Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Explore the FTC's order mandating Marriott and Starwood to enhance data security for two decades. Discover the alarming hijacking of browser extensions and the looming threats of zero-day exploits and supply chain attacks by 2025. Delve into the transformative role of AI in cybersecurity, highlighting the urgent need for governance as AI tools proliferate in workplaces. The discussion emphasizes balancing compliance and innovation while addressing the vulnerabilities in current risk management practices.

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a year-long supply chain attack that compromised 390,000 credentials, the U.S. government’s bounty for information on North Korean IT worker farms, and the alarming number of vulnerabilities found in software containers. They also delve into the … Continue reading "Defensive Security Podcast Episode 289"

In this episode of the Defensive Security Podcast, we discuss the anticipated rise of Mac malware, the economic implications of new top-level domains (TLDs) for phishing, innovative phishing techniques using corrupt documents, and the risks associated with open-source software. We also explore the concept of risk homeostasis in cybersecurity, examining how users’ perceptions of security … Continue reading "Defensive Security Podcast Episode 288"

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various topics including their holiday plans, updates on their podcast, and significant cybersecurity incidents. They delve into a recent Wi-Fi breach involving Russian hackers, CrowdStrike’s IT outage and its implications for customer retention, and the discovery of malware exploiting vulnerable … Continue reading "Defensive Security Podcast Episode 287"

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the launch of their new podcast, Getting Defensive. They delve into a CISA report on exploited vulnerabilities, highlighting the concerning trend of zero-day vulnerabilities being exploited. The conversation also covers a GitHub incident involving malicious commits … Continue reading "Defensive Security Podcast Episode 286"

In this episode of the Defensive Security Podcast, we discuss the theft of cloud credentials, the exploitation of SharePoint vulnerabilities, evolving malware techniques, and the importance of cyber due diligence for suppliers. They reflect on the challenges of managing secrets, the implications of auto-updates, and the need for robust risk management practices in the face … Continue reading "Defensive Security Podcast Episode 285"

Delta’s Lawsuit, SEC Penalties, and Fortinet’s Zero-Day Exploit In this episode, hosts Jerry Bell and Andrew Kellett discuss current cybersecurity issues, starting with Delta Air Lines’ $500 million lawsuit against CrowdStrike over an IT outage and data breach. They explore SEC penalties imposed on tech companies for downplaying the SolarWinds hack’s impact, followed by an … Continue reading "Defensive Security Podcast Episode 284"

This discussion dives into the alarming rise of zero-day vulnerabilities being exploited within days. The hosts stress urgent patch management and critique the slow adoption of robust security tools. They examine North Korean cyber threats and unethical hiring practices, illuminating the risks of identity misrepresentation. Ransomware trends and the need for innovative authentication methods further emphasize the challenges in maintaining cybersecurity. Lighthearted banter about business ideas adds a refreshing twist to the episode.

Hosts dive into the alarming rise of phishing attacks utilizing trusted file-hosting services to compromise identities. They discuss the implications of AI on cybersecurity, revealing how tools like Grammarly might risk sensitive data. A recent cyberattack on American Water raises serious concerns about security practices in IT and operational technology. The conversation also explores Kaspersky's controversial software transition, highlighting the trust issues and geopolitical influences affecting cybersecurity decisions.

The hosts kick off with a lighthearted discussion about hurricanes and emergency preparedness. They dive into CrowdStrike's congressional testimony, revealing critical testing failures and policy implications. The ongoing GDPR violation by Meta over plain text passwords raises eyebrows, while a Linux CUPS vulnerability is explored in-depth. The conversation shifts to AI risks and the security landscape, particularly in industrial control systems. Lastly, they stress the importance of fundamental cybersecurity principles amidst rising digital threats.