Defensive Security Podcast Episode 280

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Player FM - Internet Radio Done Right

5,801 subscribers

Security

Added eight years ago

Nội dung được cung cấp bởi Jerry Bell and Andrew Kalat, Jerry Bell, and Andrew Kalat. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Jerry Bell and Andrew Kalat, Jerry Bell, and Andrew Kalat hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

Young and Profiting with Hala Taha (Entrepreneurship, Sales, Marketing)

1
Dave Ramsey: 5 Stages to Build and Scale a Business That Lasts | Entrepreneurship | E344 1:03:38

cách đây 25 ngày trước1:03:38

Nghe Sau

Danh sách

Thích

Đã thích

1:03:38

Too many entrepreneurs get stuck on the business treadmill, hustling nonstop, unable to scale, and unknowingly stalling their growth. That’s where Dave Ramsey began. After crashing into $3 million in debt, he rebuilt from scratch, turning a small radio program into a national show with millions of listeners. With over three decades of experience in entrepreneurship, business growth, and content creation, he knows what it takes to build a lasting business. In this episode, Dave reveals the six drivers of long-term success, the five key stages of startup growth, and how he balances life as an entrepreneur and a content creator. In this episode, Hala and Dave will discuss: (00:00) Introduction (00:23) The Core Principles of Financial Freedom (05:42) Adapting to Change as a Content Creator (09:22) Balancing Content Creation and Entrepreneurship (12:34) How to Create a Clear Path in Business (15:19) The Truth About Starting a Business Today (18:22) The Six Drivers of Business Success (26:20) Shifting From Tactical to Strategic Thinking (29:44) The Five Stages of Business Growth (41:10) Leading with Care, Clarity, and Accountability (47:10) Identifying the Right Leadership Skills (48:35) Starting a Media Business as an Entrepreneur Dave Ramsey is a personal finance expert, radio personality, bestselling author, and the founder and CEO of Ramsey Solutions. Over the past three decades, he has built a legacy of helping millions achieve financial freedom. As the host of The Ramsey Show , Dave reaches more than 18 million listeners each week. He is the author of eight national bestselling books. His latest, Build a Business You Love , helps entrepreneurs navigate growth and overcome challenges at every stage. Sponsored By: Shopify - Sign up for a one-dollar-per-month trial period at youngandprofiting.co/shopify OpenPhone: Streamline and scale your customer communications with OpenPhone. Get 20% off your first 6 months at openphone.com/profiting Airbnb - Find yourself a co-host at airbnb.com/host Indeed - Get a $75 sponsored job credit at indeed.com/profiting RobinHood - Receive your 3% boost on annual IRA contributions, sign up at robinhood.com/gold Factor - Get 50% off your first box plus free shipping at factormeals.com/factorpodcast Rakuten - Save while shopping at rakuten.com Microsoft Teams - Stop paying for tools. Get everything you need, for free at aka.ms/profiting LinkedIn Marketing Solutions - Get a $100 credit on your next campaign at linkedin.com/profiting Resources Mentioned: Dave’s Book, Build a Business You Love: bit.ly/BuildaBusinessYouLove Dave’s Website: ramseysolutions.com Active Deals - youngandprofiting.com/deals Key YAP Links Reviews - ratethispodcast.com/yap Youtube - youtube.com/c/YoungandProfiting LinkedIn - linkedin.com/in/htaha/ Instagram - instagram.com/yapwithhala/ Social + Podcast Services: yapmedia.com Transcripts - youngandprofiting.com/episodes-new Entrepreneurship, Entrepreneurship Podcast, Business, Business Podcast, Self Improvement, Self-Improvement, Personal Development, Starting a Business, Strategy, Investing, Sales, Selling, Psychology, Productivity, Entrepreneurs, AI, Artificial Intelligence, Technology, Marketing, Negotiation, Money, Finance, Side Hustle, Mental Health, Career, Leadership, Mindset, Health, Growth Mindset, Side Hustle, Passive Income, Online Business, Solopreneur, Networking.…

cách đây khoảng một năm trước 51:37

MP3•Trang chủ episode

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects rather than vulnerabilities, and the need for derogatory names for threat actors to deter cybercrime. The episode also covers Disney’s decision to ditch Slack following a data breach, and the impact of valid account misuse in critical infrastructure attacks. Additionally, they explore new tough cyber regulations in the EU under NIS2, and a Google security flaw from a Black Hat presentation concerning dependency confusion in Apache Airflow. The hosts share their thoughts on industry responses, regulations, and how enterprises can improve their security posture.

00:00 Introduction and Podcast Setup

00:59 First Story: CISA Boss on Insecure Software

03:26 Debate on Software Security Responsibility

11:12 Open Source Software Challenges

15:20 Cloud Imposter Vulnerability

22:22 Disney’s Data Breach and Slack

27:37 Slack Data Breach Concerns

29:26 Critical Infrastructure Vulnerabilities

35:21 EU’s New Cyber Regulations

43:42 Global Regulatory Challenges

48:42 Conclusion and Sign-Off

Links:

https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/
https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
https://www.cnbc.com/2024/09/19/disney-to-ditch-slack-after-july-data-breach-.html
https://www.cybersecuritydive.com/news/cisa-critical-infrastructure-attacks/727225/
https://www.cnbc.com/amp/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html

285 tập

#Security #Software Development #Business News #Tech News #Data Breaches #Jerry Bell and Andrew Kalat #Andrew Kalat #Jerry Bell #News #Tech

Defensive Security Podcast Episode 280

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

5,801 subscribers

published cách đây khoảng một năm trước

Chia sẻ

MP3•Trang chủ episode

00:00 Introduction and Podcast Setup

00:59 First Story: CISA Boss on Insecure Software

03:26 Debate on Software Security Responsibility

11:12 Open Source Software Challenges

15:20 Cloud Imposter Vulnerability

22:22 Disney’s Data Breach and Slack

27:37 Slack Data Breach Concerns

29:26 Critical Infrastructure Vulnerabilities

35:21 EU’s New Cyber Regulations

43:42 Global Regulatory Challenges

48:42 Conclusion and Sign-Off

Links:

https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/
https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
https://www.cnbc.com/2024/09/19/disney-to-ditch-slack-after-july-data-breach-.html
https://www.cybersecuritydive.com/news/cisa-critical-infrastructure-attacks/727225/
https://www.cnbc.com/amp/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html

285 tập

#Security #Software Development #Business News #Tech News #Data Breaches #Jerry Bell and Andrew Kalat #Andrew Kalat #Jerry Bell #News #Tech

Toate episoadele

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 303 1:01:33

cách đây 11 ngày trước1:01:33

1:01:33

Summary In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the rise of ransomware, the importance of backup strategies, and the implications of AI in phishing attacks. They discuss into the challenges of managing non-human identities and the need for effective communication of security metrics. The conversation also touches on the recent Oracle breach and the evolving landscape of cybersecurity threats. Links: https://www.cybersecuritydive.com/news/remote-access-tools-ransomware-entry/745144/ https://www.darkreading.com/cyberattacks-data-breaches/oracle-breach-2-obsolete-servers https://thehackernews.com/2025/04/explosive-growth-of-non-human.html?m=1 https://thehackernews.com/2025/04/security-theater-vanity-metrics-keep.html?m=1 https://www.securityweek.com/ai-now-outsmarts-humans-in-spear-phishing-analysis-shows/ Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 302 1:12:02

cách đây 19 ngày trước1:12:02

1:12:02

In this episode, Jerry and Andrew discuss various cybersecurity topics, including the recent Oracle Cloud security breach, a GitHub supply chain attack, insider threats, and the implications of AI in cybersecurity. They explore the challenges of maintaining trust in cloud services, the complexities of insider threats, and the evolving landscape of cybercrime driven by AI advancements. The conversation emphasizes the need for robust security measures and the importance of adapting to emerging threats in the cybersecurity realm. Links: https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/ https://www.bleepingcomputer.com/news/security/recent-github-supply-chain-attack-traced-to-leaked-spotbugs-token/ ttps://www.securityweek.com/39-million-secrets-leaked-on-github-in-2024/ https://www.theregister.com/2025/04/02/deel_rippling_espionage/ https://www.securityweek.com/ai-giving-rise-of-the-zero-knowledge-threat-actor/ Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 301 1:09:18

cách đây 25 ngày trước1:09:18

1:09:18

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a range of cybersecurity topics, including the recent Oracle Cloud breach, the challenges of asset management in large environments, and the importance of prioritizing vulnerabilities. They also explore the findings from a pen test report, the implications of emerging threats like Medusa ransomware, and the need for better security practices in organizations. Links: https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/ https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html?m=1 https://www.horizon3.ai/attack-research/attack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/ https://www.forbes.com/sites/daveywinder/2025/03/30/fbi-warns-use-2fa-as-time-traveling-hackers-strike/ https://www.reversinglabs.com/blog/epss-is-not-foolproof-shift-your-appsec-beyond-vulnerabilities Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 300 1:02:00

cách đây 5 weeks trước1:02:00

1:02:00

Summary In this episode, we celebrate the 300th episode of the Defensive Security Podcast then discuss various cybersecurity topics including the rise of AI-driven threats, the importance of zero trust architecture, best practices for incident response, the impact of human error on security breaches, and the risks associated with collaboration tools. We also cover the dangers of malvertising campaigns exploiting platforms like GitHub. Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec Links: https://venturebeat.com/security/51-seconds-to-breach-how-cisos-are-fighting-back-against-lightning-fast-attacks/ https://www.theregister.com/2025/03/10/incident_response_advice/ https://www.scworld.com/news/95-of-data-breaches-involve-human-error-report-reveals https://www.darkreading.com/cyber-risk/remote-access-infra-remains-riskiest-corp-attack-surface https://www.bleepingcomputer.com/news/security/microsoft-says-malvertising-campaign-impacted-1-million-pcs/…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 299 1:07:40

cách đây 7 weeks trước1:07:40

1:07:40

Summary In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a Disney employee’s mishap with an AI tool that led to a significant hack, vulnerabilities in VMware ESX hypervisors, and a developer’s sabotage of their ex-employer. They also explore the implications of GitHub repository exposure and the growing risks associated with third-party vendors in cybersecurity. Link to support Andy and Jerry’s work creating the Defensive Security Podcast: https://www.patreon.com/defensivesec Story links: https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931 https://doublepulsar.com/use-one-virtual-machine-to-own-them-all-active-exploitation-of-esxicape-0091ccc5bdfc https://www.theregister.com/2025/03/08/developer_server_kill_switch/ https://arstechnica.com/information-technology/2025/02/copilot-exposes-private-github-pages-some-removed-by-microsoft/ https://www.darkreading.com/cyber-risk/third-party-risk-top-cybersecurity-claims…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 298 1:17:06

cách đây 9 weeks trước1:17:06

1:17:06

In this episode of the Defense of Security podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a recent incident involving notorious hackers breaching a company network in under an hour, strategies to defend against deepfake attacks, the targeting of freelance developers by North Korean adversaries, vulnerabilities in Palo Alto firewalls, and the emergence of ghost ransomware. The conversation emphasizes the importance of proactive security measures and the evolving landscape of cyber threats. Want to support the Defensive Security Podcast? You can donate here: https://www.patreon.com/defensivesec Takeaways: The speed of cyber attacks is increasing, with breaches occurring in under an hour. Organizations must implement robust processes to defend against deepfake attacks. Freelance developers are at risk of being targeted by sophisticated cybercriminals. Palo Alto firewalls are vulnerable to attacks if management interfaces are exposed to the internet. Ghost ransomware is a growing threat, often using familiar tactics to exploit vulnerabilities. Links: https://arstechnica.com/security/2025/02/notorious-crooks-broke-into-a-company-network-in-48-minutes-heres-how/ https://www.darkreading.com/vulnerabilities-threats/4-low-cost-ways-defend-organization-against-deepfakes https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/ https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/ https://hackread.com/fbi-cisa-ghost-ransomware-threat-to-firms-worldwide/…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 297 1:04:21

cách đây 9 weeks trước1:04:21

1:04:21

Become a Patreon supporter of the show here: https://www.patreon.com/defensivesec Links: https://www.cybersecuritydive.com/news/ransomware-gangs–tactics-/739937/ https://www.bleepingcomputer.com/news/security/over-12-000-keriocontrol-firewalls-exposed-to-exploited-rce-flaw/ https://arstechnica.com/information-technology/2025/02/russian-spies-use-device-code-phishing-to-hijack-microsoft-accounts/ https://www.darkreading.com/cyber-risk/open-source-ai-models-pose-risks-of-malicious-code-vulnerabilities https://www.csoonline.com/article/3823429/24-of-vulnerabilities-are-abused-before-a-patch-is-available.html…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 296 1:10:28

cách đây 11 weeks trước1:10:28

1:10:28

In this episode of the Defense of Security Podcast, Jerry Bell and Andrew Kalat discuss the evolving landscape of cybersecurity threats, focusing on ransomware tactics that exploit insider threats, the hijacking of LLM resources, and the effectiveness of phishing simulations. They explore how adversaries are increasingly targeting employees to gain access to sensitive data and how organizations can better protect themselves against these threats. The conversation also covers the ethical implications of phishing tests and the need for a more supportive approach to security awareness training. In this episode, Jerry and Andrew discuss the challenges faced by cybersecurity teams, the dynamics between security and other business units, and the importance of learning from incidents to improve security practices. They explore the balance between enabling business operations and maintaining security, the implications of generative AI in the workplace, and the need for effective governance around AI usage. The conversation emphasizes the proactive role security professionals must take in navigating these complexities while ensuring organizational safety. Takeaways Ransomware attackers are increasingly using insider threats to gain access. Greed can turn employees into insider threats, especially in tough economic times. LLM hijacking is a new tactic that exploits compromised API keys. Phishing simulations may create a rift between users and IT security teams. Punitive measures for phishing failures can lead to underreporting of actual attacks. Security awareness training should focus on protecting users, not punishing them. Adversaries are finding valid API keys to exploit cloud resources. The effectiveness of phishing simulations is being questioned by experts. Organizations need to do a better job at protecting their secrets and credentials. The cybersecurity landscape is rapidly evolving, requiring constant adaptation. Cybersecurity teams often feel like janitors cleaning up after others. Organizational dynamics can create resentment in security teams. Learning from incidents is crucial for improving security practices. Balancing security needs with business operations is essential. Generative AI presents both risks and opportunities for organizations. Effective governance is needed for AI usage in business. Security professionals must help businesses understand risk management. Building relationships across departments can improve security outcomes. AI tools should be used with proper agreements to protect data. The landscape of AI in business is rapidly evolving and requires adaptation. Links https://www.scworld.com/news/ransomware-attackers-turn-to-workers-for-data-breach-access https://www.darkreading.com/application-security/llm-hijackers-deepseek-api-keys https://www.wsj.com/tech/cybersecurity/phishing-tests-the-bane-of-work-life-are-getting-meaner-76f30173 https://www.securityweek.com/security-teams-pay-the-price-the-unfair-reality-of-cyber-incidents/ https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 295 1:15:57

cách đây 12 weeks trước1:15:57

1:15:57

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the alarming statistics surrounding ransomware attacks, the implications of paying ransoms, and the evolving nature of ransomware as a broader category of cyber threats. They also discuss the consolidation of security tools and the skepticism surrounding it, particularly in light of a recent report by Palo Alto and IBM. The conversation shifts to the risks associated with AI, highlighted by the DeepSeek incident, and concludes with a discussion on the importance of securing management interfaces and the ongoing challenges in the cybersecurity landscape. Links: https://www.infosecurity-magazine.com/news/ransomware-victims-shut-operations/ https://www.cybersecuritydive.com/news/consolidation-security-tools/738912/ https://9to5mac.com/2025/01/31/security-bite-top-macos-threat-found-riding-the-deepseek-wave/ https://www.securityweek.com/sonicwall-confirms-exploitation-of-new-sma-zero-day/ https://www.theregister.com/2025/01/30/deepseek_database_left_open/ Takeaways 58% of ransomware victims had to shut down operations temporarily. Only 13% of victims who paid ransom got all their data back. The ransomware ecosystem relies on the belief that victims will recover their data. Organizations average 83 different security tools, leading to inefficiencies. Speed in deploying AI can compromise security practices. DeepSeek incident highlights risks of using unverified AI models. SonicWall’s zero-day vulnerability emphasizes the need for secure management practices. Security tool consolidation may not always lead to better outcomes. Phishing and RDP compromises are common entry points for ransomware. The evolving nature of ransomware requires a broader understanding of cyber threats.…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 294 1:04:21

cách đây 13 weeks trước1:04:21

1:04:21

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a hidden backdoor in Juniper routers, PayPal’s recent data breach settlement, the exploitation of older Ivanti bugs, the PowerSchool data breach affecting millions, and CISA’s new software security recommendations. The conversation emphasizes the importance of proactive security measures and the evolving landscape of cybersecurity threats. If you find this podcast useful, please consider supporting us here: https://www.patreon.com/defensivesec Takeaways The hidden backdoor in Juniper routers raises concerns about network security. PayPal’s settlement highlights the need for better data protection practices. Older vulnerabilities in Ivanti products continue to be exploited, stressing the importance of timely patching. The PowerSchool data breach underscores the risks of inadequate credential protection. CISA’s recommendations aim to improve software security across critical infrastructure. Links: https://www.theregister.com/2025/01/25/mysterious_backdoor_juniper_routers/ https://www.bleepingcomputer.com/news/security/paypal-to-pay-2-million-settlement-over-2022-data-breach/ https://www.bleepingcomputer.com/news/security/cisa-hackers-still-exploiting-older-ivanti-bugs-to-breach-networks/ https://www.securityweek.com/millions-impacted-by-powerschool-data-breach/ https://www.securityweek.com/cisa-fbi-update-software-security-recommendations/…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 293 48:17

cách đây 14 weeks trước48:17

48:17

“Another day, another data breach.” In this episode of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss a significant data breach affecting hotel reservation data, regulatory actions taken against GoDaddy for poor security practices, and the evolving landscape of cyber attacks. They emphasize the importance of proactive defense strategies and innovative detection techniques to combat these threats effectively. Takeaways Data breaches continue to be a common occurrence in the cybersecurity landscape. Regulatory bodies like the FTC are increasingly involved in enforcing security improvements post-breach. Organizations must prioritize security measures to protect sensitive data from breaches. The importance of multi-factor authentication cannot be overstated in preventing credential theft. Ad blockers are not just for user convenience; they are essential for security. Cybersecurity is a shared responsibility across all departments, including marketing and IT. Proactive detection strategies can help identify malicious activity before significant damage occurs. Understanding the attack vectors used by cybercriminals is crucial for effective defense. Regularly updating and patching systems is vital to prevent exploitation of known vulnerabilities. Innovative detection techniques, such as canary accounts, can enhance security monitoring efforts. Links: https://www.bleepingcomputer.com/news/security/otelier-data-breach-exposes-info-hotel-reservations-of-millions/ https://www.bleepingcomputer.com/news/security/ftc-orders-godaddy-to-fix-poor-web-hosting-security-practices/ https://www.bleepingcomputer.com/news/security/hackers-leak-configs-and-vpn-credentials-for-15-000-fortigate-devices/ https://cybersecuritynews.com/hackers-exploiting-companies-google-ads-accounts/ https://www.blackhillsinfosec.com/one-active-directory-account-can-be-your-best-early-warning/…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 292 44:51

cách đây 15 weeks trước44:51

44:51

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the dangers of malware disguised as proof of concept code on GitHub, the alarming rise in phishing attacks, the implications of a recent Treasury hack, and the targeted attacks on Ivanti’s security products. The conversation emphasizes the need for skepticism in security research, the importance of creating a safer environment for users, and the ongoing challenges posed by sophisticated threat actors. Links: https://www.bleepingcomputer.com/news/security/fake-ldapnightmware-exploit-on-github-spreads-infostealer-malware/ https://www.forbes.com/sites/daveywinder/2025/01/09/do-not-click-new-gmail-outlook-apple-mail-warning-for-billions/ https://www.bleepingcomputer.com/news/security/treasury-hackers-also-breached-us-foreign-investments-review-office/ https://www.bleepingcomputer.com/news/security/google-chinese-hackers-likely-behind-ivanti-vpn-zero-day-attacks/…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 291 51:15

cách đây 16 weeks trước51:15

51:15

Summary In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a significant incident involving a Tenable plugin update that disrupted Nessus agents worldwide. They delve into the implications of malicious Chrome extensions and sophisticated phishing attacks, particularly focusing on a recent incident involving OAuth trust exploitation. The conversation shifts to new HIPAA cybersecurity rules that aim to enhance security measures in healthcare, followed by a discussion on the rise of AI-generated phishing emails targeting executives. Finally, they explore the challenges of passkey technology in achieving usable security across different platforms. Links: https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/ https://www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/ https://www.darkreading.com/vulnerabilities-threats/hipaa-security-rules-pull-no-punches https://arstechnica.com/security/2025/01/ai-generated-phishing-emails-are-getting-very-good-at-targeting-executives/ https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 290 1:23:40

cách đây 17 weeks trước1:23:40

1:23:40

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the FTC’s order for Marriott and Starwood to enhance their data security measures, a recent hijacking of a Chrome extension, and emerging threats for 2025. They also delve into the implications of AI in cybersecurity, emphasizing the need for governance and risk management as AI technologies become more pervasive in the workplace. Takeaways The FTC has mandated Marriott and Starwood to implement a comprehensive security program for 20 years. Data breaches can lead to significant regulatory actions and long-term consequences for companies. The hijacking of browser extensions poses a serious risk to user data and security. Emerging threats for 2025 include zero-day exploits and supply chain attacks. AI governance is crucial as employees increasingly use AI tools without oversight. Links https://www.bleepingcomputer.com/news/security/ftc-orders-marriott-and-starwood-to-implement-strict-data-security/ https://www.bleepingcomputer.com/news/security/cybersecurity-firms-chrome-extension-hijacked-to-steal-users-data/ https://www.darkreading.com/vulnerabilities-threats/emerging-threats-vulnerabilities-prepare-2025 https://www.securityweek.com/beware-of-shadow-ai-shadow-its-less-well-known-brother/…

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

1
Defensive Security Podcast Episode 289 1:00:14

cách đây 18 weeks trước1:00:14

1:00:14

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a year-long supply chain attack that compromised 390,000 credentials, the U.S. government’s bounty for information on North Korean IT worker farms, and the alarming number of vulnerabilities found in software containers. They also delve into the implications of the False Claims Act for cybersecurity whistleblowers and the evolving landscape of AI in security.…

Chào mừng bạn đến với Player FM!

Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.

Nghe hơn 500 chủ đề

5,801 subscribers

Tương tự như Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Peaceful Horizons

Skeletá [Explicit]

Mini Mic Pro Wireless Microphone for iPhone, iPad, Android, Lavalier Microphone for Video Recording - 2 Pack iPhone Mic Crystal Clear Recording with USB-C for Podcast, ASMR

Podcast đáng để nghe

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec « » Defensive Security Podcast Episode 280

Defensive Security Podcast Episode 280

Podcast đáng để nghe

Chào mừng bạn đến với Player FM!

Minecraft

Bounty Quick Size Paper Towels, White, 8 Family Rolls = 20 Regular Rolls (Packaging May Vary)

Skelet?

everydrop by Whirlpool Ice and Water Refrigerator Filter 1, EDR1RXD1, Single-Pack , Purple

Tương tự như Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Hướng dẫn sử dụng nhanh

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec « »
Defensive Security Podcast Episode 280