UNSECURITY: Information Security Podcast

In this week's episode, Brad and Evan discuss the first ever death via ransomware lawsuit, as well as the future of info security and the importance of it as more and more technology is relied upon to keep us alive. They also touch on some industry news and more including GCAT- Google's Security Advisory Service. First death via ransomware lawsuithttps://www.healthcareitnews.com/news/hospital-ransomware-attack-led-infants-death-lawsuit-allegesGCAThttps://cloud.google.com/security/gcatGive episode 152 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com Don't forget to like and subscribe!

In this week's episode, Brad and Evan discuss incident response retainers, the market, sizes, and categories of IR providers, and the difference between IR retainers and managed IR.They also touch on Project Hyphae, a new goodwill threat hunting initiative powered by FRSecure, and FRSecure's annual Hacks and Hops event which took place last Thursday, October 14th.Project Hyphaehttps://projecthyphae.com/Hacks and Hopshttps://hacksandhops.com/Give episode 151 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com Don't forget to like and subscribe!

In this week's episode, Brad and Evan talk Zero Trust (ZTA). They go into detail about what it is, how to do it, and how not to fall victim to the marketing BS that some people are selling.Also discussed, is Zero Trust not being a new concept, but a more complex version of the same things we've been preaching since the beginning, and how complexity is the enemy of security.Give episode 150 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com Don't forget to like and subscribe!

On this week's episode, Evan and Brad dive into cybersecurity awareness month, the free S2me security rating app, and discuss the already infamous Facebook outage.Give episode 149 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com Don't forget to like and subscribe!S2mehttps://s2me.io/

In this episode, Brad and Evan discuss state government security issues and working with the Carolina Cyber Center, to provide higher education students with hands-on practical experience using SecurityStudio to deliver information security risk assessments to SMBs.Also included in episode 148 is a conversation about PDEIS at the Cybersecurity Summit and updates about the future of the Unsecurity Podcast!As always, they review some industry news, including a bug in Microsoft Exchange leaking 372,000 domain credentials, 100M IoT devices that were exposed by a zero-day bug, and a hacking group that used ProxyLogon exploits to breach hotels worldwide. Give episode 148 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com Don't forget to like and subscribe!A bug in Microsoft Exchange Autodiscover feature leaks +372K of domain credentialshttps://securityaffairs.co/wordpress/122510/hacking/microsoft-exchange-autodiscover-feature-bug.html100M IoT Devices Exposed By Zero-Day Bug https://threatpost.com/100m-iot-devices-zero-day-bug/174963/Hacking group used ProxyLogon exploits to breach hotels worldwidehttps://www.bleepingcomputer.com/news/security/hacking-group-used-proxylogon-exploits-to-breach-hotels-worldwide/

In episode 147, Brad and Evan discuss the general busyness in their lives lately, as well as accountability and negligence in the security world.As always, they review some news articles including recent patches from major companies like Microsoft, Apple, and Google, 3 former U.S. intelligence officers who admitted to hacking for a U.A.E. company, and the low levels of ransomware preparedness despite concerns at the executive level. Give episode 147 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com Don't forget to like and subscribe!Google patches Chrome zero-day exploited in the wildhttps://www.securitymagazine.com/articles/96096-google-patches-chrome-zero-day-exploited-in-the-wild3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company https://thehackernews.com/2021/09/3-former-us-intelligence-officers-admitRansomware preparedness is low despite executives’ concernshttps://www.helpnetsecurity.com/2021/09/15/ransomware-preparedness/

In this episode, Evan and Brad discuss the Women's Society of Cyberjutsu (WSC) class on using your home network to learn attacks and defenses, plus a recap on the Wisconsin FBI Infragard SuperCon.In the news this week, the FBI says surge in sextortion attacks cost targeted users $8M this year.Give episode 146 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com Don't forget to like and subscribe!Surge in Sextortion Attacks Cost Targeted Users $8M This Yearhttps://www.ehackingnews.com/2021/09/surge-in-sextortion-attacks-cost.html

In this episode, Evan and Brad conduct a mental health check-in and have a candid discussion about their own struggles. They also discuss the first foundational steps in building a security program including less "what to do", and more "how to do".In the news this week, a cryptocurrency hacker returns $260 million in stolen funds, and the State Department is hit by a cyberattack amid Afghan evacuation.Give episode 145 a listen and send any questions, comments, or feedback to unsecurity@protonmail.com Cryptocurrency hacker returns fundshttps://www.bbc.com/news/business-58180692State Department cyberattackhttps://nypost.com/2021/08/21/state-department-hit-by-cyber-attack-amid-afghan-evacuation-report/

In this episode, Evan and Brad focus on the concept of PDEIS (Programmatic Distributed Empowerment of Information Security) and its ability to involve and empower others within the organization; not just CISOs, to make their own risk decisions. They also debate the trend of information security leaders facing legal repercussions in the wake of the recent SolarWinds incident. As always, they close with some industry updates such as the T-Mobile breach, and more. Give episode 144 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com Please like and subscribe!SolarWinds Breachhttps://www.secureworld.io/industry-news/ciso-lawsuit-solarwindsT-Mobile Investigating Claims of Massive Data Breachhttps://krebsonsecurity.com/2021/08/t-mobile-investigating-claims-of-massive-data-breach/T-Mobile confirms it was hacked againhttps://siliconangle.com/2021/08/16/t-mobile-confirms-hacked/US Govt’s secret terrorist watchlist with 2M records exposed onlinehttps://www.hackread.com/us-secret-terrorist-watchlist-exposed-online

The boys are back with Team Ambush recapping their DEF CON 29 experience. This sparked a conversation about everyone's highs and lows at the event. Team Ambush brings insight about the hacking challenges and competitions they won, were involved in, and why it's important. Evan & Brad continued to discuss how Team Ambush finished in 1st place in the biomedical hacking and dive deep into the medical devices that are the easiest to hack into. They also touched on this year's annual Hacks & Hops event on October 14th, at the Nissan Stadium in Nashville, Tennessee. https://hacksandhops.com/ Give episode 143 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com Please like and subscribe!