Cover image of The Threatpost Podcast
(17)
Technology
News
Tech News

The Threatpost Podcast

Updated about 18 hours ago

Technology
News
Tech News
Read more

Threatpost writers Mike Mimoso and Chris Brook discuss security threats, attacks, vulnerability research and trends with a variety of industry executives, researchers and experts.

Read more

Threatpost writers Mike Mimoso and Chris Brook discuss security threats, attacks, vulnerability research and trends with a variety of industry executives, researchers and experts.

iTunes Ratings

17 Ratings
Average Ratings
7
5
4
0
1

Threatpost

By Uncleduke911 - May 30 2019
Read more
Note to podcasters: chose a room with carpets and soft wall surfaces. Use a quality unidirectional mic. Sit closer to mic. Otherwise it’s too fatiguing to listen to your fine podcast. 5G program continues to demonstrate producer indifference to poor audio quality.

Content is usually good, but sound quality makes it unlistenable

By LarryWest42 - Aug 11 2018
Read more
I just noticed earlier reviewers complained about the sound, too. The sound quality is very harsh, no attempt to made to balance volume level, there are easily preventable noises in many episodes. There are literally podcasts made by high school kids who do a better job on the sound quality. Lindsay, Tom: this problem didn't start with you, but it seems to have become worse this year. Why not treat this as news content that you're proud of? Take a class, learn from on-line videos, consult an audiophile friend, ... something.

iTunes Ratings

17 Ratings
Average Ratings
7
5
4
0
1

Threatpost

By Uncleduke911 - May 30 2019
Read more
Note to podcasters: chose a room with carpets and soft wall surfaces. Use a quality unidirectional mic. Sit closer to mic. Otherwise it’s too fatiguing to listen to your fine podcast. 5G program continues to demonstrate producer indifference to poor audio quality.

Content is usually good, but sound quality makes it unlistenable

By LarryWest42 - Aug 11 2018
Read more
I just noticed earlier reviewers complained about the sound, too. The sound quality is very harsh, no attempt to made to balance volume level, there are easily preventable noises in many episodes. There are literally podcasts made by high school kids who do a better job on the sound quality. Lindsay, Tom: this problem didn't start with you, but it seems to have become worse this year. Why not treat this as news content that you're proud of? Take a class, learn from on-line videos, consult an audiophile friend, ... something.
Cover image of The Threatpost Podcast

The Threatpost Podcast

Latest release on Jan 17, 2020

Read more

Threatpost writers Mike Mimoso and Chris Brook discuss security threats, attacks, vulnerability research and trends with a variety of industry executives, researchers and experts.

Rank #1: The Threatpost Podcast: The Biggest Cybersecurity Trends in 2019

Podcast cover
Read more

Threatpost talked to Leigh-Anne Galloway, the cybersecurity resilience lead of Positive Technologies, about what she sees as the top cyber trends, threats and topics in 2019.

From data breaches to threat actors, listen to hear more of Galloway's predictions. 

Jan 07 2019

19mins

Play

Rank #2: Sponsored Podcast: Vendors, Suppliers, Partners -- Oh My! Who Will Increase Your Risk of Account Takeover?

Podcast cover
Read more

In this sponsored podcast, Threatpost podcast host Cody Hackett talks to Chip Witt, head of product strategy at SpyCloud, about the account takeover risks posed by third parties. 

Your users’ login credentials are available for sale on the criminal underground -- and criminals know it. For the third year running, the 2019 Verizon Data Breach Report calls out the use of weak and stolen credentials as the most common hacking tactic. 

The best way to protect your organization is to reset stolen employee and consumer credentials before criminals have a chance to use them against you. But what about partners and vendors, who may have access to your network, your customer data, or your IP? If you have these types of direct relationships, you may have additional exposures. 

Oct 09 2019

23mins

Play

Rank #3: The Threatpost Podcast: RSA Conference 2019 Recap

Podcast cover
Read more

The Threatpost team touches base at the RSA Conference this year in San Francisco to discuss breaking news from the show and their favorite topics and trends that they saw.

Mar 07 2019

13mins

Play

Rank #4: The Threatpost Podcast: Breaking Down the COSCO Ransomware Attack

Podcast cover
Read more

Threatpost talks to Matt Tyrer with Commvault about the recent COSCO ransomware attack. Tyrer discusses the biggest lessons learned from the incident, COSCO's response, and best practices in preventing ransomware attacks. 

Aug 02 2018

19mins

Play

Rank #5: The Threatpost Podcast: Breaking Down the Magecart Threat (Part Two)

Podcast cover
Read more

Threatpost editor Lindsey O’Donnell talks to RiskIQ's threat researcher, Yonathan Klijnsma, about the varying groups under the Magecart umbrella, and the differing characteristics, targets and techniques of these growing number of groups.

Nov 30 2018

25mins

Play

Rank #6: Threatpost News Wrap Podcast For August 31

Podcast cover
Read more

The Threatpost team talks about the biggest news from this past week, including a Windows zero-day flaw outed on Twitter, Yahoo's email ad-targeting privacy snafu, and crashing mobile apps that leak private data.

Aug 31 2018

27mins

Play

Rank #7: The Threatpost Podcast: The Norsk Hydro Cyberattack and Manufacturing Security

Podcast cover
Read more

Norway-based Norsk Hydro announced on Tuesday morning it was victim to a serious ransomware attack, which has forced the global aluminum producer to shut down or isolate several plants and send several more into manual mode, the company said on Tuesday morning.

Threatpost talked to Phil Neray, the VP of Industrial Cybersecurity at CyberX, about how manufacturing firms can avoid a similar cyberattack that Norsk Hydro has undergone.

Mar 19 2019

22mins

Play

Rank #8: The Threatpost Podcast: Tom Kellermann on Top Financial Threats

Podcast cover
Read more

Lindsey O'Donnell with Threatpost talked to Tom Kellermann, Chief Cybersecurity Officer at Carbon Black. Carbon Black at RSA this year unveiled a new report outlining the top attacks that financial firms are facing. According to the report, 67 percent of surveyed financial institutions have reported an increase in cyberattacks over the past 12 months. Kellermann discusses the report's findings and key takeaways.

Mar 06 2019

17mins

Play

Rank #9: Threatpost News Wrap For September 7

Podcast cover
Read more

Threatpost editors Lindsey O'Donnell and Tom Spring break down the biggest news from the week ending September 7.

Sep 06 2018

20mins

Play

Rank #10: The Threatpost Podcast: Behind the Intel CPU ZombieLoad Attack

Podcast cover
Read more

After Intel on Tuesday revealed a new class of speculative execution vulnerabilities, which impact all its modern CPUs, the researcher who was part of the team that discovered one of these flaws is sounding off on the disclosure process behind it.

The speculative execution flaw, ZombieLoad, is an attack related to CVE-2018-12130, the flaw in the Fill Buffer of Intel CPUs. That's because this attack leaks the most data – attackers are able to siphon data from system applications, operating system and virtual machines. 

ZombieLoad was discovered and reported by Michael Schwarz, Moritz Lipp and Daniel Gruss from the Graz University of Technology (known for their previous discoveries of similar attacks, including Meltdown). Gruss talks about how the team first discovered the attack.

May 20 2019

27mins

Play

Rank #11: Threatpost Podcast: Interview With Snowden’s Attorney (Part One)

Podcast cover
Read more

Threatpost's Tom Spring sits down with Robert Tibbo, lawyer for Edward Snowden and the refugee families who hid Snowden. 

The refugee families located in Hong Kong that helped shelter Edward Snowden in 2013 - known as the "Snowden refugees" - are under crushing pressure to cooperate with local authorities or face deportation to their countries of origin, where they face an uncertain fate.

Jan 02 2019

24mins

Play

Rank #12: News Wrap: Authorities Target Evil Corp., Imminent Monitor, Money Mules

Podcast cover
Read more

In this week's Threatpost news wrap, editors Tara Seals and Lindsey O'Donnell break down the top infosec news, including:

  • Authorities cracked down on cybercrime group Evil Corp. with sanctions and charges against its leader, known for his lavish lifestyle.

  • The developers behind a commodity remote-access tool (RAT) that allows full control of a victim’s computer has been taken down by Australian and global authorities.

  • Feds say they have halted over 600 domestic money mules – exceeding last year’s 400 money mules stopped last year.

Dec 06 2019

15mins

Play

Rank #13: The Threatpost Podcast: Emotet's Fast-Evolving Tactics

Podcast cover
Read more

The Emotet banking trojan has been popping up in the news for years: From widespread malspam infections of banking German targets in 2014, all the way up to the costly infection of a New Hampshire town’s computer network in July.

And while the tricky Emotet malware first emerged targeting banking credentials, over the past year researchers have called out the trojan for changing its tactics – and its targets. Sig Murphy, consulting director for Western North America at Cylance, says that this evolution will continue in 2019.

Jan 14 2019

25mins

Play

Rank #14: Retail Org Cyberattacks Set to Soar in 2019 Holiday Season

Podcast cover
Read more

In a new report, "Holiday Season Cyber Heists" released Thursday morning, Carbon Black said that cybercrime activity tracked during 2019 is already setting the holiday shopping season for an upward trajectory in malware and ransomware attacks.

From constantly-evolving malware like Kryptik, to island hopping attacks, holiday shoppers are the ones who find themselves constantly at risk during cyberattacks against retailers. And retail companies are paying the price: Up to 40 percent of surveyed retail organizations said they've lost revenue as a result of a cyberattack in 2019.

Tom Kellerman, the head cybersecurity strategist with VMware Carbon Black, talks about the newest threats that retail organizations - and shoppers - are facing this holiday shopping season.

Dec 12 2019

20mins

Play

Rank #15: The Threatpost Podcast: Thousands of IoT Devices Bricked By Silex Malware

Podcast cover
Read more

A 14-year-old hacker used a new strain of malware this week to brick up to 4,000 insecure Internet of Things (IoT) devices - before abruptly shutting down. The malware, dubbed Silex, was first discovered by Larry Cashdollar, senior Security Intelligence Response engineer at Akamai, on his honeypot. Threatpost discusses the new malware with Cashdollar - and what malware strains like this one and BrickerBot mean for the insecure IoT device landscape. 

Jun 27 2019

15mins

Play

Rank #16: The Threatpost Podcast: It's Time to Throw Out Insecure IoT Devices

Podcast cover
Read more

What can be done with 2 million connected security cameras, baby monitors and more that are vulnerable to serious flaws - but don't have a patch?

Security researcher Paul Marrapese, whodisclosed the flaws in April and has yet to hear back from any impacted vendors, recommends that consumers throw them in the trash.

"I 100 percent suggest that people throw them out," he told Threatpost in a podcast interview. "I really, I don't think that there's going to be any patch for this. The issues are very, very hard to fix, in part because, once a device is shipped with a serial number, you can't really change that, you can't really patch that, it's a physical issue."

Jun 18 2019

17mins

Play

Rank #17: Why Cities Are a Low-Hanging Fruit For Ransomware (Part 1)

Podcast cover
Read more

Why do cities appear to be a low hanging fruit when it comes to ransomware attacks? What hurdles do state and local governments face when securing their systems and responding to attacks?

In the first of a two part series, Threatpost talks to Shawn Taylor, the senior systems engineer at Forescout who covers state and local governments across the country. Taylor was in the trenches during the infamous 2018 Atlanta ransomware attack and recounts what the experience taught him about remediation and recovery efforts when it comes to cyberattacks.

Jul 15 2019

20mins

Play

Rank #18: News Wrap: Office 365 Voicemail Phish, Bed Bath and Beyond Breach

Podcast cover
Read more

Threatpost editors Tara Seals and Lindsey O'Donnell break down the top security news of this week, from data breaches to Advanced Persistent Threat (APT) activity.  Top stories include:

  • A Microsoft alert that APT group Fancy Bearhas targeted anti-doping authorities and sporting organizations around the world as the world begins to gear up for the Tokyo Summer Olympic Games, which kick off July 2020.
  • A report outlining that Chinese state-sponsored hackersare attacking telecom networks to sniff out SMS messages that contain keywords revolving around political dissidents.
  • Bed, Bath and Beyond disclosing a data breachthat allowed the adversaries to access customers' online accounts - and what researchers say the attack may have stemmed from.
  • A nasty phishing campaignthat uses fake voicemail messages to lure victims into revealing their Office 365 email credentials.

Nov 01 2019

18mins

Play

Rank #19: News Wrap Podcast For May 10

Podcast cover
Read more

Threatpost editors Lindsey O'Donnell and Tom Spring break down this week's biggest news, including:

-Facebook co-founder Chris Hughes wrote a blistering op-ed about the need for regulation around the social media giant 

-Verizon's data breach investigations report 2019, released this week, which outlined the top data breach trends to look out for

-A firestorm surrounding Airbnb after a guest discovered that her host was secretly recording her in the flat's bedroom.

May 10 2019

26mins

Play

Rank #20: Black Friday Scams, Malware Running Rampant

Podcast cover
Read more

Black Friday and Cyber Monday-related scams are nothing new - but researchers warn that this year,  they are seeing an uptick in scams using more sophisticated methods to lure users to hand over their payment data.

A research report released Tuesday by ZeroFOX uncovered some of the threats that attackers are using to tap into the Black Friday shopping craze, including social media scams, domain impersonation scams, and malware.

Nov 26 2019

17mins

Play

News Wrap: PoC Exploit Controversy, Cable Haunt & Joker Malware

Podcast cover
Read more

This week's news wrap podcast breaks down the biggest Threatpost security stories of the week, including:

Jan 17 2020

25mins

Play

NSA Detects Major Microsoft Windows Flaw: What It Means

Podcast cover
Read more

A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency (NSA).

Microsoft's January Patch Tuesday security bulletin disclosed the "important"-severity vulnerability, which could allow an attacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source.

Threatpost talked to Pratik Savla, senior security engineer at Venafi, about the vulnerability, whether the hype around the flaw was warranted, and what the disclosure means for the NSA.

Jan 15 2020

15mins

Play

CCPA's Biggest Challenge: Where's The Data?

Podcast cover
Read more

The California Consumer Privacy Act is being touted as one of the strongest privacy regulations in the U.S. enacted so far. However, though the CCPA was adopted on January 1, 2020, the act still has several loose ends and privacy loopholes that need to be fleshed out.

At a high level ,the CCPA mandates strict requirements for companies to notify users about how their user data will be used and monetized along with giving them straightforward tools for opting out.  However, one of the bigger challenges with the CCPA is the question of tracking the location of that user data, Terry Ray, SVP and fellow with Imperva, tells Threatpost.

Jan 09 2020

19mins

Play

The Roadblocks and Opportunities For Women in Cybersecurity

Podcast cover
Read more

In 2019, diversity in the cybersecurity was thrust to the forefront with recognition from both vendors and experts. The tech industry is facing challenges around diversity in general, but women are particularly underrepresented. And with an estimated 3.5 million jobs are expected to remain unfilledby 2021, infosec is certainly a lucrative space for women.

Threatpost sat down with Jessica LaBouve, a pen tester with A-LIGN, to discuss the personal challenges she's faced in the cybersecurity industry and the opportunities in the space that she sees for improvement.

Dec 27 2019

12mins

Play

Sponsored Podcast: What We’ve Learned from the Year of the Breach

Podcast cover
Read more

In this sponsored podcast, Threatpost sits down with Arctic Wolf's Matt Duench to discuss the lessons learned from this year's top data breaches.

Dec 23 2019

25mins

Play

Security Year in Review: Top Stories of 2019

Podcast cover
Read more

From data breaches and the ransomware epidemic, to new regulation and outcry around data privacy, 2019 has been a wild ride for the infosec community. Threatpost breaks down the top news stories, trends and topics for this year.

Dec 20 2019

23mins

Play

Retail Org Cyberattacks Set to Soar in 2019 Holiday Season

Podcast cover
Read more

In a new report, "Holiday Season Cyber Heists" released Thursday morning, Carbon Black said that cybercrime activity tracked during 2019 is already setting the holiday shopping season for an upward trajectory in malware and ransomware attacks.

From constantly-evolving malware like Kryptik, to island hopping attacks, holiday shoppers are the ones who find themselves constantly at risk during cyberattacks against retailers. And retail companies are paying the price: Up to 40 percent of surveyed retail organizations said they've lost revenue as a result of a cyberattack in 2019.

Tom Kellerman, the head cybersecurity strategist with VMware Carbon Black, talks about the newest threats that retail organizations - and shoppers - are facing this holiday shopping season.

Dec 12 2019

20mins

Play

News Wrap: Authorities Target Evil Corp., Imminent Monitor, Money Mules

Podcast cover
Read more

In this week's Threatpost news wrap, editors Tara Seals and Lindsey O'Donnell break down the top infosec news, including:

  • Authorities cracked down on cybercrime group Evil Corp. with sanctions and charges against its leader, known for his lavish lifestyle.

  • The developers behind a commodity remote-access tool (RAT) that allows full control of a victim’s computer has been taken down by Australian and global authorities.

  • Feds say they have halted over 600 domestic money mules – exceeding last year’s 400 money mules stopped last year.

Dec 06 2019

15mins

Play

Why Consumers Grapple With a 'Wild West Era' For Mobile Tracking

Podcast cover
Read more

The "identifiers" behind data collection - the ways that companies identify consumers who they're collecting the data from - has extended far beyond cookies prevalent in web browsers, privacy experts warn.  

Now, consumers and regulators struggling to understand who is collecting data, how that data is being shared and how it's being stored, must also think about 'identifiers" that are used in mobile tracking and even physical tracking - including facial biometrics or credit cards. And unfortunately, according to a new report released this week, these new types of tracking identifiers are still in a stage where its difficult to reign them in via regulation.  

We talk to EFF about how data is being tracked and used, how consumers can protect themselves - and why it's not all bad news in our Threatpost Podcast interview.

Dec 03 2019

26mins

Play

Black Friday Scams, Malware Running Rampant

Podcast cover
Read more

Black Friday and Cyber Monday-related scams are nothing new - but researchers warn that this year,  they are seeing an uptick in scams using more sophisticated methods to lure users to hand over their payment data.

A research report released Tuesday by ZeroFOX uncovered some of the threats that attackers are using to tap into the Black Friday shopping craze, including social media scams, domain impersonation scams, and malware.

Nov 26 2019

17mins

Play

News Wrap: Amazon Ring Risks, Stalkerware, and D-Link Router Flaws

Podcast cover
Read more

Threatpost news editors break down the top stories of the week, including:

  • The Coalition Against Stalkerware launched this week, with the aim of offering a centralized location for helping victims of stalkerware, as well as defining what stalkerware is in the first place.
  • Five U.S. Senators are demanding that Amazondisclose how it's securing Ring home-security device footage – and who is allowed to access that footage.
  • D-Link has warned that more of its routers are vulnerableto critical flaws that allow remote hackers to take control of hardware and steal data - but the routers won't be fixed as they have reached end of life.

Nov 22 2019

26mins

Play

Google Discloses Android Camera Hijack Hack: Behind the Scenes

Podcast cover
Read more

Threatpost talks to researchers about a newly-disclosed, high-severity vulnerability in the Google Camera App, the camera built into Android smartphones, that could allow attackers to hijack Android cameras.

Nov 19 2019

17mins

Play

Sponsored Podcast: Managing an Out-Of-Control Security Tech Stack

Podcast cover
Read more

In this sponsored podcast, Threatpost podcast host Cody Hackett and Sam McLane, chief technical services officer with Arctic Wolf, discuss important considerations when building a multi-layered cybersecurity strategy and best practices when evaluating security vendors in a crowded landscape.

Nov 15 2019

23mins

Play

Live at ENFUSE 2019: Security Regulations, Insider Threats, and IoT Privacy Risks

Podcast cover
Read more

From insider threats, to Internet of Things (IoT) medical device security, ENFUSE 2019 broke down the top privacy and security issues that consumers are seeing today - and which regulatory efforts are being developed to address them.

Nov 14 2019

15mins

Play

News Wrap: Voice Assistant Laser Hack, Twitter Insider Threats, Data Breach Fine Fails

Podcast cover
Read more

Threatpost editors break down the top news stories for the week ended Nov. 8. The top stories of the week include:

Nov 08 2019

17mins

Play

Emotet Resurgence Continues With New TTPs

Podcast cover
Read more

Emotet, the infamous banking trojan that mysteriously disappeared over the summer,  returned last monthdropping other banking trojans, information stealers, email harvesters, self-propagation mechanisms and ransomware.

But since the malware returned from its hiatus, there was no clear novel technique or tactic that researchers observed - until eventually throughout the weeks, security researcher Suweera De Souza started seeing more and more development. De Souza discusses the new techniques with Threatpost on this week's Threatpost Podcast.

Nov 06 2019

16mins

Play

News Wrap: Office 365 Voicemail Phish, Bed Bath and Beyond Breach

Podcast cover
Read more

Threatpost editors Tara Seals and Lindsey O'Donnell break down the top security news of this week, from data breaches to Advanced Persistent Threat (APT) activity.  Top stories include:

  • A Microsoft alert that APT group Fancy Bearhas targeted anti-doping authorities and sporting organizations around the world as the world begins to gear up for the Tokyo Summer Olympic Games, which kick off July 2020.
  • A report outlining that Chinese state-sponsored hackersare attacking telecom networks to sniff out SMS messages that contain keywords revolving around political dissidents.
  • Bed, Bath and Beyond disclosing a data breachthat allowed the adversaries to access customers' online accounts - and what researchers say the attack may have stemmed from.
  • A nasty phishing campaignthat uses fake voicemail messages to lure victims into revealing their Office 365 email credentials.

Nov 01 2019

18mins

Play

WhatsApp Hack: Inside the NSO Group Investigation

Podcast cover
Read more

John Scott Railton, senior researcher at Citizen Lab, led the charge on the investigation into NSO Group and the alleged WhatsApp hack. The lawsuit by WhatsApp parent company Facebook into NSO Group, he said, is a "certified big deal" and will have widespread implications for commercial spyware companies in general.

Oct 30 2019

19mins

Play

News Wrap: Hotel Robot Hacks, FTC Stalkerware Crackdown

Podcast cover
Read more

Threatpost editors break down the top news stories for the week ended Oct. 25. The biggest stories include:

  • An unsecured NFC tag opening a door totrivial exploitation of robotsthat are used inside Japanese hotels.
  • The FTC has bannedthe sale of three apps – marketed to monitor children and employees – unless the developers can prove that the apps will be used for legitimate purposes.
  • Developer interfaces were used by Security Research Labs researchers to turn digital home assistantsinto 'Smart Spies'.

Oct 25 2019

14mins

Play

New Alexa, Google Home Hack Enables Eavesdropping on Users

Podcast cover
Read more

Researchers this week disclosed new ways that attackers can exploit Alexa and Google Home smart speakers to spy on users. The hacks, which rely on the abuse of "skills," or apps for voice assistants, allow bad actors to eavesdrop on users and trick them into telling them their passwords over the smart assistant devices.

Threatpost discusses the new hack with Karsten Nohl, managing director at Security Research Labs, who was behind the research. 

Oct 22 2019

20mins

Play

iTunes Ratings

17 Ratings
Average Ratings
7
5
4
0
1

Threatpost

By Uncleduke911 - May 30 2019
Read more
Note to podcasters: chose a room with carpets and soft wall surfaces. Use a quality unidirectional mic. Sit closer to mic. Otherwise it’s too fatiguing to listen to your fine podcast. 5G program continues to demonstrate producer indifference to poor audio quality.

Content is usually good, but sound quality makes it unlistenable

By LarryWest42 - Aug 11 2018
Read more
I just noticed earlier reviewers complained about the sound, too. The sound quality is very harsh, no attempt to made to balance volume level, there are easily preventable noises in many episodes. There are literally podcasts made by high school kids who do a better job on the sound quality. Lindsay, Tom: this problem didn't start with you, but it seems to have become worse this year. Why not treat this as news content that you're proud of? Take a class, learn from on-line videos, consult an audiophile friend, ... something.