Shows
The Threatpost PodcastInside the Hackers’ ToolkitThere is no question that companies are in the sights of would-be criminals looking to exploit them. While companies look at solutions and trainings to help keep the perimeter secure, the biggest fail point is often the employees, AKA the human element. In this Threatpost podcast, sponsored by Egress, we sit down with Jack Chapman to discuss the steps and tactics that companies can take to stay one step ahead of their adversaries. During our conversation, we discuss: Weaknesses that attackers look to exploit Evolution of toolkits Securing MFA and more
2022-08-0916 minThe Threatpost PodcastBeing prepared for adversarial attacksThere is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, , Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s FortiGuard Labs to discuss the threats facing CISOs along with more. During the course of our discussion, we dive into: What an attack on all fronts looks like The current state of the threat landscape New techniques being leve...
2022-06-0222 minThe Threatpost PodcastKilling Cloud Risk by Bulletproofing App Security: PodcastApplications are the most preferred vectors for cybercriminals. Yet no single team or process can assure the rollout of safe cloud applications. From code design to unit testing to deployment, teams and tools have to work together to detect risks early while keeping the pipeline of digital products moving. Alex Rice, CTO at HackerOne and Johnathan Hunt, VP of Security at GitLab, help development teams evolve their processes to build security directly into their workflows for smooth and safe cloud app rollouts. They dropped by the Threatpost podcast recently to share tips on De...
2022-02-1725 minThe Threatpost PodcastHow to Buy Precious Patching Time as Log4j Exploits FlyThreatpost podcast: Cybereason CTO Yonatan Striem-Amit shares details about the company's vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show having been disclosed.
2021-12-1419 min2021-11-2328 minThe Threatpost PodcastDDoS Attacks Are a Flourishing Business for Cybercrooks – PodcastImperva’s Peter Klimek visited Threatpost podcast to discuss the evolution of DDoS attacks: They started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,
2021-09-1424 minThe Threatpost PodcastWhat Ragnar Locker Got Wrong About Ransomware Negotiators – PodcastBryce Webster-Jacobsen – director of intelligence operations at digital risk protection/ransomware negotiators GroupSense – dropped by the Threatpost podcast to tell us what percentage of Ragnar Locker’s warning that victims shouldn't call the FBI/police/negotiators is a bluff and what, if anything, security teams should take seriously.
2021-09-0813 minThe Threatpost PodcastWhat’s Next for T-Mobile and Its Customers? – PodcastInteros CEO Jennifer Bisceglie drops by the Threatpost podcast to talk about avoiding the mess a T-Mobile size breach can lead to, with the damage it can do to a business's brand, reputation, customer loyalty and revenue stream.
2021-08-1916 minThe Threatpost PodcastWe COVID-Clicked on Garbage, Report Finds: Podcast n the company’s annual Human Factor 2021 report assessing how the threat landscape morphed over the past year, Proofpoint researchers scratched their heads over the reasons for so many users succumbing to malicious email attachments. Could be that threat actors jumped on our Pavlovian work-from-home security conditioning, as suggested by Proofpoint vice president and general manager of email fraud defense Rob Holmes. Check out the Threatpost podcast for his take on how the pandemic influenced the threat landscape.
2021-08-0416 minThe Threatpost PodcastIoT Piranhas Are Swarming Industrial ControlsThreat actors have been building enormous botnets using IoT devices to try to compromise the computing systems that control crucial infrastructure, such as pipelines (case in point: the DarkSide ransomware attack on Colonial Pipeline) and other utilities, preying on legacy systems that have decades-old vulnerabilities. In this Threatpost podcast, Armis CISO Curtis Simpson delves into how to fight back.
2021-07-2323 minThe Threatpost PodcastWhat's Behind the Cybercriminal Supply ChainDerek Manky Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs is joined by Threatpost podcast host Cody Hackett about the cybersecurity supply chain. What is it? How is it funded? And who are the victims and criminals within this multi-million dollar dark economy?
2021-04-2122 minThe Threatpost PodcastChinese Hackers Stole NSA-Linked Hacking Tool: ReportYaniv Balmas, the head of cyber research with Check Point Software, and Oded Vanunu, the head of products vulnerability research with Check Point Software, talk on this week's Threatpost podcast about the new discoveries around the NSA-linked exploit tools, as well as the implications of the SolarWinds supply-chain hack.
2021-02-2219 minThe Threatpost PodcastCISOs Prep For COVID-19 Exposure Notification in the WorkplaceIn this week’s Threatpost podcast, senior editor Lindsey Welch talks with Steve Moore, chief security strategist with Exabeam, about the data privacy challenges posed by impending exposure notification implementations in the workplace.
2021-01-1323 minThe Threatpost PodcastA Look Ahead at 2021: SolarWinds Fallout and Shifting CISO BudgetsThreatpost editors Tom Spring, Tara Seals and Lindsey Welch break down the top security stories to look out for in this week's first podcast of 2021 - from the SolarWinds hack to surging ransomware hospital cyberattacks.
2021-01-0821 minThe Threatpost PodcastAmnesia:33 TCP/IP Flaws Plague Millions of IoT DevicesResearchers - as well as the U.S. Cybersecurity Infrastructure Security Agency (CISA) - are warning of a set of serious vulnerabilities affecting TCP/IP stacks. The flaws impact millions of Internet-of-Things (IoT) devices and embedded systems, including smart thermometers, smart plugs and printers, Forescout researcher Daniel dos Santos said during this week's Threatpost podcast.
2020-12-0826 minThe Threatpost PodcastSponsored Podcast: Why DNS Filtering is a Top Battle Front Against Malware, PhishingPeter Lowe, security researcher with DNSFilter, talks to Cody Hackett on this week's Threatpost Podcast about how DNS filtering tactics are evolving to keep up with new cybercriminal tricks, as well as how companies can protect themselves.
2020-12-0224 min
Inside The Media MindsInside the Media Minds Episode 49 - Tara Seals - ThreatpostInside the Media Minds Episode 49 - Tara Seals - Threatpost by W2 Communications
2020-12-0127 minThe Threatpost PodcastFrom Triton to Stuxnet: Preparing for OT Incident ResponseThreatpost talks to Dragos' Lesley Carhart about the top cybersecurity challenges facing manufacturers during the pandemic.
2020-11-1124 minThe Threatpost PodcastNews Wrap Halloween Edition: Scary Election, Hospital Cyberattack StoriesThis Halloween week, Threatpost editors break down the scariest stories haunting the security space, including: A wave of ransomware attacks targeting a number of hospitals, sparking worries about healthcare security and the impact on patents during COVID-19 "Zombie" vulnerabilities - including Zerologon and SMBGhost - that continued to haunt system admins this week Election security scares, from disinformation campaigns to cyberattacks hitting election infrastructure.
2020-10-3030 minThe Threatpost PodcastNews Wrap: Zoom's End-to-End Encryption Rollout and DDoS Extortion ThreatsThe Threatpost editors break down the top security stories of the week ended Oct. 16, including: Patch Tuesday insanity, with Microsoft and Adobe releasing fixes for severe vulnerabilities - including a critical, potentially wormable remote code execution Microsoft vulnerability Barnes and Noble being hacked - and why some readers are unhappy with how the book purveyor announced the cyberattack DDoS extortion email threats hitting various companies across the globe - including Travelex Zoom finally rolling out end-to-end encryption on the video conferencing platform - and why this is different than the video conferencing application's earlier "full encryption" claims
2020-10-1521 minThe Threatpost PodcastNews Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and MoreThreatpost editors Lindsey O'Donnell-Welch and Tara Seals discuss the top security news stories of the week ended Aug. 21, including: IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney's office after a 2019 lawsuit alleged that the app was deceiving its users in how it was using their geolocation data. A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services (AWS) cloud and collecting credentials. Researchers are urging connected-device manufacturers to ensure they have applied patches addressing a flaw in a module used by m...
2020-08-2113 minThe Threatpost PodcastActive 'Duri' Campaign Utilizes HTML Smuggling to Cloak MalwareResearchers are warning of an active campaign that utilized HTML smuggling to deliver malware, effectively bypassing various network security solutions, including sandboxes, legacy proxies and firewalls. Because HTML smuggling is not necessarily a novel technique - it's been used by attackers for awhile - this campaign shows that bad actors continue to rely on older attack methods that are working. Learn more about this latest attack and how attackers are raising the bar during this week's Threatpost podcast.
2020-08-1818 minThe Threatpost PodcastBlack Hat 2020 Preview: Election Security, COVID Disinformation and MoreDespite the coronavirus pandemic pushing the Black Hat USA 2020 conference onto a virtual platform for the first time ever, you can expect the same hot security research and threat intel, high-profile speakers, and vulnerability research being disclosed. Threatpost editors Tom Spring, Tara Seals and Lindsey O'Donnell-Welch break down the top sessions, keynotes, speakers and themes to look out for in this week's podcast.
2020-07-3016 minThe Threatpost PodcastNews Wrap: Twitter Hack, Apple Vulnerability Disclosure Restrictions Under FireIn this week's Threatpost news wrap podcast, editors Tara Seals and Lindsey O'Donnell-Welch break down the top security news stories, including: Hackers accessed direct messages (DMs) for 36 of the 130 high-profile users whose accounts were hacked in an unprecedented account breach last week, Twitter confirmed Wednesday. Privacy commissioners worldwide urged video conferencing systems like Microsoft, Cisco and Zoom to adopt end-to-end encryption, two-factor authentication and other security measures. Apple's Security Research Device program is now open to select researchers – but some are irked by the program's vulnerability disclosure restrictions.
2020-07-2417 minThe Threatpost PodcastSponsored Podcast: Security Dangers in Rail SystemsJesus Molina, with Waterfall Security, talks to Threatpost host Cody Hackett about the risks that rail operators are facing - from the security issues in railways to the trains themselves - and how railways can stay up-to-date on the best cybersecurity measures by adopting unidirectional gateways and separating enterprise and operational networks.
2020-07-0723 minThe Threatpost PodcastAWS Facial Recognition Platform Misidentified Over 100 Politicians As CriminalsAfter months of public concerns surrounding facial recognition's implications for data privacy, surveillance and racial bias, tech companies and governments alike are putting stoppers down on the technology until adequate regulation is proposed. Threatpost talks to Paul Bischoff, consumer privacy expert with Comparitech, about recent research showcasing flaws in the accuracy of Amazon's facial recognition platform - and why concerns around racial bias and data privacy aren't going away anytime soon.
2020-06-2918 minThe Threatpost PodcastNews Wrap: Malicious Chrome Extensions Removed, CIA 'Woefully Lax' Security Policies BashedFor the week ended June 19, Threatpost editors Lindsey O'Donnell Welch, Tom Spring and Tara Seals break down the top cybersecurity stories. This week's top news stories include: Google removing 106 Chrome browser extensions from its Chrome Web Store in response to a report that they were being used to siphon sensitive user data. An internal investigation into the 2016 CIA breach condemning the agency's security measures, saying it "focused more on building up cyber tools than keeping them secure." How the insider threat landscape is changing due to work from home - a topic that Threatpost will continue to discuss...
2020-06-1920 minThe Threatpost PodcastWould You Use A Contact-Tracing Coronavirus App?As a world afflicted by the coronavirus pandemic begins to re-open restaurants, retail stores and more, public health officials remain concerned about the spread of the virus. Technology for contact-tracing apps, intended to help citizens track whether they were exposed to someone who has tested positive for the virus, have been created by countries, U.S. states (like Utah) and by tech giants like Apple and Google. But behind the public health benefits of contact tracing are privacy worries, technology issues like interoperability, and other challenges. Threatpost discusses the benefits - and the challenges - of contact tr...
2020-06-1120 minThe Threatpost PodcastNews Wrap: Fake Minneapolis Police Breach, Zoom End-To-End Encryption DebateThreatpost editors Lindsey O'Donnell-Welch and Tara Seals discuss the top security news stories of the week, including: Reports emerged earlier this week that the Minneapolis police department had been breached by hacktivist group Anonymous. Security expert Troy Hunt debunked the reports, however. Zoom sparked debate after announcing that it would offer end-to-end encryption to paying users only - explaining that it couldn't offer it to everyone as it needs to work with law enforcement to crack down on platform abuse.
2020-06-0516 minThe Threatpost PodcastSponsored Podcast: Why Identity Access Management is the New PerimeterWith the proliferation of cloud in enterprise environments, identity today is very different than how it used to be. Threatpost host Cody Hackett talks to Brian Johnson, CEO and co-founder of DivvyCloud, about how identity access management (IAM) is rapidly changing - and how businesses can keep up.
2020-06-0218 minThe Threatpost PodcastNews Wrap: New Ransomware Extortion Tactics, Contact-Tracing App Security WorriesThreatpost editors discuss the top news stories of the week ended May 15, including: Recent ransomware attacks, including ones targeting healthcare giant Magellan, the IT office that supports Texas appellate courts and judicial agencies, and a popular law firm that works with several A-list celebrities, including Lady Gaga, Drake and Madonna. "Double extortion" methods being increasingly used by ransomware actors - and new research that found paying a ransom to unlock systems can actually cost companies more financially than recovering data themselves in the long run. The state of Utah announcing it has settled on a contact-tracing mobile app th...
2020-05-1519 minThe Threatpost PodcastSponsored Podcast: Shifting Left With Infrastructure-as-CodeCompanies are increasingly dealing with a slew of security and compliance issues across cloud services and containers – from AWS to Azure to GCP. Infrastructure as Code (IaC) security capabilities can help companies "shift left" to improve developer productivity, avoid misconfigurations and prevent policy violations. Threatpost host Cody Hackett talks to Chris Hertz, vice president of cloud security sales at DivvyCloud by Rapid7, about the top trends he's seeing around cloud security and how IaC is helping companies handle security and compliancy.
2020-05-0819 minThe Threatpost PodcastNews Wrap: Microsoft Sway Phish, Malicious GIF and Spyware AttacksThreatpost editors Tom Spring, Tara Seals and Lindsey O'Donnell-Welch talk about the biggest news stories of the week ended May 1, including: A "PhantomLance" espionage campaign discovered targeting specific Android victims, mainly in Southeast Asia — which could be the work of the OceanLotus APT. A highly targeted phishing campaign, uncovered this week, with a Microsoft file platform twist, that successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019. A Microsoft vulnerability found in Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems an...
2020-05-0120 minThe Threatpost PodcastTroves of Zoom Credentials Shared on Hacker ForumsThousands of recycled Zoom credentials have been unearthed on underground forums as cybercriminals tap into remote workers. In this week's podcast, Threatpost does a deep dive into how these credentials are being collected, shared and used.
2020-04-2819 minThe Threatpost PodcastNews Wrap: Nintendo Account Hacks, Apple Zero Days, NFL SecurityFor the week ended April 24, Threatpost editors discuss a bevy of recent cybersecurity news stories, including: Apple zero days were disclosed in the iPhone iOS; researchers say they have been exploited for years, but Apple has pushed back and said there's no evidence to support such activity Nintendo confirming that over 160,000 accounts have been hacked, due to attackers abusing a legacy login system With the NFL's virtual draft kicking off this week, security researchers and teams have been sounding off on security issues leading to data theft or denial of service attacks
2020-04-2422 minThe Threatpost PodcastWork From Home Networks Plagued By Malware, Exposed ServicesIn this week's Threatpost Podcast, Threatpost talks to Dan Dahlberg, director of security research at BitSight, about new research that found that work from home remote office networks are 3.5 times more likely than corporate networks to have a malware infection present.
2020-04-1427 minThe Threatpost PodcastBypassing Fingerprint Scanners With 3D PrintingResearchers with Cisco Talos created threat models outlining how fingerprint scanners could be bypassed utilizing 3D printing technology, and tested them on various mobile devices (including the iPhone 8 and Samsung S10), laptops (including the Samsung Note 9, Lenovo Yoga and HP Pavilion X360) and smart devices (a smart padlock and two USB encrypted pen drives). Craig Williams, director of Cisco Talos Outreach, walks through the results on the Threatpost podcast.
2020-04-0808 minThe Threatpost PodcastNews Wrap: Coronavirus Scams, Work From Home Security Woes, Pwn2OwnFor the week ended March 20, Threatpost editors break down the top security stories, including: The various cybercriminal activity - from malware, phishing and other scams - tapping into the coronavirus pandemic The security risks of businesses working from home due to the virus' spread Privacy concerns as more governments use facial recognition and mobile apps for tracking the virus The results of Pwn2Own, which took place this week
2020-03-2012 minThe Threatpost PodcastIoT Device Security: The Good, The Bad and The UglyA recent 2020 IoT report found that more than half of IoT devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers. Threatpost talks to Ryan Olson, vice president of Threat Intelligence for Unit 42 at Palo Alto Networks, and May Wang, senior distinguished engineer at Palo Alto Networks and former Zingbox CTO, about the top IoT threats.
2020-03-1125 minThe Threatpost PodcastRSA Conference 2020 PreviewThe RSA 2020 conference kicks off next week in San Francisco, this year with a theme looking at the "human element" of cybersecurity. As they prepare to cover the show, Threatpost editors Lindsey O'Donnell-Welch, Tom Spring and Tara Seals break down the biggest news, stories and trends that they expect to hear about at RSA 2020 this year - from trends in the industrial cybersecurity landscape, to connected medical device security issues that will be flagged.
2020-02-2119 minThe Threatpost PodcastNews Wrap: Valentine's Day Scams and Emotet's Wi-Fi HackThreatpost editors Tara Seals and Lindsey O'Donnell-Welch break down the top stories for this week, ended Feb. 14, including: Recent phishing scams - including ones with a romance hook - continue to trick victims, showing that phishing tactics still work in stealing millions from individuals, corporations, and even government agencies. Emotet has a newly discovered feature that hacks nearby Wi-Fi networks, allowing the prolific malware to spread rapidly, like a worm. The operators behind the Robbinhood ransomware are using a new tactic called "bring your own bug," which researchers think will continue in future campaigns. Patch Tuesday craziness this...
2020-02-1422 minThe Threatpost PodcastKatie Moussouris: The Bug Bounty Conflict of InterestBug bounty programs continue to increase in popularity – but that popularity has its downsides. Since the launch of the Hack the Pentagon program in 2016, bug bounty programs have quickly grown in popularity. However, as more programs are created, some companies are forgetting the real reason behind bug bounties. That is, instead of making their systems more secure, companies want to merely hunt bugs. Threatpost talked to Katie Moussouris, founder and CEO of Luta Security, to hear more about her thoughts about the challenges in developing – and launching – bug bounty programs.
2020-02-1225 minThe Threatpost PodcastCritical Cisco ‘CDPwn’ Flaws Break Network SegmentationResearchers on Wednesday disclosed five critical vulnerabilities in Cisco Discovery Protocol (CDP), the Cisco Proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment. Threatpost talked to Ben Seri, VP of Research at Armis, who discovered the flaws, about the CDPwn flaws, their impact, and why Layer 2 protocols are an under-researched area. Researchers say that the vulnerabilities, which they collectively dub CDPwn, can allow attackers to remotely take over millions of devices. The flaws specifically exist in the parsing of CDP packets, in the protocol implementation for various Cisco products, from its...
2020-02-0524 minThe Threatpost PodcastWhatsApp Hacks Point to Sophisticated Mobile Cyberattacks Oded Vanunu, head of products vulnerability research at Check Point research, has seen his share of WhatsApp vulnerabilities – the researcher at Black Hat 2019 demoed several flaws in the messaging platform could be used to manipulate chats, for instance. However, Vanunu told Threatpost at CPX 360, Check Point's annual security conference that takes place this week, WhatsApp is a prime example of how mobile devices are increasingly becoming targeted by nation state actors, in stark contrast to previous, less serious threats mobile devices have faced like adware.
2020-01-3013 minThe Threatpost PodcastVivin Nets Thousands of Dollars Using Cryptomining MalwareThreatpost talks to Nick Biasini, a threat researcher at Cisco Talos, about a recently-uncovered threat actor, dubbed Vivin, has made thousands of U.S. dollars through a large-scale cryptomining campaign.
2020-01-2214 minThe Threatpost PodcastNews Wrap: PoC Exploit Controversy, Cable Haunt & Joker MalwareThis week's news wrap podcast breaks down the biggest Threatpost security stories of the week, including: Various proof-of-concept exploits being released for serious vulnerabilities this week - including for the recently-patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft. Multiple cable modems used by ISPs to provide broadband into homes have a critical vulnerability in their underlying reference architecture, dubbed "Cable Haunt," that would allow an attacker full remote control of the device. Google's continual battle against attackers who are infiltrating Google Play with Android apps (more than 17,000 apps to date) distributing the Joker ma...
2020-01-1725 minThe Threatpost PodcastNSA Detects Major Microsoft Windows Flaw: What It MeansA major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency (NSA). Microsoft's January Patch Tuesday security bulletin disclosed the "important"-severity vulnerability, which could allow an attacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source. Threatpost talked to Pratik Savla, senior security engineer at Venafi, about the vulnerability, whether the hype around the flaw was warranted, and what the disclosure means for...
2020-01-1515 minThe Threatpost PodcastCCPA's Biggest Challenge: Where's The Data?The California Consumer Privacy Act is being touted as one of the strongest privacy regulations in the U.S. enacted so far. However, though the CCPA was adopted on January 1, 2020, the act still has several loose ends and privacy loopholes that need to be fleshed out. At a high level ,the CCPA mandates strict requirements for companies to notify users about how their user data will be used and monetized along with giving them straightforward tools for opting out. However, one of the bigger challenges with the CCPA is the question of tracking the location of that use...
2020-01-0919 minThe Threatpost PodcastThe Roadblocks and Opportunities For Women in CybersecurityIn 2019, diversity in the cybersecurity was thrust to the forefront with recognition from both vendors and experts. The tech industry is facing challenges around diversity in general, but women are particularly underrepresented. And with an estimated 3.5 million jobs are expected to remain unfilledby 2021, infosec is certainly a lucrative space for women. Threatpost sat down with Jessica LaBouve, a pen tester with A-LIGN, to discuss the personal challenges she's faced in the cybersecurity industry and the opportunities in the space that she sees for improvement.
2019-12-2712 min
The Threatpost PodcastThe Threatpost Podcast: 93 Percent of Enterprises Harbor Cloud Security ConcernsWith the increasing popularity of Bring Your Own Device (BYOD) policies and public cloud offerings, enterprises are moving from on-premises applications to cloud apps - but they still lack faith in cloud security. A new July Bitglass study found that 67 percent of respondents believe cloud apps are as secure or more secure than on-premises apps— a significantly higher statistic than the 40 percent recorded in 2015. Despite this, 93 percent of respondents are at least moderately concerned about the security of the cloud. "So you have this kind of seeming contradiction where people say, yes, it's just as secur...
2019-07-2916 min
The Threatpost PodcastThe Threatpost Podcast: Amazon Alexa, Google Home On Collision Course With RegulationVoice assistants are growing rapidly in popularity -- but at the same time, the privacy concerns and security issues with popular home assistant devices like Amazon Echo and Google Home are also peaking. Earlier in July, Amazon came under fireafter acknowledging that it retains the voice recordings and transcripts of customers' interactions with its Alexa voice assistant indefinitely - raising questions about how long companies should be able to save highly-personal data collected from voice assistant devices. Amazon continues to find itself in hot water regarding privacy policies around its Echo devices. In April, Amazon c...
2019-07-2218 min
The Threatpost PodcastThe Threatpost Podcast: What the Next Generation of Bug Bounty Looks LikeThreatpost talks to Bugcrowd chief security officer David Baker about the challenges, trends and future of bug bounty programs.
2019-07-1013 min
The Threatpost PodcastThe Threatpost Podcast: Thousands of IoT Devices Bricked By Silex MalwareA 14-year-old hacker used a new strain of malware this week to brick up to 4,000 insecure Internet of Things (IoT) devices - before abruptly shutting down. The malware, dubbed Silex, was first discovered by Larry Cashdollar, senior Security Intelligence Response engineer at Akamai, on his honeypot. Threatpost discusses the new malware with Cashdollar - and what malware strains like this one and BrickerBot mean for the insecure IoT device landscape.
2019-06-2715 min
The Threatpost PodcastThe Threatpost Podcast: It's Time to Throw Out Insecure IoT DevicesWhat can be done with 2 million connected security cameras, baby monitors and more that are vulnerable to serious flaws - but don't have a patch? Security researcher Paul Marrapese, whodisclosed the flaws in April and has yet to hear back from any impacted vendors, recommends that consumers throw them in the trash. "I 100 percent suggest that people throw them out," he told Threatpost in a podcast interview. "I really, I don't think that there's going to be any patch for this. The issues are very, very hard to fix, in part because, once a device...
2019-06-1817 min
The Threatpost PodcastThe Threatpost Podcast: Behind-the-Scenes Look at Scattered Canary BEC CybergangAt Infosecurity Europe, Threatpost caught up with Agari researchers to discuss their threat research unveiled at the show about a newly-unveiled business email compromise (BEC) cybergang. The cybercriminal group, which researchers called Scattered Canary, has been evolving for over 10 years - starting from a "one man shop" launching Craigslist and romance scams, to a high-level, sophisticated BEC group with dozens of employees targeting enterprises. Threatpost talks to Ronnie Tokazowski, senior threat researcher at Agari, and Crane Hassold, Senior Director of threat Research at Agari, about the threat research and BEC scams in general.
2019-06-0524 min
The Threatpost PodcastThe Threatpost Podcast: Nansh0u Cryptojacking Campaign Infects 50K ServersAt Infosecurity Europe, which kicks off Tuesday in London, UK, Threatpost gets a behind-the-scenes look at the Nansh0u campaign, a cryptojacking campaign that has infected 50,000 servers with malware that mines an open source cryptocurrency called TurtleCoin. Dave Klein, senior director of engineering architecture with Guardicore, discusses cryptojacking and other trends he's looking out for at the show.
2019-06-0318 min
The Threatpost PodcastThe Threatpost Podcast: The Challenges Behind 5G SecurityThreatpost talks to Nils Ahrlich, head of end-to-end security solutions at Nokia, at the GSMA Mobile 360 Security for 5G conference last week in the Netherlands. When it comes to 5G there are a slew of use cases being utilized at the bleeding edge - from smart factories to IoT - but these are also opening up security risks.
2019-06-0316 min
The Threatpost PodcastThe Threatpost Podcast: Enterprise Security Risks of 5GDuring the GSMA Mobile360 conference on 5G security, Threatpost editor Tara Seals talks to Patrick Donegan, founder and principle analyst at HardenStance, about the enterprise risks involved in 5G.
2019-05-3113 min
The Threatpost PodcastThe Threatpost Podcast: '5G is Coming,' What Does it Mean For Security?With the advent of 5G, the tech community is bracing itself for new applications like self-driving cars and IoT. But what does that mean for the security landscape? At the GSMA Mobile 360 Conference, Threatpost editor Tara Seals talks to Fred Streefland, CISO for the Benelux and Nothern East Europe region at Palo Alto Networks, about the security challenges - and opportunities - that 5G is presenting.
2019-05-2917 min
The Threatpost PodcastThe Threatpost Podcast: What is the Future of IoT Security?What is the future of IoT security? Will consumers continue to face insecure technology, disturbing privacy concerns, and DDoS attacks? Or will the efforts of consortiums, legislations and industry pressure help set connected device security straight? Threatpost sits down with Jason Soroco with Sectigo, the Chief Technology Officer of IoT, to get his opinion.
2019-05-0318 min
The Threatpost PodcastThe Threatpost Podcast: Spotting Social Media Influence Campaigns at SAS 2019Threatpost editor Tara Seals sits down with Staffan Truvé, the co-founder and CTO of Recorded Future, at the Security Analyst Summit in Singapore this week. Truvé discussed the rise of influence campaigns on social media, and one campaign in particular that researchers have recently spotted that has focused not on fake news, but on old news that aims to influence victims.
2019-04-1110 min
The Threatpost PodcastThe Threatpost Podcast: Discussing Supply Chain Security Woes at SAS 2019At the Security Analyst Summit this year in Singapore, Threatpost editor Tara Seals catches up with Joe FitzPatrick, researcher with Securing Hardware, who led a session during the conference about "A Measured Response to a Grain of Rice: An Implant in the Shell" After a 2019 Bloomberg report alleged that a spy chip was implanted on Supermicro servers and eventually made it into the supply chain of several high-profile cloud vendors, supply chain was thrown to the forefront. (The report was strongly refuted by Supermicro, Amazon and Apple). FitzPatrick talks about what stood out to him abo...
2019-04-1010 min
The Threatpost PodcastThe Threatpost Podcast: Chris Vickery on Publicly-Exposed Facebook RecordsChris Vickery, the Director of Cyber Risk Research at UpGuard, joined the Threatpost Podcast to discuss this week's report that hundreds of millions of Facebook records were publicly exposed on the internet.
2019-04-0517 min
The Threatpost PodcastThe Threatpost Podcast: The Norsk Hydro Cyberattack and Manufacturing SecurityNorway-based Norsk Hydro announced on Tuesday morning it was victim to a serious ransomware attack, which has forced the global aluminum producer to shut down or isolate several plants and send several more into manual mode, the company said on Tuesday morning. Threatpost talked to Phil Neray, the VP of Industrial Cybersecurity at CyberX, about how manufacturing firms can avoid a similar cyberattack that Norsk Hydro has undergone.
2019-03-1922 min
The Threatpost PodcastThe Threatpost Podcast: RSA Conference 2019 RecapThe Threatpost team touches base at the RSA Conference this year in San Francisco to discuss breaking news from the show and their favorite topics and trends that they saw.
2019-03-0713 min
The Threatpost PodcastThe Threatpost Podcast: Tom Kellermann on Top Financial ThreatsLindsey O'Donnell with Threatpost talked to Tom Kellermann, Chief Cybersecurity Officer at Carbon Black. Carbon Black at RSA this year unveiled a new report outlining the top attacks that financial firms are facing. According to the report, 67 percent of surveyed financial institutions have reported an increase in cyberattacks over the past 12 months. Kellermann discusses the report's findings and key takeaways.
2019-03-0617 min
The Threatpost PodcastThreatpost Podcast: Picking Apart Foreshadow at RSACDuring the RSA conference this week, Lindsey O'Donnell with Threatpost talks to Raoul Strackx, post-doctoral researcher and KU Leuven. Strackx was one of the researchers who discovered the Foreshadow vulnerability in CPUs in August. He discusses the vulnerability and why speculative execution attacks will only get worse.
2019-03-0513 min
The Threatpost PodcastThe Threatpost Podcast: RSA 2019 PreviewThe Threatpost team breaks down the biggest news, stories and trends they expect to hear about at RSA 2019 this year, which takes place next week in San Francisco.
2019-03-0118 min
The Threatpost PodcastThe Threatpost Podcast: Interview With Snowden's Attorney (Part Two)Human rights lawyer Robert Tibbo represented former N.S.A. contractor-turned-whistleblower Edward Snowden when he fled the United States to Hong Kong in 2013. Less publicized has been Tibbo’s work representing several families from the Hong Kong refugee community that welcomed Snowden into their homes – where he avoided unwanted attention. Threatpost caught up with Tibbo last week in Leipzig, Germany where he spoke at the Chaos Communication Congress about the so-called “Snowden Refugees.”
2019-01-0724 min
The Threatpost PodcastThe Threatpost Podcast: The Biggest Cybersecurity Trends in 2019Threatpost talked to Leigh-Anne Galloway, the cybersecurity resilience lead of Positive Technologies, about what she sees as the top cyber trends, threats and topics in 2019. From data breaches to threat actors, listen to hear more of Galloway's predictions.
2019-01-0719 min
The Threatpost PodcastThreatpost Podcast: Interview With Snowden’s Attorney (Part One)Threatpost's Tom Spring sits down with Robert Tibbo, lawyer for Edward Snowden and the refugee families who hid Snowden. The refugee families located in Hong Kong that helped shelter Edward Snowden in 2013 - known as the "Snowden refugees" - are under crushing pressure to cooperate with local authorities or face deportation to their countries of origin, where they face an uncertain fate.
2019-01-0224 min
The Threatpost PodcastThe Threatpost Podcast: Breaking Down the Magecart Threat (Part Two)Threatpost editor Lindsey O’Donnell talks to RiskIQ's threat researcher, Yonathan Klijnsma, about the varying groups under the Magecart umbrella, and the differing characteristics, targets and techniques of these growing number of groups.
2018-11-3025 min
The Threatpost PodcastThe Threatpost Podcast: Jeep Hack Lawyer on Looming “Tidal Wave of IoT Lawsuits”When it comes to IoT security, legal action is "a matter of when not if." That's according to Ijay Palansky, an attorney in Armstrong Teasdale's Litigation practice group, represented plaintiffs and class members who alleged in the infamous 2015 Jeep hacking class-action lawsuit that the 3G “infotainment” center in those cars were vulnerable to hacking. Threatpost talked to Palansky about impending IoT legal issues and what to expect.
2018-11-1316 min
The Threatpost PodcastThreatpost News Wrap for Nov. 9The Threatpost editors break down this week's biggest news.
2018-11-0919 min
The Threatpost PodcastThe Threatpost Podcast: Troy Hunt on Best (and Worst) Password PracticesThreatpost's Lindsey O'Donnell speaks with Troy Hunt, a web security expert and the owner of Have I Been Pwned (HIBP). Hunt talks about HIBP's partnership with Mozilla Firefox and Cloudflare; trends he's seeing with data breaches; and how the view of responsibilities behind strong passwords is changing.
2018-11-0822 min
The Threatpost PodcastThe Threatpost Podcast: Post-Hurricane Utility Ransomware AttackA “critical water utility” has been victim of a ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a “sophisticated ransomware attack… has left the utility with limited computer capabilities.” While customer data was not compromised as part of the attack, the lack of computing ability will impact the timeliness of service from ONWASA “for several weeks to come.” Threatpost's Lindsey O'Donnell talks to Katherine Gronberg, who heads government affairs at ForeScout, about...
2018-10-1716 min
The Threatpost PodcastThreatpost News Wrap For October 12From Google's privacy snafu to a sneaky new fake Adobe Flash updater, Threatpost's Lindsey O'Donnell and Tara Seals break down the biggest news from the week ended Oct. 12.
2018-10-1222 min
The Threatpost PodcastThreatpost News Wrap For October 5Threatpost's Lindsey O'Donnell and Tom Spring discuss this week's biggest news - including a breakthrough Bloomberg report that China infiltrated Supermicro motherboards, as well as a report that said that 83 percent of home and office router brands have vulnerabilities.
2018-10-0529 min
The Threatpost PodcastThe Threatpost Podcast: IoT Devices Still Open to BlueBorne AttackA year later, almost 2 billion IoT devices are still vulnerable to the BlueBorne attack. Armis' VP of Product Joe Lea discusses with Threatpost.
2018-09-2120 min
The Threatpost PodcastThreatpost News Wrap For September 7Threatpost editors Lindsey O'Donnell and Tom Spring break down the biggest news from the week ending September 7.
2018-09-0720 min
The Threatpost PodcastThreatpost News Wrap Podcast For August 31The Threatpost team talks about the biggest news from this past week, including a Windows zero-day flaw outed on Twitter, Yahoo's email ad-targeting privacy snafu, and crashing mobile apps that leak private data.
2018-08-3127 min
The Threatpost PodcastThe Threatpost Podcast: Securing Data in the CloudThreatpost talks to Scott Ellis with Google Cloud about issues around securing data in the cloud and accidental exposure.
2018-08-2916 min
The Threatpost PodcastThe Threatpost Podcast: Troy Mursch on Cryptojacking CampaignsSecurity researcher Troy Mursch, of the Bad Packets Report, comes onto the Threatpost Podcast to discuss recent cryptojacking campaigns and why these types of malicious cryptomining attacks are on the rise.
2018-08-2215 min
The Threatpost PodcastThe Threatpost Podcast: Bugcrowd Founder on Profitable Bounty ProgramsBugcrowd has had a busy summer. Recently, the bug bounty company partnered with HP to launch the first-ever bug bounty program for printers, with rewards of up to $10,000 for discovered vulnerabilities. Bugcrowd also recently announced Disclose.io, an open-sourced project to standardize best practices for providing a safe harbor for security researchers within bug bounty and vulnerability disclosure programs (VDPs). Threatpost talked to Casey Ellis, Bugcrowd founder and CTO, about big trends in bug bounty programs.
2018-08-1525 min
The Threatpost PodcastThe Threatpost Podcast: Black Hat USA and DEF CON WrapLas Vegas was filled with researchers, executives, and hackers last week for the Black Hat USA and DEF CON 2018 conferences. Among the most interesting topics at the shows included IoTand connected cars, election votinghacks, and a flurry of other news topics and sessions outlining the newest threats, vulnerabilities, and cybersecurity best practices. Threatpost's Lindsey O'Donnell and Tara Seals talk about their favorite parts of the show.
2018-08-1316 min
The Threatpost PodcastThe Threatpost Podcast: enSilo CEO Talks Biggest Black Hat TrendsThreatpost's Lindsey O'Donnell talks to enSilo CEO Roy Katmor about Black Hat trends to watch out for - from firmware attacks to connected car security.
2018-08-0820 min
The Threatpost PodcastThe Threatpost Podcast: Black Hat USA 2018 PreviewThreatpost editors Tom Spring, Lindsey O'Donnell and Tara Seals preview Black Hat USA and DEF CON 2018, which both kick off in Las Vegas this week.
2018-08-0615 min
The Threatpost PodcastThe Threatpost Podcast: Breaking Down the COSCO Ransomware AttackThreatpost talks to Matt Tyrer with Commvault about the recent COSCO ransomware attack. Tyrer discusses the biggest lessons learned from the incident, COSCO's response, and best practices in preventing ransomware attacks.
2018-08-0219 min
The Threatpost PodcastThe Threatpost Podcast: Bitcoin Mining on OT NetworksOn this week's Threatpost Podcast show, we sit down with Ronen Rabinovich from Cyberbit to discuss bitcoin mining on operational technology and critical infrastructure networks.
2018-07-3118 min
The Threatpost PodcastThreatpost News Wrap for July 27Threatpost's Tom Spring and Lindsey O'Donnell sit down to discuss the biggest news of the week - including COSCO being hit by a ransomware attack, Adobe Flash being discussed by the U.S. government, and more Facebook drama.
2018-07-2719 min
The Threatpost PodcastThe Threatpost Podcast: How to Secure Industrial Control SystemsThreatpost's Lindsey O'Donnell talks to PAS CEO Eddie Habibi about the cybersecurity risks that large manufacturing companies face today - especially with the emergence of industrial IoT.
2018-07-2521 min
The Threatpost PodcastThe Threatpost Podcast: The Future of Bug Bounty ProgramsOn this week's episode of The Threatpost Podcast, editor Lindsey O'Donnell sits down with Marten Mickos, the CEO of popular bug bounty program platform HackerOne. Mickos sounds off on the opportunities - and growing pains - of bug bounty programs.
2018-06-2719 min
The Threatpost PodcastThreatpost News Wrap Podcast for June 8Threatpost editors Tom Spring, Tara Seals and Lindsey O’Donnell discuss the week’s information security news, including a slew of IoT device privacy incidents, a critical Adobe Flash vulnerability, and scary new data on the breadth and impact of the VPNFilter malware.
2018-06-0822 min
The Threatpost PodcastThreatpost News Wrap Podcast for May 18Threatpost editors Tom Spring, Tara Seals and Lindsey O'Donnell discuss the week’s information security news, including some interesting new malware, a Linux patch that made waves, social engineering gambits and a major banking theft from the second-largest economy in Latin America.
2018-05-1826 min
The Threatpost PodcastThreatpost RSA Conference 2018 PreviewThe 2018 RSA Conference kicks off this week in San Francisco. The massive security conference draws more than 50,000 attendees from around the world eager to learn more about the latest threats, vulnerabilities, and security products and tools. This year's conference has more than 650 exhibitors and 550 sessions covering everything from cryptocurrency to the Internet of Things. Threatpost's Tom Spring and Lindsey O'Donnell, who will be covering the conference, talk about what they are most excited for.
2018-04-1713 min
The Threatpost PodcastThe First Threatpost Alumni PodcastWith Mike Mimoso leaving Threatpost, it was high time to get many of the people responsible for the site's success throughout the years together for a podcast. Founding editors Ryan Naraine and Dennis Fisher along with Mike, Chris Brook, Brian Donohue and Christen Gentile are aboard for a memorable all-smiles podcast.
2017-11-1737 minThe Threatpost PodcastThreatpost News Wrap Podcast Nov. 10Threatpost editors Mike Mimoso and Tom Spring discuss this week's information security news, including Chris Valasek and Charlie Miller's IoT security keynote in Boston, a phony WhatsApp download removed from Google Play, the recent rash of Amazon S3 data leaks and a recent Tor vulnerability.
2017-11-1027 minThe Threatpost PodcastThreatpost News Wrap Podcast Nov. 3Threatpost editors Mike Mimoso and Tom Spring discuss the week's top information security news stories, including Google's decision to drop HTTP Public Key Pinning in Chrome, a vulnerability in Google's Issue Tracker, Mozilla's decision to ban Canvas Fingerprinting, and a HTTPS issue with ShopCity.com
2017-11-0323 minThe Threatpost PodcastThreatpost News Wrap for Oct. 20, 2017Threatpost editors Mike Mimoso and Tom Spring talk about the week's news in information and computer security starting with the ROCA factorization vulnerability affecting RSA cryptography, the KRACK Wi-Fi vulnerability, the BoundHook attacks and Google's announcement of Google Advanced Protection for Gmail.
2017-10-2030 minThe Threatpost PodcastChris Brook on Threatpost and SecurityThreatpost Editor Mike Mimoso talks to Staff Writer Chris Brook who is leaving Threatpost after eight years. Chris talks about the early days of the site and how security has evolved right along with it.
2017-10-1322 min