There is no question that companies are in the sights of would-be criminals looking to exploit them. While companies look at solutions and trainings to help keep the perimeter secure, the biggest fail point is often the employees, AKA the human element. In this Threatpost podcast, sponsored by Egress, we sit down with Jack Chapman to discuss the steps and tactics that companies can take to stay one step ahead of their adversaries. During our conversation, we discuss:  Weaknesses that attackers look to exploit Evolution of toolkits Securing MFA and more 

There is no question that companies are in the sights of would-be criminals looking to exploit them. While companies look at solutions and trainings to help keep the perimeter secure, the biggest fail point is often the employees, AKA the human element. In this Threatpost podcast, sponsored by Egress, we sit down with Jack Chapman to discuss the steps and tactics that companies can take to stay one step ahead of their adversaries. During our conversation, we discuss: <ul> <li>Weaknesses that attackers look to exploit</li> <li>Evolution of toolkits</li> <li>Securing MFA and more</li> </ul>

Inside the Hackers’ Toolkit

There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, , Chief Security Strategist &amp; VP Global Threat Intelligence, Fortinet’s FortiGuard Labs to discuss the threats facing CISOs along with more. During the course of our discussion, we dive into:  What an attack on all fronts looks like The current state of the threat landscape New techniques being leveraged be adversaries The automation of threats  We also lay out what CISOs need to consider when laying out and producing their threat action plan.

There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, , Chief Security Strategist &amp; VP Global Threat Intelligence, <a href="https://twitter.com/Fortinet" rel="nofollow" target="_blank">Fortinet’s FortiGuard Labs</a> to discuss the threats facing CISOs along with more. During the course of our discussion, we dive into: <ul> <li>What an attack on all fronts looks like</li> <li>The current state of the threat landscape</li> <li>New techniques being leveraged be adversaries</li> <li>The automation of threats</li> </ul> We also lay out what CISOs need to consider when laying out and producing their threat action plan.

Being prepared for adversarial attacks

Can I tell you a secret? Will you keep it between us? You’ve probably said this or heard this when it comes to friends and family. However, do you also know that secret keeping, or lack thereof is one of the biggest issues that businesses face? According to the recent The State of the Secret Sprawl from GitGuardian further defines the breadth of business secrets. “A secret can be any sensitive data that we want to keep private. When discussing secrets in the context of software development, secrets generally refer to digital authentication credentials that grant access to services, systems and data. These are most commonly API keys, usernames and passwords, or security certificates. Secrets are what tie together different building blocks of a single application by creating a secure connection between each component. Secrets grant access to the most sensitive systems.” In this podcast with Mackenzie Jackson, developer advocate at GitGuardian, we dive into the report and also the issues that corporations face with public leaks from groups like Lapsus and more, along with as ways that developers can keep their code safe. For the full report,  click here.

Can I tell you a secret? Will you keep it between us? You’ve probably said this or heard this when it comes to friends and family. However, do you also know that secret keeping, or lack thereof is one of the biggest issues that businesses face? According to the recent The State of the Secret Sprawl from GitGuardian further defines the breadth of business secrets. “A secret can be any sensitive data that we want to keep private. When discussing secrets in the context of software development, secrets generally refer to digital authentication credentials that grant access to services, systems and data. These are most commonly API keys, usernames and passwords, or security certificates. Secrets are what tie together different building blocks of a single application by creating a secure connection between each component. Secrets grant access to the most sensitive systems.” In this podcast with Mackenzie Jackson, developer advocate at GitGuardian, we dive into the report and also the issues that corporations face with public leaks from groups like Lapsus and more, along with as ways that developers can keep their code safe. For the full report, <a href="https://res.cloudinary.com/da8kiytlc/image/upload/v1615208698/StateofSecretSprawlReport-2021.pdf" rel="nofollow" target="_blank"> click here</a>.

The State of Secrets Sprawl

The Truth Behind ‘Mythical’ MacOS Malware – Podcast

A Blockchain Primer and a Bored Ape Headscratcher – Podcast

Cyberattackers Put the Pedal to the Metal – Podcast

Top 3 Attack Trends in API Security – Podcast

It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill: Visibility into adversary behavior has been muck.

It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill: Visibility into adversary behavior has been muck.

Reporting Mandates to Clear Up Feds' Hazy Look into Threat Landscape – Podcast

The ransomware group’s benefits – monthly bonuses, fines, employee of the month, performance reviews and top-notch training materials – might be better than your own company’s, says BreachQuest’s Marco Figueroa. 

The ransomware group’s benefits – monthly bonuses, fines, employee of the month, performance reviews and top-notch training materials – might be better than your own company’s, says BreachQuest’s Marco Figueroa.

Staff Think Conti Group Is a Legit Employer – Podcast

There's a yawning gap between IT decision makers' confidence about security vs. their concession that repeated incidents are their own fault, says ExtraHop's Jamie Moles.

There's a yawning gap between IT decision makers' confidence about security vs. their concession that repeated incidents are their own fault, says ExtraHop's Jamie Moles.

Multi-Ransomwared Victims Have It Coming

Threatpost writers Mike Mimoso and Chris Brook discuss security threats, attacks, vulnerability research and trends with a variety of industry executives, researchers and experts.

It’s not just Ukraine: Threat intel experts are seeing a flood of data on Russian military, nukes and crooks, even with the Conti ransomware gang having shuttered its leaking Jabber chat server. 

It’s not just Ukraine: Threat intel experts are seeing a flood of data on Russian military, nukes and crooks, even with the Conti ransomware gang having shuttered its leaking Jabber chat server.

Russia Leaks Data From a Thousand Cuts–Podcast

Stock your liquor cabinets and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.”

Stock your liquor cabinets and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.”

Securing Data With a Frenzied Remote Workforce–Podcast

With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.

With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.

The Art of Non-boring Cybersec Training–Podcast

Applications are the most preferred vectors for cybercriminals. Yet no single team or process can assure the rollout of safe cloud applications. From code design to unit testing to deployment, teams and tools have to work together to detect risks early while keeping the pipeline of digital products moving.   Alex Rice, CTO at HackerOne and Johnathan Hunt, VP of Security at GitLab, help development teams evolve their processes to build security directly into their workflows for smooth and safe cloud app rollouts.  They dropped by the Threatpost podcast recently to share tips on  DevSecOps, including:    How to build a continual testing, monitoring, and feedback processes to drive down application risk. Developing a continuous approach to application security and DevOps security tools. Why collaboration and continual feedback is essential across development, cloud and security teams.    …as well as how to deal with the boatload of animosity between development and security teams. One tip: Assume positive intent!

Applications are the most preferred vectors for cybercriminals. Yet no single team or process can assure the rollout of safe cloud applications. From code design to unit testing to deployment, teams and tools have to work together to detect risks early while keeping the pipeline of digital products moving. Alex Rice, CTO at HackerOne and Johnathan Hunt, VP of Security at GitLab, help development teams evolve their processes to build security directly into their workflows for smooth and safe cloud app rollouts.  They dropped by the Threatpost podcast recently to share tips on <a href="https://threatpost.com/apps-built-better-devsecops-security-silver-bullet/167793/" rel="nofollow" target="_blank"> DevSecOps</a>, including: <ul> <li>How to build a continual testing, monitoring, and feedback processes to drive down application risk.</li> <li>Developing a continuous approach to application security and DevOps security tools.</li> <li>Why collaboration and continual feedback is essential across development, cloud and security teams.</li> </ul> …as well as how to deal with the boatload of animosity between development and security teams. One tip: Assume positive intent!

Killing Cloud Risk by Bulletproofing App Security: Podcast

Former FBI Gumshoe Nabs Cybercrooks Using Proven Behavioral Clues

Threatpost podcast: Cybereason CTO Yonatan Striem-Amit shares details about the company's vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show having been disclosed.

Threatpost podcast: Cybereason CTO Yonatan Striem-Amit shares details about the company's vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show having been disclosed.

How to Buy Precious Patching Time as Log4j Exploits Fly

Attackers Will Flock to Crypto Wallets, Linux in 2022:  Podcast

Podcast: Could the Zoho Flaw Trigger the Next SolarWinds?

Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once

Imperva’s Peter Klimek visited Threatpost podcast to discuss the evolution of DDoS attacks: They started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,

Imperva’s Peter Klimek visited Threatpost podcast to discuss the evolution of DDoS attacks: They started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,

DDoS Attacks Are a Flourishing Business for Cybercrooks – Podcast

Note to podcasters: chose a room with carpets and soft wall surfaces. Use a quality unidirectional mic. Sit closer to mic. Otherwise it’s too fatiguing to listen to your fine podcast.

5G program continues to demonstrate producer indifference to poor audio quality.

Threatpost

I just noticed earlier reviewers complained about the sound, too.

The sound quality is very harsh, no attempt to made to balance volume level, there are easily preventable noises in many episodes.

There are literally podcasts made by high school kids who do a better job on the sound quality. 

Lindsay, Tom: this problem didn&#39;t start with you, but it seems to have become worse this year. Why not treat this as news content that you&#39;re proud of?  Take a class, learn from on-line videos, consult an audiophile friend, ... something.

Content is usually good, but sound quality makes it unlistenable

The Threatpost Podcast

Threatpost talks to Nick Biasini, a threat researcher at Cisco Talos, about a recently-uncovered threat actor, dubbed Vivin, has made thousands of U.S. dollars through a large-scale cryptomining campaign.

Threatpost talks to Nick Biasini, a threat researcher at Cisco Talos, about a recently-uncovered threat actor, dubbed Vivin, has made thousands of U.S. dollars through a large-scale cryptomining campaign.

Vivin Nets Thousands of Dollars Using Cryptomining Malware

A recent 2020 IoT report found that more than half of IoT devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers. Threatpost talks to Ryan Olson, vice president of Threat Intelligence for Unit 42 at Palo Alto Networks, and May Wang, senior distinguished engineer at Palo Alto Networks and former Zingbox CTO, about the top IoT threats.

A recent 2020 IoT report found that more than half of IoT devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers. Threatpost talks to Ryan Olson, vice president of Threat Intelligence for Unit 42 at Palo Alto Networks, and May Wang, senior distinguished engineer at Palo Alto Networks and former Zingbox CTO, about the top IoT threats.

IoT Device Security: The Good, The Bad and The Ugly

For the week ended March 20, Threatpost editors break down the top security stories, including:  The various cybercriminal activity - from malware, phishing and other scams - tapping into the coronavirus pandemic The security risks of businesses working from home due to the virus' spread Privacy concerns as more governments use facial recognition and mobile apps for tracking the virus   The results of Pwn2Own, which took place this week 

For the week ended March 20, Threatpost editors break down the top security stories, including: <ul> <li>The various cybercriminal activity - from malware, phishing and other scams - tapping into the coronavirus pandemic</li> <li>The security risks of businesses working from home due to the virus' spread</li> <li>Privacy concerns as more governments use facial recognition and mobile apps for tracking the virus  </li> <li>The results of Pwn2Own, which took place this week</li> </ul>

News Wrap: Coronavirus Scams, Work From Home Security Woes, Pwn2Own

In 2019, diversity in the cybersecurity was thrust to the forefront with recognition from both vendors and experts. The tech industry is facing challenges around diversity in general, but women are particularly underrepresented. And with an estimated 3.5 million jobs are expected to remain unfilledby 2021, infosec is certainly a lucrative space for women. Threatpost sat down with Jessica LaBouve, a pen tester with A-LIGN, to discuss the personal challenges she's faced in the cybersecurity industry and the opportunities in the space that she sees for improvement.

In 2019, diversity in the cybersecurity was thrust to the forefront with recognition from both vendors and experts. The tech industry is facing challenges around <a href="https://threatpost.com/program-looks-to-tap-military-vets-for-cyber-jobs/138879/" rel="noopener noreferrer nofollow" target="_blank">diversity in general</a>, but women are particularly underrepresented. And with an estimated 3.5 million jobs are expected to <a href="https://cybersecurityventures.com/jobs/" rel="noopener noreferrer nofollow" target="_blank">remain unfilled</a>by 2021, infosec is certainly a lucrative space for women. Threatpost sat down with Jessica LaBouve, a pen tester with A-LIGN, to discuss the personal challenges she's faced in the cybersecurity industry and the opportunities in the space that she sees for improvement.

The Roadblocks and Opportunities For Women in Cybersecurity

The best podcast episodes of the most interesting stories and things. From skyping someone while they're in space, to tracking down and meeting a telephone scammer in person, to the story of a Galapagos. These episodes will keep you and all your friends entertained and captivated for hours. Learn something new in every episode! Add episodes you're interested into your queue below!

Best Episodes: Interesting Stories & Things

What is this?
1 quote, 3 ideas & 1 question from a carefully curated podcast episode.
Every Monday & Wednesday.

Want a 3rd insight and episode every week? Email me at curation@owltail.com.