? It could be a scamo FBI Surges Resources to Nigeria to Combat Financially Motivated Sextortion• Russian Propaganda Campaign Targets France with Al-Fabricated Scandals, Drawing 55 Million Views on Social Media • Alleged former members of neo-Nazi group claim its leader is Russian spy• NSA Publishes Recommendations for Smart Controller Security Controls and Technical Requirements for OT Environments• Scientists Find Measles Likely to Become Endemic in the US Over Next 20 Years

Let's conclude our look at the 2024 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"Have you read the Verizon DBIR report for 2024? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""Can you trust the Verizon Data Breach Investigations Report (DBIR) to help you run your Cyber Risk Program?"" -- https://www.cr-map.com/91"

Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview. Segment Resources: https://www.okta.com/products/identity-security-posture-management/ https://www.okta.com/secure-identity-commitment/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! The CISO role has been evolving for 20 years, but the last 2 years have accelerated that evolution. Some might say it's evolving into extinction. What are the factors driving this evolution? Allan Alford, CEO at Alford and Adams Consulting and host of The Cyber Ranch Podcast, joins Business Security Weekly to discuss this evolution and some of the factors driving these trends. In this interview, Allan will share his insights: Migratory Trends of the CISO CISO Skill Sets: Technical or Business? The Language of the CISO Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-358

Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview. Segment Resources: https://www.okta.com/products/identity-security-posture-management/ https://www.okta.com/secure-identity-commitment/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! Show Notes: https://securityweekly.com/bsw-358

Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview. Segment Resources: https://www.okta.com/products/identity-security-posture-management/ https://www.okta.com/secure-identity-commitment/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! The CISO role has been evolving for 20 years, but the last 2 years have accelerated that evolution. Some might say it's evolving into extinction. What are the factors driving this evolution? Allan Alford, CEO at Alford and Adams Consulting and host of The Cyber Ranch Podcast, joins Business Security Weekly to discuss this evolution and some of the factors driving these trends. In this interview, Allan will share his insights: Migratory Trends of the CISO CISO Skill Sets: Technical or Business? The Language of the CISO Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-358

Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview. Segment Resources: https://www.okta.com/products/identity-security-posture-management/ https://www.okta.com/secure-identity-commitment/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! Show Notes: https://securityweekly.com/bsw-358

In episode 87 of Cybersecurity Where You Are, co-host Tony Sager is joined by the following guests:Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)Philippe Langlois, Senior Principal, Security Risk Management and Author of the Verizon Data Breach Investigations Report (DBIR)Theodore "TJ" Sayers, Director of Intelligence & Incident Response at CISTogether, they celebrate 11 years of CIS and Verizon working together to contextualize the threat activity security teams are seeing and to help teams use the Controls as an improvement framework.Here are some highlights from our episode:02:00. How the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC® and EI-ISAC®) contribute anonymized data to the Verizon DBIR07.27. The two types of data that Verizon uses as input for its report13:50. The ways CIS uses the content of Verizon's DBIR to help people embrace programs of security improvement24:48. A glimpse at what goes into producing the DBIR28.33. The importance of leadership in guiding team dynamics and fun32.07. Reception of the 2024 DBIR and exploration of what's next for the Verizon DBIR teamResources2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your OrganizationCIS Controls Featured as Recommended Defenses in Verizon's 2024 Data Breach Investigations Report2024 Data Breach Investigations ReportThe VERIS FrameworkCIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

It is time to review the annual Verizon Data Breach Investigaton report. First, we will hit the big notes from their summary. Then, we can add in a few tidbits from the bigger report details. We'll break down key statistics, discuss emerging threats, and offer insights into what these findings mean for the health sector and HIPAA privacy and security programs.  More info at HelpMeWithHIPAA.com/459

Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes Robert Waters (Lead PMM, Exposure Management) as they discuss the key takeaways from Verizon's latest annual Data Breach Investigations Report: persistent risk from credentials, more and more sophisticated phishing attacks, and the rising prevalence of vulnerability exploits. To view the report yourself, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Forecast = Expect a stormy week ahead in the cyber world, with high chances of CWE showers. In this episode of Storm⚡️Watch, we're diving deep into the cyber world with a lineup of intriguing topics and expert insights. The spotlight of this episode shines on the 2024 Verizon Data Breach Investigations Report, a comprehensive analysis that sheds light on the evolving landscape of cyber threats and vulnerabilities. We'll quiz Glenn on the key findings of the report, discussing the significant increase in vulnerability exploitation as an initial access point, which nearly tripled in 2023. This segment will delve into the implications of these findings for organizations and the importance of robust cybersecurity measures. Our Cyber Spotlight segment will explore the impact of a recent solar storm on precision farming, highlighting how geomagnetic disturbances knocked out tractor GPS systems during a critical planting season. We'll discuss the broader implications of solar storms on GPS-dependent technologies and the steps industries can take to mitigate these risks. Additionally, we'll touch on the threats to precision agriculture in the U.S., including the warning about using Chinese-made drones in farming operations. In Tool Time, we introduce CISA's Vulnrichment, a tool designed to enrich vulnerability management processes. This segment will provide insights into how Vulnrichment can aid organizations in identifying and mitigating vulnerabilities more effectively. Our Shameless Self-Promotion segment will feature exciting updates from Censys & GreyNoise, including an upcoming report and webcast on AI for cybersecurity, and a recap of the NetNoiseCon event. We'll also drop a link to the "Year of the Vuln" as highlighted in the 2024 Verizon DBIR, a post which offers our take on surviving this challenging period. To wrap up, we'll discuss the latest trends in cyber threats and active campaigns, providing listeners and viewers with a comprehensive overview of the current cyber threat landscape. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this episode, Jay and Joao discuss the 2024 Verizon Data Breach Investigations Report (DBIR), which includes some interesting finds regarding threat actor motives, how user error impacts business, and more!

In this week's Security Sprint, Dave and Andy talked about the following topics. Warm Start: Tribal-ISAC merch!  National Security Memorandum on Critical Infrastructure Security and Resilience.  Biden-Harris Administration Announces New National Security Memorandum to Strengthen U.S. Department of Energy's Role in Ensuring Security and Resilience Across America's Energy Sector Biden signs new memo to boost security of US critical infrastructure White House announces new policy guiding infrastructure protection   Verizon 2024 Data Breach Investigations Report Verizon's 2024 Data Breach Investigations Report: 5 key takeaways Verizon DBIR: Enterprises Know The Pain Of Zero Day Exploits All Too Well Verizon's 2024 DBIR Unpacked: From Ransomware Evolution to Supply Chain Vulnerabilities Bitsight Reveals More than 60 Percent of Known Exploited Vulnerabilities Remain Unmitigated Past Deadlines in First-of-its-Kind Analysis of CISA's KEV Catalog Organizations patch CISA KEV list bugs 3.5 times faster than others, researchers find Forescout: Exposing the exploited: Analyzing vulnerabilities that live in the wild   Info Ops Russia is trying to exploit America's divisions over the war in Gaza; The effort includes artificial intelligence, fake social media accounts and a spike in state-sponsored Russian propaganda NewsGuard: Russia-Ukraine Disinformation Tracking Center: 477 Websites Spreading War Disinformation And The Top Myths They Publish Campus Protests Give Russia, China and Iran Fuel to Exploit U.S. Divide; America's adversaries have mounted online campaigns to amplify the social and political conflicts over Gaza flaring at universities, researchers say.   Hurricane Preparedness. A Proclamation on National Hurricane Preparedness Week, 2024. Oklahoma and Kansas at High Risk of Extreme Storms and Tornadoes Heavy rains ease around Houston but flooding remains after hundreds of rescues and evacuations Dashcam shows tornado obliterate Nebraska building Nebraska tornado survivor recounts mayhem: 'The windows exploded and glass was flying everywhere' Death toll from southern Brazil rainfall rises to 78, many still missing   China & Resilience!  SAVE THE DATE! CISA Hosts CISA Live! – “People's Republic of China Cyber Threats and What We Can Do”. On Wednesday, May 15, we will host our next CISA Live! - “People's Republic of China Cyber Threats and What We Can Do”  Under the Digital Radar: Defending Against People's Republic of China's Nation-State Cyber Threats to America's Small Businesses.   Quick Hits Australian police shoot dead 'radicalized' teen Germany Travel Advisory-Level 2: Exercise Increased Caution-May 1, 2024 Sweden “On Terror Level Four” As Security Is Tightened A Week Before Eurovision Song Contest Bird flu's wild range; Counties where avian flu has been detected in wild mammals since 2022 House Energy and Commerce Committee: What We Learned: Change Healthcare Cyber Attack French cyberwarriors ready to test their defense against hackers and malware during the Olympics The United States Condemns Malicious Cyber Activity Targeting Germany, Czechia, and Other EU Member States FBI Releases 2023 Elder Fraud Report with Tech Support Scams Generating the Most Complaints and Investment Scams Proving the Costliest CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity Communication gaps between IT departments and senior corporate leadership worsening application security risks SBOM Sharing Primer CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities Maersk says Red Sea disruption will cut capacity by 15-20% in second quarter Chinese-Made Surveillance Cameras Are Spreading Across Eastern Europe, Despite Security Concerns Wichita government shuts down systems after ransomware incident    

https://youtu.be/dwRG_wO0vgc This week on the podcast, we cover the key takeaways from the 2024 Verizon Data Breach Investigations Report. Before that, we discuss what we learned from United Healthcare CEO Andrew Witty's congressional testimony on their ransomware attack in February. We also discuss a research article from JFrog on malicious Docker Hub repositories.

It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs. Resources 5 Best Practices for Building a Cyber Incident Response Plan This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!   It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends! Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-360

It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends! Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge. Show Notes: https://securityweekly.com/esw-360

It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends! Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge. Show Notes: https://securityweekly.com/esw-360

It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs. Resources 5 Best Practices for Building a Cyber Incident Response Plan This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!   It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends! Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-360

All links and images for this episode can be found on CISO Series. The Verizon DBIR found that about half of all breaches involved legitimate credentials. It's a huge attack surface that we're only starting to get a handle of. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security. In this episode: Where are we in terms of monitoring anomalous behavior of our users? Why are we still struggling to understand what happens after threat actors are in our networks? How are new AI-based tools helping us to scale efforts? What's working and where do we need to improve? Thanks to our podcast sponsor, Reveal Security Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

Let's conclude our look at the 2023 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Have you read the Verizon DBIR report for 2023? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

In this episode of Storm Watch, the hosts discuss various cybersecurity topics, including a Fortinet vulnerability, a DDoS attack on Microsoft Outlook, the ongoing issues with Log4j, and the "MOVEit" vulnerability. The hosts first talk about a new Fortinet vulnerability, expressing their snarky comments about the company's security issues. They then move on to discuss a recent DDoS attack on Microsoft Outlook, which caused significant downtime for users. The attack was attributed to Anonymous Sudan, a hacktivist group that uses open proxy services to launch their attacks. The hosts mention that with the current political climate and upcoming presidential election, more DDoS attacks can be expected. Next, they discuss the "MOVEit" vulnerability, which has been exploited by attackers to target various organizations, including some governments. The hosts emphasize the importance of staying on top of security updates and patches to protect against such attacks. They also mention their community Slack channel, where they encourage users to share information on niche software and research partnerships. Finally, the hosts touch on the resurgence of Log4j scans, suggesting that attackers may be targeting organizations that have restored backups or deployed old images without the necessary patches in place. They also mention a recent Verizon DBIR report that highlighted Log4j vulnerabilities, possibly contributing to the renewed interest in exploiting them. The hosts conclude by emphasizing the importance of staying vigilant and up-to-date with security measures to protect against these ongoing threats. Join our Community Slack >> Learn more about GreyNoise >>  

Send us a Text Message.In todays episode, I discuss key findings from Verizon DBIR:83% of breaches involved external actors—with the majority being financially motivated.74% of breaches involved the human element, which includes social engineering attacks, errors or misuse.50% of all social engineering attacks are pretexting incidents—nearly double last year's total.Link to Original Report from Verizon: https://www.verizon.com/business/resources/reports/dbir/Support the Show.Google Drive link for Podcast content:https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnkoMy Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/Youtube Channnel : https://www.youtube.com/@TheCybermanShow Twitter handle https://twitter.com/prashant_cyber PS: The views are my own and dont reflect any views from my employer.

Samsung is dealing with an insider threat that tried to copy their entire chip manufacturing plant, wow! CISA issued a "binding" directive for ZT, but how binding is it really? The top 10 from the Verizon DBIR, what does that tell us about the space? Another Presidential candidate uses a deepfake to target their adversaries, should we worry? A mother deals with a deepfake voice attack where her daughter is "kidnapped", does this bode well for our collective future if criminals are vectoring in on this type of attack? 99% of organizations expect an identity related compromise this year, jeez (#killthepassword already). Those points and more on this one!

Eric Olden, CEO and Co-Founder of Strata Identity, discusses the concept of Identity Orchestration. He covers the evolving identity landscape and how it has evolved to keep pace with modern apps, the challenges encountered during an identity modernization project, how Identity Orchestration helps those modernization projects, and best practices for implementing secure identity. Segment Resources: - [Identity Orchestration Use Cases](https://www.strata.io/use-cases/) - [What is Identity Orchestration WhitePaper](https://www.strata.io/resources/whitepapers/what-is-identity-orchestration-and-why-you-need-it-to-succeed-with-multi-cloud/) This segment is sponsored by Strata.  Visit https://securityweekly.com/strata to learn more about them!  This year's Verizon DBIR is out, CVSS is updating its methodology, poor password reset design, SQL injection in MOVEit, a CTF for AWS IAM Visit https://www.securityweekly.com/asw for all the latest episodes!  Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-244

This year's Verizon DBIR is out, CVSS is updating its methodology, poor password reset design, SQL injection in MOVEit, a CTF for AWS IAM   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-244 

Eric Olden, CEO and Co-Founder of Strata Identity, discusses the concept of Identity Orchestration. He covers the evolving identity landscape and how it has evolved to keep pace with modern apps, the challenges encountered during an identity modernization project, how Identity Orchestration helps those modernization projects, and best practices for implementing secure identity. Segment Resources: - [Identity Orchestration Use Cases](https://www.strata.io/use-cases/) - [What is Identity Orchestration WhitePaper](https://www.strata.io/resources/whitepapers/what-is-identity-orchestration-and-why-you-need-it-to-succeed-with-multi-cloud/) This segment is sponsored by Strata.  Visit https://securityweekly.com/strata to learn more about them!  This year's Verizon DBIR is out, CVSS is updating its methodology, poor password reset design, SQL injection in MOVEit, a CTF for AWS IAM Visit https://www.securityweekly.com/asw for all the latest episodes!  Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-244

This year's Verizon DBIR is out, CVSS is updating its methodology, poor password reset design, SQL injection in MOVEit, a CTF for AWS IAM   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-244 

The Gartner definition of integrated risk management is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks. Enterprises typically have a broad coverage of the risks that face the business including cybersecurity risk, however, its 2023 and after more than a decade of requiring training compliance for our people, the Verizon DBIR reports this year that 74% of breaches involved human error. It's clear that compliance is not the answer for where to include the human in an IRM strategy, so what's next? In the leadership and communications section, Only one in 10 CISOs today are board-ready, study says, Why Conflicting Ideas Can Make Your Strategy Stronger, How to Overcome Communication Barriers in Your Teamwork, and more! This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw-309

The Gartner definition of integrated risk management is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks. Enterprises typically have a broad coverage of the risks that face the business including cybersecurity risk, however, its 2023 and after more than a decade of requiring training compliance for our people, the Verizon DBIR reports this year that 74% of breaches involved human error. It's clear that compliance is not the answer for where to include the human in an IRM strategy, so what's next?   This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-309 

The Gartner definition of integrated risk management is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks. Enterprises typically have a broad coverage of the risks that face the business including cybersecurity risk, however, its 2023 and after more than a decade of requiring training compliance for our people, the Verizon DBIR reports this year that 74% of breaches involved human error. It's clear that compliance is not the answer for where to include the human in an IRM strategy, so what's next? In the leadership and communications section, Only one in 10 CISOs today are board-ready, study says, Why Conflicting Ideas Can Make Your Strategy Stronger, How to Overcome Communication Barriers in Your Teamwork, and more! This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw-309

The Gartner definition of integrated risk management is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks. Enterprises typically have a broad coverage of the risks that face the business including cybersecurity risk, however, its 2023 and after more than a decade of requiring training compliance for our people, the Verizon DBIR reports this year that 74% of breaches involved human error. It's clear that compliance is not the answer for where to include the human in an IRM strategy, so what's next?   This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-309 

Dave Johnson of Pearl Technology recaps the Verizon Data Breach Investigations Report (DBIR) on The Greg and Dan Show. Johnson explains the most common types of cyber-threats, the different levels of breaches, and more from the annual Verizon DBIR on cybersecurity information. See omnystudio.com/listener for privacy information.

Let's conclude our look at the 2022 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Have you read the Verizon DBIR report for 2022? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Guest: Dimitri McKay,  Principal Security Strategist @ Splunk Topics: How do you define that "XDR thing" that you are so skeptical about? So within that definition of XDR, you think it's not so great, why? If you have to argue pro-XDR, what would you say? Two main XDR camps are “XDR as EDR+” and “XDR as SIEM-”, which camp do you think is more right? Are both wrong? What approach do you think is more useful as a lens to understand the potential upsides/downsides of XDR? What about the cloud? "Cloud XDR" seems a bit illogical, but what do you think is the future of D&R in the cloud? Resources: “Anton and The Great XDR Debate, Part 1” “Anton and The Great XDR Debate, Part 2” “Anton and The Great XDR Debate, Part 3” SURGe content on splunk blog “Today, You Really Want a SaaS SIEM!” Red Canary 2022 Threat Detection report Verizon DBIR 2022 report.

In this podcast episode, Nate Kharrl and Anthony Micara from Spec discuss organizational challenges that prevent fraud detection across the customer journey. Then Lee Clark, from RH-ISAC's intel team, shares how RH-ISAC's member community sharing trends compare to those of the broader retail industry.  You can find the Verizon DBIR report referenced in this episode, on the RH-ISAC website.   Thank you to Fortinet for their sponsorship of the RH-ISAC Podcast.     

Today, we are going to give you our six takeaways from the 15th annual Verizon Data Breach Investigation Report. We like these reports because they give us an indication of what's going on in the cyber world, what we need to be looking for and looking out for. More info at HelpMeWithHIPAA.com/359

Expert opinions and insights on the biggest events making cybersecurity headlines this past fortnight. In this episode we explore what impact the change to a Labor government in Australia will have on national cyber policy, examine a 3-year-old government review calling for Australia to overhaul identity verification and make better use of biometrics, dive into the 5 key trends identified in the seminal Verizon DBIR report, and review the latest breaches and vulnerabilities making headlines. Check out some of our latest articles: This Month in Security: May 2022 Conti leaks shine light on ransomware's darkest secrets What global geopolitics means for your cybersecurity

Digital Shadows CISO Rick Holland hosts this edition of ShadowTalk. Rick is joined by repeat special guest David Thejl-Clayton, Senior Advisor in Cyber Defense at Combitech. They discuss: - Rick and David's thoughts on the 2022 DBIR report (Full disclosure, they are fanboys) - Research that shows how APT groups primarily go after known vulnerabilities and not 0days - David's experience helping customers create their custom version of the DBIR ***Resources from this week's podcast*** Find David on Twitter: https://twitter.com/DCSecuritydk Find David on LinkedIn: https://www.linkedin.com/in/davidclayton454/ 2022 Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir/ Vocabulary for Event Recording and Information Sharing (VERIS): http://veriscommunity.net/ SANS CTI Summit - VERISIZE your way into CTI: https://www.youtube.com/watch?v=AwMC6INC5TE Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats https://arxiv.org/abs/2205.07759 VSec Community: https://vsec.dk/about/ Checkout the “Roll your own DBIR” Templates on GitHub here: https://github.com/cvpl-fdca/rollyourown-DBIR

Verizon DBIR, 10 exploited access points, email is still a problem (surprise), four tips for entry-level cyber analysts, and ransomware with a twist. Be kind to each other. Please. https://www.verizon.com/business/resources/reports/2022/dbir/2022-data-breach-investigations-report-dbir.pdf https://www.securitymagazine.com/articles/97676-cisa-outlines-10-initial-access-points-exploited-by-hackers https://www.scmagazine.com/analysis/email-security/employees-email-still-drives-most-of-the-data-loss-at-organizations https://www.redglobal.com/news-blog/cybersecurity-jobs-4-tips-every-budding-cybersecurity-analyst-should-know https://www.tripwire.com/state-of-security/security-data-protection/ransomware-demands-acts-of-kindness-to-get-your-files-back/ --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message Support this podcast: https://anchor.fm/virtual-ciso-moment/support

Ransomware attacks are becoming both more targeted and more damaging. Is your organization prepared? In this episode, host Itir Clark interviews Neko Papez, Manager, Product Marketing at Proofpoint, about the newest trends in ransomware — and the best strategies for prevention. Join us as we discuss: Human-operated ransomware and its dangerous effectiveness Illustrations of how damaging ransomware can truly be The big-game-hunting mentality shift of ransomware threat actors Phishing emails: the origin of most ransomware Check out these resources we mentioned during the podcast: 2021 Verizon DBIR report: https://enterprise.verizon.com/content/verizonenterprise/us/en/index/resources/reports/2021-dbir-executive-brief.pdf Treasury Department report: https://www.wsj.com/articles/suspected-ransomware-payments-for-first-half-of-2021-total-590-million-11634308503 Ransomware Hub: https://www.proofpoint.com/us/ransomware-hub  For more episodes like this one, subscribe to us on Apple Podcasts, Spotify, and the Proofpoint website, or just search for Protecting People in your favorite podcast player.

22:10 no DBIR is already funny, useful & well-written. Now that it's mapped to the ATT&CK framework, security teams could finally get the holy grail of security: the answer to “Are we doing this right?” Verizon's DBIR is already funny, useful & well-written. DBIR's Alex Pinto and Rich Struse, Director of MITRE Engenuity's Center for Threat Informed Defense (CTID), discuss an enticing future: They say that with the mapping of DBIR to the ATT&CK framework, security teams could finally get the holy grail of security. Namely, the answer to “What's

Let's conclude our look at the 2021 Verizon DBIR report. Today we'll review the data by industry and the revised attack patterns with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Have you read the Verizon DBIR report for 2021? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

In this episode, Allan's friend Dr. Sam Small, CISO of Zero Fox, joins us to chat about credential stuffing, its implications and the defenses against it. Several statistics are given from a few industry reports on credential stuffing, including the Verizon DBIR and F5's report. Several techniques to foil credential stuffing are explored, as well as common traps when combatting credential stuffing. OWASP provides some guidance in this area. The criminal's abilities vis a vis breach sharing and botnet as a service are discussed as well. Finally, Sam explains what keeps him going in cybersecurity... Key Takeaways: 1:08 Sam's background and education in cyber 2:41 Sam defines credential stuffing and explains why we should care about it 4:17 The origins of the term 'credential stuffing' vs. its history 4:39 Is ransomware the end goal of every single kind of cyber attack? 5:22 Botnets as a service to drive credential stuffing attacks 6:33 Allan cites statistics from the Verizon Data Breach Incident Report 7:23 The DDoS aspects and related cloud costs of credential stuffing 8:48 Sam's theory about F5 report statistics on credential stuffing being interestingly somewhat contradictory 10:43 Anecdotally anyway, password reuse appears to be a huge problem still 11:51 Comabating credential stuffing and common traps in doing so 13:23 Credential stuffing and data breaches are not the same thing 14:17 Getting credential stuffers shut down by way of their service providers 15:25 Practical tips from OWASP for preventing credential stuffing in your environment 19:10 The difference between a comprehensive defense and not 20:32 Are obscure usernames useful in the fight? 22:06 Proposal for user-centric federation to monitor account usage everywhere 23:06 Obligations of those who suffered a breach of credentials 25:14 Criminals share data on their side 26:09 What keeps Sam going in cybersecurity Links: Learn more about Sam on LinkedIn Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Uptycs

With us today is Derly Gutierrez, Head of Security at 1010 Data, and veteran. Derly is here with us today to talk about the journey to passwordless authentication and the flaws and strenghts of today's authentication methoods. Allan and Derly refer to studies and surveys about the problems with passwords and the challenges of implementing passwordless approaches. Derly emphasizes the need for other complementary technologies such as Role-Based Access Control (RBAC), Privileged Access Management (PAM), and system-to-system communications. The two discuss corporate and personal use of passwordless solutions, talk about legal precedence and the future of passwordless approaches. Key Takeaways 1:14 How Derly got into cyber 1:58 About Derly's day job as Head of Security 2:34 Allan quotes the 2017 Verizon DBIR on how many breaches involve weak or stolen passwords 3:35 Allan cites NIST 800-63b 4:15 Derly talks about CAC cards in the US DoD 4:50 Derly sides with vendor innovations over NIST guidance 5:56 Allan clarifies the distinction between PINs and passwords 6:52 Derly points out the flaws with biometrics in terms of reliability and assurance 9:09 Allan cites a survey regarding WHY organizations choose passwordless 9:52 How many 'passwordless' solutions still include shared secrets 10:38 Derly talks about corporate vs. personal passwordless solutions and shared secrets as backup for reliability issues 11:37 Derly emphasizes a lack of RBAC and PAM foiling all authentication approaches 13:06 Allan points out the value of Identity and Access Management solutions 13:44 Allan references three vendor approaches towards passwordless for legacy systems such as RADIUS 14:50 Derly takes these methods apart 16:05 Many companies are not doing Role-Based Acces Control, system-to-system communication and Privileged Access Management correctly 17:02 Allan brings up the presence of push attacks 17:38 Allan's definiton of true passwordless authentication 17:56 Derly's definition of true passwordless authentication 21:29 For personal use of biometrics, Allan brings up a disturbing precedent of law enforcement accessing an individual's phone with forced facial recognition 23:17 Derly emphasizes that applications on your phone should have a different authentication factor than access to the phone itself 23:47 "Your home is your castle" has become "Your phone is your castle" 25:06 Allan cites one last survey as to how many of us really are passwordless 26:02 How long before we got to passwordless? 28:06 What keeps Derly going in cyber Links: Learn more about Derly on LinkedIn and Twitter Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius

About 85% of threats involve some sort of human interaction, and about 50% of organizations have experienced a successful phishing attack. So, attacks are overwhelmingly focused on people. In a recent Expert Insights episode of Protecting People, we spoke with Brett Shaw, Senior Product Marketing Manager at Proofpoint, about some of the latest trends in the threat landscape — and how to protect people from them. What we talked about: - Email is the easiest way to prey on vulnerabilities - Reducing risk means developing a multi-layered approach to security - A system is only as good as the data that feeds it, but… - Human action can overset any system with just one click Check out these resources we mentioned during the podcast: - The State of the Phish 2021 - The Verizon DBIR report [referenced at 3:28] - Email Fraud and Security Awareness Kit [referenced at 4:57-5:46] For more episodes like this one, subscribe to us on Apple Podcasts, Spotify, and the Proofpoint website, or just search for Protecting People in your favorite podcast player. Listening on a desktop & can't see the links? Just search for Protecting People in your favorite podcast player.

The Verizon DBIR is a bellwether of what's happening in IT Security. Our guest, Verizon's Chris Novak, covers the main takeaways of the report, and also explains how paying off ransomware just might get the victim into legal trouble.

Anthony Israel-Davis joins the show to discuss what you can do with the DBIR as a practitioner and his perspective on the proposed Cybersecurity Safety Review Board.

ShadowTalk hosts Sean, Alec, Ivan, and Charles bring you the latest in threat intelligence. This week they cover: - Ivan takes us through the latest updates on DarkSide and the Colonial Pipeline incident - DarkSide faces consequences - The team talks about new legislation from the US government - better late than never? - Plus, our hosts dive into all things ransomware - what’s happening with the cyber threat landscape? - Alec brings us the latest on Conti ransomware targeting Ireland's Department of Health - what was the impact? - Charles discusses a new web skimmer indicating ongoing Magecart activity Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-21-may ***Resources from this week’s podcast*** Colonial Pipeline Updates: https://www.bankinfosecurity.com/2-bills-introduced-in-wake-colonial-pipeline-attack-a-16666 Conti Ransomware: https://www.bleepingcomputer.com/news/security/conti-ransomware-also-targeted-irelands-department-of-health/ PHP Skimmer: https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/ Verizon DBIR: https://enterprise.verizon.com/resources/reports/2021-data-breach-investigations-report.pdf Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Digital Shadows CISO Rick hosts this edition of ShadowTalk. He’s joined by special guest David Thejl-Clayton , Senior Advisor in Cyber Defense at Combitech. They discuss: - David talks origin story, his journey through CTI, and his current role at Combitech - His obsession with data driven response and how that data-love came to be - He and Rick reminisce about favorite speakers at SANS - They discuss the Verizon DBIR - what’s to come? - Purple-teaming - how to bring value to organizations through data ***Resources from this week’s podcast*** Find David on Twitter: https://twitter.com/DCSecuritydk Find David on LinkedIn: https://www.linkedin.com/in/davidclayton454/ Data Driven Incident Response: https://www.youtube.com/watch?v=Ll60XUJnRTw SANS CTI Summit - VERISIZE your way into CTI: https://www.youtube.com/watch?v=AwMC6INC5TE https://www.sans.org/blog/a-visual-summary-of-sans-cyber-threat-intelligence-summit/ Vocabulary for Event Recording and Information Sharing (VERIS): http://veriscommunity.net/ 2020 Data Breach Investigations Report: https://enterprise.verizon.com/resources/reports/dbir/

Today my pal Gh0sthax and I pick apart the Verizon Data Breach Investigations Report and help you turn it into actionable items so you can better defend your network! I'm especially excited because today's episode marks two important 7MS firsts: The episode has been crafted by a professional podcast producer The episode has been transcribed by a professional transcription service

"Most of the breaches took less than 10 steps" and many took less than five. In this episode, we discuss the Verizon Data Breach Investigations Report (DBIR) with Chris Novak, director of Verizon's Threat Research Advisory Center, which looks at incidents and breaches by the numbers.

Aamir Lakhani and Tony G discuss the latest findings of the 2020 Verizon Data Breach report. From ransomware to passwords dumpers. What does it mean how you should shape your cybersecurity policy? Join us on the latest episode of Dr. Chaos Podcast to find out.

CISO Rick Holland and Host Alex Guirakhoo chat with Alex Pinto from Verizon around the Verizon DBIR. They talk through Pinto’s background, how the Verizon DBIR gets put together, findings from this year’s report, and of course, the best jokes found (or not found) in this year’s report. Get the full DBIR at https://enterprise.verizon.com/resources/reports/dbir/ And check out Rick’s Blog here: https://www.digitalshadows.com/blog-and-research/2020-verizon-data-breach-investigations-report-dbir-ciso-view/

All links and images for this episode can be found on CISO Series (https://cisoseries.com/facebook-personality-quiz-asks-whats-your-favorite-password/) What's your favorite combination of letters, numbers, and symbols you like to use to log onto your favorite app or financial institution? Let us know and we'll see if it matches any of your friends! This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Lakshmi Hanspal (@lakshmihanspal), CISO, Box. Thanks to this week's podcast sponsor, CyberArk. At CyberArk, we believe that sharing insights and guidance across the CISO community will help strengthen security strategies and lead to better-protected organizations. CyberArk is committed to the continued exploration of topics that matter most to CISOs related to improving and integrating privileged access controls. On this week's episode Why is everybody talking about this now? On AskNetSec on reddit, user u/L7nx asks, "How do you handle alert fatigue?" Many vendors out there listening want to scream, "We've got a single pane of glass solution!" On reddit, Kamwind commented that it's not so much managing the output, but rather the input and false positives. "What are you doing to tune those rules and IOCs (indicators of compromise) to reflect your network vs accepting them from whatever vendor you're getting them from." Is alert fatigue a real thing and what can be done to manage input and output? It's security awareness training time There's a meme resurfacing that pokes fun at Facebook personality quizzes that ask seemingly innocuous questions such as "What's Your Favorite Band?" and "What's Your Favorite Teacher's Name?" In the meme, the answers to each question are just one word of the sentence, "Stop giving people your personal info to guess your passwords and security questions." We've talked about training programs that rely on fear. Humor seems rather effective here, but heck, I don't know. Does humor in security training work? Does fear? What tone have you seen actually foster behavioral change? What's Worse?! Do you likeable or useful vendors? Sometimes they're not both. Here's some surprising research The Verizon DBIR is out. Mike's favorite. There's a ton to unpack as there always is, but for this segment I just want to visit one item in this report and that's configuration errors. From a quote by Larry Dignan on ZDNet: "Errors definitely win the award for best supporting action this year. They are now equally as common as social breaches and more common than malware... hacking remains higher, and that is due to credential theft and use." I get the sense that second to black hat hackers, we're our own worst enemy. One argument for the increase in cloud breaches is because security researchers and others are discovering exposed storage in the cloud. Could it be just poor training of cloud security? Or poorly maintained cloud providers? Vendors have questions. Our CISOs have answers Landon Winkelvoss of Nisos asks, "What do your good vendors do on an ongoing basis (quarterly, monthly, weekly, etc) that make renewals easier around budget season? How often should they do it? What metrics and impacts to the business should they document and present that make this relatable to people outside of security such as the CFO?"

In deze aflevering de 2020 uitgave van de Verizon DBIR Door: Lex Borger | 25 mei 2020 Verizon – 2020 Data Breach Investigations ReportDARKreading – Web Application Attacks Double from 2019: Verizon DBIRTripwire –... Het bericht Verizon DBIR verscheen eerst op Tesorion.

It's Verizon Data Breach Investigations Report time again. This episode is a yearly walk-through of the DBIR, where Rafal and James once again welcome Gabe Bassett back to the show to talk data, graphics, and lessons we need to learn. Link to the report: https://enterprise.verizon.com/resources/reports/dbir/ Guest: Gabriel Bassett LinkedIn: https://www.linkedin.com/in/gabriel-bassett/ Twitter: https://twitter.com/gdbassett/

CISO Rick Holland kicks off this episode walking us through key findings and his take from the just-released 2020 Verizon DBIR. Then the team covers other top stories from the week including: - The new threat group, ShinyHunters, exposing at least 18 companies - Phishing trends organizations should watch out for - Sodinokibi targets Grubman, Shire, Meiselas & Sacks law firm, threatens to release data unless a USD 24 million extortion payment is met Shout-out to this week’s ShadowTalk-ers: Kacey, Charles, Rick, and Alex Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-22-may-2020 ***Resources from this Week*** Rick’s DBIR Blog: https://www.digitalshadows.com/blog-and-research/2020-verizon-data-breach-investigations-report-dbir-ciso-view/ Kacey’s Phishing Blog: https://www.digitalshadows.com/blog-and-research/3-phishing-trends-organizations-should-watch-out-for/ Ecosystem of Phishing: https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/

With over 90% of malware being distributed by email (according to the 2019 Verizon DBIR), malspam is a serious concern for phishing defenders. Cofense has recently seen new methods used by attackers to make it even harder for researchers to analyze their malicious payloads. In this episode we speak with Cofense Cyber Threat Intelligence Analyst Max Gannon about what these new methods are, the challenges they present to defenders and researchers, and what we can do to protect ourselves. Questions or comments? Reach us at phishfryday@cofense.com The post Phish Fryday – Encrypted Loaders appeared first on Cofense. Phish Fryday – Encrypted Loaders was first posted on March 6, 2020 at 12:10 am.©2018 "Cofense". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@cofense.com

Listen in as Dr. Wade Baker and I talk about the origins and challenges of producing the very first of the Verizon Data Breach and Incident Reports (DBIR) in 2008. That experience taught Wade, who is a founding partner with the Cyentia Institute, a security research and data analysis firm, and who doubles as a professor in Virginia Tech’s College of Business while also serving on the Advisory Boards of the RSA Conference and FAIR Institute, the value in sharing and marketing data in the cybersecurity marketplace. It eventually led to the Cyentia Institute, where Wayne and his team help other vendors to create fact based research to support their go to market initiatives and content marketing. Wade is on a mission, as he puts it, to take Cybersecurity Marketing from “Dogma to Data”. Listen in as he shares how to do that and why he thinks it’s critical for vendors to do so. Wade of course still recommends your check out the Verizon DBIR  and also recommends The Craft of Research as must reading! You can find  Wade as @wadebaker on Twitter and and download the latest research from Cyentia here and listen to their podcast channel here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Friends & listeners - welcome to the 2nd half of the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report. Highlights from this week's show include... We all talk patching... why it's hard, what we can do about it, and realities of patching Gabe does more live data analysis We get an insight into how long and how hard this report is to produce Guest Gabriel Bassett ( @gdbassett ) - Gabe is one of the writers and data scientists behind the Verizon DBIR. His LinkedIn is here: https://www.linkedin.com/in/gabriel-bassett/

Jay and Wade are joined by Alex Pinto, Dave Hylender, Gabriel Basset and Suzanne Widup, the authors behind the 2019 Verizon Data Breach Investigations Report.

Friends & listeners - welcome to the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report. Highlights from this week's show include... Gabe distinguishes between an incident and a breach - for those of you who need the refresher Gabe dives into the stats to talk about small businesses, and the impact of breaches on them Gabs does some live data science for us, pulling in stats on-the-fly We avoid the 'patching' discussion (that's for the 2nd half) Guest Gabriel Bassett ( @gdbassett ) - Gabe is one of the writers and data scientists behind the Verizon DBIR. His LinkedIn is here: https://www.linkedin.com/in/gabriel-bassett/

Steve and Gerry discuss an interesting angle on the capitalization of user data by online gambling sites targeting individuals that take medication with side effects of increase impulsive behaviors. They laud the annual Verizon data breach incident report and highlight their favorite findings. They wrap up the main segment discussing the recent State of South […] The post Advertisers Abusing Access to App Data, Annual Verizon DBIR, and State of SC Privacy Conference appeared first on MUSC Podcasts.

Fxmsp may have breached three anti-virus companies. US-CERT and CISA warn against a new North Korean malware tool being used by Hidden Cobra: they’re calling it “ElectricFish.” A changing of the guard at Symantec. Former Facebook insiders call for breaking up the company and for more regulation. Facebook disagrees about the breakup, but says it likes the idea of regulation. Two indictments are unsealed--one for leaking classified information, the other for the Anthem breach. Johannes Ullrich shares some vulnerabilities involving tools from Google. Verizon DBIR coauthor Alex Pinto shares this year’s key findings.

Report from Bsides Nash - Ms. Berlin New Job Keynote at Bsides Springfield, MO Mr. Boettcher talks about Sigma Malware infection.   http://www.securitybsides.com/w/page/116970567/BSidesSpfd **new website upcoming** Registration is coming and will be updated on next show (hopefully) DBIR -https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf   VERIS framework http://veriscommunity.net/   53,000 incidents   2,216 breaches?!   73% breaches were by outsiders   28% involved internal actors (but needs outside help?)   Not teaching “don’t click the link”, but instead teach, “I have no curiosity”     Discuss "Dir. Infosec" Slack story as method to halt infection   https://www.tripwire.com/state-of-security/security-awareness/women-information-security-amanda-berlin/ The “Living off the Land” trend continues with attack groups opting for tried-and-trusted means to infiltrate target organizations. Spear phishing is the number one infection vector employed by 71 percent of organized groups in 2017. The use of zero days continues to fall out of favor.   Off boarding people… so much process to get people on, but it’s just not mature getting people out...     Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the '2018 Verizon Data Breach Investigations Report' and its findings about ransomware, phishing and more.

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the '2018 Verizon Data Breach Investigations Report' and its findings about ransomware, phishing and more.

This week’s Shadow Talk discusses a Cisco Smart Install Client flaw exploited in disruption attack, an information leak vulnerability discovered in Microsoft Outlook, details on OpIcarus and OpIsrael, Verizon DBIR, and why you still should be excited about the RSA Conference.

In today's podcast, we hear that Facebook begins facing the Congressional music today.  What are the rules for online research, professors? Experts say they're worried about weaponized IoT hacks. Hoods exploiting Cisco switch vulnerability in unpatched systems. Named threat groups and bugs as insider misdirection. As relations between Russia and the West worsen, some in Moscow call an end to Peter the Great's experiment. And how do cybercriminals make, and what do they spend it on? Daniel Prince from Lancaster University on clandestine data transmission and steganography. Guest is Gabriel Bassett from Verizon, reviewing his work on the Verizon DBIR report. 

David Lee and Mike Kiser are back with SailPoint’s Mistaken Identity podcast. On the table this week: WannaCry ransomware, the Executive Order on Cyber Security, the Verizon DBIR 2017 report, and a very special guest: Joe Gottlieb, Senior Vice President, Corporate Development. Joe shares his thoughts on identity and its place in the security industry, and we reminisce about Navigate past, present, and future. A must listen for anyone eagerly awaiting SailPoint Navigate 2017.

Episode 30 In this episode, Jay and Bob talk about the 2016 Verizon Data Breach Investigations Report (DBIR). But rather than talk about the insights and data analysis they focus in on the data visualizations. They are joined by Lane Harrison from Worcester Polytechnic Institute (WPI) and Ana Antanasoff and Gabrial Bassett from Verizon's Security Research Team. Verizon DBIR

Jam Session: 2016 Verizon DBIR Advanced Persistent Security Podcast Episode 14 Guest: Matthew Eliason May 5, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review ... The post Jam Session: 2016 Verizon DBIR first appeared on Advanced Persistent Security. --- Send in a voice message: https://podcasters.spotify.com/pod/show/the-osintion/message Support this podcast: https://podcasters.spotify.com/pod/show/the-osintion/support

Jam Session: 2016 Verizon DBIR Advanced Persistent Security Podcast Episode 14 Guest: Matthew Eliason May 5, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review ...

This broadcast we have: Mari Degrazia talking about testing MFT parsers and what goes into them. Lee Whitfield talking about the events of the week Suzanne Widdup talking about her work on the Verizon DBIR and a solicitation for your involvement A talk about Cortana's location tracking storage  

Cisco’s annual security report for 2014; the Verizon Data Breach Investigations Report; 7 deadly cyber risks from Zurich Insurance; Alien Vault  urges opening up threat  intelligence; Stanford’s new password policy; New social engineering alert from Trusted Sec; New Internet Explorer 0day Subscribe in iTunes | Podcast RSS Feed | Twitter | Email https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf http://www.verizonenterprise.com/DBIR/2014/reports/rp_Verizon-DBIR-2014_en_xg.pdf http://www.ibtimes.co.uk/zurich-insurance-unveils-7-deadly-cyber-risks-1445607 http://www.infosecurity-magazine.com/view/38136/alienvault-ceo-throws-down-the-gauntlet-on-threat-sharing/?utm_source=twitterfeed&utm_medium=twitter http://arstechnica.com/security/2014/04/stanfords-password-policy-shuns-one-size-fits-all-security/ https://www.trustedsec.com/april-2014/red-alert-massive-cyber-wire-fraud-attacks-us-companies/ https://community.qualys.com/blogs/laws-of-vulnerabilities/2014/04/26/new-internet-explorer-0-day