Category Archives: Podcast

DSP itunes logo 300x300

Defensive Security Podcast Episode 77

Russians steal the NASDAQ; Importance of AV in incident response; Report finds poor security communication between staff and executives; Microsoft recommends reusing weak passwords; Government malware found being used by criminals; Don’t use security as an excuse to resist the cloud.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.businessweek.com/printer/articles/213544-how-russian-hackers-stole-the-nasdaq
http://www.bankinfosecurity.com/nasdaq-hack-attribution-questioned-a-7080
http://blogs.technet.com/b/neilcar/archive/2009/11/23/incident-response-the-importance-of-anti-virus.aspx
http://searchsecurity.techtarget.com/news/2240224785/Report-finds-poor-security-communication-among-executives
http://www.darknet.org.uk/2014/07/microsoft-says-re-use-passwords-across-sites/
http://www.sentinel-labs.com/wp-content/uploads/2014/07/Sentinel-Labs-Intelligence-Report_0714.pdf
http://images.infoworld.com/d/cloud-computing/sorry-cloud-resisters-control-does-not-equal-security-246386?source=rss_security

DSP itunes logo 300x300

Defensive Security Podcast Episode 76

A question from Bob on Active Directory; 67 percent of critical infrastructure providers were breached last year; Malware coming from shipping scanners; It’s the end of the road for Windows Server 2003; Details emerge on the Boeing hack; Testing your APT response plan; Revamping your insider threat program; Beware of computers in hotel business centers.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.esecurityplanet.com/network-security/67-percent-of-critical-infrastructure-providers-were-breached-last-year.html
http://www.securityweek.com/hackers-attack-shipping-and-logistics-firms-using-malware-laden-handheld-scanners
http://blogs.technet.com/b/canitpro/archive/2014/06/10/migrating-from-windows-server-2003-to-windows-server-2012-r2.aspx
http://www.databreachtoday.com/details-emerge-boeing-hack-a-7053
http://www.databreachtoday.com/interviews/testing-your-apt-response-plan-i-2382
http://www.csoonline.com/article/2453392/security/revamping-your-insider-threat-program.html?nsdr=true
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/

DSP itunes logo 300x300

Defensive Security Podcast Episode 75

SEC investigating breached companies; How companies can rebuild trust after a security breach; Preparing your company for a ransom attack; BAE retracts the story on hedge fund hack; Hackers compromising businesses via 3rd parties and remote access.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.sfgate.com/business/article/Hacked-companies-face-SEC-scrutiny-over-5596541.php
http://www.forbes.com/sites/katevinton/2014/07/01/how-companies-can-rebuild-trust-after-a-security-breach/
http://akamai.infoworld.com/d/security/prepare-yourself-high-stakes-cyber-ransom-245320
http://www.theregister.co.uk/2014/07/03/bae_retracts_hedge_fund_hack_allegation/
http://www.computerworld.com/s/article/9249516/Hackers_hit_more_businesses_through_remote_access_accounts

DSP itunes logo 300x300

Defensive Security Podcast Episode 74

Advice from Bob; Airport breaches and the apparently misguided priorities of security pros; Hospitals are leaking data; Attackers hack legitimate downloads to deliver industrial control malware; Listener mail.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.csoonline.com/article/2378585/data-protection/airport-breach-a-sign-for-it-industry-to-think-security-not-money.html
http://www.wired.com/2014/06/hospital-networks-leaking-data/
http://arstechnica.com/security/2014/06/attackers-poison-legitimate-apps-to-infect-sensitive-industrial-control-systems/
http://www.coso.org/documents/COSOKRIPaperFull-FINALforWebPostingDec110_000.pdf

DSP itunes logo 300x300

Defensive Security Podcast Episode 73

Advice from Bob; Acoustical covert communication channel; Researchers recreate some NSA spy tools based on catalog descriptions; Why cyber insurance is such a mess; Code Spaces hacked out of business; Reuters defaced by the Syrian Electronic Army; Aviva hacked by Heartbleed bug, or was it?

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.tripwire.com/state-of-security/top-security-stories/covert-acoustical-mesh-networks-present-new-attack-vector/
http://www.theregister.co.uk/2014/06/19/hackers_reverseengineer_nsa_spying_devices_using_offtheshelf_parts/
http://www.slate.com/articles/technology/future_tense/2014/06/target_breach_cyberinsurance_is_a_mess.html
http://www.cnbc.com/id/101770396
https://threatpost.com/hacker-puts-hosting-service-code-spaces-out-of-business/106761
https://medium.com/@FredericJacobs/the-reuters-compromise-by-the-syrian-electronic-army-6bf570e1a85b
http://www.theregister.co.uk/2014/06/23/aviva_heartbleed_hack/

DSP itunes logo 300x300

Defensive Security Podcast Episode 72

New Logo!; Dominos has 600k records stolen and held for ransome; Undisclosed number of customer records are stolen from ATT by employees of a vendor; PF Changs confirms credit card breach; Stratfor forensic report leaks; Feedly hit by DDOS attack, doesn’t pay ransom and gets it again; Inland Empire Colleges emails 35000 records to the wrong address; Class action suit filed against payroll company following data breach; 9 rules to follow after you’ve suffered a data breach; You should be managing incidents, not responding to them.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://consumerist.com/2014/06/16/dominos-hit-by-hackers-demanding-ransom-money-for-european-customers-data
http://www.11alive.com/story/news/nation/2014/06/15/att-data-breach/10555039/
http://krebsonsecurity.com/2014/06/p-f-changs-confirms-credit-card-breach/#more-26467
http://www.dailydot.com/politics/stratfor-verizon-report-security-flaws/
http://techcrunch.com/2014/06/11/feedly-evernote-and-others-become-latest-victims-of-ddos-attacks/
http://www.nbclosangeles.com/news/local/Inland-Empire-Colleges-Report-Possible-Mass-Data-Breach-263370251.html
http://www.scmagazine.com/class-action-filed-against-payroll-company-paytime-over-massive-data-breach/article/356013/
http://www.infoworld.com/t/security/9-rules-follow-after-youve-suffered-data-breach-244273
http://integriography.wordpress.com/2014/05/06/if-you-are-doing-incident-response-you-are-doing-it-wrong/

defensivesecurity_logo-300x300

Defensive Security Podcast Episode 71

Advice from Bob; SEC asks public companies to disclose more breaches; 230k IPMI devices found in Internet scan; PF Changs may have been hacked; Building network security to fail; 5 lessons from companies that get security right; Advice in responding to Anonymous threats; Bank of England announces assessment framework; Target shoppers don’t seem to be fazed by breach; Target board is under fire; Truecrypt may be coming back.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.reuters.com/article/2014/06/10/sec-cybersecurity-aguilar-idUSL2N0OR13U20140610

https://securityledger.com/2014/06/ipmi-insecurity-affects-200k-systems/

http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/

http://www.forbes.com/sites/davelewis/2014/06/03/network-security-build-to-fail/

http://www.infoworld.com/d/security/5-lessons-companies-get-computer-security-right-243407

http://cyberwarzone.com/hackers-behind-oppetrol-will-attack-june-20-2014/

http://www.mondovisione.com/media-and-resources/news/bank-of-england-launches-new-framework-to-test-for-cyber-vulnerabilities/

http://www.dailyfinance.com/2014/06/05/target-data-breach-shoppers-dont-care/

http://www.startribune.com/business/261527581.html

http://www.wired.com/2014/06/bleed/

http://www.forbes.com/sites/jameslyne/2014/06/02/truecrypt-is-back-but-should-it-be/

Fuckyer: https://m.youtube.com/watch?v=2I-nudEqz7o

defensivesecurity_logo-300x300

Defensive Security Podcast Episode 70

Privileged user security; FTC holding companies to a mysterious security standard; Information overload; business users bypass IT and go straight to the cloud.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.trustedcs.com/resources/whitepapers/Ponemon-RaytheonPrivilegedUserAbuseResearchReport.pdf
http://www.computing.co.uk/ctg/news/2345362/businesses-risk-data-breaches-due-to-confusion-over-privileged-user-information-security
http://www.networkworld.com/news/2014/053014-companies-should-already-know-how-282091.html
http://www.networkworld.com/research/2014/052914-information-overload-finding-signals-in-282019.html
http://www.networkworld.com/news/2014/052714-business-users-bypass-it-and-281911.html

defensivesecurity_logo-300x300

Defensive Security Podcast Episode 69

Advice from Bob on the importance of an accurate inventory; TrueCrypt meets an unfortunate end; Weak passwords are responsible for the initial intrusion in 31% of breaches; 71% of exploits used Java; 59% of malicious email used an attachment, 41% used a link; NTT’s Global Threat Intelligence Report finds that most incidents are the result of failing to take basic precautions; DHS reports about a public utility compromised by a brute force attack; There is an apparent discrepancy between the severity of the breaches detailed in the recent  DOJ indictment of alleged Chinese hackers and the way that the breached companies categorize was was stolen, and whether that loss needed to be reported to share holders.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://arstechnica.com/security/2014/05/bombshell-truecrypt-advisory-backdoor-hack-hoax-none-of-the-above/
http://blog.itgovernance.co.uk/weak-passwords-responsible-for-31-of-cyber-attacks/

http://www.techcentral.co.za/surge-in-security-breaches-report/48374/
http://t.esecurityplanet.com/esecurityplanet/#!/entry/lowes-acknowledges-third-party-data-breach,5383580a025312186c0cf074
http://www.myce.com/news/only-51-of-anti-virus-scanners-detect-zero-day-malware-71652/
http://www.itproportal.com/2014/05/26/stop-the-blame-game-report-reveals-the-secrets-to-business-it-security/
http://news.techworld.com/security/3520791/public-utility-compromised-after-brute-force-attack-dhs-says/
http://mobile.bloomberg.com/news/2014-05-21/u-s-companies-hacked-by-chinese-didn-t-tell-investors.html

defensivesecurity_logo-300x300

Defensive Security Podcast Episode 68

Advice from Bob; How China’s army hacked America; Emory University has an SCCM meltdown; Bored executives pull infosec funding; How to avoid a big data security breach; US industry not taking industrial security seriously; Employees stealing data on their way out the door.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://arstechnica.com/tech-policy/2014/05/how-chinas-army-hacked-american-companies/
http://www.infosecnews.org/emory-university-windows-network-wiped-out-blame-emps-cyberwar-squirrels-try-accidental-reformat/
http://www.theregister.co.uk/2014/05/15/aisa_finding_infosec_bores_board_execs/
http://www.computerworld.com.au/article/545450/how_avoid_big_data_security_breachhttp://www.reuters.com/article/2014/05/16/us-cyber-summit-infrastructure-idUSBREA4F0OK20140516

http://www.itpro.co.uk/data-loss-prevention/22273/employees-steal-data-to-make-good-impression-in-a-new-job