Shows
Error CodeEP 67: Collateral DamageOperational technology (OT) systems are no longer limited to nation-states; criminal groups and hacktivists now actively target these systems, often driven by financial or ideological motives. Kurt Gaudette, Vice President of Intelligence and Services at Dragos, explains why these systems might not even be the primary targets.
2025-07-2223 minError CodeEP 66: Secure only the OT code that actually runsMany organizations spend valuable security resources fixing vulnerabilities in code that never actually runs—an inefficient and often unnecessary effort. Jeff Williams, CTO and founder at Contrast Security, says that 62% of open source libraries included in software are never even loaded into memory, let alone executed. This means only 38% of libraries are typically active and worth prioritizing.
2025-07-0823 minError CodeEP 65: Hacking Critical Infrastructure Through Supply ChainsCritical Infrastructure software lacks the strict liability standards found in industries like automotive manufacturing, leading to minimal accountability for insecure products when they get exploited. Alex Santos, CEO of Fortress Information Security, explains how they’re typically hired by buyers of ICS equipment—such as utilities—to assess and mitigate supply chain risks, including working with OEMs to improve security.
2025-06-2430 minError CodeEP 64: Volt TyphoonWhile cybersecurity threats targeting critical infrastructure, particularly focusing on the vulnerabilities of operational technology (OT) and industrial control systems (ICS).mostly originate on the business or IT side, there’s increasing concern about attacks crossing into OT, which could result in catastrophic consequences, especially in centralized systems like utilities. Michael Welch, managing director from MorganFranklin Cyber, discusses how Volt Typhoon and other attacks are living off the land, and lying in wait.
2025-06-1043 minError CodeEP 63: Chief Hacking OfficerThis is a story about a Chief Hacking Officer who draws on his expertise in physical and virtual security assessments—along with some intuitive AI-driven coding—to safeguard Operational Technology. Colin Murphy of Frenos and Mitnick Security talks about how some of his early assessment work with Kevin Mitnick is helping him with OT security today.
2025-05-2827 minError CodeEP 62: Defending the Unknown in OT SecurityROI is always a tricky subject in cybersecurity. If you’re paying millions of dollars in securing your OT networks, you’d want to be able to show that it was worth it. Andrew Hural of UnderDefense talks about the need for continuous vigilance, risk management, and proactive defense, acknowledging both the human and technological elements in cybersecurity and how just because something didn’t happen doesn’t mean that it didn’t.
2025-05-1431 minError CodeEP 61: Applying Zero Trust to OT systemsZero Trust is a security model based on default-deny policies and fine-grained access control governed by identity, authentication, and contextual signals. For RSAC 2025, John Kindervag, Chief Evangelist of Illumio and the creator of Zero Trust, talks about introducing a "protect surface" into legacy OT systems —isolating critical data, applications, assets, or services into secure zones for targeted Zero Trust implementation.
2025-04-3036 min
@BEERISAC: OT/ICS Security Podcast PlaylistEP 60: Hacking Solar Power Inverters Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 60: Hacking Solar Power InvertersPub date: 2025-04-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSolar power systems are rapidly becoming essential elements of power grids throughout the world, especially in the US and EU. However, cybersecurity for these systems is often an afterthought, creating a growing risk to grid stability and availability. Daniel de Santos, Head of Research at Forescout, talks about his recent research into vulnerabilities associated with solar panel investors, how they might aff...2025-04-1939 minError CodeEP 60: Hacking Solar Power InvertersSolar power systems are rapidly becoming essential elements of power grids throughout the world, especially in the US and EU. However, cybersecurity for these systems is often an afterthought, creating a growing risk to grid stability and availability. Daniel de Santos, Head of Research at Forescout, talks about his recent research into vulnerabilities associated with solar panel investors, how they might affect the power grid or the end-user, and what we can do about it.
2025-04-1639 min@BEERISAC: OT/ICS Security Podcast PlaylistEP 59: Automotive Hacking In Your Own Garage Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 59: Automotive Hacking In Your Own GaragePub date: 2025-04-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationGone are the days when you could repair your own car. Even ICE cars have more electronics than ever before. Alexander Pick is an independent hardware hacker specializing in automotive systems. He says if you start off small, like looking at ECUs, there’s a lot of great research yet to be done by both hobbyists and professionals alike.2025-04-0536 minError CodeEP 59: Automotive Hacking In Your Own GarageGone are the days when you could repair your own car. Even ICE cars have more electronics than ever before. Alexander Pick is an independent hardware hacker specializing in automotive systems. He says if you start off small, like looking at ECUs, there’s a lot of great research yet to be done by both hobbyists and professionals alike.
2025-04-0136 min
NeedleStack"We’re back, and we’re your new hosts"Meet the new hosts of NeedleStack. Robert Vamosi is a CISSP and award-winning journalist. AJ Nash has two decades of experience in the Intelligence community. Together they will host new episodes of NeedleStack, with an array of amazing guests.2025-03-1933 minError CodeEP 58: Hacking Office SuppliesIt’s becoming easier for criminals to use counterfeit or altered chips in common office products, such as printer toner cartridges, with the aim of espionage or simple financial gain. Tony Moor, Senior Director Of Silicon Lab Services For IOActive, explains how the hacking embedded silicon within common objects in our day to day lives is becoming more common, and what the consequences of this lack of security might mean.
2025-03-1945 min@BEERISAC: OT/ICS Security Podcast PlaylistEP 57: Strengthening Embedded Device Security with Cloud-Based SCADA Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 57: Strengthening Embedded Device Security with Cloud-Based SCADAPub date: 2025-03-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEmbedded devices need basic security measures like multi-factor authentication and unique credentials to reduce vulnerabilities and protect against cyber threats. Mauritz Botha, co-founder and CTO of XiO Inc., explains that cloud-based SCADA can update old systems and provide the visibility that’s currently missing.The podcast and artwork embedded on this page are from Robert Vamos...2025-03-0933 minError CodeEP 57: Strengthening Embedded Device Security with Cloud-Based SCADAEmbedded devices need basic security measures like multi-factor authentication and unique credentials to reduce vulnerabilities and protect against cyber threats. Mauritz Botha, co-founder and CTO of XiO Inc., explains that cloud-based SCADA can update old systems and provide the visibility that’s currently missing.
2025-03-0533 min@BEERISAC: OT/ICS Security Podcast PlaylistEP 56: Hacking OT and ICS in the Era of Cloud and Automation Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 56: Hacking OT and ICS in the Era of Cloud and AutomationPub date: 2025-02-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAs industrial enterprises lurch toward digital transformation and Industry 4.0, a new report looks at the security OT systems and finds it wanting. Grant Geyer, the Chief Strategy Officer for Claroty, talks about the findings from over one million devices in the field today, and what industries must do now to secure them....2025-02-2142 minError CodeEP 56: Hacking OT and ICS in the Era of Cloud and AutomationAs industrial enterprises lurch toward digital transformation and Industry 4.0, a new report looks at the security OT systems and finds it wanting. Grant Geyer, the Chief Strategy Officer for Claroty, talks about the findings from over one million devices in the field today, and what industries must do now to secure them.
2025-02-1942 minError CodeEP 55: Building Secure Storage for Autonomous VehiclesI recently rode in a Waymo, Google’s self-driving taxi service, and it was fantastic. What if we took that vehicle off the safe roads of California and put it in a warzone like Ukraine? If it was captured, could the enemy get its data or its algorithms? Brent Hansen, Chief Growth Officer at Cigent, talks about the data risks associated with autonomous vehicles and remote servers, and how data security is essential in these in the field locations.
2025-02-0428 min@BEERISAC: OT/ICS Security Podcast PlaylistEP 54: From Cyber Chaos to Control: Lessons from a Kansas Water District Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 54: From Cyber Chaos to Control: Lessons from a Kansas Water DistrictPub date: 2025-01-21Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationImagine your best worst day during a cyber attack. Can you switch to manual systems in case of a failure? Has your team practiced for that? Dave Gunter, OT Cybersecurity Director at Armexa, discusses how a water and waste water utility in Kansas responded correctly to a cyberattack in 2024 by falling back to manual and...2025-01-2434 minError CodeEP 54: From Cyber Chaos to Control: Lessons from a Kansas Water DistrictImagine your best worst day during a cyber attack. Can you switch to manual systems in case of a failure? Has your team practiced for that? Dave Gunter, OT Cybersecurity Director at Armexa, discusses how a water and waste water utility in Kansas responded correctly to a cyberattack in 2024 by falling back to manual and issuing clear, and concise press releases to assure the public that their water was safe to drink.
2025-01-2134 min@BEERISAC: OT/ICS Security Podcast PlaylistEP 53: Securing Smart OT Systems Already In The Field Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 53: Securing Smart OT Systems Already In The FieldPub date: 2025-01-07Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThis is the story of how the security of OT devices in the field can be modernized virtual isolation in the cloud, adding both authentication and encryption into the mix. Bill Moore, founder and CEO of Xona, explains how you can virtualize the OT network and interact with it, adding 2FA and encryption to legacy systems already in...2025-01-1031 minError CodeEP 53: Securing Smart OT Systems Already In The FieldThis is the story of how the security of OT devices in the field can be modernized virtual isolation in the cloud, adding both authentication and encryption into the mix. Bill Moore, founder and CEO of Xona, explains how you can virtualize the OT network and interact with it, adding 2FA and encryption to legacy systems already in the field.
2025-01-0831 min@BEERISAC: OT/ICS Security Podcast PlaylistEP 52: Hacking Cellular-Enabled IoT Devices Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 52: Hacking Cellular-Enabled IoT DevicesPub date: 2024-12-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThis is the story of the secret life of cellular chips and why we need to mitigate against the unintended access they provide. Deral Heiland, Principal Security Research for IoT at Rapid 7, describes a research project he presented at the IoT Village at DEF CON 32 where they compiled AT command manuals from various vendors, discovering unexpected functionalities, such as internal web ser...2024-12-2037 minError CodeEP 52: Hacking Cellular-Enabled IoT DevicesThis is the story of the secret life of cellular chips and why we need to mitigate against the unintended access they provide. Deral Heiland, Principal Security Research for IoT at Rapid 7, describes a research project he presented at the IoT Village at DEF CON 32 where they compiled AT command manuals from various vendors, discovering unexpected functionalities, such as internal web services.
2024-12-1837 min
Curiosophy: A Future Forward Cast.Digital Shadows: The Hidden Price of Our Connected LivesDescription: Join us for an eye-opening exploration of digital privacy based on Kevin Mitnick and Robert Vamosi's "The Art of Invisibility." In this episode, we dive into the invisible web of surveillance that surrounds our daily digital lives. From smartphone tracking to password vulnerabilities, we'll unpack the surprising ways your personal information might be exposed – and more importantly, what you can do about it. Drawing from Mitnick's unique expertise as a former hacker, we'll explore practical strategies for protecting your digital footprint without sacrificing modern convenience. Whether you're a tech enthusiast or just someone who wants to better understand on...2024-12-1313 min@BEERISAC: OT/ICS Security Podcast PlaylistEP 51: Hacking High-Performance Race Cars Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 51: Hacking High-Performance Race CarsPub date: 2024-12-04Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhen we think of IoT, we first think of our smart light bulbs, our smart TVs, our smart baby monitors. However, we don't typically associate IoT with high-performance race cars, and yet they collect terabytes of data each race. Austin Allen, Director of Solutions Architecture at Airlock Digital, discusses the growing presence of smart devices and the responsibility of securing them—shoul...2024-12-0543 minError CodeEP 51: Hacking High-Performance Race CarsWhen we think of IoT, we first think of our smart light bulbs, our smart TVs, our smart baby monitors. However, we don't typically associate IoT with high-performance race cars, and yet they collect terabytes of data each race. Austin Allen, Director of Solutions Architecture at Airlock Digital, discusses the growing presence of smart devices and the responsibility of securing them—should it be the developers who write the code, or the individuals who implement it?
2024-12-0443 min@BEERISAC: OT/ICS Security Podcast PlaylistEP 50: Keeping The Lights On In Ukraine Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 50: Keeping The Lights On In UkrainePub date: 2024-11-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat would happen if your GPS signal were jammed? It would impact more than just navigation – you'd also lose access to financial data and power. Joe Marshall, Senior IoT Strategist and Threat Researcher at Cisco Talos, discusses an innovative solution to maintain the country's power grid operations in the event of GPS jamming, whether it's a precautionary measure or an ac...2024-11-2244 minError CodeEP 50: Keeping The Lights On In UkraineWhat would happen if your GPS signal were jammed? It would impact more than just navigation – you'd also lose access to financial data and power. Joe Marshall, Senior IoT Strategist and Threat Researcher at Cisco Talos, discusses an innovative solution to maintain the country's power grid operations in the event of GPS jamming, whether it's a precautionary measure or an act of war.
2024-11-2044 min@BEERISAC: OT/ICS Security Podcast PlaylistEP 49: Hacking Android-Based ICS Devices Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 49: Hacking Android-Based ICS DevicesPub date: 2024-11-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCybercriminal tactics against ICS include direct threats against individuals for MFA credentials, sometimes escalating to physical violence if they won’t share. Jim Coyle, US Public Sector CTO for Lookout, warns about the increasing use of Android in critical Industrial Control Systems (ICS), such as HVAC systems, and how stealing MFA tokens from mobile devices could affect critical services like healthcare, finan...2024-11-1139 minError CodeEP 49: Hacking Android-Based ICS DevicesCybercriminal tactics against ICS include direct threats against individuals for MFA credentials, sometimes escalating to physical violence if they won’t share. Jim Coyle, US Public Sector CTO for Lookout, warns about the increasing use of Android in critical Industrial Control Systems (ICS), such as HVAC systems, and how stealing MFA tokens from mobile devices could affect critical services like healthcare, finance, and water supply, depending on the goals of the attackers.
2024-11-0539 minError CodeEP 48: The New Insider Threat: Hacking Corporate Office DevicesIf smart buildings are vulnerable to hacking, what about smart offices? Even devices like printers and lighting systems could give an attacker a way in. John Terrill, CSO at Phosphorus, recalls a moment while working at a hedge fund when he found himself in a room filled with priceless art. He realized that the security cameras safeguarding these artworks were operating on outdated software, potentially containing known vulnerabilities.
2024-10-2240 min@BEERISAC: OT/ICS Security Podcast PlaylistEP 47: Hacking Smart Buildings Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 47: Hacking Smart BuildingsPub date: 2024-10-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIf you are in IT, you are probably not thinking about the risks associated with the Otis Elevator or the Coke machine. Maybe you should. Chester Wisnieski, the director and global field CTO at Sophos, points out that IoT devices, big and small, create an outsized threat to any organization. And that’s why IoT vendors need to secure these devices, even if th...2024-10-0941 minError CodeEP 47: Hacking Smart BuildingsIf you are in IT, you are probably not thinking about the risks associated with the Otis Elevator or the Coke machine. Maybe you should. Chester Wisnieski, the director and global field CTO at Sophos, points out that IoT devices, big and small, create an outsized threat to any organization. And that’s why IoT vendors need to secure these devices, even if they only “phone home” for more Coke. If they’re on your network, they need to be secured.
2024-10-0841 min@BEERISAC: OT/ICS Security Podcast PlaylistEP 46: Hacking Israeli-made Water Treatment Devices In Pennsylvania Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 46: Hacking Israeli-made Water Treatment Devices In PennsylvaniaPub date: 2024-09-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationPolitical hacktivism once mainly focused on website defacement. Now it has shifted to targeting physical devices, affecting critical infrastructure such as water treatment plants. At Black Hat USA 2024, Noam Moshe from Claroty highlighted how the HMIs in PLC devices from Israeli manufacturers may be susceptible to political attacks by nation-state actors using unknown vulnerabilities in the PComm protocol.2024-10-0233 minError CodeEP 46: Hacking Israeli-made Water Treatment Devices In PennsylvaniaPolitical hacktivism once mainly focused on website defacement. Now it has shifted to targeting physical devices, affecting critical infrastructure such as water treatment plants. At Black Hat USA 2024, Noam Moshe from Claroty highlighted how the HMIs in PLC devices from Israeli manufacturers may be susceptible to political attacks by nation-state actors using unknown vulnerabilities in the PComm protocol.
2024-09-2533 minError CodeEP 45: Laser Fault Injections on a Shoestring BudgetWhat if you could build your own embedded security tools, glitching devices for a fraction of the cost that you might expect. Like having a $150,000 laser setup for less than $500. A talk at Black Hat USA 2024 says you can. Sam Beaumont (Panth13r), Director of Transportation, mobility and cyber physical systems at NetSPI, and Larry Trowell (patch), Director of hardware embedded systems at NetSPI, along with a team of others, say that you can. Their talk, Laser Beams & Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling, should be a wake up call for all...2024-09-1032 minError CodeEP 44: Performing Security Assessments on ICS systemsToo few vulnerabilities in industrial control systems (ICS) are assigned CVEs because of client non-disclosure agreements. This results in repeatedly discovering the same vulnerabilities for different clients, especially in critical infrastructure. Don C. Weber from IOActive shares his experiences as an ICS security professional and suggests improvements, including following the SANS best practices for ICS security..
2024-08-2834 minError CodeEP 43: Hacking Large-Scale Off-Grid Solar Systems and Other Consumer IoT DevicesAt DEF CON 32, in the ICS village, researchers disclosed vulnerabilities in home and commercial solar panel systems that could potentially disrupt the grid. Dan Berte, Director of IoT security for Bitdefender, discusses his more than a decade in IoT, how the vendor maturity often isn’t there for our smart TVs or even for our solar panels, so reporting vulnerabilities sometimes goes nowhere. That doesn’t stop defenders like Dan, who, along with his team, work hard to change and to educate the industry.
2024-08-1450 minError CodeEP 42: OT-CERTThe resources available at small utilities are scarce, and that’s a big problem because small water, gas, and electric facilities are increasingly under attack. Dawn Capelli of Dragos is the Director of OT-CERT, an independent organization that provides free resources to educate and even protect small and medium sized utilities from attack.
2024-07-3134 minError CodeEP 41: Firmware SBOMs, Zero Trust, And IoT Truth BombsFor the last twenty years we’ve invested in software security without parallel development in firmware security. Why is that? Tom Pace, co-founder and CEO of NetRise, returns to Error Code to discuss the need for firmware software bills of materials, and why Zero Trust is a great idea yet so poorly implemented. As in Episode 30, Tom is a straight shooter, imparting necessary truth bombs about our industry. Fortunately he’s optimistic about our future.
2024-07-1641 min
OXO CoffeeBreakDr. Vámosi Róbert – Startup befektetések ügyvéd szemmelAz OXO Coffee Break következő epizódjában Erdélyi Zsófi Dr. Vámosi Róbertet, a PV Partners ügyvédi iroda tagját, befektetőt kérdezte elsősorban …2024-07-0535 minError CodeEP 40: Hacking IoT Surveillance Cameras For Espionage OperationsThat camera above your head might not seem like a good foreign target, yet in the Ukraine there’s evidence of Russian-backed hackers passively counting the number of foreign aid workers at the local train stations. Andrew Hural of UnderDefense talks about the need to secure everything around a person, everything around an organization, and everything around a nation because every one can be a target.
2024-07-0228 minError CodeEP 39: Hacking Water Systems and the OT Skills GapA critical skills gap in Operational Technology security could have a real effect on your water supply and other areas of the critical infrastructures. Christopher Walcutt from DirectDefense explains how the IT OT convergence, and the lack of understanding of what OT systems are, might be contributing to the spate of water systems attacks in 2024.
2024-06-1940 minError CodeEP 38: Regulating OT Data Breaches And Ransomware ReportingWhen critical infrastructure is shut down due to ransomware or some other malicious attack, who gets notified and when? Chris Warner, from GuidePoint Security, discusses the upcoming Cyber Incident Reporting for Critical Infrastructure Act or CIRCIA and what it will mean for critical infrastructure organizations.
2024-06-0442 min
El blog de n4p5t3rLibros Esenciales de Ciberseguridad para TodosEn este primer episodio de "El blog de n4p5t3r", nos adentramos en el mundo de la ciberseguridad a través de una selección de libros imprescindibles que exploran este fascinante tema. Descubre cómo los hackers éticos piensan y actúan, aprende sobre la manipulación psicológica en el hacking, y conoce los secretos para proteger tu privacidad en línea. No importa si eres un experto en tecnología o simplemente tienes curiosidad por estos temas, ¡hay algo para todos! Acompáñanos mientras hablamos sobre:
"Ethical Hacking: Un enfoque metodológico para profesionales...2024-06-0204 minError CodeEP 37: Solving Mysteries. Saving Lives. Just Another Day with OT Incident Response and ForensicsWhen an enterprise network goes down, you call in the Incident Response team and they do forensics. When your SCADA goes down, who do you call? Meet Lesley Carhart, technical director of incident response at Dragos, who focuses on products and services for the non standard part of cybersecurity. That means things like performing digital forensics on SCADA, industrial control systems, and critical infrastructure. There’s still some normal enterprise computing involved, but very often the stories told by practitioners are … well, just plain weird.
2024-05-2242 minError CodeEP 36: Securing SCADA Systems In The CloudThis is a story about how organizations are moving their SCADA systems to the cloud and how they need to secure them or they’ll be attacked. Chris Doman, co-founder and CTO of Cado Security discusses the new NSC guidelines on SCADA in the Cloud and whether the guidelines are prescriptive enough.
2024-05-0726 minError CodeEP 35: Outsized Kinetic Response to OT AttacksIf you knock down an email server, you could stand up a parallel server or you could find workarounds. If you knock down a factory floor, there is no real parallel, alternative to a factory floor. Dane Grace, product manager at Brinqa talks about how the risks to OT carries with it an outsized kinetic response in the real world. For example, what would happen if someone managed to put a botnet on a defibrillator?
2024-04-2339 minError CodeEP 34: Quantifying Risk in IoT and OT SystemsOne of the problems with security is ROI. If I put in next gen this and next gen that and no security events happen, am I justified in making those expenditures? How do you quantify a risk like that? Padraic O’Reilly, founder and Chief Innovation Officer at CyberSaint, walks us through the risk analysis for IoT and OT systems, and why it’s important to understand this as we secure our critical infrastructure.
2024-04-1040 minError CodeEP 33: Turning EDRs and Cloud Backups into Malicious WipersThis is the story of how a researcher turns commercial and commonly used EDRs and Cloud-based backup systems into wipers against the very data they’re designed to protect. Or Yair, security research team lead at Safe Breach, talks about his two presentations at SecTor 2023 that consider how to turn common security tools into potentially malicious weapons.
2024-03-2632 minError CodeEP 32: Using ChatGPT To Perform Side Channel Attacks On Real HardwareThere’s a lot of talk about using AI and LLM in security. For example, could ChatGPT detect the vulnerable spots for power for analysis in particular pieces of code using Advanced Encryption Standard? Witold Waligora, CEO of CloudVA, talks about his Black Hat Europe presentation, How We Taught ChatGPT-4 to Break mbedTLS AES With Side-Channel Attacks.
2024-03-1330 minError CodeEP 31: How Operation Volt Typhoon Shows That IoT & OT Devices Could Be Used In CyberwarfareYou might think that internet connected cameras would be limited in use by a bad actor. Actually such devices can be an entry point into an organization, providing yet another means of accessing the internal network. Mohammad Waqas, a field CTO at Armis, spoke at SecTor 2023 about the threat posed by IoT and OT devices in future cyberwarfare and discusses here why we need to broaden our attack surface defenses to include them.
2024-02-2843 minError CodeEP 30: Of IoT Vulnerabilities and Consumer IoT LabelsThere’s a fake news report about three million internet-enabled toothbrushes contributing to a botnet. Unfortunately the mainstream media ran with the story before questioning its basic assumptions. This is a story about IoT devices and the fact that we still don’t understand how they are vulnerable. Tom Pace, co-founder and CEO of NetRise, talks about vulnerabilities inherent in the IoT space that are often misconstrued and how we need to ask more questions about the software and the hardware being used if we want to secure critical infrastructure tomorrow.
2024-02-1443 min
Error CodeEP 29: The Rise of Smash and Grab Data ExfiltrationRansomware groups have bifurcated with some doing pure ransomware and others going straight to extortion; it's whether the data is ransomed on your network or theirs. Nick Biasini from Cisco Talos talks about the threats he’s seeing, in particular, SapphireStealer which is open source and using GitHub to crowdsource new features.
2024-01-3036 minError CodeEP 28: Why Mapping IT Security to OT Networks Doesn’t Always WorkThe Purdue Model used in OT is essentially network security from the 1990s. New threats and new tech however required us to rethink that on the network side so how do we bring that new thinking to work with legacy OT systems? John Taylor of Versa Networks explains how there's a lot of implicit trust in the IoT and OT devices themselves, yet they don't have antivirus. Or firewalls. Worse, you're basically depending on the manufacturer of that device to provide security updates if necessary, and oftentimes they don't. Perhaps it’s time for a new approach such as SA...2024-01-1742 minError CodeEP 27: Cyber Physical Security As A Shared ResponsibilityFlaws within the chips in our laptops, in our homes, and in our critical infrastructure could become the access one needs to steal data if not just shut down an assembly line, or hold up production of a vital resource like power or water. Josh Salmanson, senior vice president at Telos, discusses why we’re seeing more and more pre-compromised routers in critical environments today and what we might do to mitigate that in the near future.
2024-01-0535 minError CodeEP 26: Securing Railroad OT SystemsCan your OT function if the IT system goes down? OT self-sufficiency is critical for infrastructure such as rail systems. Christopher Warner, from GuidePoint Security, discusses how this infrastructure resilience is important not only for the rail industry but for most of the other critical infrastructures in general.
2023-12-2042 minError CodeEP 25: Crypto Agility And The End Of Diffie Hellman Key ExchangeQuantum computers will change and even break the cryptography we have today. To defeat a "Harvest Now, Decrypt Later" strategy by bad actors (even nation states), Denis Mandich, CTO and co-founder of Qrypt, is proposing a type of crypto agility that compiles the keys on your laptop instead of distributing them across the internet. He also talks about how you won’t need a quantum computer in your home; you’ll be able to access one in the cloud the way you can access AWS today.
2023-12-0638 minError CodeEP 24: Securing OT Devices In The FieldWhen we think of massive compute power, we think of the Cloud when we really should consider the millions of unprotected OT devices with even greater slack computer power than all our current Cloud services combined. Sonu Shankar, Vice President of Product at Phosphorus Cybersecurity, talks about the challenge of communicating with PLCs and other devices, the risks from newer OT devices, and how all password-less OT devices really need to be protected. He says attacks aren’t just DDoS; today OT attacks can exfiltrate data as well.
2023-10-2644 min
Zero DaysLegalTech Book Club #40: Kevin D. Mitnick con Robert Vamosi, ”L’arte dell’invisibilità” (Apogeo, 2023).
In questo episodio parliamo di hacking, di Kevin Mitnick e di come raggiungere l'invisibilità in una società che ci controlla in ogni momento.
2023-10-0107 minError CodeEP 23: Hacking WirelessThere’s much of the electromagnetic spectrum that we cannot see. Like how LED wristbands are triggered at concerts or how to identify someone at DEF CON in a crowd of cellphones and electrical devices. Eric Escobar of SecureWorks provides some really clear analogies to help anyone visualize the differences between NFC, Bluetooth, and Wi Fi such as how your router and your microwave are both 2.4GHz - the difference is the number of watts behind each signal.
2023-09-2743 minError CodeEP 22: Applying Zero Trust to OT SystemsHow might we mitigate the risk to millions of unauthenticated devices already out in the field? Ron Fabela, Field CTO at XONA Systems, has some ideas about how to achieve zero trust in either legacy or new OT systems. Really, it’s just a matter of reducing the attack surface.
2023-09-1245 minError CodeEP 21: Exploiting OPC-UA in OT EnvironmentsIn a talk at Black Hat USA 2023, Sharon Brizinov and Noam Moshe from Claroty Team82, disclosed a significant vulnerability in the Open Platform Communications Universal Architecture or OPC-UA, a univsersal protocol used to synchronize different OT devices. In this episode they also discuss a new open source OPC exploit framework designed to help OT vendors check their devices in development.
Transcript.
2023-08-1637 minError CodeEP 20: Securing Satellite Communications With Quantum CryptographyWhat would happen if someone stole the encryption keys for a major satellite? Well, it’d be game over. Unless the satellite used quantum cryptography. Skip Sanzeri from QuSecure explains how using “quantum tunnels” will allow even legacy satellites in orbit today to become secure in a rapidly approaching post-quantum world.
2023-08-0238 min
Lifewriting: Write for Your Life!A.I. and the Writer 2.0! - Guest Robert VamosiIn this episode, Steve and Tananarive expand their conversation about A.I. and writing to films and the future in general. Guest Robert Vamosi, a podcast host (The Hacker Mind), security analyst and science fiction writer, recalls his 1994 short story, "With or Without You," where he predicted a future of replacing actors digitally in filmmaking. A longtime friend of Tananarive's from college, Rob also talks about transitioning from technical writing back to fiction. Learn more about your ad choices. Visit megaphone.fm/adchoices2023-07-231h 00
The Host Unknown PodcastEpisode 161 - The Receding Hairline and Glasses EpisodeThis week in InfoSec (09:59)With content liberated from the “Today in infosec” Twitter account and further afield18th July 2011: LulzSec hacked the Sun newspaper's website, redirecting visitors to a hoax article claiming Rupert Murdoch died after ingesting palladium. Hacked Sun site greatly exaggerates Murdoch's deathhttps://twitter.com/todayininfosec/status/1681469966527213568 14th July 2000: #Wireshark was releasedWireshark Is 25: The email that started it all and the lessons learned along the way Rant of the Week (16:49)French Assembly passes bill allowing police t...2023-07-2350 minError CodeEP 19: Hack-A-Sat 4This is a story of what's needed for the Capture The Flag competition at DEF CON 31 to be hosted for the first time on a live satellite orbiting 400 kilometers above the Earth. Mike Walker continues his conversation, focusing more on the game to be played in Hack-A-Sat 4.
2023-07-0629 minError CodeEP 18: Hacking MoonlighterMoonlighter is the world’s first and only hacking sandbox in space. Currently orbiting the earth near the International Space Station, the satellite is the playground for this year’s Hack-A-Sat 4 competition at DEF CON 31. Mike Walker, from Cromulence, discusses the difference between hacking a live satellite in orbit vs the previous Hack-A-Sat CTFs which only simulated the experience. We discuss limited contact windows, latency, and other aspects of orbital mechanics which will surely influence how Hack-a-Sat 4 will be played.
2023-06-2336 minError CodeEP 17: Hacking Personal Medical DevicesCould a personal medical device be a threat for an organization? Turns out it’s similar to protecting against an attack on a mobile device. Except a denial of service here could prove fatal. Todd Brasel, the author of Security Issues of Personal Medical Devices: Concerns, Characteristics, and Controls, discusses with Error Code the research he’s done on devices either inside the body or just outside, the vulnerabilities in communications they sometimes have, and the mitigations available today.
2023-06-0740 minError CodeEP 16: Hackers At The Capital, Doing GoodJosh Corman, VP of Cyber Safety Strategy at Claroty, is a hacker who knows U.S. public policy well. Ten years ago he created a volunteer organization, I Am The Cavalry, to help educate sitting legislators on active cybersecurity issues. In this episode of Error Code, Josh talks about the recently passed PATCH ACT and how it addresses some of the issues around patching medical devices over the lifetime of the device rather than just at the time of FDA certification. He also talks about his experience working for CISA during COVID-19 and how that helped inform issues within...2023-05-2455 minError CodeEP 15: Tracking Threats (and Risks) Against OT DevicesThis is the story about researchers who monitor the threats against IoT and OT systems, and the steps being taken to mitigate them. Ishmael Valenzuela, Vice President of the threat research and Intelligence Team at BlackBerry, shares the latest insights from his company’s Cybersecurity Global Threat Intelligence Report. We talk about threats from Latin America and elsewhere, how firewalls alone won’t necessarily protect OT devices, how attackers and defenders are using AI technology, and how hospitals are seeing perhaps the most increase in threats.
2023-05-0940 minError CodeEP 14: Hacking the Power GridThere’s a lot of FUD around hacking the power grid. Most often, there’s a more common cause: Soot. Even Squirrels. Jori VanAntwerp, CEO of SynSaber. talks about the realities of the US power grid vs the myths. While there’s room to improve, there’s also a great amount of resilience already in the electrical system today.
2023-04-2740 min
Error CodeEP 13: Hacking EV Charging StationsHow the rapid proliferation of EV charging stations is already leading to attacks on the stations and the vehicles themselves, and what we should do about it. Charles Eagan, CTO of BlackBerry, talks about the rush to create these charging stations and the traditional problems with IoT – vulnerable versions of the OS, of the open source, and even some of the protocols being used. He also talks about how we can improve the security of software defined vehicles and their ecosystems.
2023-04-1245 min
Error CodeEP 12: Adding ICS and OT to the National Cybersecurity StrategyThe Biden-Harris 2023 National Cybersecurity Strategy breaks with Cold War thinking and offers a bold new approach to today’s online offense and defense. Danielle Jablanski from Nozomi Networks breaks down the ambitious new policy which includes explicit mention of ICS and OT technologies for the first time.
2023-03-2841 min
Error CodeEP 11: Window Snyder Is Building A Secure IoT and OT FrameworkWe’ve already seen botnets composed of compromised devices like routers and security cameras. So how do we secure them and our smart lightbulbs too? Window Snyder, CEO of Thistle Technologies, explains how new devices can be partitioned with failovers and then serviced with regular updates all monitored from a central dashboard. Even devices already in the field today can also be upgraded and secured in some cases.
2023-03-1537 min
Error CodeEP 10: The L0pht, According to Space RogueThis is the story of Cris Thomas aka Space Rogue, who’s written perhaps the best book about the early days of hacking, Space Rogue: How the Hackers Known as the Loft Changed The World. Unlike a journalist merely chronicling events in Boston in the 1990s from the outside, Cris was on the inside. This is not only the story of the L0pht but it's also the story of his life, so he seamlessly provides the often missing context of the time with countless asides and anecdotes woven in instead of tacked on. In this episode of Error Co...2023-03-011h 02
Error CodeEP 09: ZhadnostThis is the story of Zhadnost, of how an IoT-based botnet was conscripted into an online war in the days immediately before the kinetic Ukraine invasion. Ryan Slaney of SecurityScorecard walks us through the timeline of these attacks and the evidence of attribution he found linking it to Russia’s GRU.
2023-02-1544 min
Error CodeEP 08: A Matter Of TrustWhat if a vulnerability exists in popular ICS devices, yet the only fix is to re-issue the hardware? This is true with some embedded security flaws. Ang Cui, founder and CEO of Red Balloon Security, talks about his company’s discovery of CVE-2022-38773, which affects the secure boot process in Siemens S7 1500 PLCs, and what the mitigations for devices using that might look like.
2023-02-0146 min
Error CodeEP 07: Secure Medical IoT DevicesIoT can make patient care easier.. But how do we introduce new IoT medical devices into an ecosystem where we can’t even keep tabs on our legacy devices? Mohammad Waqas discusses conversations he’s had with hospitals about the device profiles they don’t necessarily know about – the over-the-counter glucose monitor app on an iPad that hasn’t gone through IT provisioning - and what they can do about it.
2023-01-1851 min
Error CodeEP 06: VastaamoThe Vastaamo data breach stands as one of the most heinous of internet crimes because of the 30,000 psychiatric records that were exposed and the lives it ruined. Antti Kurittu discusses his presentation at SecTor 2022, what we know thus far from the public record, and the news of the Finnish arrest warrant for the individual only previously known as “Ransomware_Man”.
2023-01-0454 min
Error CodeEP 05: Food Production As Critical InfrastructureIoT and Machine Learning can help farmers provide more food with fewer resources, so long as the devices in the field and the backend systems are secure. Seth Hardy, co-founder and CTO of Bug Mars, a precision agtech company for insect farms, discusses his SecTor 2022 presentation, drawing upon his more than 20 years of security experience in his new role in sustainable food production.
2022-12-0945 min
Error CodeEP 04: Hacking the Quantum RealmQuantum computing will make great advances in science; it will also have the ability to decrypt banking, healthcare, and other industries' stolen data. Skip Sanzeri of QuSecure explains how quantum computing is advancing rapidly, how it has the power to crack RSA 2048 and other encryption that we know take for granted today, and why his and other companies are talking about our post-quantum encryption world today. Dn3NZumn4pPpnVhpt6GH
2022-11-2252 min
Error CodeEP 03: Hacking Hardware (featuring Joe Grand)This is the history of hardware hacking and the story of Joe Grand. From testifying before Congress to creating badgelife at DEF CON, Joe has done it all. And he’s darn humble about it, too. Joe just wants to share through his classes, website, and YouTube channel all that he’s learned since his days with the L0pht, the tools he’s created, and the work he’s currently doing with Right to Repair. He just wants to make the art of hardware hacking more accessible to others.
2022-11-111h 03
Error CodeEP 02: Using Digital Twins To Hack SatellitesWhat happens now to the digital test environment built for Hack-A-Sat 3? Well, it becomes a rich testing and training environment for all on GitHub. Login Finch and Frank Pound continue sharing some of the behind-the-scenes challenges presented by hosting a Hack-A-Sat capture the flag competition, this time drilling down details behind the Digital Twins environment that needed to be built in advance of next year’s hack of an actual satellite in orbit.
2022-10-2838 min
Error CodeEP 01: Hacking SatellitesSatellites today lack basic security controls. With as little as $300, you, too, can hack into commercial satellites. So that’s an emerging IoT problem.
Frank Pound and Login Finch share in this episode their work with Hack-A-Sat. It’s a unique Capture the Flag challenge that’s never been tried before. Here’s the background story of how the project got started … and where it’s going.
2022-10-1939 min
Error CodeEP 00: Error Code (promo)Error Code is a biweekly narrative podcast that provides you both context and conversation with some of the best minds working today toward code reliance and dependability. Work that can lead to autonomous vehicles and smart cities. It's your window in the research solving tomorrow's code problems today
2022-10-1501 min
Innonic Talk PodcastMi alapján válassz kockázati tőke befektetőt? I Szeles Nóra Tőkeportál - Vámosi Róbert PinterLawHogyan válassz kockázati tőke befektetőt?
Több, mint 20 éves tőzsdei, kockázati tőkés és közösségi finanszírozásos tapasztalattal a háta mögött Szeles Nóra, a Tőkeportál vezetője fogja elmondani a tapasztalatait arról, hogyan válassz kockázati tőke befektetőt. Vámosi Robi a PinterLaw ügyvédi iroda munkatársa pedig segít neked az IT startup jogi háttér jobb megértésben. A podcastból többek között kiderül:
Milyen az egészséges alapítói - befektetői kapcsolat...2021-10-2845 min
kompot123 Krzemowe historie na papierowym ekranieChoć codziennie wchłaniamy nowe informacje buszując po Internecie, a nasz dobowy harmonogram jest zwykle szczelnie wypełniony, to staramy się znaleźć czas również na nieco bardziej klasyczną strawę – historie prezentowane na mającym dobre dwadzieścia dwa stulecia chińskim wynalazku – papierze (oraz jego ekologicznych wersjach: e-bookach i audiobookach).
Książka to naprawdę wyjątkowa rzecz. Dzięki niej nie tylko wiemy więcej, powiększamy zasób słownictwa, stymulujemy wyobraźnię czy porządkujemy wiedzę, ale też "łapiemy oddech", odcinając się od otaczającego nas świata, choć na chwilę.
Postanowiliśmy zachęcić Wa...2021-02-241h 29
SZNOBJEKTÍV SUPRA Shits | A 100 Legszarabb Magyar SlágerSZNOBJEKTÍV Supra Shits 99. Záray Márta - Vámosi János - Köszönet a boldog évekértPuzsér Róbert, Dancsó Péter2020-06-0500 min
Fuel Your Mind With The Most Binge-Worthy Full Audiobook Today!The Art of Invisibility by Kevin Mitnick, Robert Vamosi, Mikko HypponenPlease visithttps://thebookvoice.com/podcasts/2/audible/18268to listen full audiobooks.
Title: The Art of Invisibility
Author: Kevin Mitnick, Robert Vamosi, Mikko Hypponen
Narrator: Ray Porter
Format: mp3
Length: 9 hrs and 17 mins
Release date: 02-14-17
Ratings: 4.5 out of 5 stars, 4,562 ratings
Genres: Security & Encryption
Publisher's Summary:2017-02-149h 17Enjoy This Vivid Full Audiobook And Feel The Difference.The Art of Invisibility by Kevin Mitnick, Robert Vamosi, Mikko HypponenPlease visithttps://thebookvoice.com/podcasts/2/audible/16494to listen full audiobooks.
Title: The Art of Invisibility
Author: Kevin Mitnick, Robert Vamosi, Mikko Hypponen
Narrator: Ray Porter
Format: mp3
Length: 9 hrs and 17 mins
Release date: 02-14-17
Ratings: 4.5 out of 5 stars, 4,562 ratings
Genres: Content Creation & Social Media
Publisher's Summary:2017-02-149h 17Discover The Full Audiobook That Keeps Busy Professionals Hooked.The Art of Invisibility by Kevin Mitnick, Robert Vamosi, Mikko HypponenPlease visithttps://thebookvoice.com/podcasts/2/audible/16494to listen full audiobooks.
Title: The Art of Invisibility
Author: Kevin Mitnick, Robert Vamosi, Mikko Hypponen
Narrator: Ray Porter
Format: mp3
Length: 9 hrs and 17 mins
Release date: 02-14-17
Ratings: 4.5 out of 5 stars, 4,562 ratings
Genres: Content Creation & Social Media
Publisher's Summary:2017-02-149h 17Indulge In The Critically-Acclaimed Full Audiobook Now, Busy Professionals!The Art of Invisibility by Kevin Mitnick, Robert Vamosi, Mikko HypponenPlease visithttps://thebookvoice.com/podcasts/2/audible/18268to listen full audiobooks.
Title: The Art of Invisibility
Author: Kevin Mitnick, Robert Vamosi, Mikko Hypponen
Narrator: Ray Porter
Format: mp3
Length: 9 hrs and 17 mins
Release date: 02-14-17
Ratings: 4.5 out of 5 stars, 4,562 ratings
Genres: Security & Encryption
Publisher's Summary:2017-02-149h 17
Cigital » The Silver Bullet Security Podcast with Gary McGrawShow 073 – An Interview with Robert VamosiOn the 73rd episode of The Silver Bullet Security Podcast, Gary talks with Robert Vamosi, senior analyst with Mocana, freelance security reporter, and author of When Gadgets Betray Us. Gary and Robert discuss whether we’re doomed to idiocy as a species thanks to gadget dependency, why designers ignore security and privacy issues in gadget design. … Continue reading Show 073 – An Interview with Robert Vamosi
The post Show 073 – An Interview with Robert Vamosi appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.2012-04-3026 min
Journey Through The Critically-Acclaimed Full Audiobook Experience!When Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies by Robert VamosiPlease visithttps://thebookvoice.com/podcasts/1/audiobook/125013to listen full audiobooks.
Title: When Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies
Author: Robert Vamosi
Narrator: Sean Pratt
Format: Unabridged Audiobook
Length: 8 hours 47 minutes
Release date: March 29, 2011
Genres: Marketing & Advertising
Publisher's Summary:
Technology is evolving faster than we are. As our BlackBerry devices, tablets, and digital capabilities become more and more complex we understand less and less about how they work. we no longer read the instruction manual before powering on, and we demand intuitive interfaces that get us up and running right away. But how many of...2011-03-298h 47Listen to Trending Full Audiobooks in Business & Economics, Marketing & AdvertisingWhen Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies by Robert VamosiPlease visithttps://thebookvoice.com/podcasts/1/audiobook/125013to listen full audiobooks.
Title: When Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies
Author: Robert Vamosi
Narrator: Sean Pratt
Format: Unabridged Audiobook
Length: 8 hours 47 minutes
Release date: March 29, 2011
Genres: Marketing & Advertising
Publisher's Summary:
Technology is evolving faster than we are. As our BlackBerry devices, tablets, and digital capabilities become more and more complex we understand less and less about how they work. we no longer read the instruction manual before powering on, and we demand intuitive interfaces that get us up and running right away. But how many of...2011-03-298h 47
Listen to Trending Full Audiobooks in Business & Economics, Marketing & AdvertisingWhen Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies by Robert VamosiPlease visit https://thebookvoice.com/podcasts/1/audiobook/125013 to listen full audiobooks. Title: When Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies Author: Robert Vamosi Narrator: Sean Pratt Format: Unabridged Audiobook Length: 8 hours 47 minutes Release date: March 29, 2011 Genres: Marketing & Advertising Publisher's Summary: Technology is evolving faster than we are. As our BlackBerry devices, tablets, and digital capabilities become more and more complex we understand less and less about how they work. we no longer read the instruction manual before powering on, and we demand intuitive interfaces that get us up and running right away. But how many...2011-03-2903 min
Listen With Your Mind, Not Just Your Ears With Free AudiobookWhen Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies Audiobook by Robert VamosiListen to this audiobook in full for free onhttps://hotaudiobook.com/freeID: 125013
Title: When Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies
Author: Robert Vamosi
Narrator: Sean Pratt
Format: Unabridged
Length: 08:47:00
Language: English
Release date: 03-29-11
Publisher: Ascent Audio
Genres: Business & Economics, Marketing & Advertising, Business Development
Summary:
Technology is evolving faster than we are. As our BlackBerry devices, tablets, and digital capabilities become more and more complex we understand less and less about how they work. we no longer read the instruction manual before powering on, and we demand intuitive interfaces that get us up...2011-03-298h 47![DEF CON 18 [Video] Speeches from the Hacker Convention.](http://www.defcon.org/podcast/dc-18-itunes-logo-video.jpg){kind=logo}
DEF CON 18 [Video] Speeches from the Hacker Convention.Panel - Of Bytes and BulletsThis authors' panel has all the makings of a page-turning bestseller: crime lords, heroes, spies, global cartels, corporate scandals, hi-tech gizmos, betrayal, revolution, political intrigue, and midnight assassination attempts. As with all good books, it's the characters – the researchers, the criminals, and the victims – and their unique stories that will keep you riveted to your seat.Jeffrey Carr, (Principal, GreyLogic) is a cyber intelligence expert, columnist for Forbes Firewall blog, and cyber warfare author who specializes in the investigation of cyber attacks against governments and infrastructures by State and Non-State hackers. Mr. Carr regularly consults with agencies of the...2010-10-0853 min