State of Cybercrime
186 episodes - English - Latest episode: about 2 months ago - ★★★★★ - 48 ratingsJoin us for State of Cybercrime, where experts discuss the latest trends and developments in the world of cybercrime and provide insights into how organizations can protect themselves from potential threats.
Sponsored by Varonis
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Inside China's APT Network
March 01, 2024 05:00 - 21 minutes - 20 MBA new data leak of more than 500 documents published to GitHub reveals the big business behind China’s state-sponsored hacking groups — from top-secret surveillance tools to details of offensive cyber ops carried out on behalf of the Chinese government. Join Matt and David for a special State of Cybercrime, which dives into China's espionage campaigns and complex network of resources. We’ll also discuss: - The massive cyberattack on Change Healthcare - Zyndicate’s successful hack of ...
Ivanti Zero-Days
February 08, 2024 08:00 - 22 minutes - 20.5 MBCISA issued an emergency directive to mitigate Ivanti Connect Secure and Ivanti Policy Secure vulnerabilities after learning of malware targeting the software company, allowing unauthenticated threat actors to access Ivanti VPNs and steal sensitive data. CISA is requiring all federal agencies to disconnect from affected Ivanti products by EOD February 2, 2024. The directive also warned that attackers had bypassed workarounds for current resolutions and detection methods. Join Matt, David...
Hackers Swatting Victims
January 19, 2024 10:00 - 25 minutes - 23.6 MBEnjoy our first State of Cybercrime episode of 2024 as Matt Radolec and David Gibson cover: Who is to blame for 23andMe’s big breach SEC’s X account getting hacked Threat actors swatting patients Varonis Threat Labs research on a new, widespread vulnerability: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes Mentioned in this episode: NTLM Blog Post: https://www.varonis.com/blog/investigate-ntlm-brute-force Varonis Threat Labs Blog: https://www.varonis.c...
AI Executive Order
November 09, 2023 10:00 - 25 minutes - 23.1 MBIn this episode of 'State of Cybercrime', the hosts discuss various topics including an executive order on Artificial Intelligence(AI) by President Biden promoting a balance between AI safety, security, privacy and innovation, as well as implications for American leadership in AI. They covered the disruptive Mozi Botnet, SolarWinds CISO's challenged with fraud and difficulties experienced by IT administrators patching vulnerabilities. They also touched on the continuous exploitations of Citr...
The Double-Helix Heist
October 19, 2023 09:00 - 18 minutes - 16.8 MBFew breaches have drawn as much social media fervor as the recent 23andMe incident, in which the genomics company was victim to a massive credential stuffing attack that leveraged leaked and reused passwords to target accounts without MFA. What differentiates this attack from others is that 23andMe itself was not breached, but an entire wave of its users was targeted individually. There are claims that these profiles — including genetic and geographic ancestry data — are available on hackin...
Live at Black Hat
August 10, 2023 13:15 - 16 minutes - 15 MBJoin Matt Radolec and David Gibson for this episode of the State of Cybercrime, recording from Black Hat 2023, as they cover the latest threats you need to know about. Also be sure to check out our webinar, New SEC Cyber Rules: Action Plan for CISOs and CFOs on Tuesday, August 22 | 12 p.m. ET. Link here: https://info.varonis.com/en/webinar/what-the-new-sec-requirements-mean-for-your-org-2023-08-22
The Storm-0558 Rages On
July 29, 2023 10:00 - 19 minutes - 18 MBThe Storm-0558 incident has proven to be even more widespread than initially reported. While Microsoft originally stated that only Outlook.com and Exchange Online were affected, Wiz Research has discovered that the compromised signing key may have allowed the cybercriminal group to forge access tokens for SharePoint, Teams, OneDrive, and every other app that supports logging in with Microsoft credits. Watch our team of experts during this State of Cybercrime episode that assesses the reach o...
Storm-0558
July 22, 2023 12:00 - 28 minutes - 26.5 MBA Microsoft zero-day vulnerability has allowed hacking group Storm-0558 to forge Azure AD authentication tokens, and breach organizations — including U.S. government agencies — in the past week. Watch this State of Cybercrime episode to hear our experts break down how this attack happened, see the discoveries made by the Varonis Threat Labs team, and learn what you can do to make sure your data is safe and secure.
The MOVEit Exploit
June 15, 2023 10:00 - 33 minutes - 30.8 MBAcross the globe, CL0P ransomware group is extorting hundreds of organizations after exploiting an unknown SQL injection vulnerability in file transfer service MOVEit. The victims need to contact the ransomware group by June 14 or their stolen data will be published publicly on the group’s extortion site. Join Matt Radolec, David Gibson, and special guest Dvir Sason to learn more about how the ransomware group exploited the critical flaw in the transfer application, which they were likely ex...
DOD’s Response to Data Leaks
May 04, 2023 21:38 - 35 minutes - 32.6 MBIn the wake of the U.S. defense leak, the Pentagon CIO has given a one-week deadline for all defense agencies to ensure compliance with DOD information security protocols. But what does that actually mean? Join Matt, David, and Varonis Team Lead Engineer for U.S. Public Sector Trevor Brenn for a State of Cybercrime episode that breaks down what the DOD is demanding from its agencies and how this influences the future of information security within government.
U.S. Defense Papers Leak
April 17, 2023 14:09 - 35 minutes - 32.5 MBLinks mentioned in this episode: • Video course (free) on building an IR plan: https://info.varonis.com/thank-you/course/cyber-incident-response • Blog post about LockBit: https://www.varonis.com/blog/anatomy-of-a-ransomware-attack • Blog post about HardBit: https://www.varonis.com/blog/hardbit-2.0-ransomware
China's Silent Cyber Campaigns
March 31, 2023 14:32 - 24 minutes - 22.7 MBRecent cyberattacks, zero-days, and APTs have positioned China as a cybersecurity adversary. Join Matt Radolec and David Gibson for a special State of Cybercrime episode, during which the two will discuss the recent wave of stealth Chinese cyberattacks against U.S. private networks and what this means for U.S.-Chinese relations in 2023. Matt and David also cover: -The congressional TikTok hearing surrounding data privacy concerns as a byproduct of Chinese ownership -The recent Facebook ac...
Don't Breach Where You Eat
March 06, 2023 13:59 - 35 minutes - 32.2 MBStill reeling from last year’s data breach, password manager LastPass recently shared that the same attacker who targeted the organization in August has struck again, this time using stolen data to hack an employee’s home computer. Join Matt Radolec and David Gibson as they walk you through the multi-stage attack, revisiting the discussion of the initial intrusion and outlining how that stolen data was weaponized months later to breach the company’s vault. Matt and David will also spotligh...
A new beginning
February 27, 2023 20:27 - 50 seconds - 784 KBWe're back! Kind of. We'll soon relaunch this podcast and wanted to give you a quick update on what's happening.
New Hacking with Friends Livestream!
June 23, 2020 19:02 - 48 seconds - 755 KBThanks for watching the first season of the security tools podcast! Want more? We're live on the SecurityFwd YouTube channel twice per week! Come hack with us or watch any of the previously recorded streams.
Hacking Through School: College Cybersecurity Jobs with Nick Godshall
May 14, 2020 12:00 - 49 minutes - 45.3 MBNick's Twitter: https://twitter.com/nickgodshall Kody's Twitter: https://twitter.com/kodykinzie Varonis Cyber Attack Workshop: https://www.varonis.com/cyber-workshop/
Catching Russian Hackers in Decommissioned Servers with Adrian from Thinkst
April 28, 2020 05:00 - 50 minutes - 46.5 MBCanary Tokens - https://canarytokens.org/generate Learn more about canaries - https://canary.tools/ Adrian's Twitter - https://twitter.com/sawaba
Breaking Facial Recognition With Vic From F-Secure
April 07, 2020 08:10 - 58 minutes - 53.6 MBApologies for the scratchy mic! Vic's Blog on Defeating Facial Recognition: https://vicharkness.co.uk/2019/02/01/the-art-of-defeating-facial-detection-systems-part-two-the-art-communitys-efforts/ Check out Vic's Twitter: https://twitter.com/VicHarkness Kody's Twitter: https://twitter.com/kodykinzie Varonis Cyber Attack Workshop: https://www.varonis.com/cyber-workshop/
Automating the Fight Against Scammers & Unfair Parking Tickets with DoNotPay
March 14, 2020 07:38 - 43 minutes - 40.2 MBJoshua's Twitter: https://twitter.com/jbrowder1 DoNotPay's website: https://donotpay.com Sue Phone Scammers: https://donotpay.com/learn/robocall-compensation This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
Hacking the Wi-fi of Today & Tomorrow With Mathy Vanhoef
March 04, 2020 08:41 - 1 hour - 61.2 MBMathy's Website: https://www.mathyvanhoef.com Mathy's YouTube Channel: https://twitter.com/vanhoefm Mathy's Paper on Defeating MAC Address Randomization: https://papers.mathyvanhoef.com/asiaccs2016.pdf This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
Arduino Hacking with Seytonic
February 15, 2020 09:25 - 49 minutes - 45.1 MBSeytonic's Malduino Website: https://maltronics.com/ Seytonic's Website: https://seytonic.com/ Seytonic's YouTube Channel: https://www.youtube.com/channel/UCW6xlqxSY3gGur4PkGPEUeA This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
CreepDetector - Detecting Stalkers with Wardriving
February 01, 2020 06:12 - 47 minutes - 32.6 MBAlex's Website: http://alexlynd.com Check out the Creep Detector Video: https://www.youtube.com/watch?v=ug9dHwm3h0s Alex Lynd's Twitter: https://twitter.com/alexlynd Check out Alex's GitHub: https://github.com/AlexLynd This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
Maltego - Open-source Intelligence and Forensics
January 20, 2020 18:08 - 50 minutes - 34.5 MBCheck out Maltego: https://www.maltego.com/ Maltego Twitter: https://twitter.com/maltegohq Check out Maltego use cases: https://docs.maltego.com/support/solutions/articles/15000012022-use-cases This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
Objective-See - Advanced MacOS Security Tools by Ex-NSA Hacker Patrick Wardle
December 16, 2019 22:29 - 56 minutes - 38.7 MBCheck out Objective-See: https://objective-see.com/ Objective-See Twitter: https://twitter.com/objective_see Objective-See Patreon: https://www.patreon.com/objective_see While In Russia: Patrick's RSA talk on hacking journalists - Patrick's Twitter: https://twitter.com/patrickwardle This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
ESP8266 - The Low-cost Wi-Fi Microchip with a Full TCP/IP Stack
November 22, 2019 22:17 - 48 minutes - 33.6 MBStefan's Site with links to all of his projects: https://spacehuhn.io/ Twitter: https://twitter.com/spacehuhn YouTube: https://www.youtube.com/channel/UCFmjA6dnjv-phqrFACyI8tw An overview of the ESP8266 https://www.espressif.com/en/products/hardware/esp8266ex/overview Stefan's Github https://github.com/spacehuhn ESP8266 Deauther 2.0 https://github.com/spacehuhn/esp8266_deauther WiFi Duck - Wireless injection attack Platform https://github.com/spacehuhn/WiFiDuck WiFi Satellite - monit...
Grabify - the IP Logging, Honeypot Tracking URL Shortener
November 08, 2019 21:55 - 45 minutes - 30.9 MBA honeypot is a tool that acts as bait, luring an attacker into revealing themselves by presenting a seemingly juicy target. In our first Security Tools podcast, we explore a free tool called Grabify that can gather information about scammers or attackers when they click on a honeypot tracking link. https://grabify.link/ https://jlynx.net/ https://twitter.com/grabifydotlink This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://ww...
Be the First to Know
November 05, 2019 15:23 - 1 minute - 1.07 MBWe wanted you to be the first to know that next week; we will be back in this same feed with a new security podcast from Varonis. The new Security Tools podcast will keep you up to date with the most exciting and useful tools the Infosec community has to offer. Join us on the new show to hear from the researchers and hackers behind tools like Grabify, a link-based Honeypot service that unmasks scammers leveraging the same web tracking tactics used by most modern websites. We’ll find out wh...
Changing User Behavior
May 29, 2019 12:45 - 26 minutes - 24.2 MBSummer is approaching, and of course, that’s when we feel the most heat. However, for cybersecurity managers, they feel the heat all the time. They must be right every time because cybercriminals only have to be right once. So summer can potentially feel like it’s year-round for cybersecurity pros and it can cause job burnout. Another problem that managers face is the potential ineffectualness of cybersecurity awareness training. Learning and sharing interesting security information in a cl...
Security and Technology Unleashed
May 16, 2019 18:54 - 22 minutes - 20.6 MBSearching a traveler’s phone or laptop is not an extension of a search made on a piece of luggage. As former commissioner of Ontario Ann Cavoukian said, “Your smartphone and other digital devices contain the most intimate details of your life: financial and health records.” In general, it’s also dangerous to connect laws made in accordance with the physical world to the digital space. But even with GDPR that’s aimed to protect consumer data, the law hasn’t taken action against any major tec...
Professor Angela Sasse FREng on Human-Centered Security
May 07, 2019 09:00 - 14 minutes - 13.1 MBLately, we’ve been hearing more from security experts who are urging IT pros to stop scapegoating users as the primary reason for not achieving security nirvana. After covering this controversy on a recent episode of the Inside Out Security Show, I thought it was worth having an in-depth conversation with an expert. So, I contacted Angela Sasse, Professor of Human-Centred Technology in the Department of Computer Science at University College London, UK. Over the past 15 years, she has been ...
Statistician Kaiser Fung: Fishy Stats (Part 3)
April 30, 2019 09:00 - 18 minutes - 8.55 MBOver the past few weeks, Kaiser Fung has given us some valuable pointers on understanding the big data stats we are assaulted with on a daily basis. To sum up, learn the context behind the stats — sources and biases — and know that the algorithms that crunch numbers may not have the answer to your problems. In this third segment of our podcast, Kaiser points out all the ways the stats can trick us through its inherently random nature — variability in stats-speak. Transcript Cindy Ng: In...
We’d Love to Upgrade, But…
April 22, 2019 09:00 - 24 minutes - 22.3 MBIt’s great to be Amazon to only have one on-call security engineer and have security automated. However, for many organizations today, having security completely automated is still an aspirational goal. Those in healthcare might would love to upgrade, but what if you’re using a system that’s FDA approved, which makes upgrading a little more difficult. What if hackers were able to download personal data from a web server because many weren’t up-to-date and had outdated plugins. Meanwhile, her...
Statistician Kaiser Fung: Accuracy of Algorithms (Part 2)
April 17, 2019 09:00 - 9 minutes - 4.27 MBIn part oneof our interview with Kaiser, he taught us the importance of looking at the process behind a numerical finding. We continue the conversation by discussing the accuracy of statistics and algorithms. With examples such as shoe recommendations and movie ratings, you’ll learn where algorithms fall short. Transcript Cindy Ng: In part one, Kaiser taught us the importance of looking at the process behind a numerical finding. And today, we’ll to continue in part two on how to cultivate...
Security on Easy Mode
April 10, 2019 09:00 - 20 minutes - 18.7 MBRecently in the security space, there’s been a spate of contradicting priorities. For instance, a recent study showed that programmers will take the easy way out and not implement proper password security. Antidotally, a security pro in a networking and security course noticed another attendee who covered his webcam, but noticeably had his bitlocker recovery code is printed on a label attached to his screen. When protocols and skills compete for our attention, ironically, security gets place...
Statistician Kaiser Fung: Investigate The Process Behind A Numerical Finding (Part 1)
April 02, 2019 09:00 - 15 minutes - 7.01 MBIn the business world, if we’re looking for actionable insights, many think it's found using an algorithm. However, statistician Kaiser Fung disagrees. With degrees in engineering, statistics, and an MBA from Harvard, Fung believes that both algorithms and humans are needed, as the sum is greater than its individual parts. Moreover, the worldview he suggests one should cultivate is numbersense. How? When presented with a numerical finding, go the extra mile and investigate the methodology,...
The Making of the Modern CISO
March 25, 2019 09:00 - 28 minutes - 26.8 MBShould CISOs use events or scenarios to drive security, not checklists? It also doesn’t matter how much you spend on cybersecurity if ends up becoming shelfware. Navigating one’s role as a CISO is no easy feat. Luckily, the path to becoming a seasoned CISO is now easier with practical classes and interviews. But when cybersecurity is assumed to not be not very important. Does that defeat the leadership role of a CISO? Panelists: Cindy Ng, Sean Campbell, Mike Buckbee, Kris Keyser
Security Expert and "Hacked Again" Author Scott Schober" (Part 2)
March 18, 2019 09:00 - 12 minutes - 11.4 MBScott Schober wears many hats. He's an inventor, software engineer, and runs his own wireless security company. He's also written Hacked Again, which tells about his long running battle against cyber thieves. Scott has appeared on Bloomberg TV, Good Morning America, CNBC, and CNN. We continue our discussion with Scott. In this segment, he talks about the importance of layers of security to reduce the risks of an attack. Scott also points out that we should be careful about revealing perso...
Security Expert and "Hacked Again" Author Scott Schober" (Part 1)
March 11, 2019 09:00 - 14 minutes - 13.4 MBScott Schober wears many hats. He's an inventor, software engineer, and runs his own wireless security company. He's also written Hacked Again, which tells about his long running battle against cyber thieves. Scott has appeared on Bloomberg TV, Good Morning America, CNBC, and CNN. In the first part of the interview, Scott tells us about some of his adventures in data security. He's been a victim of fraudulent bank transfers and credit card transaction. He's also aroused the wrath of cy...
The Psyche of Data
February 25, 2019 09:00 - 21 minutes - 19.8 MBWith data as the new oil, we’ve seen how different companies responded. From meeting new data privacy compliance obligations to combining multiple data anonymized points to reveal an individual’s identity – it all speaks to how companies are leveraging data as a business strategy. Consumers and companies alike are awakening to data’s possibilities and we’re only beginning to understand the psyche and power of data. Tool of the Week: Zorp Panelists: Cindy Ng, Kilian Englert, Mike Buckbee
More Scout Brody: Bringing Design Thinking to IoT
February 22, 2019 09:00 - 9 minutes - 9.07 MBBy now, we’ve all seen the wildly popular internet of things devices flourish in pop culture, holding much promise and potential for improving our lives. One aspect that we haven’t seen are IoT devices that not connected to the internet. In our follow-up discussion, this was the vision Simply Secure's executive director Scout Brody advocates, as current IoT devices don’t have a strong foundation in security. She points out that we should consider why putting a full internet stack on a new ...
Scout Brody, Ph.D. on Creating Security Systems Usable for All
February 14, 2019 09:00 - 13 minutes - 12.2 MBWith the spring just a few short weeks away, it’s a good time to clean the bedroom windows, dust off the ceiling fans, and discard old security notions that have been taking up valuable mind space. What do you replace those security concepts with? How about ones that say that security systems are not binary “on-off” concepts, but instead can be seen as a gentle gradient. And where user experiences developed by researchers create security products that actually, um, work. This new world is ...
The Dance Between Governance, Risk Management, and Compliance
February 05, 2019 09:00 - 23 minutes - 22.1 MBThe combination of business and technology-related challenges and the requirement to meet regulatory compliance obligations as well as managing risk is no easy feat. European officials have been disseminating information on how to prevent online scams, general tips as well as warning signs. Other attorneys have been reflecting on legislative developments to prepare for the year ahead. Meanwhile, businesses like Facebook and Reddit are finding their rhythm as they dance between running their ...
Privacy Attorney Tiffany Li and AI Memory, Part II
January 28, 2019 09:00 - 14 minutes - 13.2 MBTiffany C. Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes and speaks on the privacy implications of artificial intelligence, virtual reality, and other technologies. Our discussion is based on her recent paper on the difficulties with getting AI to forget. In this second part, we continue our discussion of GDPR and privacy, and then explore some cutting edge areas of law and technology. Can AI algorithms own their creative eff...
Reflecting on Breaches, Scams and Fake Everything
January 04, 2019 15:00 - 26 minutes - 24.9 MBOn the last week of the year, the Inside Out Security panelists reflected on the year’s biggest breaches, scams and fake everything. And is computer security warfare? Well, it depends on who you ask. A 7th grader trying to change her grades isn’t an enemy combatant. But keep in mind as another argues, “There's an opponent who doesn't care about you, doesn't play by the rules, and wants to screw you as fully as possible.” Panelists: Cindy Ng, Mike Buckbee, Kilian Englert, Kris Keyser
Privacy Attorney Tiffany Li and AI Memory, Part I
January 01, 2019 11:11 - 11 minutes - 10.8 MBTiffany C. Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes and speaks on the privacy implications of artificial intelligence, virtual reality, and other technologies. Our discussion is based on her recent paper on the difficulties with getting AI to forget. In this first part , we talk about the GDPR's "right to be forgotten" rule and the gap between technology and the law. Consumer Versus Business Interests Cindy Ng Tiffany L...
When IT, Data and Security Collide
December 24, 2018 12:00 - 27 minutes - 25.9 MBThe CIO is responsible for using IT to make the business more efficient. Meanwhile, the CISO is responsible for developing and executing a security program that’s aimed to protect enterprise systems and data from both internal and external threats. At the end of the day, the CISO makes security recommendations to the CIO has the final say. Perhaps it’s time that the CISO gets a seat at the table. Meanwhile, good Samaritans such as Chris Vickery and Troy Hunt help companies find leaked data ...
#2018inFiveWords [Regarding Our Security Landscape]
December 20, 2018 12:00 - 24 minutes - 23.1 MBWe need to do better. Exhausting. Dramatic. That’s how the Inside Out Security panelists described our 2018 security landscape. We see the drama unfold weekly on our show and this week was no different. As facial recognition software becomes more prevalent, we’re seeing it used in security to protect even the biggest stars like Taylor Swift. Her security team set up a kiosk replaying rehearsal highlights. Meanwhile, onlookers who stopped were cross checked against their database of stalkers...
A Spotlight on Technology's Dilemma
December 14, 2018 15:00 - 33 minutes - 30.9 MBThere’s a yin and yang to technology. For instance, the exchange for convenience and ease with our data. Unfortunately Facebook is getting most of the blame, when many companies have collect many points of data as the default setting. Meanwhile, as quickly as diligent security pros are eager to adopt and advance security solutions with biometrics, cybercriminals are equally determined to thwart these efforts. Other articles discussed: • Google’s plan to mitigate bias in their algorithm •...
Security and Privacy are Joined at the Hip
November 20, 2018 12:00 - 31 minutes - 29.5 MBWe’ve completed almost 100 podcast panels and sometimes it feels like we’re talking in circles. Over the years, the security and privacy landscape have gotten more complex, making baseline knowledge amongst industry pros ever so more important. Old concepts are often refreshed into current foundational security concepts. Technological advancements as well as decline also bring forth new challenges. When there’s a decline, we need to reserve the right to change our strategy. For years, users...
What New Tech Can Learn From Old Tech
November 14, 2018 15:00 - 22 minutes - 20.9 MBPasswords are easy to use. Everyone knows how it works. However, many security pros point out the inherent design flaw in passwords as a safe form of authorization and authentication. The good news is that we can reflect upon what old technologies can teach new technologies as we’re creating new products and services. One vital concern to keep in mind are terms and conditions, particularly with DNA ownership rights. Other articles discussed: How did Iran find CIA spies? They Googled It Pa...