Cyber Security Sauna
95 episodes - English - Latest episode: 4 months ago - ★★★★★ - 13 ratingsCyber Security Sauna brings you expert guests with sizzling insight into the latest information security trends and topics. WithSecure's Janne Kauhanen hosts the show to make sure you know all you need to about the hotter-than-ever infosec game. Join us as we sweat out the hot topics in security.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
045| The Most Frightening Thing About Stalkerware, with Eva Galperin
October 05, 2020 16:17 - 25 minutes - 46.7 MBYou know about malware, ransomware, spyware. But there's an increasing concern about stalkerware, a creepy breed of apps that allow someone else to digitally monitor you. What is stalkerware all about and how can you recognize it? Who plants it and why, and who are its victims? Joining the show are Eva Galperin, director of cyber security at the Electronic Frontier Foundation who also helped found the Coalition Against Stalkerware, and Anthony Melgarejo, threat researcher in F-Secure's Tacti...
044| 2020 in Cyber Threats, So Far: COVID-19's Effects, Ransomware's Latest Tricks
September 17, 2020 17:52 - 30 minutes - 42.4 MBIt's a year like none we've ever experienced. COVID-19's effects have reverberated around the world, and around cyberspace. What's been happening in the threat landscape while we were all preoccupied with the pandemic? How have cyber attackers adapted to the new normal, and how are they exploiting COVID-19? Christine Bejerasco and Calvin Gan, of F-Secure's Tactical Defense Unit, join us to discuss. In this episode: How threat actors are taking advantage of remote work; email and phishing thr...
043| Paths to Infosec: Military Vs. Psychology
August 24, 2020 18:29 - 22 minutes - 42.1 MBThere is no one set path to a cybersecurity career, and today's guests have arrived in the field in very different ways. Logan Whitmire comes from a military background and Derek Stoeckenius has a degree in psychology. In this episode, they share what sparked their interest in infosec, their journey to their current roles, and how their unique backgrounds influenced the way they approach their work. Also: Tips on getting into the field, and what they might have done differently if they could...
042| The Encryption Debate Rages On
July 30, 2020 12:28 - 30 minutes - 55.6 MBEncryption plays a critical role in protecting our data from hackers and theft. But at the same time, it presents a challenge for law enforcement when it comes to their work catching dangerous criminals and terrorists. What are the possible options at the end of the encryption debate, and are any of them actually viable? How can we protect our data while still enabling law enforcement to do their jobs? Erka Koivunen, CISO of F-Secure, joins us to discuss the encryption "sweet spot" that we'v...
041| The Ethics of Red Teaming
June 29, 2020 18:58 - 35 minutes - 64.7 MBRed team testing is somewhat intrusive by nature, as it involves breaking into companies - albeit at their request - to help them improve their security. Red teamers must bluff their way past receptionists and hack into employee computers, things that would put anyone else in a lot of trouble. At what point do red teaming activities cross the line into being unethical, or even criminal? F-Secure's veteran red teamer Tom Van de Wiele stopped by to share what a red teamer is not willing to do ...
040| Can Contact Tracing Apps Preserve Your Privacy?
May 27, 2020 16:56 - 27 minutes - 49.7 MBContact tracing is a key strategy for preventing the spread of COVID-19, and smartphone-assisted contract tracing automates a laborious process. But contact tracing technologies face criticism from privacy advocates concerned about the potential for abuse. F-Secure privacy expert and global technical director Tomi Tuominen argues that the issue is a process problem, not a technology problem. Janne speaks with Tomi about contact tracing, how apps should fit into a bigger healthcare picture, a...
039| Deconstructing the Dukes: A Researcher's Retrospective of APT29
May 06, 2020 18:50 - 34 minutes - 47.8 MBAPT29, aka Cozy Bear or the Dukes, is a cyber espionage group whose misdeeds include famously hacking into the DNC servers in the run-up to the 2016 US election. Now, as the subject of MITRE's latest ATT&CK Evaluation, the group is in focus again. The Dukes are familiar to F-Secure's Artturi Lehtio, who extensively researched them in 2015. But hindsight is 20/20, and Artturi joins the show to discuss how his views on the group have changed since his research. Also in this episode: How APT...
038| Mikko Hypponen on Zoom, COVID-19 Threats, and Working During a Pandemic
April 16, 2020 16:53 - 22 minutes - 31.3 MBIt's the topic on everyone's minds: The new state of our world amid and after a global pandemic. Mikko Hypponen, F-Secure's Chief Research Officer, joins Janne to discuss a host of COVID-19-related security topics. In this episode: Avoiding Zoom bombers, new concerns for IT environments, COVID-19 hoaxes and spam, ransomware and hospitals, APT activity, privacy concerns of coronavirus tracking apps, and how the infosec community can help. Links: Episode 38 transcript Webinar: Mikko Hypp...
037| COVID-19 and Your Company's Security: The CISO Speaks
March 24, 2020 19:04 - 21 minutes - 29 MBIn infosec we're used to news about digital virus infections and outbreaks. But the new coronavirus is turning the real world upside down. In many countries, it's changing the way of life for the foreseeable future, and it's already having effects in business security too. Erka Koivunen, CISO at F-Secure, joins the show to talk about the impact of this pandemic on organizations when it comes to cyber security and the shift to a remote workforce. Links: Episode 37 transcript Coronavir...
036| From Stuxnet to WannaCry to Coinhive, The Past Decade Was All Over The Place
March 16, 2020 16:56 - 35 minutes - 48.6 MB2020 marks the start of a new decade. But it's also worth taking a look back at where we've come from and what has changed in infosec. F-Secure's Christine Bejerasco joins the show to review the highlights of the last ten years - from nation state malware to ransomware to Snowden and more - and to discuss how far we have, or maybe haven't, come. Links: Episode 36 transcript
035| Threat Hunting & Why It's All About People
February 19, 2020 16:51 - 39 minutes - 53.6 MBThreat hunting has become a buzzword in the industry of late. But what is it all about? Why should companies consider using threat hunting as a part of their security strategy? Connor Morley, threat hunter with F-Secure, stops by to discuss how his craft helps companies take a proactive approach to security. Links: Episode 35 transcript Whitepaper: Demystifying Threat Hunting Whitepaper: KillSuit Research
034| Balancing AI: Privacy, Misuse, Ethics and the Future
January 29, 2020 18:06 - 32 minutes - 44.5 MBWhile AI and machine learning are enabling definite advances in the digital world, these technologies are also raising privacy and ethical concerns. What does AI mean for personal privacy, and is it being exploited unethically? Are these concerns being addressed, or will AI spell disaster for society? Bernd Stahl is coordinator of the EU's SHERPA project, a consortium that investigates the impact of AI on ethics and human rights. Bernd joins Janne to discuss the delicate balance of AI - its ...
033| Cyber Security Education from Student and Teacher Perspectives
January 08, 2020 21:10 - 39 minutes - 54.6 MBCyber security has never been a hotter field to get into, but how do you gain the skills needed for landing a job? There are various paths to a cyber security career, from a formal university education to being a self-taught hacker. In this episode we hear from our guest about cyber security education from both a student and teacher perspective. Jesse Rasimus is a graduate of F-Secure's Cyber Security Academy who is now employed with F-Secure, and Tom Van de Wiele is an F-Secure consultant w...
032| How California's New Privacy Law Strikes Where the Pain Is
December 04, 2019 19:13 - 36 minutes - 50 MBFollowing in the footsteps of GDPR, the US is seeing more progressive data privacy laws coming down, with the new California Consumer Privacy Act leading the charge. What does the CCPA mean for consumers and for companies? What can the US learn from GDPR? F-Secure's Timo Laaksonen, previously head of F-Secure's consumer business in North America, and Hannes Saarinen, F-Secure's data protection officer join this episode to discuss the new law and compare and contrast it with GDPR. Links: ...
031| Filtered & Fragmented: Is True Internet Freedom a Thing of the Past?
November 12, 2019 22:31 - 31 minutes - 42.6 MBThe internet seems to be changing from being a relatively unrestricted space into something more regulated. More countries are implementing policies that restrict or filter the way their citizens experience the online world. Is the internet we know and love breaking up into many internets along geographical lines? Is true internet freedom a thing of the past? F-Secure's Tom Van de Wiele joins Janne to talk about digitally controlling regimes, bypassing those controls, and why consuming a hea...
030| Talking Infosec to Non-Infosec Folks
October 22, 2019 15:31 - 32 minutes - 44.8 MBCyber security is relevant for everyone. Not everyone realizes it though, and not everyone understands what those in the infosec industry take for granted. How should security-minded individuals communicate with friends, relatives, colleagues and the general public about this important topic? What are the misconceptions regular folks often have about infosec, and what could we in the industry be doing better? Security consultant Laura Kankaala joins Janne to discuss. Links: Episode 30 tr...
029| Ask a Hacker: Red Teamer Answers Listener Questions
September 25, 2019 19:15 - 33 minutes - 45.8 MBIn this episode, veteran hacker and red teamer Tom Van de Wiele answers questions from our listeners. Tom covers the ethics of ethical hacking, how to prioritize solving the myriad of security issues companies face, why he includes a banana in his hacking kit, the importance of communication skills in his job, and much more. A great listen both for those already in the industry and those wanting to break in. Links: Episode 29 transcript Episode 2 - Breaking into Infosec: Advice from an...
028| When the Well is Poisoned: The Devastation of Supply Chain Attacks
August 29, 2019 16:35 - 33 minutes - 46 MBSupply chain attacks are on the increase, with attackers abusing the trust we place in vendors and software. Why are these attacks growing, and what can companies do about them? Jyrki Huhta, senior security consultant at F-Secure, joins the show to share his thoughts on these devastating attacks and why "trust but verify" should be the motto for preventing them. Links: Episode 28 transcript
027| The Connected Home Meets the IoT Tire Fire
August 03, 2019 14:06 - 33 minutes - 46.5 MBThe modern home is continually getting more connected. But as much as we love our virtual assistants, smart thermostats and cloud-enabled security cameras, are we really aware of the risks they invite into our homes? And how can we enjoy the latest digital technologies without compromising security and privacy? F-Secure's Tom Gaffney joins Janne to discuss why and how IoT makes us vulnerable, how we can protect ourselves, and what IoT device makers should be doing. Links: Episode 27 tran...
026| Safe Browsing & Secure Web Development
July 04, 2019 14:36 - 39 minutes - 53.6 MB"Don't go to shady websites" was the advice people were given back in the day. But now it's not always possible to tell when you're in danger, as even reputable websites can be compromised. So how can you know if a website is legitimate and trustworthy to use? And from the developer's view, how can you design a website to be secure? F-Secure's Christine Bejerasco and Laura Kankaala join us to answer these questions. Listen in for expert tips and tricks for safe browsing, and for designing we...
025| The Psychology of Phishing
June 12, 2019 06:47 - 36 minutes - 50.5 MBPhishing is one of today's biggest cyber security issues, a go-to tactic for threat actors. It's simple and effective, and perhaps that's why it has become such a source of frustration for companies. Kayleigh O'Donovan of MWR Infosecurity's Phishd team joins the show to talk about how phishers play with your emotions to get you to click, how to spot a phishing email, how phishing simulation can help companies reduce their click rates, and more. Links: Episode 25 transcript
024| GDPR, One Year Later
May 15, 2019 14:01 - 37 minutes - 51.1 MBOne year ago, the EU General Data Protection Regulation (GDPR) came into effect, fundamentally changing the way businesses handle data. The GDPR forced companies to scramble to comply or face penalties. A year later, what has the GDPR's impact been and how are businesses handling it? Where should companies go from here? Joining the show are F-Secure's Hannes Saarinen, privacy officer, and Eric Andersen, who works with companies on GDPR compliance. We last spoke with them in May of 2018, and ...
023| Electronic Voting & Why it's So Hard to Get Right
April 23, 2019 19:40 - 37 minutes - 51.2 MBCyber security is always a hot topic during election seasons, and various elections are being held in Europe and around the world this spring. As digitally enabled as the world is, shouldn't we all be voting electronically by now, or via the internet? F-Secure's Tomi Tuominen and Antti Vähä-Sipilä join us to discuss the complexities of e-voting, why it's such a challenging issue, and when it makes sense to use e-voting systems. Links: Episode 23 transcript OSCE Handbook for the Observ...
022| Pro-Brexit Twitter Views Amplified by the Global Far Right
April 02, 2019 17:45 - 28 minutes - 39.3 MBThe pro-leave side of the Brexit debate is getting support from far-right Twitter users based outside the UK. After investigating 24 million Brexit-related tweets, that's the conclusion Andy Patel, researcher from F-Secure's Artificial Intelligence Center of Excellence, has arrived at. In this episode, Patel discusses his research, the spread of misinformation, and how social media can often be just an echo chamber for people who share the same views. Links: Episode 22 transcript Analy...
021| The Cloud: Security Benefits, Risks & Why You Should Use It
March 14, 2019 20:36 - 30 minutes - 42.5 MBThe cloud has changed the way we do business and the way we develop and deploy software and infrastructure. What are the security benefits of moving to the cloud, and what are the special concerns? What should companies do to ensure their cloud stays secure? Janne is joined by Laura Kankaala and Antti Vaha-Sipila of F-Secure to talk about what it means to be cloud native, why breaches happen in the cloud and much more. Links: Episode 21 transcript
020| Defining Cyber Warfare, with Mikko Hypponen
February 11, 2019 17:22 - 46 minutes - 63.7 MBCyber war is a term we often hear tossed about, but is it just science fiction, or is it really happening? How worried should we be about the potential governmental offensive use of cyber power, and what constitutes a cyber weapon? Mikko Hypponen, Chief Research Officer of F-Secure, joins us this episode to discuss governmental APT actors, why words matter when it comes to cyber war, and why cyber weapons are the perfect weapons. Links: Episode 20 transcript
019| The Best Defense is Good Offensive Security
January 23, 2019 04:14 - 26 minutes - 36.3 MBThey say that the best defense is a good offense, as football fans or anyone that’s played a game of Risk might agree. But how does this idea look when you apply it to cyber security? F-Secure Principal Security Consultant Tom Van de Wiele joins this episode of Cyber Security Sauna to talk about offensive and defensive approaches to cyber security, and how defenders can use these strategies to protect their systems, operations and data. Links: Episode 19 transcript F-Secure Incident Re...
018| Online Dating and Trading Data for Love (It's Complicated)
December 26, 2018 19:01 - 39 minutes - 54 MBIf you're looking for love nowadays, you'll likely turn to an online dating app. But what do these apps mean for your security? What privacy concessions are you making when you swipe? How does your online behavior impact your real life? Sean Sullivan joins Janne this episode to discuss the balancing act of maintaining your privacy while finding a match, avoiding romance scams and the tradeoffs you're making when using Tinder and apps like it. Links: Episode 18 transcript FBI Internet ...
017| Year in Cyber: Forecasting 2019, Recapping 2018
December 10, 2018 16:06 - 38 minutes - 53.4 MB2018 is winding to a close and the new year is just around the corner. What's in store for 2019 in cyber security? In this episode, five experts talk about exactly that, and discuss notable trends of 2018. From mobile phishing to AI trends, supply chain attacks, IoT, data privacy and more, our roundtable keeps you abreast of the trends. Joining the show are Adam Sheehan of MWR Infosecurity, and Laura Kankaala, Tom Van de Wiele, Artturi Lehtiö, and Andy Patel, all of F-Secure. Links Episo...
016| Endpoint Protection & Beyond
November 19, 2018 21:10 - 19 minutes - 26.3 MBEndpoint protection has been the trusted backbone of many companies' security. But with stories about data breaches and successful cyber attacks constantly in the news, people are beginning to think endpoint security is dead. Whether or not you agree, you might be wondering if there's any truth to this statement. F-Secure's Principal Security Consultant Antti Tuomi joins us this episode to talk about endpoint protection, its strengths and limitations, and when detection and response is neede...
015| Election Security, US Midterm Edition: The Big Picture
October 29, 2018 06:04 - 35 minutes - 49.3 MBDemocracy in the digital age is a wonderful yet wild beast. When it comes to electing our leaders nowadays, we're faced with questions about how to escape the influence of malicious actors. With the US midterm elections just around the corner, F-Secure security adviser Sean Sullivan joins us this episode to explain the complexities of the US election system to a European. Sean covers campaign misinformation, why security is not as simple as going back to all paper ballots, and how the hacker...
014| Reinventing the Cold Boot Attack: Modern Laptop Version
October 08, 2018 19:38 - 31 minutes - 43.2 MBShould your laptop ever get stolen and fall into the wrong hands, you would probably be comfortable in the knowledge that the data on it is protected by full disk encryption. But what if a malicious adversary could get around that encryption and access the data anyway? F-Secure's Olle Segerdahl and Pasi Saarinen have discovered a flaw that allows attackers to do just that, and it affects almost all modern corporate laptops - probably yours too. Olle and Pasi join us today to talk about bypas...
013| Passwords: A Hacker's Take on Cracking & Protecting Your Creds
September 14, 2018 17:33 - 44 minutes - 60.9 MBPasswords. You plug them into your accounts and the services you use at work, you try little tricks to make them more unique, but have you ever wondered what a hacker thinks of your passwords? For episode 13, ethical hacker Jan Wikholm joins us to talk about passwords – how he cracks them in his job at F-Secure, the tricks hackers know you're using, and what you should do to keep your credentials safe. Jan also fills us in on hashing, how he does brute forcing, how companies should protect t...
012| Adventures in Red Teaming
August 23, 2018 18:08 - 32 minutes - 73.8 MBHow can companies know if their security investments are actually working? Getting attacked is the ultimate test, but hiring a red team is a less disruptive way to find out. These guys rely on technical chops, acting skills and pure creativity to engage in an all-out attack on a company’s defenses. Joining us this episode is Tom Van de Wiele, Principal Security Consultant at F-Secure, to talk about how red teaming can help companies improve their security posture, his tricks for hustling h...
011| The Rise of AI and Deliberate Deception
August 02, 2018 16:29 - 31 minutes - 42.8 MBDisinformation. Fake news. Social media manipulation. Lately another dark side of the internet has come into focus - its use as a tool for deception. Technologies like machine learning and artificial intelligence are being employed to play hoaxes and mislead on purpose. Seeing is no longer believing - and moving forward, it's only going to get harder to distinguish facts from falsehoods. Andy Patel from F-Secure's Artificial Intelligence Center of Excellence has been studying this phenome...
010| Ransomware Out, Cryptojacking In? Latest Cybercrime Trends
July 09, 2018 22:52 - 22 minutes - 31.5 MBOver the past few years, ransomware stole headlines as the biggest malware threat to worry about. Consumers and businesses alike were being hit and forced to shell out money to retrieve their files. But the cybers never stand still, and neither does malware. Nowadays ransomware is being eclipsed by new trends. F-Secure Labs researchers Paivi Tynninen and Jarkko Turkulainen join us to explain why ransomware is on the decline, and what’s taking its place. Listen for the story on cryptojacking ...
009| Top OpSec Tips for Vacation Travel
June 21, 2018 16:48 - 14 minutes - 33.2 MBThe summer holiday season is upon us, and people are looking forward to trading their daily workplace grind for a new adventure. Traveling is always exciting, but it takes you out of your comfort zone, and that gives thieves and criminals opportunities to exploit you. F-Secure principal security consultant Tom Van de Wiele is back to tell us how we can keep our devices and data safe while enjoying a fabulous vacation. Are the kids safe from strangers when playing Minecraft on the hotel WiFi?...
008| GDPR is Live. What Now?
May 31, 2018 16:38 - 25 minutes - 34.9 MBAfter months and months of anticipation, the May 25 deadline has passed and the GDPR is finally in effect. Companies around the world are being held to strict new standards for protecting the data of EU citizens. So what now? How well-prepared are most companies, and what about organizations who still aren't compliant? We're joined by F-Secure's Erik Andersen, who's spent the past few years helping organizations prepare for GDPR, and Hannes Saarinen, Privacy Officer at F-Secure, to get the r...
007| Popping Hotel Locks: The Hard Truth About Hacking
May 09, 2018 16:15 - 18 minutes - 25.2 MBWhen people look for logos or symbols that emanate security, they often choose a lock. Sure, we know locks can be picked. But what would the world look like if attackers could just walk in without breaking their stride? After years of research, two F-Secure researchers have discovered that by exploiting design flaws in an electronic hotel lock system used in tens of thousands of hotels worldwide, they could create a master key to open any room in the building. In this episode, F-Secure’s Tom...
006| Spring Cleaning for Opsec
April 26, 2018 22:33 - 24 minutes - 34.1 MBOperational security is about turning the tables, looking at things from an attacker's point of view, and identifying how your own actions are making you vulnerable. Listen as Erka Koivunen, CISO of F-Secure, gets us up to speed on opsec: selecting your appropriate threat model, why you should never trust the office network, and tips for "spring cleaning" your opsec (potato chips and nail polish are recommended tools). And don't miss his favorite story of an epic corporate opsec fail. Link...
005| Demystifying Hardware Security, with Andrea Barisani
March 29, 2018 14:30 - 39 minutes - 90.7 MBWith the disclosure of Meltdown and Spectre early this year, hardware security has come into focus. What are the special challenges of securing hardware versus software? What about securing high-risk industries like aviation and automotive? In this fascinating episode, Andrea Barisani, head of hardware security at F-Secure, shares why we should be thankful for Meltdown, why security problems do not equal safety problems, the one piece of advice he would give hardware manufacturers, and much ...
004| Security, Privacy and the IoT, with Steve Lord
March 08, 2018 22:07 - 33 minutes - 76.1 MBThe Internet of Things promises futuristic smart homes, energy savings and efficiencies, and improvements to health and well-being. But the IoT still has a long way to go before we can safely enjoy these benefits - currently, it threatens our security and privacy. Steve Lord, a 20-year industry veteran and director at Mandalorian, joins the show to talk about the IoT, from smart cars and TVs to Amazon Alexa and Apple Health. You'll learn why companies love your data, the biggest misconceptio...
003| Data Breaches: Bridging the Gap
February 13, 2018 22:39 - 17 minutes - 39.6 MBData breaches. They're every organization's worst fear. Why are companies so ill-prepared, and what are companies missing in their approach to data breaches? Host Janne Kauhanen is joined by Marko Buuri, Principal Risk Management Consultant at F-Secure, and Tuomo Makkonen, Principal Security Consultant, to give you the lowdown on breaches and what you need to know. Links: Episode 3 blog post
002| Breaking Into Infosec: Advice from an Ethical Hacker
December 21, 2017 22:16 - 26 minutes - 60.8 MBBetween zero day news flashes and stunt hacking reports, there are a lot of false conceptions about what it's like to be an infosec professional. So what should you focus on to get into the world of infosec testing or to become a security consultant? What background do you need? How valuable are conferences and certifications? These are just a few of the questions our guest Tom Van de Wiele answers to help you on your way in this rewarding field. Tom is a principal security consultant at F...
001| Antivirus in the Hot Seat, with Mikko Hypponen
November 30, 2017 07:22 - 18 minutes - 25.9 MBThe recent allegations against Russian antivirus vendor Kaspersky have prompted wider questions about antivirus in general - how it operates and what sort of data it collects from customer machines. In the first episode of Cyber Security Sauna, F-Secure's chief research officer Mikko Hypponen joins host Janne Kauhanen to answer these questions. You'll also hear his thoughts on Kaspersky and why it's important to trust your vendor. Links: Episode 1 blog post Episode 1 transcript FAQ: ...