InfoSec ICU
56 episodes - English - Latest episode: over 4 years ago - ★★★★★ - 36 ratingsThe Health Information Security podcast from the Medical University of South Carolina
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Farewell InfosecICU – The Send Off Episode
December 11, 2019 10:00 - 31 minutes - 29.1 MBInfosecICU is closing its doors, and Steve and Gerry hop in the studio for a final farewell and thank you to the community that made this show such a pleasure and a success. Thank you for all the support through the 2 years we were publishing. It was a pleasure and an honor to serve […] The post Farewell InfosecICU – The Send Off Episode appeared first on MUSC Podcasts.
Cyber Breaches at Record Highs, Emotet Surges 730%, CMS Exceptions
November 20, 2019 10:00 - 49 minutes - 45.5 MBGerry and Aaron discuss the exponential growth of cyber breaches in 2019, the explosion of Emotet in September, and out for comments CMS Exceptions to providing security services for free to competitors. As always they end with One Cool Thing. Show Notes Resources: Breaches up to 7.9 Billion in 2019 https://cyware.com/news/data-breaches-become-worse-as-79-billion-records-get-exposed-in-the-first-nine-months-of-2019-42139fbc Emotet surges 730% https://cyware.com/news/emotet-activity-increases...
LightCommand, Ransomware Leads to Higher Heart Attack Rates, Project Nightingale
November 13, 2019 11:00 - 19 minutes - 17.7 MBGerry is riding solo this week. Laser attacks on personal digital assistants, a review on research showing a correlation between ransomware and increased heart attacks, Google’s Project Nightingale. As always they end with One Cool Thing. Show Notes Resources: Light Commands https://lightcommands.com/ Ransomware Leads to Heart Attacks https://krebsonsecurity.com/2019/11/study-ransomware-data-breaches-at-hospitals-tied-to-uptick-in-fatal-heart-attacks/ Google Project Nightingale https://www.w...
Industry Phishing Report, Scoring Hosts’ 2019 Predictions, and the Problem w/ mHealth
November 06, 2019 10:00 - 48 minutes - 44.7 MBSteve is back in studio for a special 100th Infosec ICU episode. The guys discuss an industry state of phishing report, the cover the problem with mHealth, and they revisit their bold cyber predictions for 2019 they made in 2018. As always they end with One Cool Thing. Show Notes Resources: Cofense Phishing Report https://cofense.com/phishing-report-2019/ […] The post Industry Phishing Report, Scoring Hosts’ 2019 Predictions, and the Problem w/ mHealth appeared first on MUSC Podcasts.
The Privacy Episode! Digital Assistants spies and Interview with Privacy Expert Kellie Mendoza
October 30, 2019 10:00 - 43 minutes - 39.6 MBIts the PRIVACY Episode! Gerry and Matt review privacy implications of SRLabs recently released research on using digital assistants as eavesdropping devices. They interview Privacy Officer Kellie Mendoza for her perspective and reflect afterward on the interview. As always they end with One Cool Thing. Show Notes Resources: Digital Assistant Spies https://www.scmagazine.com/home/security-news/iot/malicious-voice-apps-can-turn-alexa-and-google-home-devices-into-spies-say-researchers/ Kellie ...
Federal Privacy Legislation, Cybersecurity Culture Best Practices, SMB Still Struggling
October 23, 2019 10:00 - 43 minutes - 39.6 MBGerry and Matt dig into the proposed federal regulation ‘Mind Your Own Business Act’ and how it could shape privacy. They examine how to build a cybersecurity culture at your organization, and reflect on the recently released Ponemon global report on SMB cybersecurity. As always they end with One Cool Thing. Show Notes Resources: Mind […] The post Federal Privacy Legislation, Cybersecurity Culture Best Practices, SMB Still Struggling appeared first on MUSC Podcasts.
Malware Analysis, Infosec Job Market, and MFA
October 16, 2019 10:00 - 41 minutes - 38 MBGerry and Brandon discus various methods for malware analysis, the infosec job market, and multifactor authentication. As always they end with One Cool Thing. Show Notes Resources: Malware Analysis https://app.any.run/ Infosec Job Market https://www.cyberseek.org/heatmap.html Black Hills Information Security – 5 Year Path: Success in Infosec FBI Warning Around MFA https://www.zdnet.com/article/fbi-warns-about-attacks-that-bypass-multi-factor-authentication-mfa/ One Cool Thing Malware Traff...
Offensive Pentester Paul Ihme Interview and Reflections
October 09, 2019 10:00 - 46 minutes - 42.3 MBGerry and Brandon interview professional red teamer and penetration test expert Paul Ihme. As always they end with One Cool Thing. Show Notes Resources: Paul Ihme https://www.linkedin.com/in/ihme/ One Cool Thing Security Onion https://github.com/Security-Onion-Solutions/security-onion/wiki/IntroductionToSecurityOnion Wappalyzer https://www.wappalyzer.com/ Contact Email [email protected] Twitter: Gerry Auger (@Gerald_Auger) Brandon Stephens (@bstephens418) The post Offensive Pentester Paul...
Malspam Trends and Apple Security News
October 02, 2019 10:00 - 36 minutes - 33.2 MBGerry and Brandon discuss trends in malspam, a permanent iOS vulnerability, and a significant webkit exploit campaign. As always they end with One Cool Thing. Show Notes Resources: Malspam Trends https://www.zdnet.com/article/most-malspam-contains-a-malicious-url-these-days-not-file-attachments/ iOS Permenant Vulnerability https://www.healthcareinfosecurity.com/apple-ios-has-permanent-bootrom-vulnerability-a-13159 Webkit Zeroday for Mac and iOS https://arstechnica.com/information-technology/...
Public Cloud Breaches, IoT Physical Security, National Cyber Security Awareness Month
September 25, 2019 10:00 - 36 minutes - 33.6 MBGerry and Brandon discuss an absurd amount of public cloud misconfigurations, IoT door locks, and things you can do to be involved with October’s National Cyber Security Awareness. As always they end with One Cool Thing. Show Notes Resources: Public Cloud Misconfigurations https://www.zdnet.com/article/99-percent-of-all-misconfiguration-in-the-public-cloud-go-unreported/ Digital and IoT Physical Security https://threatpost.com/hack-of-high-end-hotel-smart-locks-shows-iot-security-fail/147178...
Insider Threats with M & A and Jeffrey Smith Interview on Cyber Insurance
September 18, 2019 10:00 - 59 minutes - 54.6 MBGerry and Brandon discuss risk when working through merger and acquisitions and Gerry interviews Cyber Risk Underwriter’s Jeffrey Smith about cyber insurance. As always they end with One Cool Thing. Show Notes Resources: Mergers and Acquisitions Put Your IP at Risk https://www.scmagazine.com/home/opinion/executive-insight/ma-gone-bad-the-brutal-truths-about-insider-threat/ Interview with Cyber Risk Underwriter’s Jeffrey Smith Interview Commentary and Cyber Insurance One Cool […] The post In...
HIC-MISO, Insider Threats, and NIST Securing PACS
September 11, 2019 10:00 - 5 MBGerry and Brandon discuss Health Industry Cybersecurity Matrix – Information Sharing Organizations (HIC-MISO), ask how insider threats can affect your organization, and mention a NIST initiative for securing PACS systems. As always they end with One Cool Thing. Show Notes Resources: Health Industry Cybersecurity – Matrix of Information Sharing Organizations (HIC-MISO) https://healthsectorcouncil.org/hic-miso/ Insider Threats https://www.ekransystem.com/en/blog/insider-threat-statistics-facts...
Telehealth Cybersecurity Considerations, Google and UChicago Lawsuit Updates, and Siri says Sorry
September 04, 2019 10:00 - 44 minutes - 40.6 MBGerry and Aaron discuss the current state of a HIPAA lawsuit featuring Google and UChicago Medical Center as defendants. They discuss the emerging security concerns surrounding Telehealth and what NIST is doing about it. They wrap up the main show discussing yet another major player in the market apologizing for letting humans hear private recordings. […] The post Telehealth Cybersecurity Considerations, Google and UChicago Lawsuit Updates, and Siri says Sorry appeared first on MUSC Podcast...
Oops we lost your DNA, Patient Privacy Reform, and Solving the Cyber Security Problem
August 28, 2019 12:35 - 55 minutes - 51.1 MBGerry and Brandon discuss a breach at Massachusetts General Hospital, patient privacy reform around addiction treatment, and how to solve the cyber security problem. As always they end with One Cool Thing. Show Notes Resources: Breach at Massachusetts General Hospital https://www.idigitalhealth.com/news/data-breach-of-10k-at-mgh-puts-study-participants-genetic-info-at-risk Patient Privacy Reform for Addiction Treatment https://healthitsecurity.com/news/hhs-proposes-reform-of-patient-privacy-...
Coordinated Ransomware Attack in The Lone Star State, Security Certs for Healthcare Leaders, and a Delta Lawsuit for “Inadequate” Security
August 21, 2019 10:00 - 42 minutes - 38.6 MBGerry and Brandon discuss the coordinated attack on Texas municipalities, CHISL – a healthcare leadership security certification, and a third-party lawsuit from Delta for inadequate security. As always they end with One Cool Thing. Show Notes Resources: Texas Ransomware https://threatpost.com/coordinated-ransomware-attack-hits-23-texas-government-agencies/147457/ CHISL https://www.healthcareinfosecurity.com/interviews/new-credential-for-healthcare-security-leaders-i-4415 Delta Lawsuit https:...
Blackhat and DEFCON, Defending Deepfakes, and Cyber Insurance In-Depth
August 14, 2019 10:00 - 49 minutes - 45.6 MBGerry and Brandon discuss Gerry’s Blackhat and DEFCON experience and feature a few key talks from the conference. As always they end with One Cool Thing. Show Notes Resources: BlackHat 2019 https://www.blackhat.com/us-19/ DEFCON 27 https://www.defcon.org/html/defcon-27/dc-27-index.html Deepfakes https://i.blackhat.com/USA-19/Thursday/us-19-Price-Playing-Offense-And-Defense-With-Deepfakes.pdf Cyber Insurance https://www.blackhat.com/us-19/micro-summits.html#cyber-insurance One Cool Thing Jock...
Capital One Breach, Urgent/11, and Securing Patient Portals
August 07, 2019 10:00 - 45 minutes - 41.6 MBGerry and Brandon discuss the recent Capital One breach and how the alleged attacker was easily captured. The cover the release of 11 0-day vulnerabilities for a highly used but little discussed OS. They finish the discussion with securing healthcare patient portals. As always they end with One Cool Thing. Show Notes Resources: Capital One […] The post Capital One Breach, Urgent/11, and Securing Patient Portals appeared first on MUSC Podcasts.
Encryption Backdoors, State of Emergency for Ransomware Attacks, “Educating” the Human Factor
July 31, 2019 10:00 - 36 minutes - 33 MBGerry and Brandon dig into a classic debate in the information security world: Encryption Backdoors. Atty General William Barr recently implored an audience of cybersecurity professionals to champion backdoors in technology implemented encryption. They discuss the utility and implementation of the state of Louisana’s ‘state of emergency’ declaration; is the National Guard a cyber fire […] The post Encryption Backdoors, State of Emergency for Ransomware Attacks, “Educating” the Human Factor ...
Equifax Settling for $700M, CISOs 18-Month Shelf Life, and BGP Insecurity interview with Dr. Mike Ham
July 24, 2019 10:00 - 49 minutes - 45.6 MBGerry and Brandon discuss the impending Equifax $700M settlement and what it means in a macrocosm manner. They follow up analyzing the quantified trend of CISOs on average lasting 18-24 months per job posting. They finish by interviewing Dr. Mike Ham around BGP security. As always they end with One Cool Thing. Show Notes Resources: […] The post Equifax Settling for $700M, CISOs 18-Month Shelf Life, and BGP Insecurity interview with Dr. Mike Ham appeared first on MUSC Podcasts.
Zoom Vulnerability Responses, Ponemon Report on 3rd Party Vendor Risk in Healthcare, Data and Privacy Security Academic Conference
July 17, 2019 10:00 - 47 minutes - 32.6 MBGerry and Steve discuss Zoom and Apples response and actions from the Zoom fallout of silent local webservers on endpoints. The guys discuss the Ponemon report on third party risk management in the healthcare industry. Finally they discuss the academic conference Gerry is currently attending in Charleston and feature a talk on Adversarial Attack Sampling […] The post Zoom Vulnerability Responses, Ponemon Report on 3rd Party Vendor Risk in Healthcare, Data and Privacy Security Academic Confe...
British Airs GDPR Mega Fine, Attacking Outlook for Fun and Profit , and DoH for Bad Guys
July 10, 2019 10:00 - 35 minutes - 24.2 MBGerry and Steve discuss a looming $240 Million dollar GDPR non-compliance fine for British Airways for an incident you may not think is GDPR coverable. They follow by talking about how malicious actors are abusing weaknesses in Outlook to establish persistence on corporate systems. Finally they discuss the proliferation of DNS over HTTP to make […] The post British Airs GDPR Mega Fine, Attacking Outlook for Fun and Profit , and DoH for Bad Guys appeared first on MUSC Podcasts.
Florida man….Fired for Falling for Phish, UChicago Class Action Lawsuit, and Softening HIPAA Fines
July 03, 2019 10:00 - 37 minutes - 25.4 MBGerry and Steve discuss the penalty exacted on a Florida man who was responsible for opening a malicious email leading to a ransomware attack. They discuss UChicago’s and Google being sued for (maybe) improperly handling patient data. They wrap up discussing legislation going through Senate to help reduce financial penalties associated with HIPAA incidents depending […] The post Florida man….Fired for Falling for Phish, UChicago Class Action Lawsuit, and Softening HIPAA Fines appeared first...
Patrick Wardle, Apple Security Researcher Interview and Rivieria Beach Ransomware
June 26, 2019 10:00 - 51 minutes - 35.6 MBBrandon and Steve take to the studio discussing the ransomware payout in Rivieria Beach. The guys interview Apple Security Researcher and regular security con speaker Patrick Wardle to discuss his research and thoughts on Apple Security. As always they end with One Cool Thing. Show Notes Resources: Objective-See https://objective-see.com/ Riviera Beach Ransomware https://securityaffairs.co/wordpress/87381/breaking-news/riviera-beach-city-ransomware.html CHS BSides […] The post Patrick Wardl...
DHS Cyber Incident Response Bill, National Unique Patient Identifiers, and Recruiting a Healthcare Cyber Workforce
June 19, 2019 10:00 - 34 minutes - 23.8 MBThe guys are focused on Washington DC this week. The guys discuss legislation that is working its way through the process on establishing a DHS cyber incident response team and the lifted ban on developing a unique patient identifier to promote patient data interoperability (and privacy concerns around that). The wrap up discussing a recent […] The post DHS Cyber Incident Response Bill, National Unique Patient Identifiers, and Recruiting a Healthcare Cyber Workforce appeared first on MUSC P...
NCHICA, Personal VPNs, and Have I Been Pwned
June 12, 2019 10:00 - 46 minutes - 31.8 MBSteve provides insights from last weeks NCHICA conference he attended. The guys sped time discussing the pros and cons of personal VPNs and what you should consider when selected one. They wrap up discussing the Have I Been Pwned breach database going from home grown to corporate. As always they end with One Cool Thing. […] The post NCHICA, Personal VPNs, and Have I Been Pwned appeared first on MUSC Podcasts.
Ransomware Actor Retiring, Phishing Victim Sanctions, and the Vulnerabilities Equities Program
June 05, 2019 10:00 - 47 minutes - 43.4 MBBrandon and Gerry discuss the recent announcement of the premiere Ransomware player in the market retiring, appropriate sanctions organizations should use when addressing victims of phishing, and the US Government vulnerability equities program (VEP). As always they end with One Cool Thing. Show Notes Resources: GandCrab Crew Retiring https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/ Terminating Users for Falling for Phishes […] The post Ransomware Actor Re...
The Blue Episode: BlueKeep Updates, Blue Team Skillsets, Blue Feeling Security Researchers
May 29, 2019 10:00 - 43 minutes - 29.7 MBSteve and Gerry aren’t feeling blue, but happy to share information security with blue-shaded glasses. They follow up on last week’s story of am ransomware event in Baltimore and how the NSA tool EternalBlue has been identified as part of the spreading mechanism. The interview show friend, Brandon Stephens, on his guidance on Blue Teaming […] The post The Blue Episode: BlueKeep Updates, Blue Team Skillsets, Blue Feeling Security Researchers appeared first on MUSC Podcasts.
BlueKeep, Baltimore’s Ransomware Debacle, and Deceitful Decryption Vendors
May 22, 2019 10:00 - 38 minutes - 26.3 MBSteve and Gerry discuss the major Windows vulnerability in the news “BlueKeep” and what you need to know about responding to it. They discuss the city of Baltimores current ransomware debacle and finish with firms that promise to aid you in decrypting your ransomware files but in reality are just brokering with the attackers. As […] The post BlueKeep, Baltimore’s Ransomware Debacle, and Deceitful Decryption Vendors appeared first on MUSC Podcasts.
Advertisers Abusing Access to App Data, Annual Verizon DBIR, and State of SC Privacy Conference
May 15, 2019 10:00 - 47 minutes - 32.3 MBSteve and Gerry discuss an interesting angle on the capitalization of user data by online gambling sites targeting individuals that take medication with side effects of increase impulsive behaviors. They laud the annual Verizon data breach incident report and highlight their favorite findings. They wrap up the main segment discussing the recent State of South […] The post Advertisers Abusing Access to App Data, Annual Verizon DBIR, and State of SC Privacy Conference appeared first on MUSC P...
TMI OCR Settlement, Gerry’s Healthcare Research Revealed, Mirrorthief Supply Chain Risks
May 08, 2019 10:00 - 47 minutes - 32.7 MBSteve and Gerry discuss a recent $3M OCR settlement with Touchstone Medical Imaging (TMI) and how foundational security controls are commonly missed. Gerry finally shares his Ph.D. research with the show and digs into the main issues facing small healthcare practices. Finally, the guys discuss Supply Chain risk using the recent MirrorThief card skimming attacks […] The post TMI OCR Settlement, Gerry’s Healthcare Research Revealed, Mirrorthief Supply Chain Risks appeared first on MUSC Podcas...
Mental Health Apps Deceptively Selling Data, Human-Centered Computing Expert, Dr. Kelly Caine, Interview and Reflections
May 01, 2019 10:00 - 46 minutes - 31.9 MBSteve and Gerry discuss recent research discovering mental health applications that are sharing personal data without informing the user, and the implications this practice has for individuals. Clemson’s Dr. Kelly Caine is interviewed on her work around her paper “Privacy is Health” and the bioethical implications of technology diagnosing individuals that are not seeking treatment. […] The post Mental Health Apps Deceptively Selling Data, Human-Centered Computing Expert, Dr. Kelly Caine, In...
Weaponizing DICOM and Dr. Charlie Frank, Mirai Botnet Expert, Interview
April 24, 2019 10:00 - 41 minutes - 28.6 MBSteve and Gerry discuss recent research around embedding malware in DICOM image files, and they interview Dr. Charlie Frank, Mirai Botnet expert. As always they end with One Cool Thing. Show Notes Resources: Malware Embedded DICOM Files https://threatpost.com/hipaa-protected-malware-medical-images/143890/ One Cool Thing The Internet Arcade https://archive.org/details/internetarcade Louie, Louie – whoa, whoa https://www.digitaltrends.com/cool-tech/nasa-robot-king-louie Contact Email infosec...
Microsoft Email Breaches, API Security Concerns, and Irresponsible Vulnerability Disclosure
April 17, 2019 10:00 - 42 minutes - 29.2 MBThe guys discuss a recent privileged account compromise at Microsoft corporate that resulted in an email breach. They speak high-level of API security concerns and what to expect in the future. Finally they cover a recent example of vulnerability disclosure done poorly that left potentially 160,000 WordPress websites being exploited. As always they end with […] The post Microsoft Email Breaches, API Security Concerns, and Irresponsible Vulnerability Disclosure appeared first on MUSC Podcast...
Amazon Echo in Healthcare, College Admissions Hacked, and Healthcare Integrity and Availability Security Needs
April 10, 2019 10:00 - 41 minutes - 28.8 MBSteve and Gerry discuss the nuances of the Amazon Echo device receiving HIPAA compliance branding. They provide a look at the college admission process leveraging cloud platforms and how they were successfully hacked for fun and profit. Finally the guys discuss the cybersecurity elephant in the healthcare room that providers are not talking about. As […] The post Amazon Echo in Healthcare, College Admissions Hacked, and Healthcare Integrity and Availability Security Needs appeared first on ...
Insider Threat Risk Mitigation, Cyber Insurance-backed Certification, Fisticuffs Vulnerability Disclosure
April 03, 2019 10:00 - 45 minutes - 30.9 MBSteve and Gerry discuss an insider threat issue that resulted in $700K worth of damage to a company in retaliation for termination. The obvious involuntary terminations activities were performed, but what issues led to a compromise? They spend time covering the advancement on cyber insurance driving security technology adoption. The finish the topics with a […] The post Insider Threat Risk Mitigation, Cyber Insurance-backed Certification, Fisticuffs Vulnerability Disclosure appeared first o...
Old Software Needs Security Love Too, Windows 7 Going the Way of the Dodo, and Pwn2Own
March 27, 2019 10:00 - 34 minutes - 23.4 MBSteve and Gerry discuss the discovery of a 19 year old vulnerability, how organizations using Windows 7 now really really have to do something about it, and how the Pwn2Own 0-day contest in Vancouver is dropping 0-days like it’s hot. As always they end with One Cool Thing. Show Notes Resources: WinRar Bug https://www.scmagazine.com/home/security-news/hack-u-next-ariana-grande-file-is-one-of-100-ways-attackers-are-exploiting-winrar-bug/ Microsoft […] The post Old Software Needs Security Love...
Cult of the Dead Cow Presidential Candidate, Vishing Robocalls, and Pentesting in the Gig Economy
March 20, 2019 10:00 - 42 minutes - 29.5 MBThe guys discuss how a presidential candidate out of Texas is a member of the Cult of the Dead Cow, a hacktivist group started in 1990’s. They cover vishing attacks and how the government is trying to pass anti-robocall legislation. Finally they touch on pentesting in the gig economy. As always they end with One […] The post Cult of the Dead Cow Presidential Candidate, Vishing Robocalls, and Pentesting in the Gig Economy appeared first on MUSC Podcasts.
AMA Insights into HHS OCR RFI Comments, HIPAA Criminal Prosecution, and COPPA Compliance
March 13, 2019 10:00 - 34 minutes - 24 MBWhat are Gerry and Steve talking about this week? Steve had an opportunity to talk with the AMA and provide a deeper dive into their comments to HHSs’ recent request for information related to HIPAA updates. The guys dig into a rare instance of federal criminal prosecution of HIPAA violation. They finish up discussing an […] The post AMA Insights into HHS OCR RFI Comments, HIPAA Criminal Prosecution, and COPPA Compliance appeared first on MUSC Podcasts.
Federal Privacy Bill in the Works, Facebook Abuses Access to Users Phone Numbers, HIPAA Breach Notification for Media
March 06, 2019 10:00 - 42 minutes - 29.1 MBWhat are Gerry and Steve talking about this week? The guys discuss the federal government beginning to engage experts to develop a bill to address citizen’s privacy. The call out Facebook for offering multi-factor authentication and then using users phone numbers for other means. They round out with the obligation of media outlets to publish […] The post Federal Privacy Bill in the Works, Facebook Abuses Access to Users Phone Numbers, HIPAA Breach Notification for Media appeared first on M...
The AMA and Patient Access, Top 3 Red Team Findings, and University of Washington Medicine Breach
February 27, 2019 10:00 - 41 minutes - 28.2 MBWhat are Gerry and Steve talking about this week? The Office of Civil Rights (OCR) asked for input on their proposal for improving patient access to PHI and the AMA responded with 29 pages of well-crafted sense. Will OCR listen? A red teamer provides some lessons learned after 6 years of penetration testing engagements. The […] The post The AMA and Patient Access, Top 3 Red Team Findings, and University of Washington Medicine Breach appeared first on MUSC Podcasts.
FBi(Cloud), HHS Expanding Interoperability, and Mental Health in Information Security
February 20, 2019 10:00 - 39 minutes - 26.8 MBGerry and Steve discuss Apple’s iOS approach to security and the nuances with the recent FBI interaction with data requests from Apple. They talk about an HHS proposed rule released at HIMSS 19 this week on healthcare interoperability and data sharing and the security concerns that may introduce. They round out with mental health concerns […] The post FBi(Cloud), HHS Expanding Interoperability, and Mental Health in Information Security appeared first on MUSC Podcasts.
Devil’s in the Details of Cyber Security Insurance, Apple Protects Privacy, Docker Vulnerability Released
February 13, 2019 10:00 - 31 minutes - 22 MBGerry and Steve discuss an ongoing case of an insurance provider withholding a claim payment because NotPetya may have been an act of war. They discuss the privacy implications of Apple holding application developers accountability for notifying users of screen capping user sessions. Finally the guys get technical, discussing a Docker (and really most container […] The post Devil’s in the Details of Cyber Security Insurance, Apple Protects Privacy, Docker Vulnerability Released appeared fir...
MITRE’s CVSS for Medical Device Guide, Cheating with Apple Watch, and Apple v. Facebook/Google Spat
February 06, 2019 10:00 - 31 minutes - 21.5 MBGerry and Steve discuss MITRE’s new CVSS scoring guide for medical devices that is currently out for comments and what it could mean for healthcare. They cover a trending issue of unethical behavior using Apple watch to cheat on exams, and they round out the show covering Apple’s revoking the enterprise certificates issued to Facebook […] The post MITRE’s CVSS for Medical Device Guide, Cheating with Apple Watch, and Apple v. Facebook/Google Spat appeared first on MUSC Podcasts.
The HSCC Medical Device JSP, China looking for debt holders, and Japan attacking IoT for the Olympics
January 30, 2019 10:00 - 34 minutes - 23.7 MBBrandon Stephens joins Steve on the show as they dig into the latest Joint Security Plan from the Healthcare and Public Health Sector Coordinating Council on Medical Device and Health IT security. They also cast their gaze to the Far East to discuss China’s plan to encourage whistle blowers to turn in debtors via an […] The post The HSCC Medical Device JSP, China looking for debt holders, and Japan attacking IoT for the Olympics appeared first on MUSC Podcasts.
Major Password Cache Dumped, HL7 Expert Interview, Defense Health Agency Insecurity
January 23, 2019 10:00 - 59 minutes - 40.6 MBSteve and Gerry are in the studio discussing a massive password cache that was discovered and if you should actually be concerned. Steve interviews Dallas Haselhorst, an HL7 protocol security expert. Finally they finish off discussing the insecurity discovered by the OIG after reviewing security controls at several DoD healthcare facilities. Show Notes Resources: Password […] The post Major Password Cache Dumped, HL7 Expert Interview, Defense Health Agency Insecurity appeared first on MUSC ...
Doxware, Erik Decker CISO Interview, Amazon Ring Privacy Issues
January 16, 2019 17:59 - 54 minutes - 37.4 MBSteve and Gerry discuss The Dark Overlords 9/11 related doxware activity with law firms and “extortionware” in general. Steve interviews CISO and CPO for UChicago Medical Erik Decker. Finally the guys discuss recent news of misuse and privacy violations of Amazon Ring video feeds. Show Notes Resources: 9/11 Ransomware https://motherboard.vice.com/en_us/article/yw79k5/hacker-group-threatens-dump-911-insurance-files-dark-overlord Amazon Ring Privacy https://motherboard.vice.com/en_us/article/y...
DHHS Cybersecurity Guidance, AI Re-Identifying PHI, and NSA Tool Release
January 09, 2019 10:00 - 39 minutes - 27.1 MBSteve and Gerry unpack the newest report from the Department of Health and Human Services and detail the practicality of it for helping organizations of various sizes. The share research out of UC Berkley showing how AI can re-identify HIPAA compliant de-identified data. They finish by discussing the NSA disassembler tool that will be released […] The post DHHS Cybersecurity Guidance, AI Re-Identifying PHI, and NSA Tool Release appeared first on MUSC Podcasts.
2018 Cyber Year in Review and Predictions for 2019
January 01, 2019 10:00 - 52 minutes - 35.9 MBSteve and Gerry reflect on a very busy 2018 in the cyber security industry. They discuss the big stories and the lessons learned from them including SamSam’s effective attacks and Facebook’s data practices. They also cover some overblown stories from the year. They put their soothsaying abilities to the test, each submitting two predictions for […] The post 2018 Cyber Year in Review and Predictions for 2019 appeared first on MUSC Podcasts.
(The Juicy) Equifax Breach Report, Insecure DoD facilities, and PHYSEC
December 19, 2018 10:01 - 50 minutes - 34.9 MBSteve and Gerry dive head first into the Equifax Breach Report. There is much to learn from and parallels for many businesses to self-identify. They cover a recent IG report of US Missile Defense facilities and their poor security postures. Finally they touch on an oft overlooked element of information security, properly destroying paper records. […] The post (The Juicy) Equifax Breach Report, Insecure DoD facilities, and PHYSEC appeared first on MUSC Podcasts.
Marriott Starwood Breach, BioHacked Man Lee Wangenheim Interview, RFID-Related Privacy Legislation
December 12, 2018 10:00 - 51 minutes - 47.1 MBGerry and Brandon are back in the studio discussing the Marriott Starwood breach. Steve interviews an RFID/NFC bio-hacked individual, and Gerry and Brandon discuss the ramifications and privacy legislation around RFID for personal identification. Show Notes Resources: Marriott / Starwood Breach https://www.washingtonpost.com/business/2018/11/30/marriott-discloses-massive-data-breach-impacting-million-guests/ Privacy Regulations http://www.ncsl.org/research/telecommunications-and-information...