Defensive Security Podcast Episode 299

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Player FM - Internet Radio Done Right

5,809 subscribers

Security

הוסף לפני eight שנים

תוכן מסופק על ידי Jerry Bell and Andrew Kalat, Jerry Bell, and Andrew Kalat. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Jerry Bell and Andrew Kalat, Jerry Bell, and Andrew Kalat או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

Biscuits & Jam

1
Encore: Jessica B. Harris Believes in a Welcome Table 42:14

לפני 21 ימים42:14

הפעל מאוחר יותר

רשימות

לייק

אהבתי

42:14

Episode Description: Jessica B. Harris may have been born and raised in New York City, but she has Tennessee roots through her father and has spent much of her life split between homes in the Northeast and the South – specifically New Orleans. For more than fifty years, she has been a college professor, a writer, and a lecturer, and her many books have earned her a reputation as an authority on food of the African Diaspora, as well as a lifetime achievement award from the James Beard Foundation. A few years back, Netflix adapted her book, High on the Hog: A Culinary Journey from Africa to America , into a 4 part docuseries. And I’m very proud to say that she’s a longtime contributor to Southern Living with a regular column called The Welcome Table. This episode was recorded in the Southern Living Birmingham studios, and Sid and Jessica talked about her mother’s signature mac and cheese, the cast-iron skillet she’d be sure to save if ever her house were on fire, and her dear friend, the late New Orleans chef Leah Chase. For more info visit: southernliving.com/biscuitsandjam Biscuits & Jam is produced by : Sid Evans - Editor-in-Chief, Southern Living Krissy Tiglias - GM, Southern Living Lottie Leymarie - Executive Producer Michael Onufrak - Audio Engineer/Producer Jeremiah McVay - Producer Learn more about your ad choices. Visit podcastchoices.com/adchoices…

לפני שנה 1:07:40

MP3•בית הפרקים

Summary

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a Disney employee’s mishap with an AI tool that led to a significant hack, vulnerabilities in VMware ESX hypervisors, and a developer’s sabotage of their ex-employer. They also explore the implications of GitHub repository exposure and the growing risks associated with third-party vendors in cybersecurity.

Link to support Andy and Jerry’s work creating the Defensive Security Podcast: https://www.patreon.com/defensivesec

Story links:

291 פרקים

#Security #Software Development #Business News #Tech News #Data Breaches #Jerry Bell and Andrew Kalat #Andrew Kalat #Jerry Bell #News #Tech

Defensive Security Podcast Episode 299

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

5,809 subscribers

published לפני שנה

שתפו

MP3•בית הפרקים

Summary

Link to support Andy and Jerry’s work creating the Defensive Security Podcast: https://www.patreon.com/defensivesec

Story links:

291 פרקים

#Security #Software Development #Business News #Tech News #Data Breaches #Jerry Bell and Andrew Kalat #Andrew Kalat #Jerry Bell #News #Tech

Minden epizód

1
Defensive Security Podcast Episode 309 1:00:41

לפני 6 ימים1:00:41

1:00:41

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec Links: https://www.theregister.com/2025/06/06/chatgpt_for_evil/ https://www.theregister.com/2025/06/06/ransomware_negotiation/ https://www.darkreading.com/cyber-risk/how-to-approach-security-era-ai-agents https://www.bleepingcomputer.com/news/security/coinbase-breach-tied-to-bribed-taskus-support-agents-in-india/ https://www.theregister.com/2025/06/04/kiranapro_cyberattack_deletes_cloud_resources/ / https://x.com/deepakravindran/status/1930776943101894869…

1
Defensive Security Podcast Episode 308 51:45

לפני 15 ימים51:45

51:45

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a range of topics including the introduction of a new cryptocurrency, Guard Llama Coin, and the implications of recent cybersecurity incidents involving ConnectWise and ransomware attacks. They explore the challenges organizations face in responding to nation-state attacks, the complexities of ransomware tactics, and the importance of employee security awareness. The conversation emphasizes the need for timely patching and proactive security measures to protect against evolving threats. Links: https://www.theregister.com/2025/05/30/connectwise_compromised_by_sophisticated_government/ https://www.darkreading.com/application-security/dragonforce-ransomware-msp-supply-chain-attack https://www.darkreading.com/threat-intelligence/3am-ransomware-adopts-email-bombing-vishing…

1
Defensive Security Podcast Episode 307 1:06:20

לפני 21 ימים1:06:20

1:06:20

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a significant data breach at Coinbase, the challenges of cryptocurrency security, the importance of patch management, and the evolving landscape of cyber threats. They also discuss insider threats, the failures of rigid security programs, and the overlooked cybersecurity risks in mergers and acquisitions. The episode concludes with a discussion on emerging threats, particularly the potential for ransomware to infect CPUs. Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec Links: https://go.theregister.com/feed/www.theregister.com/2025/05/21/coinbase_confirms_insider_breach_affects/ https://www.theregister.com/2025/05/14/improve_patching_strategies/ https://www.bleepingcomputer.com/news/security/ransomware-gangs-increasingly-use-skitnet-post-exploitation-malware/ https://www.darkreading.com/vulnerabilities-threats/rigid-security-programs-fail https://www.darkreading.com/cyber-risk/hidden-cybersecurity-risks-mergers-acquisitions https://www.theregister.com/2025/05/11/cpu_ransomware_rapid7/…

1
Defensive Security Podcast Episode 306 52:40

לפני 5 weeks52:40

52:40

In this episode, Jerry and Andrew discuss the importance of data security, phishing attacks targeting hiring managers, the implications of paying ransoms, and the recent Disney data breach incident. They emphasize the need for better training for employees and the challenges of managing software supply chains. The conversation highlights the evolving landscape of cyber threats and the necessity for organizations to adopt more robust security practices. Links: https://www.darkreading.com/cyber-risk/venom-spider-phishing-scheme https://go.theregister.com/feed/www.theregister.com/2025/05/08/powerschool_data_extortionist/ https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-npm-package-with-45-000-weekly-downloads/ https://www.theregister.com/2025/05/02/disney_slack_hacker_revealed_to/ Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec…

1
Defensive Security Podcast Episode 305 1:25:09

לפני 6 weeks1:25:09

1:25:09

In this episode, we discuss the Google Mandiant 2025 M-Trends report. The report is available here: https://services.google.com/fh/files/misc/m-trends-2025-en.pdf Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

1
Defensive Security Podcast Episode 304 1:02:48

לפני 7 weeks1:02:48

1:02:48

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss the latest trends in cybersecurity, focusing on the rise of BEC scams and the significant losses attributed to cybercrime in 2024. They explore emerging threats, including social engineering tactics and hardware vulnerabilities, particularly in management interfaces. The conversation also delves into the complexities of vulnerability management, the risks associated with supply chain attacks in open source software, and the alarming rate at which CVEs are being exploited. The hosts emphasize the need for organizations to be proactive in their security measures and to understand the evolving landscape of cyber threats. Links: https://www.cybersecuritydive.com/news/fbi-internet-crime-bec-scams-investment-fraud-losses/746181/ https://www.bleepingcomputer.com/news/security/asus-releases-fix-for-ami-bug-that-lets-hackers-brick-servers/ https://www.theregister.com/2025/04/21/microsoft_apple_patch/ https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html https://thehackernews.com/2025/04/159-cves-exploited-in-q1-2025-283.html Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec…

1
Defensive Security Podcast Episode 303 1:01:33

לפני 9 weeks1:01:33

1:01:33

Summary In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the rise of ransomware, the importance of backup strategies, and the implications of AI in phishing attacks. They discuss into the challenges of managing non-human identities and the need for effective communication of security metrics. The conversation also touches on the recent Oracle breach and the evolving landscape of cybersecurity threats. Links: https://www.cybersecuritydive.com/news/remote-access-tools-ransomware-entry/745144/ https://www.darkreading.com/cyberattacks-data-breaches/oracle-breach-2-obsolete-servers https://thehackernews.com/2025/04/explosive-growth-of-non-human.html?m=1 https://thehackernews.com/2025/04/security-theater-vanity-metrics-keep.html?m=1 https://www.securityweek.com/ai-now-outsmarts-humans-in-spear-phishing-analysis-shows/ Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec…

1
Defensive Security Podcast Episode 302 1:12:02

לפני 10 weeks1:12:02

1:12:02

In this episode, Jerry and Andrew discuss various cybersecurity topics, including the recent Oracle Cloud security breach, a GitHub supply chain attack, insider threats, and the implications of AI in cybersecurity. They explore the challenges of maintaining trust in cloud services, the complexities of insider threats, and the evolving landscape of cybercrime driven by AI advancements. The conversation emphasizes the need for robust security measures and the importance of adapting to emerging threats in the cybersecurity realm. Links: https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/ https://www.bleepingcomputer.com/news/security/recent-github-supply-chain-attack-traced-to-leaked-spotbugs-token/ ttps://www.securityweek.com/39-million-secrets-leaked-on-github-in-2024/ https://www.theregister.com/2025/04/02/deel_rippling_espionage/ https://www.securityweek.com/ai-giving-rise-of-the-zero-knowledge-threat-actor/ Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec…

1
Defensive Security Podcast Episode 301 1:09:18

לפני 11 weeks1:09:18

1:09:18

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a range of cybersecurity topics, including the recent Oracle Cloud breach, the challenges of asset management in large environments, and the importance of prioritizing vulnerabilities. They also explore the findings from a pen test report, the implications of emerging threats like Medusa ransomware, and the need for better security practices in organizations. Links: https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/ https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html?m=1 https://www.horizon3.ai/attack-research/attack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/ https://www.forbes.com/sites/daveywinder/2025/03/30/fbi-warns-use-2fa-as-time-traveling-hackers-strike/ https://www.reversinglabs.com/blog/epss-is-not-foolproof-shift-your-appsec-beyond-vulnerabilities Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec…

1
Defensive Security Podcast Episode 300 1:02:00

לפני 13 weeks1:02:00

1:02:00

Summary In this episode, we celebrate the 300th episode of the Defensive Security Podcast then discuss various cybersecurity topics including the rise of AI-driven threats, the importance of zero trust architecture, best practices for incident response, the impact of human error on security breaches, and the risks associated with collaboration tools. We also cover the dangers of malvertising campaigns exploiting platforms like GitHub. Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec Links: https://venturebeat.com/security/51-seconds-to-breach-how-cisos-are-fighting-back-against-lightning-fast-attacks/ https://www.theregister.com/2025/03/10/incident_response_advice/ https://www.scworld.com/news/95-of-data-breaches-involve-human-error-report-reveals https://www.darkreading.com/cyber-risk/remote-access-infra-remains-riskiest-corp-attack-surface https://www.bleepingcomputer.com/news/security/microsoft-says-malvertising-campaign-impacted-1-million-pcs/…

1
Defensive Security Podcast Episode 299 1:07:40

לפני 14 weeks1:07:40

1:07:40

Summary In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a Disney employee’s mishap with an AI tool that led to a significant hack, vulnerabilities in VMware ESX hypervisors, and a developer’s sabotage of their ex-employer. They also explore the implications of GitHub repository exposure and the growing risks associated with third-party vendors in cybersecurity. Link to support Andy and Jerry’s work creating the Defensive Security Podcast: https://www.patreon.com/defensivesec Story links: https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931 https://doublepulsar.com/use-one-virtual-machine-to-own-them-all-active-exploitation-of-esxicape-0091ccc5bdfc https://www.theregister.com/2025/03/08/developer_server_kill_switch/ https://arstechnica.com/information-technology/2025/02/copilot-exposes-private-github-pages-some-removed-by-microsoft/ https://www.darkreading.com/cyber-risk/third-party-risk-top-cybersecurity-claims…

1
Defensive Security Podcast Episode 298 1:17:06

לפני 16 weeks1:17:06

1:17:06

In this episode of the Defense of Security podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a recent incident involving notorious hackers breaching a company network in under an hour, strategies to defend against deepfake attacks, the targeting of freelance developers by North Korean adversaries, vulnerabilities in Palo Alto firewalls, and the emergence of ghost ransomware. The conversation emphasizes the importance of proactive security measures and the evolving landscape of cyber threats. Want to support the Defensive Security Podcast? You can donate here: https://www.patreon.com/defensivesec Takeaways: The speed of cyber attacks is increasing, with breaches occurring in under an hour. Organizations must implement robust processes to defend against deepfake attacks. Freelance developers are at risk of being targeted by sophisticated cybercriminals. Palo Alto firewalls are vulnerable to attacks if management interfaces are exposed to the internet. Ghost ransomware is a growing threat, often using familiar tactics to exploit vulnerabilities. Links: https://arstechnica.com/security/2025/02/notorious-crooks-broke-into-a-company-network-in-48-minutes-heres-how/ https://www.darkreading.com/vulnerabilities-threats/4-low-cost-ways-defend-organization-against-deepfakes https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/ https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/ https://hackread.com/fbi-cisa-ghost-ransomware-threat-to-firms-worldwide/…

1
Defensive Security Podcast Episode 297 1:04:21

לפני 17 weeks1:04:21

1:04:21

Become a Patreon supporter of the show here: https://www.patreon.com/defensivesec Links: https://www.cybersecuritydive.com/news/ransomware-gangs–tactics-/739937/ https://www.bleepingcomputer.com/news/security/over-12-000-keriocontrol-firewalls-exposed-to-exploited-rce-flaw/ https://arstechnica.com/information-technology/2025/02/russian-spies-use-device-code-phishing-to-hijack-microsoft-accounts/ https://www.darkreading.com/cyber-risk/open-source-ai-models-pose-risks-of-malicious-code-vulnerabilities https://www.csoonline.com/article/3823429/24-of-vulnerabilities-are-abused-before-a-patch-is-available.html…

1
Defensive Security Podcast Episode 296 1:10:28

לפני 18 weeks1:10:28

1:10:28

In this episode of the Defense of Security Podcast, Jerry Bell and Andrew Kalat discuss the evolving landscape of cybersecurity threats, focusing on ransomware tactics that exploit insider threats, the hijacking of LLM resources, and the effectiveness of phishing simulations. They explore how adversaries are increasingly targeting employees to gain access to sensitive data and how organizations can better protect themselves against these threats. The conversation also covers the ethical implications of phishing tests and the need for a more supportive approach to security awareness training. In this episode, Jerry and Andrew discuss the challenges faced by cybersecurity teams, the dynamics between security and other business units, and the importance of learning from incidents to improve security practices. They explore the balance between enabling business operations and maintaining security, the implications of generative AI in the workplace, and the need for effective governance around AI usage. The conversation emphasizes the proactive role security professionals must take in navigating these complexities while ensuring organizational safety. Takeaways Ransomware attackers are increasingly using insider threats to gain access. Greed can turn employees into insider threats, especially in tough economic times. LLM hijacking is a new tactic that exploits compromised API keys. Phishing simulations may create a rift between users and IT security teams. Punitive measures for phishing failures can lead to underreporting of actual attacks. Security awareness training should focus on protecting users, not punishing them. Adversaries are finding valid API keys to exploit cloud resources. The effectiveness of phishing simulations is being questioned by experts. Organizations need to do a better job at protecting their secrets and credentials. The cybersecurity landscape is rapidly evolving, requiring constant adaptation. Cybersecurity teams often feel like janitors cleaning up after others. Organizational dynamics can create resentment in security teams. Learning from incidents is crucial for improving security practices. Balancing security needs with business operations is essential. Generative AI presents both risks and opportunities for organizations. Effective governance is needed for AI usage in business. Security professionals must help businesses understand risk management. Building relationships across departments can improve security outcomes. AI tools should be used with proper agreements to protect data. The landscape of AI in business is rapidly evolving and requires adaptation. Links https://www.scworld.com/news/ransomware-attackers-turn-to-workers-for-data-breach-access https://www.darkreading.com/application-security/llm-hijackers-deepseek-api-keys https://www.wsj.com/tech/cybersecurity/phishing-tests-the-bane-of-work-life-are-getting-meaner-76f30173 https://www.securityweek.com/security-teams-pay-the-price-the-unfair-reality-of-cyber-incidents/ https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts…

1
Defensive Security Podcast Episode 295 1:15:57

לפני 19 weeks1:15:57

1:15:57

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the alarming statistics surrounding ransomware attacks, the implications of paying ransoms, and the evolving nature of ransomware as a broader category of cyber threats. They also discuss the consolidation of security tools and the skepticism surrounding it, particularly in light of a recent report by Palo Alto and IBM. The conversation shifts to the risks associated with AI, highlighted by the DeepSeek incident, and concludes with a discussion on the importance of securing management interfaces and the ongoing challenges in the cybersecurity landscape. Links: https://www.infosecurity-magazine.com/news/ransomware-victims-shut-operations/ https://www.cybersecuritydive.com/news/consolidation-security-tools/738912/ https://9to5mac.com/2025/01/31/security-bite-top-macos-threat-found-riding-the-deepseek-wave/ https://www.securityweek.com/sonicwall-confirms-exploitation-of-new-sma-zero-day/ https://www.theregister.com/2025/01/30/deepseek_database_left_open/ Takeaways 58% of ransomware victims had to shut down operations temporarily. Only 13% of victims who paid ransom got all their data back. The ransomware ecosystem relies on the belief that victims will recover their data. Organizations average 83 different security tools, leading to inefficiencies. Speed in deploying AI can compromise security practices. DeepSeek incident highlights risks of using unverified AI models. SonicWall’s zero-day vulnerability emphasizes the need for secure management practices. Security tool consolidation may not always lead to better outcomes. Phishing and RDP compromises are common entry points for ransomware. The evolving nature of ransomware requires a broader understanding of cyber threats.…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.

תקשיבו ל-500+ נושאים

5,809 subscribers

דומה לDefensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Bounty Paper Towels Quick Size, White, 16 Family Rolls = 40 Regular Rolls (Packaging May Vary)

2024 Topps Baseball Complete Set Factory Sealed Box Set - Baseball Complete Sets

2025 - American Silver Eagle .999 Fine Silver with our Smyrnacoin Certificate of Authenticity Dollar Uncirculated US Mint

פודקאסטים ששווה להאזין

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec « » Defensive Security Podcast Episode 299

Defensive Security Podcast Episode 299

פודקאסטים ששווה להאזין

ברוכים הבאים אל Player FM!

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

Amazon eGift Card - Amazon Logo (Animated)

Amazon Fire TV Stick HD (newest model), free and live TV, Alexa Voice Remote, smart home controls, HD streaming

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

דומה לDefensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

מדריך עזר מהיר

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec « »
Defensive Security Podcast Episode 299