The Threatpost Podcast
212 episodes - English - Latest episode: over 1 year ago - ★★★★ - 23 ratingsThreatpost writers Mike Mimoso and Chris Brook discuss security threats, attacks, vulnerability research and trends with a variety of industry executives, researchers and experts.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Inside the Hackers’ Toolkit
August 09, 2022 14:46 - 16 minutes - 29.3 MBThere is no question that companies are in the sights of would-be criminals looking to exploit them. While companies look at solutions and trainings to help keep the perimeter secure, the biggest fail point is often the employees, AKA the human element. In this Threatpost podcast, sponsored by Egress, we sit down with Jack Chapman to discuss the steps and tactics that companies can take to stay one step ahead of their adversaries. During our conversation, we discuss: Weaknesses that att...
Being prepared for adversarial attacks
June 02, 2022 09:29 - 22 minutes - 40.6 MBThere is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, , Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s FortiGuard Labs to discuss the threats facing CISOs along with more. During the course of our discussion, we dive into: What an attack on all fronts looks like The curre...
The State of Secrets Sprawl
May 06, 2022 13:42 - 16 minutes - 30.8 MBCan I tell you a secret? Will you keep it between us? You’ve probably said this or heard this when it comes to friends and family. However, do you also know that secret keeping, or lack thereof is one of the biggest issues that businesses face? According to the recent The State of the Secret Sprawl from GitGuardian further defines the breadth of business secrets. “A secret can be any sensitive data that we want to keep private. When discussing secrets in the context of software develop...
The Truth Behind ‘Mythical’ MacOS Malware – Podcast
March 31, 2022 19:53 - 18 minutes - 26 MBA Blockchain Primer and a Bored Ape Headscratcher – Podcast
March 31, 2022 01:48 - 27 minutes - 37.9 MBCyberattackers Put the Pedal to the Metal – Podcast
March 28, 2022 19:48 - 18 minutes - 26.3 MBTop 3 Attack Trends in API Security – Podcast
March 23, 2022 19:48 - 21 minutes - 29.8 MBReporting Mandates to Clear Up Feds' Hazy Look into Threat Landscape – Podcast
March 16, 2022 21:08 - 24 minutes - 33.4 MBIt’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill: Visibility into adversary behavior has been muck.
Staff Think Conti Group Is a Legit Employer – Podcast
March 14, 2022 21:15 - 39 minutes - 54.8 MBThe ransomware group’s benefits – monthly bonuses, fines, employee of the month, performance reviews and top-notch training materials – might be better than your own company’s, says BreachQuest’s Marco Figueroa.
Multi-Ransomwared Victims Have It Coming
March 08, 2022 00:06 - 28 minutes - 39.6 MBThere's a yawning gap between IT decision makers' confidence about security vs. their concession that repeated incidents are their own fault, says ExtraHop's Jamie Moles.
Russia Leaks Data From a Thousand Cuts–Podcast
March 03, 2022 16:11 - 17 minutes - 24.3 MBIt’s not just Ukraine: Threat intel experts are seeing a flood of data on Russian military, nukes and crooks, even with the Conti ransomware gang having shuttered its leaking Jabber chat server.
Securing Data With a Frenzied Remote Workforce–Podcast
February 26, 2022 00:01 - 27 minutes - 37.9 MBStock your liquor cabinets and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.”
The Art of Non-boring Cybersec Training–Podcast
February 24, 2022 13:47 - 19 minutes - 27.3 MBWith human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.
Killing Cloud Risk by Bulletproofing App Security: Podcast
February 16, 2022 23:05 - 25 minutes - 34.5 MBApplications are the most preferred vectors for cybercriminals. Yet no single team or process can assure the rollout of safe cloud applications. From code design to unit testing to deployment, teams and tools have to work together to detect risks early while keeping the pipeline of digital products moving. Alex Rice, CTO at HackerOne and Johnathan Hunt, VP of Security at GitLab, help development teams evolve their processes to build security directly into their workflows for smooth and...
Former FBI Gumshoe Nabs Cybercrooks Using Proven Behavioral Clues
February 08, 2022 23:24 - 22 minutes - 17.2 MBHow to Buy Precious Patching Time as Log4j Exploits Fly
December 14, 2021 17:11 - 19 minutes - 27.4 MBThreatpost podcast: Cybereason CTO Yonatan Striem-Amit shares details about the company's vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show having been disclosed.
Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast
November 23, 2021 17:22 - 28 minutes - 39.8 MBPodcast: Could the Zoho Flaw Trigger the Next SolarWinds?
October 18, 2021 20:29 - 11 minutes - 15.2 MBPodcast: 67% of Orgs Have Been Hit by Ransomware at Least Once
October 05, 2021 19:55 - 26 minutes - 35.7 MBDDoS Attacks Are a Flourishing Business for Cybercrooks – Podcast
September 14, 2021 21:28 - 24 minutes - 33.2 MBImperva’s Peter Klimek visited Threatpost podcast to discuss the evolution of DDoS attacks: They started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,
Databases Pockmarked With an Average of 26 Vulnerabilities Globally – Podcast
September 14, 2021 13:17 - 21 minutes - 29.4 MBImperva's Elad Erez discusses findings that 46% of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws.
What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast
September 08, 2021 19:58 - 13 minutes - 17.9 MBBryce Webster-Jacobsen – director of intelligence operations at digital risk protection/ransomware negotiators GroupSense – dropped by the Threatpost podcast to tell us what percentage of Ragnar Locker’s warning that victims shouldn't call the FBI/police/negotiators is a bluff and what, if anything, security teams should take seriously.
Verizon DBIR Marries MITRE ATT&CK – Podcast
September 07, 2021 12:00 - 22 minutes - 30.5 MB‘Pay Ransom’ Screen=Too Late, Humpty Dumpty – Podcast
August 26, 2021 20:02 - 18 minutes - 26 MBPodcast: Ransomware Up x10; Telecoms Uber Walloped
August 25, 2021 00:03 - 19 minutes - 26.6 MBWhat’s Next for T-Mobile and Its Customers? – Podcast
August 19, 2021 21:52 - 16 minutes - 23 MBInteros CEO Jennifer Bisceglie drops by the Threatpost podcast to talk about avoiding the mess a T-Mobile size breach can lead to, with the damage it can do to a business's brand, reputation, customer loyalty and revenue stream.
SolarWinds 2.0 Could Set Off the Next Financial Crisis – Podcast
August 13, 2021 19:56 - 15 minutes - 21.1 MBTrillions of dollars in notional value are controlled by hedge funds and private equity firms, many of which have no cybersecurity protection to speak of. The calamitous, widespread SolarWinds attacks was a wakeup call: Another attack of that ilk could lead to the next 2008-esque financial meltdown. Agio CEO Bart McDonough says AI-enabled service platform could maybe, just maybe, help avert it.
Fuzz Off: How to Shake Up Code to Get It Right – Podcast
August 10, 2021 00:38 - 15 minutes - 21.6 MBFuzzCon panelists Damilare D. Fagbemi of Resilience Software Security and Anmol Misra of Autodesk say join the party as they share fuzzing wins & fuzzing fails when building a security testing program
We COVID-Clicked on Garbage, Report Finds: Podcast
August 04, 2021 13:34 - 16 minutes - 22.4 MBn the company’s annual Human Factor 2021 report assessing how the threat landscape morphed over the past year, Proofpoint researchers scratched their heads over the reasons for so many users succumbing to malicious email attachments. Could be that threat actors jumped on our Pavlovian work-from-home security conditioning, as suggested by Proofpoint vice president and general manager of email fraud defense Rob Holmes. Check out the Threatpost podcast for his take on how the pandemic influ...
‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics
August 02, 2021 22:38 - 11 minutes - 16.4 MBPodcast: Why Securing Microsoft Active Directory Is Such a Nightmare
July 28, 2021 01:02 - 33 minutes - 46.2 MBSpecterOps researchers Lee Christensen and Will Schroeder discuss their work, to be presented at Black Hat, on how AD “misconfiguration debt” lays out a dizzying array of attack paths such as the one in the PetitPotam exploit for which Microsoft rushed out a fix.
IoT Piranhas Are Swarming Industrial Controls
July 23, 2021 14:48 - 23 minutes - 32.2 MBThreat actors have been building enormous botnets using IoT devices to try to compromise the computing systems that control crucial infrastructure, such as pipelines (case in point: the DarkSide ransomware attack on Colonial Pipeline) and other utilities, preying on legacy systems that have decades-old vulnerabilities. In this Threatpost podcast, Armis CISO Curtis Simpson delves into how to fight back.
What’s Next for REvil’s Victims?
July 19, 2021 22:37 - 21 minutes - 29.9 MBProtecting Phones From Pegasus-Like Spyware Attacks
July 19, 2021 16:07 - 22 minutes - 30.5 MBPodcast: Is protecting your phone from spyware attacks a la NSO Group's Pegasus as simple as getting a new SIM card? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block three types of spyware attacks.
What’s Making You a Ransomware Sitting Duck
June 17, 2021 21:13 - 33 minutes - 46.1 MBSophosLabs Principal Researcher Andrew Brandt discusses what makes organizations prime targets for ransomware threat actors, what steps could help them to protect themselves, and what’s stopping them from implementing those steps.
SASE & Zero Trust: The Dream Team
June 11, 2021 20:47 - 20 minutes - 27.5 MB"Trust is a human emotion. Computers don't have emotions. They don't need that trust, inherently" – that's the heart of Zero Trust cybersecurity, and SASE is how to make it happen. Forcepoint’s Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust a reality.
Insider Risks In the Work-From-Home World
June 11, 2021 19:45 - 25 minutes - 34.6 MBForcepoint’s Michael Crouse talks about risk-adaptive data-protection approaches and how to develop a behavior-based approach to insider threats and risk: particularly important as security perimeters have expanded due to the pandemic.
The State of Ransomware with Fortiguard's Derek Manky
June 02, 2021 20:08 - 17 minutes - 24.5 MBEffective Adoption of SASE in 2021
June 02, 2021 17:06 - 21 minutes - 28.9 MBWhy and How Cybercrooks Milk Exploits in Underground Markets
June 01, 2021 16:25 - 19 minutes - 26.2 MBWhat's Behind the Cybercriminal Supply Chain
April 21, 2021 20:49 - 22 minutes - 18.2 MBDerek Manky Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs is joined by Threatpost podcast host Cody Hackett about the cybersecurity supply chain. What is it? How is it funded? And who are the victims and criminals within this multi-million dollar dark economy?
Podcast: Microsoft Exchange Server Attack Onslaught Continues
March 23, 2021 13:52 - 22 minutes - 26.5 MBWeeks after the disclosure around the ProxyLogon group of security bugs, exploitation attempts against unpatched Microsoft Exchange servers have skyrocketed. Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, said that last week researchers with FortiGuard Labs saw activity double over two days for cybercriminals targeting the vulnerabilities. The attackers are using the flaws to deploy cryptominers, ransomware (such as the recently discovered ...
Sponsored Podcast: Ransomware Attacks Exploded in Q4 2020
February 26, 2021 13:09 - 23 minutes - 26.7 MBRansomware attacks continue to be a top security issue plaguing companies, with researchers from Fortinet's Fortiguard Labs saying they saw an explosion in ransomware activity towards the end of the fourth quarter of 2020.
Chinese Hackers Stole NSA-Linked Hacking Tool: Report
February 22, 2021 19:27 - 19 minutes - 23.1 MBYaniv Balmas, the head of cyber research with Check Point Software, and Oded Vanunu, the head of products vulnerability research with Check Point Software, talk on this week's Threatpost podcast about the new discoveries around the NSA-linked exploit tools, as well as the implications of the SolarWinds supply-chain hack.
Emotet's Takedown: Have We Seen the Last of the Malware?
February 03, 2021 20:10 - 17 minutes - 20.2 MBLaw enforcement have been on a malware-takedown rampage: Last week, several agencies took down servers supporting the Emotet malware. Sherrod DiGrippo, senior director of threat research and detection with Proofpoint, said that no activity involving Emotet has been detected since the takedown effort occurred last week.
Breaking Down Joe Biden's $10B Cybersecurity 'Down Payment'
January 25, 2021 19:54 - 19 minutes - 22.1 MBJoe Biden's inauguration ceremony last week marked a new strategy for the government's cybersecurity initiatives, with the US president's COVID-19 relief plan including $10 billion in funding for various cybersecurity defense initiatives - from hiring key security personnel to support for the Cybersecurity Infrastructure Security Agency (CISA).
CISOs Prep For COVID-19 Exposure Notification in the Workplace
January 13, 2021 14:00 - 23 minutes - 27.4 MBIn this week’s Threatpost podcast, senior editor Lindsey Welch talks with Steve Moore, chief security strategist with Exabeam, about the data privacy challenges posed by impending exposure notification implementations in the workplace.
A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets
January 08, 2021 18:56 - 21 minutes - 25.2 MBThreatpost editors Tom Spring, Tara Seals and Lindsey Welch break down the top security stories to look out for in this week's first podcast of 2021 - from the SolarWinds hack to surging ransomware hospital cyberattacks.
Sponsored Podcast: Simplifying Proactive Defense With Threat Playbooks
December 21, 2020 16:54 - 24 minutes - 28 MBSecurity defense strategy can be very complex - with security teams not dealing with mere small bits of information, but instead dealing with tens of thousands of data points, from IoCs to TTPs, said Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet.
Sponsored Podcast: Cybersecurity in the 'New Normal'
December 10, 2020 14:00 - 29 minutes - 33.9 MBFrom eCommerce threats, to security concerns in connected speakers, Fortinet researchers discuss the top evolving threats of 2020, heading into the new year.