The Threatpost Podcast

Inside the Hackers’ Toolkit

There is no question that companies are in the sights of would-be criminals looking to exploit them. While companies look at solutions and trainings to help keep the perimeter secure, the biggest fail point is often the employees, AKA the human element. In this Threatpost podcast, sponsored by Egress, we sit down with Jack Chapman to discuss the steps and tactics that companies can take to stay one step ahead of their adversaries. During our conversation, we discuss: Weaknesses that att...

Being prepared for adversarial attacks

There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, , Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s FortiGuard Labs to discuss the threats facing CISOs along with more. During the course of our discussion, we dive into: What an attack on all fronts looks like The curre...

The State of Secrets Sprawl

Can I tell you a secret? Will you keep it between us? You’ve probably said this or heard this when it comes to friends and family. However, do you also know that secret keeping, or lack thereof is one of the biggest issues that businesses face? According to the recent The State of the Secret Sprawl from GitGuardian further defines the breadth of business secrets. “A secret can be any sensitive data that we want to keep private. When discussing secrets in the context of software develop...

The Truth Behind ‘Mythical’ MacOS Malware – Podcast

A Blockchain Primer and a Bored Ape Headscratcher – Podcast

Cyberattackers Put the Pedal to the Metal – Podcast

Top 3 Attack Trends in API Security – Podcast

Reporting Mandates to Clear Up Feds' Hazy Look into Threat Landscape – Podcast

It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill: Visibility into adversary behavior has been muck.

Staff Think Conti Group Is a Legit Employer – Podcast

The ransomware group’s benefits – monthly bonuses, fines, employee of the month, performance reviews and top-notch training materials – might be better than your own company’s, says BreachQuest’s Marco Figueroa. 

Multi-Ransomwared Victims Have It Coming

There's a yawning gap between IT decision makers' confidence about security vs. their concession that repeated incidents are their own fault, says ExtraHop's Jamie Moles.

Russia Leaks Data From a Thousand Cuts–Podcast

It’s not just Ukraine: Threat intel experts are seeing a flood of data on Russian military, nukes and crooks, even with the Conti ransomware gang having shuttered its leaking Jabber chat server. 

Securing Data With a Frenzied Remote Workforce–Podcast

Stock your liquor cabinets and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.”

The Art of Non-boring Cybersec Training–Podcast

With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.

Killing Cloud Risk by Bulletproofing App Security: Podcast

Applications are the most preferred vectors for cybercriminals. Yet no single team or process can assure the rollout of safe cloud applications. From code design to unit testing to deployment, teams and tools have to work together to detect risks early while keeping the pipeline of digital products moving.   Alex Rice, CTO at HackerOne and Johnathan Hunt, VP of Security at GitLab, help development teams evolve their processes to build security directly into their workflows for smooth and...

Former FBI Gumshoe Nabs Cybercrooks Using Proven Behavioral Clues

How to Buy Precious Patching Time as Log4j Exploits Fly

Threatpost podcast: Cybereason CTO Yonatan Striem-Amit shares details about the company's vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show having been disclosed.

Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast

Podcast: Could the Zoho Flaw Trigger the Next SolarWinds?

Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once

DDoS Attacks Are a Flourishing Business for Cybercrooks – Podcast

Imperva’s Peter Klimek visited Threatpost podcast to discuss the evolution of DDoS attacks: They started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,

Databases Pockmarked With an Average of 26 Vulnerabilities Globally – Podcast

Imperva's Elad Erez discusses findings that 46% of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws.

What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast

Bryce Webster-Jacobsen – director of intelligence operations at digital risk protection/ransomware negotiators GroupSense – dropped by the Threatpost podcast to tell us what percentage of Ragnar Locker’s warning that victims shouldn't call the FBI/police/negotiators is a bluff and what, if anything, security teams should take seriously. 

Verizon DBIR Marries MITRE ATT&CK – Podcast

‘Pay Ransom’ Screen=Too Late, Humpty Dumpty – Podcast

Podcast: Ransomware Up x10; Telecoms Uber Walloped

What’s Next for T-Mobile and Its Customers? – Podcast

Interos CEO Jennifer Bisceglie drops by the Threatpost podcast to talk about avoiding the mess a T-Mobile size breach can lead to, with the damage it can do to a business's brand, reputation, customer loyalty and revenue stream. 

SolarWinds 2.0 Could Set Off the Next Financial Crisis – Podcast

Trillions of dollars in notional value are controlled by hedge funds and private equity firms, many of which have no cybersecurity protection to speak of. The calamitous, widespread SolarWinds attacks was a wakeup call: Another attack of that ilk could lead to the next 2008-esque financial meltdown. Agio CEO Bart McDonough says AI-enabled service platform could maybe, just maybe, help avert it.

Fuzz Off: How to Shake Up Code to Get It Right – Podcast

FuzzCon panelists Damilare D. Fagbemi of Resilience Software Security and Anmol Misra of Autodesk say join the party as they share fuzzing wins & fuzzing fails when building a security testing program

We COVID-Clicked on Garbage, Report Finds: Podcast

n the company’s annual Human Factor 2021 report assessing how the threat landscape morphed over the past year, Proofpoint researchers scratched their heads over the reasons for so many users succumbing to malicious email attachments. Could be that threat actors jumped on our Pavlovian work-from-home security conditioning, as suggested by Proofpoint vice president and general manager of email fraud defense Rob Holmes. Check out the Threatpost podcast for his take on how the pandemic influ...

‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics

Podcast: Why Securing Microsoft Active Directory Is Such a Nightmare

SpecterOps researchers Lee Christensen and Will Schroeder discuss their work, to be presented at Black Hat, on how AD “misconfiguration debt” lays out a dizzying array of attack paths such as the one in the PetitPotam exploit for which Microsoft  rushed out a fix.

IoT Piranhas Are Swarming Industrial Controls

Threat actors have been building enormous botnets using IoT devices to try to compromise the computing systems that control crucial infrastructure, such as pipelines (case in point: the DarkSide ransomware attack on Colonial Pipeline) and other utilities, preying on legacy systems that have decades-old vulnerabilities. In this Threatpost podcast, Armis CISO Curtis Simpson delves into how to fight back.

What’s Next for REvil’s Victims?

Protecting Phones From Pegasus-Like Spyware Attacks

Podcast: Is protecting your phone from spyware attacks a la NSO Group's Pegasus as simple as getting a new SIM card? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block three types of spyware attacks.

What’s Making You a Ransomware Sitting Duck

SophosLabs Principal Researcher Andrew Brandt discusses what makes organizations prime targets for ransomware threat actors, what steps could help them to protect themselves, and what’s stopping them from implementing those steps.

SASE & Zero Trust: The Dream Team

"Trust is a human emotion. Computers don't have emotions. They don't need that trust, inherently" – that's the heart of Zero Trust cybersecurity, and SASE is how to make it happen.  Forcepoint’s Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust a reality.

Insider Risks In the Work-From-Home World

Forcepoint’s Michael Crouse talks about risk-adaptive data-protection approaches and how to develop a behavior-based approach to insider threats and risk: particularly important as security perimeters have expanded due to the pandemic.

The State of Ransomware with Fortiguard's Derek Manky

Effective Adoption of SASE in 2021

Why and How Cybercrooks Milk Exploits in Underground Markets

What's Behind the Cybercriminal Supply Chain

Derek Manky Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs is joined by Threatpost podcast host Cody Hackett about the cybersecurity supply chain. What is it? How is it funded? And who are the victims and criminals within this multi-million dollar dark economy?  

Podcast: Microsoft Exchange Server Attack Onslaught Continues

Weeks after the disclosure around the ProxyLogon group of security bugs, exploitation attempts against unpatched Microsoft Exchange servers have skyrocketed. Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, said that last week researchers with FortiGuard Labs saw activity double over two days for cybercriminals targeting the vulnerabilities. The attackers are using the flaws to deploy cryptominers, ransomware (such as the recently discovered ...

Sponsored Podcast: Ransomware Attacks Exploded in Q4 2020

Ransomware attacks continue to be a top security issue plaguing companies, with researchers from Fortinet's Fortiguard Labs saying they saw an explosion in ransomware activity towards the end of the fourth quarter of 2020.

Chinese Hackers Stole NSA-Linked Hacking Tool: Report

Yaniv Balmas, the head of cyber research with Check Point Software, and Oded Vanunu, the head of products vulnerability research with Check Point Software, talk on this week's Threatpost podcast about the new discoveries around the NSA-linked exploit tools, as well as the implications of the SolarWinds supply-chain hack.

Emotet's Takedown: Have We Seen the Last of the Malware?

Law enforcement have been on a malware-takedown rampage: Last week, several agencies took down servers supporting the Emotet malware. Sherrod DiGrippo, senior director of threat research and detection with Proofpoint, said that no activity involving Emotet has been detected since the takedown effort occurred last week.

Breaking Down Joe Biden's $10B Cybersecurity 'Down Payment'

Joe Biden's inauguration ceremony last week marked a new strategy for the government's cybersecurity initiatives, with the US president's COVID-19 relief plan including $10 billion in funding for various cybersecurity defense initiatives - from hiring key security personnel to support for the Cybersecurity Infrastructure Security Agency (CISA).

CISOs Prep For COVID-19 Exposure Notification in the Workplace

In this week’s Threatpost podcast, senior editor Lindsey Welch talks with Steve Moore, chief security strategist with Exabeam, about the data privacy challenges posed by impending exposure notification implementations in the workplace.

A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets

Threatpost editors Tom Spring, Tara Seals and Lindsey Welch break down the top security stories to look out for in this week's first podcast of 2021 - from the SolarWinds hack to surging ransomware hospital cyberattacks. 

Sponsored Podcast: Simplifying Proactive Defense With Threat Playbooks

Security defense strategy can be very complex - with security teams not dealing with mere small bits of information, but instead dealing with tens of thousands of data points, from IoCs to TTPs, said Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet.

Sponsored Podcast: Cybersecurity in the 'New Normal'

From eCommerce threats, to security concerns in connected speakers, Fortinet researchers discuss the top evolving threats of 2020, heading into the new year.