Defensive Security Podcast

Defensive Security Podcast Episode 315

Podcast: Play in new window | Download | Embed

Subscribe: RSS

If you’re in Atlanta on August 20, you can join us for a LIVE episode at Mission 25. Register here: MCS Mission: Security’25

Our new merch store is live(ish): DefSec Store – We’ll be adding more items as time goes on. This is managed through Printify, which has a quite expansive range of products to logo up.

Also, some of you may know that Jerry is into photography and contemplating creating a calendar with images he’s taken. Let us know if that sounds interesting. Possible themes are: beach sunsets, flowers, or jet fighters, because that’s about all he’s good at taking pictures of.

On to the show. Here are the links for this week’s episode:

Defensive Security Podcast Episode 314.5

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Episode 315 is available for our patreon donors and will be posted for everyone else on Monday, July 28. Going forward, episodes will be released to our patreon donors shortly after recording and will be released to everyone else a week later. If you want to become a patreon donor, you can do so here: https://www.patreon.com/defensivesec

Also, our new merch store is live and available here: https://store.defensivesecurity.org

It’s a work in progress and please let me know if you have any issued with it. Thank you all and we’ll talk on Monday!

Defensive Security Podcast Episode 314

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to support us? Want even MORE DefSec? Starting this week, we are providing more DefSec for our Patreon donors. Sign up to be a Patreon donor today: https://www.patreon.com/defensivesec

Links:

https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/
https://www.axios.com/2025/07/08/scattered-spider-cybercrime-hackers
https://www.bleepingcomputer.com/news/security/employee-gets-920-for-credentials-used-in-140-million-bank-heist/

Additional links for Patreon donors:

https://www.theregister.com/2025/07/13/fake_it_worker_problem/
https://www.theregister.com/2025/07/09/chatgpt_jailbreak_windows_keys/

Defensive Security Podcast Episode 313

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to support us? Want even MORE DefSec? Starting this week, we are providing more DefSec for our Patreon donors. Sign up to be a Patreon donor today: https://www.patreon.com/defensivesec

https://www.youtube.com/watch?v=BRzMJbBZ490

Links:

https://www.csoonline.com/article/4012801/the-top-red-teamer-in-the-us-is-an-ai-bot.html
https://www.darkreading.com/endpoint-security/attackers-top-brands-callback-phishing
https://www.darkreading.com/cyber-risk/initial-access-broker-self-patches-zero-days
https://www.darkreading.com/cybersecurity-operations/ransomware-reshaped-how-cyber-insurers-perform-security-assessments
https://www.darkreading.com/endpoint-security/phishing-training-doesnt-work

Defensive Security Podcast Episode 312

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to support us? Want even MORE DefSec? Starting this week, we are providing more DefSec for our Patreon donors. Sign up to be a Patreon donor today: https://www.patreon.com/defensivesec

Links:

https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/
https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-networks-to-pitch-security-services/
https://www.helpnetsecurity.com/2025/06/23/new-hire-phishing-risk/

Patreon exclusive discussions:

https://www.helpnetsecurity.com/2025/06/27/cybersecurity-risk-reduction-breach-transparency/
https://www.theregister.com/2025/06/24/vulnerability_management_gap_noone_talks/

Defensive Security Podcast Episode 311

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec

Links:

https://www.bleepingcomputer.com/news/security/no-the-16-billion-credentials-leak-is-not-a-new-data-breach/
https://www.bleepingcomputer.com/news/security/russian-hackers-bypass-gmail-mfa-using-stolen-app-passwords/
https://www.bleepingcomputer.com/news/security/north-korean-hackers-deepfake-execs-in-zoom-call-to-spread-mac-malware/
https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports

Defensive Security Podcast Episode 310

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec

Links:

https://www.bleepingcomputer.com/news/security/sentinelone-shares-new-details-on-china-linked-breach-attempt/
https://thehackernews.com/2025/06/new-supply-chain-malware-operation-hits.html?m=1
https://www.csoonline.com/article/4002103/cisos-beware-genai-use-is-outpacing-security-controls.html
https://thehackernews.com/2025/06/fin6-uses-aws-hosted-fake-resumes-on.html?m=1

Defensive Security Podcast Episode 309

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec

Links:

https://www.theregister.com/2025/06/06/chatgpt_for_evil/
https://www.theregister.com/2025/06/06/ransomware_negotiation/
https://www.darkreading.com/cyber-risk/how-to-approach-security-era-ai-agents
https://www.bleepingcomputer.com/news/security/coinbase-breach-tied-to-bribed-taskus-support-agents-in-india/
https://www.theregister.com/2025/06/04/kiranapro_cyberattack_deletes_cloud_resources/ / https://x.com/deepakravindran/status/1930776943101894869

Defensive Security Podcast Episode 308

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a range of topics including the introduction of a new cryptocurrency, Guard Llama Coin, and the implications of recent cybersecurity incidents involving ConnectWise and ransomware attacks. They explore the challenges organizations face in responding to nation-state attacks, the complexities of ransomware tactics, and the importance of employee security awareness. The conversation emphasizes the need for timely patching and proactive security measures to protect against evolving threats.

Links:

https://www.theregister.com/2025/05/30/connectwise_compromised_by_sophisticated_government/
https://www.darkreading.com/application-security/dragonforce-ransomware-msp-supply-chain-attack
https://www.darkreading.com/threat-intelligence/3am-ransomware-adopts-email-bombing-vishing

Defensive Security Podcast Episode 307

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a significant data breach at Coinbase, the challenges of cryptocurrency security, the importance of patch management, and the evolving landscape of cyber threats. They also discuss insider threats, the failures of rigid security programs, and the overlooked cybersecurity risks in mergers and acquisitions. The episode concludes with a discussion on emerging threats, particularly the potential for ransomware to infect CPUs.

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Links:
https://go.theregister.com/feed/www.theregister.com/2025/05/21/coinbase_confirms_insider_breach_affects/
https://www.theregister.com/2025/05/14/improve_patching_strategies/
https://www.bleepingcomputer.com/news/security/ransomware-gangs-increasingly-use-skitnet-post-exploitation-malware/
https://www.darkreading.com/vulnerabilities-threats/rigid-security-programs-fail
https://www.darkreading.com/cyber-risk/hidden-cybersecurity-risks-mergers-acquisitions
https://www.theregister.com/2025/05/11/cpu_ransomware_rapid7/