Detroit Metro Airport Foggy Morning Operations Time Lapse Andrew Kalat 2015-09-02 | A 1.5 hour time lapse of DTW ramp operations captured from the Westin Hotel on a foggy and misty morning. Captured from 6:30am to 8am on Saturday, August 29th, 2015.
Defensive Security Podcast Episode 282 (Video Edition) Andrew Kalat 2024-10-13 | Episode 282: Exploiting Trust in Cybersecurity Practices In episode 282 of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss several cybersecurity topics. They highlight a phishing attack outlined by Microsoft, where cybercriminals leverage file-hosting services like OneDrive and Dropbox to exploit trust and compromise identities. The episode also explores concerns about AI systems, like Grammarly sharing company confidential info, and emphasizes the growing need for well-defined governance policies. They touch on a cyberattack affecting American Water’s billing systems and the potential implications for OT systems. The final discussion surrounds Kaspersky’s decision to replace its software on US systems with Ultra AV, raising alarms over cyber responsibilities and government influence over IT.Links: • microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing • tenable.com/blog/cybersecurity-snapshot-employees-are-oversharing-work-info-with-ai-tools-cybersecurity • go.theregister.com/feed/www.theregister.com/2024/10/07/american_water_cyberattack • theregister.com/2024/09/24/ultraav_kaspersky_antivirus
Defensive Security Podcast Episode 282 Andrew Kalat 2024-10-12 | Episode 282: Exploiting Trust in Cybersecurity Practices In episode 282 of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss several cybersecurity topics. They highlight a phishing attack outlined by Microsoft, where cybercriminals leverage file-hosting services like OneDrive and Dropbox to exploit trust and compromise identities. The episode also explores concerns about AI systems, like Grammarly sharing company confidential info, and emphasizes the growing need for well-defined governance policies. They touch on a cyberattack affecting American Water’s billing systems and the potential implications for OT systems. The final discussion surrounds Kaspersky’s decision to replace its software on US systems with Ultra AV, raising alarms over cyber responsibilities and government influence over IT.Links: • microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing • tenable.com/blog/cybersecurity-snapshot-employees-are-oversharing-work-info-with-ai-tools-cybersecurity • go.theregister.com/feed/www.theregister.com/2024/10/07/american_water_cyberattack • theregister.com/2024/09/24/ultraav_kaspersky_antivirus
Defensive Security Podcast Episode 281 Video Edition Andrew Kalat 2024-09-30 | In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity events and issues. The episode opens with discussion on the recent weather impacts affecting Asheville and lessons for disaster preparedness in the security industry. A significant portion of the episode is dedicated to CrowdStrike’s recent Capitol Hill testimony, examining the fallout from their admitted testing failures and the implications of needed kernel access for security software. The hosts also explore an ongoing GDPR violation by Meta related to storing user passwords in plain text, and a hyped but less-critical-than-expected Linux vulnerability in the CUPS printing system. Finally, they delve into potential risks associated with AI systems like ChatGPT and the increasing need for security in OT and ICS environments. The episode concludes with a reminder about the essential nature of cybersecurity fundamentals.Links: • cybersecuritydive.com/news/crowdstrike-mea-culpa-testimony-takeaways/727986 • bleepingcomputer.com/news/legal/ireland-fines-meta-91-million-for-storing-passwords-in-plaintext • thehackernews.com/2024/09/critical-linux-cups-printing-system.html?m=1 • arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel • industrialcyber.co/cisa/cisa-alerts-ot-ics-operators-of-ongoing-cyber-threats-especially-across-water-and-wastewater-systems
Defensive Security Podcast Episode 281 Andrew Kalat 2024-09-30 | In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity events and issues. The episode opens with discussion on the recent weather impacts affecting Asheville and lessons for disaster preparedness in the security industry. A significant portion of the episode is dedicated to CrowdStrike’s recent Capitol Hill testimony, examining the fallout from their admitted testing failures and the implications of needed kernel access for security software. The hosts also explore an ongoing GDPR violation by Meta related to storing user passwords in plain text, and a hyped but less-critical-than-expected Linux vulnerability in the CUPS printing system. Finally, they delve into potential risks associated with AI systems like ChatGPT and the increasing need for security in OT and ICS environments. The episode concludes with a reminder about the essential nature of cybersecurity fundamentals.Links: • cybersecuritydive.com/news/crowdstrike-mea-culpa-testimony-takeaways/727986 • bleepingcomputer.com/news/legal/ireland-fines-meta-91-million-for-storing-passwords-in-plaintext • thehackernews.com/2024/09/critical-linux-cups-printing-system.html?m=1 • arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel • industrialcyber.co/cisa/cisa-alerts-ot-ics-operators-of-ongoing-cyber-threats-especially-across-water-and-wastewater-systems
Defensive Security Podcast Episode 280 (Video Edition!) Andrew Kalat 2024-09-25 | In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects rather than vulnerabilities, and the need for derogatory names for threat actors to deter cybercrime. The episode also covers Disney’s decision to ditch Slack following a data breach, and the impact of valid account misuse in critical infrastructure attacks. Additionally, they explore new tough cyber regulations in the EU under NIS2, and a Google security flaw from a Black Hat presentation concerning dependency confusion in Apache Airflow. The hosts share their thoughts on industry responses, regulations, and how enterprises can improve their security posture.00:00 Introduction and Podcast Setup00:59 First Story: CISA Boss on Insecure Software03:26 Debate on Software Security Responsibility11:12 Open Source Software Challenges15:20 Cloud Imposter Vulnerability22:22 Disney’s Data Breach and Slack27:37 Slack Data Breach Concerns29:26 Critical Infrastructure Vulnerabilities35:21 EU’s New Cyber Regulations43:42 Global Regulatory Challenges48:42 Conclusion and Sign-OffLinks: • https://www.theregister.com/2024/09/2... • https://www.tenable.com/blog/cloudimp... • https://www.cnbc.com/2024/09/19/disne... • https://www.cybersecuritydive.com/new... • https://www.cnbc.com/amp/2024/09/20/e...
Defensive Security Podcast Episode 280 Andrew Kalat 2024-09-23 | In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects rather than vulnerabilities, and the need for derogatory names for threat actors to deter cybercrime. The episode also covers Disney’s decision to ditch Slack following a data breach, and the impact of valid account misuse in critical infrastructure attacks. Additionally, they explore new tough cyber regulations in the EU under NIS2, and a Google security flaw from a Black Hat presentation concerning dependency confusion in Apache Airflow. The hosts share their thoughts on industry responses, regulations, and how enterprises can improve their security posture.00:00 Introduction and Podcast Setup00:59 First Story: CISA Boss on Insecure Software03:26 Debate on Software Security Responsibility11:12 Open Source Software Challenges15:20 Cloud Imposter Vulnerability22:22 Disney’s Data Breach and Slack27:37 Slack Data Breach Concerns29:26 Critical Infrastructure Vulnerabilities35:21 EU’s New Cyber Regulations43:42 Global Regulatory Challenges48:42 Conclusion and Sign-OffLinks: • theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains • tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package • cnbc.com/2024/09/19/disney-to-ditch-slack-after-july-data-breach-.html • cybersecuritydive.com/news/cisa-critical-infrastructure-attacks/727225 • cnbc.com/amp/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html
Defensive Security Podcast Episode 279 Andrew Kalat 2024-09-18 | In Episode 279 of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss the latest cybersecurity news and issues. Stories include Transportation for London requiring in-person password resets after a security incident, Google’s new ‘air-gapped’ backup service, the impact of a rogue ‘Whois’ server, and the ongoing ramifications of the Moveit breach. The episode also explores workforce challenges in cybersecurity, such as the gap between the number of professionals and the actual needs of organizations, and discusses the trend of just-in-time talent versus long-term training and development. Links: • bleepingcomputer.com/news/security/tfl-requires-in-person-password-resets-for-30-000-employees-after-hack • securityweek.com/google-introduces-air-gapped-backup-vault-to-thwart-ransomware • arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have • cybersecuritydive.com/news/global-cyber-workforce-flatlines-isc2/726667 • cybersecuritydive.com/news/moveit-wisconsin-medicare/726441 Transcript:Jerry: [00:00:00] Here we go. Today is Sunday, September 15th, 2024. And this is episode 279 of the defensive security podcast. My name is Jerry Bell and joining me today as always is Mr. Andrew Kalat.Andrew: Good evening, Jerry. Happy Sunday to you.Jerry: Happy Sunday, just a reminder that the thoughts and opinions we express on the show are ours do not represent those of our employers or.Andrew: present, or future.Jerry: for those of us who have employers, that is not that I’m bitter or anything. It’s,Andrew: It’s, I envy your lack of a job. I don’t envy your lack of a paycheck. So that is the conflict.Jerry: It’s very interesting times right now for me.Andrew: Indeed.Jerry: All right. So our first story today comes from bleeping computer. And the title here is TFL, which is transportation for London requires in person, password [00:01:00] resets for 30, 000 employees. So those of you who may not be aware transportation for London had suffered what I guess would has been described as a nebulous security incident.They haven’t really pushed out a lot of information about what happened. They have said that it does not affect customers. But it apparently does impact some back office systems that did take off certain parts of their services offline, like I think. They couldn’t issue refunds. And there were a few other transportation related things that were broken as a result.But I think in the aftermath of trying to make sure that they’ve evicted the bad guy who, by the way, apparently has been arrested.Andrew: That’s rare. Somebody actually got arrested.Jerry: yeah. And not only that, but apparently it was somebody local.Andrew: Oops.Jerry: In in the country which may or may not be associated with an unknown named [00:02:00] threat actor, by the way, that was involved in some other ransomware attacks.Andrew: Kids don’t hack in your own backyard.Jerry: That’s right. Make sure you don’t have extradition treaties with where you’re attacking. So what I thought was most interesting was the, their, the approach here to getting back up and going they, they had disabled. So TFL had disabled the access for all of their employees and the requiring their employees to show up at a designated site to prove their identity in order to regain access.This isn’t the first. Organization that’s done this, but it is something that I suspect a lot of organizations don’t think about the logistics of, in the aftermath of a big hack. And if you’re a large company spread out all over the place, the logistics of that could be pretty daunting.Andrew: Yeah. It’s wild to me that they want in person. [00:03:00] Verification of 30, 000 employees. But given the nature of their company and business, I’m guessing they’re all very centrally located. Used to going to physical offices, but man, can you imagine if you were a remote employee and you don’t have any office anywhere near you, how would you handle that? I’m not, I’m probably not going to get on a plane to go get my password re enabled.Jerry: Exactly.Andrew: You know what it did, remind me of though is, remember back PGP and PGP key signing?Jerry: Oh, the key parties. Yes.Andrew: Yes. Where, You basically, it’s a web of trust and people you trust could verify and sign another key. Like at a key signing party, because we were fun back then, that’s what nerds used to do. And then that’s how you had the circle trust. So maybe they could do something similar where verified employee could verify another employee, then you’ve got the whole insider threat issue, et cetera. Yeah. Itjust reminded me of,Jerry: No, nobody trusts Bob’s.Andrew: [00:04:00] It’s true. Your friend, Bob, how many t...
Defensive Security Podcast Episode 278 Andrew Kalat 2024-09-09 | In episode 278 of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss various recent cybersecurity topics. The episode starts with light-hearted banter about vacations before diving into the main topics. Key discussions include a new vulnerability in YubiKey that requires sophisticated physical attacks, resulting in a low overall risk but sparking debate about hardware firmware updates for security keys. Another key topic is Verkada being fined for CAN-SPAM Act violations and lack of proper security measures, including exposing 150,000 live camera feeds. The hosts also explore reports showing diverging trends in security budgets and spending, with some organizations reducing budgets while overall industry spending increases. They highlight the need for effective use of security products and potential over-reliance on third-party services. The episode also delves into the growing threat of deepfake scams targeting businesses, emphasizing the need for robust authentication policies and awareness training to mitigate risks. Finally, the hosts reflect on the broader challenges of balancing security needs with budget constraints in an evolving threat landscape.Links:bleepingcomputer.com/news/security/new-eucleak-attack-lets-threat-actors-clone-yubikey-fido-keysbleepingcomputer.com/news/security/verkada-to-pay-295-million-for-alleged-can-spam-act-violationscybersecuritydive.com/news/iran-cyberattacks-us-critical-infrastructure/725877theregister.com/2024/09/05/security_spending_boom_slowing vs cybersecuritydive.com/news/infosec-spending-surge-gartner/726081 cybersecuritydive.com/news/deepfake-scam-businesses-finance-threat/726043TranscriptJerry: All right, here we go. Today is Saturday, September 7th, 2024. And this is episode 278 of the defensive security podcast. And my name is Jerry Bell. And joining me today as always is Mr. Andrew Kalat.Andrew: Good evening. Jerry, how are you? Kind sir.Jerry: Doing fantastic. How are you?Andrew: I’m great. Just got back from a little vacation, which was lovely. Saw a lot of Canada, saw some whales, saw some trains. It wasJerry: Did you see any moose?Andrew: Oddly we did not see a single moose, which was a bummer. We crossed from Toronto to Vancouver on a train and didn’t see a single moose.I saw a metric crap ton of ducks though. I couldn’t believe literally in the thousands. I don’t know why.Jerry: The geese are ducks. CauseAndrew: We saw aJerry: geese are pretty scary.Andrew: We were sealed away from them, so we were protected.Jerry: I don’t know.Andrew: hard toJerry: I don’t know. I w I wouldn’t I wouldn’t bet my life on that.Andrew: But yeah, we saw a decent chunk of gooses, but mostly ducks.Jerry: Good deal.Andrew: Indeed. I’m good. Now, catching back up on work.Jerry: And you’re back.Andrew: And you are apparently the Southern Command Center.Jerry: I am for another another day or two.Andrew: Nice. Never sucks to be at the beach.Jerry: It definitely does not. No, no bad days at the beach.Andrew: Nice.Jerry: All right. A reminder before we get started that the thoughts and opinions we express in the show are ours and do not represent those of our employers.Andrew: Past, present, or future.Jerry: That’s right. So our first topic or first story from today comes from bleeping computer. And this one was a bit of a, Oh, what’s the best, a bit controversial, best way to say it, controversial on on the social media sites over the past week. And the title is new leak. I’m not even going to try to pronounce that attack.Let’s threat actors, clone, Yubikey, Fido keys.Andrew: Shut down the internet. ShutJerry: Shut it down, just throw away your Yubikeys, it’s over.Andrew: And apparently it can happen from 12 miles away with trivial equipment, right?Jerry: No, actually, they the bad actor here actually has to steal it and it takes some pretty sophisticated knowledge and equipment. But apparently the equipment they allege are about, costs about 11, 000. However, the the YubiKey actually has to be disassembled, like they actually have to take the protective cover, protective covering off, and they have to instrument it and, and then they’re able to leverage a vulnerability in an Infineon chip that’s contained in these YubiKeys to extract the private key. And so it’s not a, it’s not a trivial attack. You have to lose physical possession of the token for some period of time. But if you were, The victim of this, it is possible for someone, some adversary, who was willing to put in the time and effort could clone your key unbeknownst to you, and then find a way to reconstitute Packaging and slide it back into your drawer, and you would be none the wiser.Andrew: All seriousness, I think this has a very low likelihood of impacting the average listener t...
Defensive Security Podcast Episode 277 Andrew Kalat 2024-08-26 | In this episode, Jerry Bell and Andrew Kalat discuss various topics in the cybersecurity landscape, including the influence of cyber insurance on risk reduction for companies and how insurers offer guidance to lower risks. They touch upon the potential challenges with cybersecurity maturity in organizations and the consultant effect. The episode also goes into detail about issues surrounding kernel-level access of security tools, implications of a CrowdStrike outage, and upcoming changes by Microsoft to address these issues. They recount a case about a North Korean operation involving a laptop farm to gain employment in U.S. companies, posing major security concerns. The discussion highlights the pitfalls of relying on end-of-life software, especially in M&A scenarios, and how this could be a significant vulnerability. Lastly, they explore the massive data breaches from Snowflake and the shared security responsibilities between service providers and customers, emphasizing the importance of multi-factor authentication and proper security management.Links:cybersecuritydive.com/news/insurance-cyber-risk-reduction/724852arstechnica.com/information-technology/2024/08/crowdstrike-unhappy-with-shady-commentary-from-competitors-after-outagecnbc.com/2024/08/23/microsoft-plans-september-cybersecurity-event-after-crowdstrike-outage.htmlarstechnica.com/security/2024/08/nashville-man-arrested-for-running-laptop-farm-to-get-jobs-for-north-koreansdarkreading.com/vulnerabilities-threats/why-end-of-life-for-applications-is-beginning-of-life-for-hackerscybersecuritydive.com/news/snowflake-security-responsibility-customers/724994 Transcript:Jerry: Here we go. Today is Saturday, August 24th, and this is episode 277 of the defensive security podcast. My name is Jerry Bell and joining me today as always is Mr. Andrew Kalat.Andrew: Good evening, my good sir Jerry. How are you?Jerry: I am awesome. How are you?Andrew: I’m good. I’m good. I’m getting ready for a little bit of a vacation coming up next week So a little bit of senioritis. If I’m starting to check out on the show, you’ll know whyJerry: Congrats and earned. I know.Andrew: Thank you, but otherwise doing great and happy to be here as alwaysJerry: Good. Good deal. All right. Just a reminder that the thoughts and opinions we express on this show are ours and do not represent anyone else or including employers, cats, relatives, you name it.Andrew: various sentient plantsJerry: Exactly. Okay. So jumping into some stories today. First one comes from cybersecuritydive. com, which by the way, has a lot of surprisingly good content.Andrew: Yeah, I have enjoyed a lot of what they write. We’ve a couple good stories thereJerry: Yeah. Yeah. So the title here is insurance coverage drives cyber risk reduction for companies, researchers say that the gist of this story is that there were two recent studies done or reports released one from a company called Omeda and another one from Forrester, which I think we all know and love.And I’ll summarize it and say that they’re both reports indicate that companies which have cyber insurance tend to be better at quote, reducing risk more likely detect, respond, and recover from data breaches and malicious attacks compared to organizations without coverage. So I thought that was a little interesting.On the other hand it to me feels like a bit of availability bias, so by that, what I mean is if you go and take a survey of people who go to the gym and work out at the gym on their diet, you will probably will find out that Eat a healthier diet than the public at large.Andrew: But I go.Jerry: you just go.Andrew: I, look,Jerry: I’m not saying, I’m not saying everybody, right?Andrew: least I show up, right? And I’ve been told showing up is half the battle.Jerry: It is half the battle, that’s right. Knowing is the other half.Then doing is the other half.Andrew: I will say, speaking of G. I. Joe quotes, I thought catching on fire was going to be a far bigger problem in my life than it turned out to be.Jerry: That and quicksand.Andrew: I, we wereLot about that as children ofJerry: quick, quicksand.Andrew: Heh.Jerry: QuickSand was, I, I lived in fear of QuickSand, but it turns out it’s really not that big of a concern.Andrew: For as much as I heard stop drop and roll done itJerry: Yet.Andrew: That’s true. The day is young. Anyway back to your story. I think you’re right I will also say having worked with a number of these companies do interestingly have their own towards trying to keep you from getting hacks. They have to pay out So they do push certain things like and I’ve seen myself and I won’t say it You know, it doesn’t matter where, when, but if you have things like one of the well known EDR tools well deployed, they might cut y...
Defensive Security Podcast Episode 276 Andrew Kalat 2024-08-16 | Check out the latest Defensive Security Podcast Ep. 276! From cow milking robots held ransom to why IT folks dread patching, Jerry Bell and Andrew Kalat cover it all. Tune in and stay informed on the latest in cybersecurity!Summary:In episode 276 of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat delve into a variety of security topics including a ransomware attack on a Swedish farm’s milking machine leading to the tragic death of a cow, issues with patch management in IT industries, and an alarming new wormable IPv6 vulnerability patch from Microsoft. The episode also covers a fascinating study on the exposure and exploitation of AWS credentials left in public places, highlighting the urgency of automating patching and establishing robust credential management systems. The hosts engage listeners with a mix of humor and in-depth technical discussions aimed at shedding light on critical cybersecurity challenges.00:00 Introduction and Casual Banter01:14 Milking Robot Ransomware Incident04:47 Patch Management Challenges05:41 CrowdStrike Outage and Patching Strategies08:24 The Importance of Regular Maintenance and Automation15:01 Technical Debt and Ownership Issues18:57 Vulnerability Management and Exploitation25:55 Prioritizing Vulnerability Patching26:14 AWS Credentials Left in Public: A Case Study29:06 The Speed of Credential Exploitation31:05 Container Image Vulnerabilities37:07 Teaching Secure Development Practices40:02 Microsoft’s IPv6 Security Bug43:29 Podcast Wrap-Up and Social Media Plugs-tokens-in-popular-projects/Links: • securityaffairs.com/166839/cyber-crime/cow-milking-robot-hacked.html • theregister.com/2024/07/25/patch_management_study • cybersecuritydive.com/news/misguided-lessons-crowdstrike-outage/723991 • cybenari.com/2024/08/whats-the-worst-place-to-leave-your-secrets • theregister.com/2024/08/14/august_patch_tuesday_ipv6 Transcript:Jerry: Today is Thursday, August 15th, 2024. And this is episode 276 of the defensive security podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew Kalat.Andrew: Good evening, Jerry. Once again, from your southern compound, I see.Jerry: Once again, in the final time for a two whole weeks, and then I’ll be back.Andrew: Alright hopefully next time you come back, you’ll have yet another hurricane to dodge.Jerry: God, I hope not.Andrew: How are you, sir?Jerry: I’m doing great. It’s a, it’s been a great couple of weeks and I’m looking forward to going home for a little bit and then then coming back. How are you?Andrew: I’m good, man. It’s getting towards the end of summer. forward to a fall trip coming up pretty soon, and just cruising along. Livin the dream.Jerry: We will make up for last week’s banter about storms and just get into some stories. But first a reminder that the thoughts and opinions we express are those of us and not our employers.Andrew: Indeed. Which is important because they would probably fire me. You’ve tried.Jerry: I would yeah. So the the first story we have tonight is very Moving.Andrew: I got some beef with these people.Jerry: Great. Very moving. This one comes from security affairs and the title is crooks took control of a cow milking robot, causing the death of a cow. Now, I will tell you that the headline is much more salacious than the actual story that the. When I saw the headline, I thought, oh my God, somebody hacked a robot and it somehow kill the cow, but no, that’s not actually what happened,Andrew: Now, also, let’s just say up front, the death of a cow is terrible, and we are not making light of that. But we are gonna milk this story for a little while.Jerry: that’s very true.Andrew: I’m almost out of cow puns.Jerry: Thank God for that. So, what happened here is this farm in Sweden had their milking machine, I guess is a milking machine ransomware and the farmer noticed that he was no longer able to manage the system, contacted the support for that system. And they said, no, you’ve been ransomware.Actually, the milking machine itself apparently was pretty trivial to get back up and running, but apparently what was lost in the attack was important health information about the cows, including when some of the cows were inseminated. And because of that, they didn’t know that one of the pregnant cows was supposed to have given birth, but actually hadn’t.And so it. What had turned out to be the case is that the cow’s fetus, unfortunately passed away inside the cow and the farmer didn’t know it until they found the cow laying lethargic in it stall, and they called a vet. And unfortunately, at that point it was too late to save the cow.This is an unfortunate situation where a ransomware attack did cause a fatality.Andre...
Defensive Security Podcast Episode 275 Andrew Kalat 2024-08-08 | Links: • crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf • theregister.com/2024/08/05/crowdstrike_is_not_at_all • theverge.com/2024/8/6/24214371/microsoft-delta-letter-crowdstrike-response-comments • linkedin.com/posts/alexstamos_why-crowdstrikes-baffling-bsod-disaster-activity-7224046054076243969-1An8?utm_source=combined_share_message&utm_medium=ios_app • linkedin.com/posts/choff_why-crowdstrikes-baffling-bsod-disaster-activity-7224078879445958658-ymuc?utm_source=combined_share_message&utm_medium=member_ios • securityweek.com/thousands-of-devices-wiped-remotely-following-mobile-guardian-hack • bleepingcomputer.com/news/security/stackexchange-abused-to-spread-malicious-pypi-packages-as-answers • bleepingcomputer.com/news/security/hunters-international-ransomware-gang-targets-it-workers-with-new-sharprhino-malware Transcript:Jerry: Today is Wednesday, August 7th, 2024. And this is episode 275 of the Defensive Security Podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew Kalat.Andrew: Good evening, Jerry. How are you? Good, sir.Jerry: I am amazing. It is blistering hot at the beach, but it’s awesome.Andrew: recording from your southern compound.Jerry: I am.Andrew: Nice.Jerry: Yeah, Bell Estate South.Andrew: And Debbie was not an issue.Jerry: Debbie not here. We got probably 45 minutes worth of rain.Andrew: Yeah, it seems, at this point, in real time, stalled out over South CarolinaJerry: Yeah, it looks several feet of rain hitting like Savannah and That is nuts. But no, it was not a big issue here. I was pretty worried. I packed up all my Milwaukee batteries with lights and whatnot in preparation for the worst got extra tranquilizer for my dog who hates storms.But no, it’s been absolutely amazing here.Andrew: So you took the tranks instead? Is that what I’m hearing?Jerry: Absolutely. You gotta sleep somehow.Andrew: That’s fair. I’m glad it was a non event, at least for your little neck of theJerry: Yeah, it was Nice you could actually see some of the storm clouds off in the distance. And that was the best way to watch a hurricane is when it’s far away.Andrew: That’s true. ThatA few I’ve been through. Stuck on islands, butJerry: Yeah, that’s right. since I’ve been here, I have been in the building for two hurricanes, and the building’s been hit by three tornadoes. And then there was also a unsuccessful base jump.Andrew: So we’re saying you are cursed. Is that what we’re saying?Jerry: am the human equivalent to a plastic flamingo.which attracts tornadoes for those who don’t know. Anyway.Yeah.Andrew: after that meteorological update,Jerry: Yeah. just a reminder that the thoughts and opinions we express on the show are ours and do not represent those of our employers past, present, or future.Andrew: maybe even ourJerry: Or our pets. my pet is licking me right now and she says, nope, it’s not her opinion.Andrew: fair,Jerry: Okay I would say that this is going to be a CrowdStrike heavy episode.Andrew: three weeks in a row.Jerry: Yeah, it continues to get more and more interesting. Obviously the main event itself is largely behind us and now we are in the lawyer up phase of the party.Andrew: the blamestormingJerry: blamestorming has indeed begun. The first topic we have to talk about here is the actual formal full root cause analysis was released yesterday by CrowdStrike and it is a 12 page long document. It has lots of marketing fluff in it.And only I would say a little bit of substance. I don’t think there’s anything that is remarkably telling or revolutionary in the document, but it does indicate technically what went wrong. And it gives some indications of the, potential improvements for their quality assurance, which I think is where a lot of this went wrong.So the, I’m not going to go through the details in uber technical specificity, but the net is that this channel file update is for this inter process communication agent, for lack of a better term, I’ll call it. And that agent, expects configuration files that have20 parameters, but through some unfortunatebad planningtheir test harness actually was Marking the 21st as a catch all, as an asterisk. It was effectively being marked as not used. And so in this particular update, they actually started using it, and that ended up causing their parser to perform what ultimately ended up being an out of bounds read.Because that parser wasn’t set up to actually read it. And so when that read attempted to happen in kernel space, it tried to access memory. It wasn’t allowed to access, wasn’t allocated. ...
Defensive Security Podcast Episode 274 Andrew Kalat 2024-08-02 | bleepingcomputer.com/news/security/over-3-000-github-accounts-used-by-malware-distribution-serviceblog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-usarstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makersdarkreading.com/cybersecurity-operations/crowdstrike-outage-losses-estimated-staggering-54b cdn.prod.website-files.com/64b69422439318309c9f1e44/66a24d5478783782964c1f6f_CrowdStrikes%20Impact%20on%20the%20Fortune%20500_%202024%20_Parametrix%20Analysis.pdfdarkreading.com/vulnerabilities-threats/unexpected-lessons-learned-from-the-crowdstrike-eventSummary:Episode 274: Malware on GitHub, North Korean Developer Scam & Secure Boot Failures In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss several notable security stories and issues. They start with a malware distribution service that leverages compromised GitHub accounts and WordPress sites. They then cover a security warning from KnowBe4 about hiring a supposed North Korean agent as a senior developer. They dive into the significance of two separate vulnerable firmware signing keys affecting over 500 hardware models. Lastly, they explore the massive financial impact of the recent CrowdStrike outage, with losses estimated at $5.4 billion. Throughout the episode, the hosts provide insights, potential solutions, and share personal experiences related to these cybersecurity challenges.00:00 Introduction and Casual Banter00:30 Funemployment and Retirement Reflections01:54 Disclaimer and First Story Introduction02:17 Malware Distribution via GitHub04:24 WordPress Security Issues8:09 North Korean Developer Incident14:36 Lessons Learned and Recommendations23:27 Secure Boot Vulnerabilities29:19 Cloud Providers and Firmware Security30:47 The Epidemic of Leaked Keys on GitHub33:35 Challenges in Development and Security Practices35:36 CrowdStrike Outage and Its Financial Impact39:16 Legal and Technical Implications of the Outage57:33 Concluding Thoughts and Future Plans Transcript:Episode 274 274===jerry: [00:00:00] Today is Wednesday, July 31st, 2024. And this is episode 274 of the defensive security podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew Kalat.Andrew: Good evening, Jerry. How are you? My good sir.jerry: So good. It hurts. How are you?Andrew: I’m doing good. it’s Wednesday, which is halfway through the week. So I can’t complain too much.jerry: It’s just another day to me though.Andrew: I, how are you enjoying your funemployment?jerry: It is awesome. funny story, when my dad retired, he told me something sad. He said, one of the things that you don’t realize is that the weekend starts losing its appeal,Andrew: Because every day is the weekend.jerry: because it’s just another day and, holidays are just another day.jerry: There’s not really something to look forward to when you’re working. You typically look forward to the weekend. It’s just another day. I am finding that to be true. I’m going to be [00:01:00] spending some time coming up down at the beach, which will be a whole different experience, not having to work and actually be at the beach, which will be cool.Andrew: So you don’t have to wrap your laptop in plastic when you take it surfing with you anymore.jerry: That is very true. No more conference calls while out on the boogie board.Andrew: I will say the random appearance of sharks behind you on your zoom sessions will be missed.Andrew: Of course, we’ll have to find a way to bring that back. I live in jealousy of your funemployment. I will just say that. But not that you didn’t work your ass off and earned it, right? This is 25 years of blood, sweat, and tears given to this industry to get you to this point. So you earned itjerry: I’m going to have to be responsible again at some point, but I am having fun in the meantime.Andrew: as well. You shouldjerry: before we get into the stories for today I just want to remind everybody that the thoughts and [00:02:00] opinions we express on the show are ours and do not represent anybody else, including employers cats, farm animals, spouses children, et cetera, et cetera.Andrew: there’s that one Lama in Belarus though, that agrees 100 percent with what we have to say.jerry: Very true. Getting into the stories, we have one from bleeping computer and this one is titled over 3000 GitHub accounts used by malware distribution service. I thought this one was particularly interesting and notable. There is a malware distribution as a service that leverages both, let’s call them fake or contrived GitHub accounts, as well as compromised WordPress sites.jerry: And the, what they’re effectively leveraging is the brand reputation of GitHub. And so they ...
Defensive Security Podcast Episode 273 Andrew Kalat 2024-07-24 | The Joe Sullivan Verdict – Unfair? – Which Part? (cybertheory.io) (cybertheory.io/the-joe-sullivan-verdict-unfair-which-part) Fujitsu Details Non-Ransomware Cyberattack (webpronews.com) (webpronews.com/fujitsu-details-non-ransomware-cyberattack) 5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy (thehackernews.com) (thehackernews.com/2024/07/5-key-questions-cisos-must-ask.html) Sizable Chunk of SEC Charges Vs. SolarWinds Dismissed (darkreading.com) (darkreading.com/application-security/solarwinds-charges-tossed-out-of-court-in-legal-victory-against-sec) CrowdStrike CEO apologizes for crashing IT systems around the world, details fix | CSO Online (csoonline.com/article/2872861/crowdstrike-ceo-apologizes-for-crashing-it-systems-around-the-world-details-fix.html) Summary:Cybersecurity Updates: Uber’s Legal Trouble, SolarWinds SEC Outcome, and CrowdStrike OutageIn Episode 273 of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss recent quiet weeks in cybersecurity and correct the record on Uber’s CISO conviction. They delve into essential questions CISOs should consider about their cybersecurity strategies, including budget justification and risk reporting. The episode highlights the significant impact of CrowdStrike’s recent updates causing massive system crashes and explores the court’s decision to dismiss several SEC charges against SolarWinds. The hosts provide insights into navigating cybersecurity complexities and emphasize the importance of effective communication and collaboration within organizations.00:00 Introduction and Banter01:52 Correction on Uber’s CISO Conviction04:07 Recommendations for CISOs09:28 Fujitsu’s Non-Ransomware Cyber Attack12:13 Key Questions for CISOs32:47 Corporate Puffery and SEC Charges33:15 Internal vs External Communications33:52 SolarWinds Security Assessment36:36 CrowdStrike CEO Apologizes37:16 Global IT Systems Crash37:57 CrowdStrike’s Kernel-Level Issues40:55 Industry Reactions and Lessons42:58 Balancing Security and Risk49:26 CrowdStrike’s Future and Market Impact01:03:46 Conclusion and Final Thoughts Transcript:defensive_security_podcast_episode_273 ===jerry: [00:00:00] All right, here we go. Today is Sunday, July 21st, 2024, and this is episode 273 of the Defensive Security Podcast. My name is Jerry Bell, and joining me tonight as always is Mr. Andrew Kalat.Andy: Good evening, Jerry. I’m not sure why we’re bothering to do a show. Nothing’s happened in the past couple of weeks.Andy: It’s been really quiet.jerry: Last week was very quiet.Andy: Yeah, sometimes You just need a couple quiet weeks.jerry: Yeah. Yeah, nothing going on so before we get into the stories a reminder that the thoughts and opinions We express on this podcast do not represent andrew’s employersAndy: Or your potential future employersjerry: or my potential future employersAndy: as you’re currently quote enjoying more time with family end quotejerry: Yes, which by the way Is highly recommended if you can do it.Andy: You’re big thumbs up of being an unemployed bum.jerry: It’s been amazing. Absolutely [00:01:00] amazing. I I forgot what living was like.jerry: I’ll say it that way.Andy: Having watched your career from next door ish, not a far, but not too close. I think you earned it. I think you absolutely earned some downtime. My friend, you’ve worked your ass off.jerry: Thank you. Thank you. It’s been fun.Andy: And I’ve seen your many floral picks. I don’t, I’m not saying that you’re an orchid hoarder, but some of us are concerned.jerry: I actually think that may be a fair characterization. I’m not aware of any 12 step programs for for this disorder here.Andy: There’s a TV show called hoarders where they go into people’s houses who are hoarders and try to help them. I look forward to your episode.jerry: I yes, I won’t say anymore. Won’t say anymore. So before we get into the new stories, I did want to correct the record on something we talked about on the last episode [00:02:00] regarding. Uber’s CISO that had been criminally convicted. Richard Bejtlich on infosec. exchange actually pointed out to us that it was not failure to report the breach that was the problem. It was a few other issues, which is what Mr. Sullivan had actually been convicted of. So I’m going to stick a story into the show notes. That has a very very extensive write up about the issues and that is from cybertheory. io. And in essence, I would distill it down as saying again, I guess he was convicted so it’s not alleged. He was convicted of obstruction of an official government investigation. He was convicted of obstructing the ongoing FTC investigation about the 2013 slash 2014 breach, [00:03:00] which had been disclosed previously.jerry: The FTC was rooting through their business an...
Defensive Security Podcast Episode 272 Andrew Kalat 2024-07-11 | Links:darkreading.com/cybersecurity-operations/a-cisos-guide-to-avoiding-jail-after-a-breachcsoonline.com/article/2512955/us-supreme-court-ruling-will-likely-cause-cyber-regulation-chaos.htmlsansec.io/research/polyfill-supply-chain-attacksecurityweek.com/over-380k-hosts-still-referencing-malicious-polyfill-domain-censystenable.com/blog/how-the-regresshion-vulnerability-could-impact-your-cloud-environment Transcript===[00:00:00]jerry: All right. Here we go. Today is Sunday, July 7th, 2024, and this is episode 272 of the defensive security podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew Kalat.Andrew: Good evening, Jerry. This is a newly reestablished record twice in a week orjerry: twice in a week. I can’t believe it.Andrew: I know. Awesome. Yeah. You just had to, quit that crappy job of yours that provided income for your family and pets and you know everything else but now that you’re unemployed house But now that you’re an unemployed bum.jerry: Yeah, I can podcast all I want 24 7 I think i’m gonna become an influencer like i’m gonna just be live all the time nowAndrew: you could I really I look forward to you asking me to subscribe and hit that notify button.jerry: That’s right. Hit that subscribe buttonAndrew: Like leave a rating and a commentjerry: like and subscribe All [00:01:00] right getting with the program we’re we’re getting back into our normal rhythm. As per normal, we’ve got a couple of stories to talk about. The first one comes from Dark Rating and the title is, A CISO’s Guide to Avoiding Jail After a Breach.Andrew: Before we get there.Andrew: I want to throw out the disclaimer that thoughts and opinions do not reflect any of our employers, past, present, or future.jerry: That’s a great point. Or, my cats.Andrew: Unlike you, I have to worry about getting fired.jerry: I still have a boss. She can fire me.Andrew: That’s called divorce, sir. But true.jerry: Yeah.Andrew: Anyway, back to your story.jerry: Anyway, yeah. CISO’s Guide to Avoiding Jail After a Breach. So this is this is following on a upcoming talk at, I think it’s Black Hat talking about how CISOs can try to insulate themselves from the [00:02:00] potential legal harms or legal perils that can arise as a result of their jobs. It’ll be interesting to see what’s actually in that talk, because the article itself, in my estimation, despite what the title says, doesn’t actually give you a lot of actionable information on, How to avoid jail. They do they do a quote Mr. Sullivan, who was the CISO for Uber.jerry: And they give a little bit of background and how it’s interesting that he he is, now a convicted felon. Although I think that’s still working its way through the the appeals process. Though he previously was appointed to a cybersecurity board by president Obama.jerry: And before that he was a federal prosecutor. And in fact, as the article points out, he was one of the process, he was the prosecutor who prosecuted the first DMCA case, which I thought was quite interesting. You didn’t know that about him, but what’s interesting is this article at least is based a lot on [00:03:00] interviews with him and including recommendations on things like communicating with your your board and your executive leadership team. But I’m assuming that He had done that at Uber.Andrew: Yeah, this is such a tough one for me, and it makes, I think a lot of good people make references in the article. I want to shy away from being a CISO if there’s this sort of potential personal liability. When, there’s a lot of factors that come into play about why a company might be breached that aren’t always within the control of the CISO, whether it be budget, whether it be focus, whether it be company priorities, and you have an active adversary who is looking for any possible way to get into your environment.Andrew: So what becomes the benchmark of what constitutes a breach? Negligence up to the point of going to jail is the one that [00:04:00] I’ve struggled with so much and I think those who haven’t really worked in the field much can very easily just point to mistakes that are made, but they don’t necessarily understand the complexity of what goes in to that chain of events and chain of decisions that led to that situation.Andrew: Every job I’ve been in where we were making serious decisions about cybersecurity was a budgetary trade off and a priority trade off and a existential threat to the company if we don’t do X, Y, and Z. Coming from five or six different organizations at the same time coming up to that CFO or the CEO and they have to make hard calls about where that those resources go and those priorities go to keep people employed. And you pair that with a very hostile, third party intentionally trying to breach you it’s a tough situation an...
Defensive Security Podcast Episode 269 Andrew Kalat 2022-07-31 | bleepingcomputer.com/news/security/cosmicstrand-uefi-malware-found-in-gigabyte-asus-motherboardsbleepingcomputer.com/news/security/hackers-scan-for-vulnerabilities-within-15-minutes-of-disclosurehttps://www.techcircle.in/2022/07/31/paytm-mall-refutes-cyber-breach-report-says-users-data-safe
Defensive Security Podcast Episode 268 Andrew Kalat 2022-07-17 | Stories:scmagazine.com/feature/incident-response/why-solarwinds-just-may-be-one-of-the-most-secure-software-companies-in-the-tech-universecomputerweekly.com/news/252522789/Log4Shell-on-its-way-to-becoming-endemicbleepingcomputer.com/news/security/hackers-impersonate-cybersecurity-firms-in-callback-phishing-attackscybersecuritydive.com/news/microsoft-rollback-macro-blocking-office/627004jerry: [00:00:00] All right, here we go today. Sunday, July 17th. 2022. And this is episode 268. Of the defensive security podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew Kellett.Andy: Hello, Jerry. How are you, sir?jerry: great. How are you doing?Andy: I’m doing good. I see nobody else can see it, but I see this amazing background that you’ve done with your studio and all sorts of cool pictures. Did you take those.jerry: I It did not take those. They are straight off Amazon actually. It’s.jerry: I’ll have to post the picture at some [00:01:00] point, but the pictures are actually sound absorbing panels.Andy: Wow. I there’s jokes. I’m not going to make them, but anyway, I’m doing great. Good to see ya..jerry: Awesome. Just a reminder that the thoughts and opinions we express on the show are ours and do not represent those of our employers. But as you are apt to point out, they could be for the right price.Andy: That’s true. That’s true. And that, and by the way, what that really means is you’re not going to change our opinions. You’re just going to to hire them.jerry: Correct. right. Sponsor our existing opinions.Andy: Someday that’ll work.jerry: All right. So we have some interesting stories today. The first one comes from SC magazine dot com. The title is why solar winds just might be one of the most secure software companies. In the tech universe.Andy: It’s a pretty interesting one. I went into this a little.Andy: Cynical. But there’s a lot of [00:02:00] really interesting stuff in here.jerry: Yeah there, there is, I thinkjerry: What I found interesting. A couple of things. One is very obvious. That this is a. Planted attempt to get back into the good graces of the it world. But at the same time, It is very clear that they have made some pretty significant improvements in their security posture. And I think for that, it deserves a.jerry: A discussion.Andy: Yeah, not only improvements, but they’re also.Andy: Having these strong appearance of transparency and sharing lessons learned. Which we appreciate.jerry: Correct. The one thing that I so we’ll get into it a little bit, but they still don’t really tell you. How. The thing happened.Andy: Aliens.jerry: Obviously it was aliens. They did tell you what happened. And so in the. Article here they describe this the [00:03:00] CISO of solar winds describes that the attack didn’t actually. Change their code base. So the attack wasn’t against their code repository. It was actually against one of their build systems.jerry: And so they were the adversary here. Was injecting code. At build time, basically. So it wasn’t something that they could detect through code reviews. It was actually being added as part of the build process. And by inference the head. Pretty good control. At least they assert they had good control over theirjerry: source code, but they did not have good control. Over the build process and in the article they go through. The security uplifts they’ve made to their build process, which are quite interesting. Like they I would describe it as they have three parallel. Build channels that are run by three different teams.jerry: And at the end of, at the [00:04:00] end of each of those, there’s a comparison. And if they don’t. They don’t match, if the. They call it a deterministic build. So there are like their security team does one, a dev ops team does another and the QA team does a third. And all building.jerry: The same set of code. They should end up with the same final. Final product. All of the systems are are central to themselves. They don’t commingle. They don’t have access to each others. So there should be a very low opportunity for for an adversary to have access to all three.jerry: Environments and do the same thing they did without being able to detect at the end, when they do the comparison between the three builds, whether it’s a novel approach. I hadn’t thought about it. It seems.jerry: My first blush was, it seemed excessive, but as the more I think about it, It’s probably not a huge amount of [00:05:00] resources to do so maybe it makes sense.Andy: Yeah.Andy: And also, they mentioned that three different people are in charge of it. And so to corrupt it. Or somehow injected. Into all three would take. Somehow corrupting three different individuals, somehow some way.jerry: Yeah, they would have to clue the three teams would have...
Defensive Security Podcast Episode 267 Andrew Kalat 2022-07-10 | Defensive Security Podcast Episode 267 Links:justice.gov/opa/pr/aerojet-rocketdyne-agrees-pay-9-million-resolve-false-claims-act-allegations-cybersecurityus-cert.cisa.gov/ncas/alerts/aa22-187azdnet.com/article/these-are-the-cybersecurity-threats-of-tomorrow-that-you-should-be-thinking-about-todayjerry: [00:00:00] Alright, here we go. Today is Sunday, July 10th, 2022. And this is episode 267 of the defensive security podcast. My name is Jerry Bell and joining me tonight as always. Is Mr. Andrew Kellett.Andy: Good evening, Jerry, how are you? Good, sir.jerry: I’m doing great. How are you doing?Andy: I’m good man. It’s hot and steamy in Atlanta. Tell you that much.jerry: Yeah. I ‘ve been back for a month from my beach place. And I think today’s the first day that we’ve not had a heat advisory. [00:01:00]Andy: Yeah, that’s crazy.jerry: which it has been brutally hot here.Andy: Now, when you say beach place, you might have to be more specific, cause you’ve got one like seven beach houses now.jerry: Well, the Southern most beach house. Yes.Andy: Yeah. One is the Chateau. One’s technically a compound.jerry: One’s an island,Andy: that’s.Andy: We’re going to have to probably name them because. They’re tough to keep straight.jerry: They definitely are. Yup.Andy: But, I, for one. Appreciate your new land barronness activities. And look forward to.Andy: Jerry Landia being launched and seceding from the United States.jerry: Hell. Yeah. That’s right.Andy: I’ll start applying for citizenship whenever I can.jerry: Good plan. Good plan. All right. A reminder. We should probably already said this, but the thoughts and opinions we expressed on the show are ours and do not represent those of our employers.Andy: But for enough money, they couldjerry: yeah. Everything is negotiable. [00:02:00] All right. Couple of really interesting stories crossed my desk. Recently and the first one comes from the US department of justice of all places. And the title here is Aerojet , Rocketdyne agrees to pay $9 million to resolve false claims act allegations.jerry: Of cybersecurity violations in federal government contracts. So the story here is that there’s this act, as you could probably tell by the title called the false claims act that permits an employee of a company who specifically does business with the US government to Sue the company under the false claims act claiming that the company is misrepresenting itself in the execution of its contracts. And if that [00:03:00] lawsuit is successful, the person making the allegation, basically it’s a whistleblower kind of arrangement. The person making the allegation gets a cut of the settlement. And so in this particular case the whistleblower received $2.61 million dollars of the $9 million.Andy: Wow. So his company. In theory was lying on their security controls. And he found out about it or knew about it. And was a whistleblower. About it is getting 2.61 million.jerry: Correct. Correct.Andy: Have to go check everything in my company. I’ll be right back.jerry: I’m guessing that his lawyers will probably take about 2 million of the 2.61, but, Hey, it’s still.jerry: still. money, right?Andy: That’s crazy. It reminds me, it’s probably a lot of our listeners are too young for this, but. The days of the business software Alliance about turning in your employer for using pirated software, that you could get a cut of that, but not in the you [00:04:00] know seven figure range.jerry: Yeah, this is really quite interesting. And what’s more interesting is that there is apparently some indication that the US government may expand the scope of this to include non government contracts and including. Perhaps even like public companies. Under the jurisdiction of the securities and exchange commission. I don’t think that’s ah codified yet.jerry: Probably just ah hyperbole at this point, but holy moly. It really really drives home the point that we need to, do what we say and say what we do.Andy: So what were the gaps or what were the misses that they said they had.jerry: have done a little bit of searching around. I didn’t go through all of the details in that case. Because it was a settlement, there may not be an actual Details available, but I’ve not been able to find the specific details of of what they were not doing.Andy: Yeah. did [00:05:00] go and I cause. I was very curious about this and did do a bunch of searching and found some summaries of the case and some of the legal documentations, and it looks like. The best I was able to get into is there was a matrix of 56 security controls. Or something around those lines, don’t quote me on that and that the company only had satisfactory coverage of five to 10 of them.jerry: Oh, wow.Andy: And there was another one where they did a third-party pen tests who got ...
Defensive Security Podcast Episode 266 Andrew Kalat 2022-06-12 | csoonline.com/article/3660560/uber-cisos-trial-underscores-the-importance-of-truth-transparency-and-trust.htmlthehackernews.com/2022/06/conti-leaks-reveal-ransomware-gangs.html?m=1bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systemsdoublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896
Defensive Security Podcast Episode 265 Andrew Kalat 2022-03-27 | Google Exposes Initial Access Broker Ties With Ransomware Actors (bankinfosecurity.com) (bankinfosecurity.com/google-exposes-initial-access-broker-ties-to-ransomware-a-18758) Okta says hundreds of companies impacted by security breach | TechCrunch (techcrunch.com/2022/03/23/okta-breach-sykes-sitel) Okta: “We made a mistake” delaying the Lapsus$ hack disclosure (bleepingcomputer.com) (bleepingcomputer.com/news/security/okta-we-made-a-mistake-delaying-the-lapsus-hack-disclosure) Microsoft confirms Lapsus$ breach after hackers publish Bing, Cortana source code | TechCrunch (techcrunch.com/2022/03/23/microsoft-lapsus-hack-source-code) DEV-0537 criminal actor targeting organizations for data exfiltration and destruction – Microsoft Security Blog (microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction) Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica (arstechnica.com/information-technology/2022/03/sabotage-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus/2) President Biden Signs into Law the Cyber Incident Reporting Act (natlawreview.com) (natlawreview.com/article/president-biden-signs-law-cyber-incident-reporting-act-imposing-reporting) SEC Proposes Rules On Cybersecurity Risk Management, Strategy, Governance, And Incident Disclosure By Public Companies – Technology – United States (mondaq.com) (mondaq.com/unitedstates/security/1173760/sec-proposes-rules-on-cybersecurity-risk-management-strategy-governance-and-incident-disclosure-by-public-companies)
Defensive Security Podcast Episode 264 Andrew Kalat 2022-03-13 | Adafruit discloses data leak from ex-employee’s GitHub repo (bleepingcomputer.com) (bleepingcomputer.com/news/security/adafruit-discloses-data-leak-from-ex-employees-github-repo) Malware now using NVIDIA’s stolen code signing certificates (bleepingcomputer.com) (bleepingcomputer.com/news/security/malware-now-using-nvidias-stolen-code-signing-certificates) NSA report: This is how you should be securing your network | ZDNet (zdnet.com/article/nsa-report-this-is-how-you-should-be-securing-your-network)
Defensive Security Podcast Episode 263 Andrew Kalat 2022-02-20 | govinfosecurity.com/data-breach-exposes-booking-details-19-million-customers-a-18505helpnetsecurity.com/2022/02/11/cloud-security-trainingbankinfosecurity.com/massive-breach-hits-500-e-commerce-sites-a-18492darkreading.com/cloud/linux-malware-on-the-rise-including-illicit-use-of-cobalt-strikedarkreading.com/attacks-breaches/google-cuts-account-compromises-in-half-with-simple-change
Defensive Security Podcast Episode 262 Andrew Kalat 2022-02-07 | darkreading.com/edge-threat-monitor/most-common-cause-of-data-breach-in-2021-phishing-smishing-becbleepingcomputer.com/news/security/fbi-shares-lockbit-ransomware-technical-details-defense-tipscsoonline.com/article/3648991/dhs-announces-the-creation-of-the-cyber-safety-review-board.htmldarkreading.com/application-security/disclosure-panic-patch-can-we-do-better-
Defensive Security Podcast Episode 261 Andrew Kalat 2022-01-31 | bleepingcomputer.com/news/security/hackers-are-taking-over-ceo-accounts-with-rogue-oauth-appsblog.f-secure.com/insight-from-a-large-scale-phishing-studydarkreading.com/attacks-breaches/log4j-proved-public-disclosure-still-helps-attackerscsoonline.com/article/3647756/how-to-prioritize-and-remediate-vulnerabilities-in-the-wake-of-log4j-and-microsofts-patch-tuesday-b.html
Defensive Security Podcast Episode 260 Andrew Kalat 2022-01-17 | csoonline.com/article/3647209/why-you-should-secure-your-embedded-server-management-interfaces.htmlcsoonline.com/article/3646613/cybercrime-group-elephant-beetle-lurks-inside-networks-for-months.htmlzdnet.com/article/when-open-source-developers-go-badbleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates
Defensive Security Podcast Episode 258 Andrew Kalat 2021-08-15 | arstechnica.com/gadgets/2021/07/malicious-pypi-packages-caught-stealing-developer-data-and-injecting-codearstechnica.com/gadgets/2021/07/feds-list-the-top-30-most-exploited-vulnerabilities-many-are-years-oldsecurityweek.com/hospital-network-reveals-cause-2020-cyberattackcsoonline.com/article/3628331/recent-shadow-it-related-incidents-present-lessons-to-cisos.htmlnatlawreview.com/article/another-court-orders-production-cybersecurity-firm-s-forensic-report-data-breachsecureworld.io/industry-news/ciso-lawsuit-solarwinds (http://\)
Defensive Security Podcast Episode 257 Andrew Kalat 2021-07-25 | https://therecord.media/using-vms-to-hide-ransomware-attacks-is-becoming-more-popular/blog.erratasec.com/2021/07/ransomware-quis-custodiet-ipsos-custodes.html?m=1databreachtoday.com/how-mespinoza-ransomware-group-hits-targets-a-17086krebsonsecurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-backupsarstechnica.com/gadgets/2021/07/kaseya-gets-master-decryptor-to-help-customers-still-suffering-from-revil-attack
Defensive Security Podcast Episode 256 Andrew Kalat 2021-07-11 | csoonline.com/article/3623760/printnightmare-vulnerability-explained-exploits-patches-and-workarounds.html#tk.rss_allsecurityweek.com/continuous-updates-everything-you-need-know-about-kaseya-ransomware-attackdatabreachtoday.com/kaseya-raced-to-patch-before-ransomware-disaster-a-17006
Defensive Security Podcast Episode 255 Andrew Kalat 2021-06-27 | reuters.com/technology/us-sec-official-says-agency-has-begun-probe-cyber-breach-by-solarwinds-2021-06-21databreachtoday.com/cisa-firewall-rules-could-have-blunted-solarwinds-malware-a-16919wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-toldbleepingcomputer.com/news/security/microsoft-admits-to-signing-rootkit-malware-in-supply-chain-fiasco
Defensive Security Podcast Episode 253 Andrew Kalat 2020-07-15 | securityinformed.com/news/intruder-research-mongodb-databases-breached-connected-internet-co-1594211095-ga-co-1594211806-ga.1594215158.htmlzdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devicescsoonline.com/article/3564726/privilege-escalation-explained-why-these-flaws-are-so-valuable-to-hackers.html#tk.rss_allarstechnica.com/information-technology/2020/06/theft-of-top-secret-cia-hacking-tools-was-result-of-woefully-lax-security
Defensive Security Podcast Episode 252 Andrew Kalat 2020-05-31 | bankinfosecurity.com/capital-one-must-turn-over-mandiant-forensics-report-a-14352databreachtoday.com/insider-threat-lessons-from-3-incidents-a-14312zdnet.com/article/ransomware-deploys-virtual-machines-to-hide-itself-from-antivirus-software
Defensive Security Podcast Episode 251 Andrew Kalat 2020-05-04 | securityweek.com/recent-salt-vulnerabilities-exploited-hack-lineageos-ghost-digicert-serverszdnet.com/article/ransomware-mentioned-in-1000-sec-filings-over-the-past-year
Defensive Security Podcast Episode 250 Andrew Kalat 2020-05-03 | zdnet.com/article/dhs-cisa-companies-are-getting-hacked-even-after-patching-pulse-secure-vpnsbankinfosecurity.com/attackers-increasingly-using-web-shells-to-create-backdoors-a-14179bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-los-angeles-county-city-leaks-files
Defensive Security Podcast Episode 249 Andrew Kalat 2020-04-05 | tomsguide.com/news/zoom-security-privacy-woesbankinfosecurity.com/blogs/learn-from-how-others-get-breached-equifax-edition-p-2870zdnet.com/article/microsoft-how-one-emotet-infection-took-out-this-organizations-entire-networkmicrosoft.com/security/blog/wp-content/uploads/2020/04/Case-study_Full-Operational-Shutdown.pdf
Defensive Security Podcast Episode 248 Andrew Kalat 2020-03-28 | Be well, be safe, take care of yourselves, and take care of others (from an appropriate distance).businessinsider.com/coronavirus-apple-secrecy-work-from-home-difficult-2020-3csoonline.com/article/3531963/8-key-security-considerations-for-protecting-remote-workers.htmlzdnet.com/article/microsoft-99-9-of-compromised-accounts-did-not-use-multi-factor-authentication
Defensive Security Podcast Episode 247 Andrew Kalat 2020-03-22 | securityweek.com/state-sponsored-cyberspies-use-sophisticated-server-firewall-bypass-techniquezdnet.com/article/ransomware-victims-thought-their-backups-were-safe-they-were-wrongsec.gov/files/OCIE%20Cybersecurity%20and%20Resiliency%20Observations.pdf
Defensive Security Podcast Episode 246 Andrew Kalat 2020-02-23 | darkreading.com/risk/cybercriminals-swap-phishing-for-credential-abuse-vuln-exploits/d/d-id/1337019businessinsider.com/phishing-scams-getting-more-sophisticated-what-to-look-out-for-2020-2#hackers-will-start-by-targeting-low-level-employees-then-moving-laterally-to-compromise-executives-accounts-1krebsonsecurity.com/2020/02/hackers-were-inside-citrix-for-five-monthsclearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign.pdf
Defensive Security Podcast Episode 245 Andrew Kalat 2020-02-09 | bankinfosecurity.com/judge-rules-insurer-must-pay-for-ransomware-damage-a-13673zdnet.com/google-amp/article/new-york-state-wants-to-ban-government-agencies-from-paying-ransomware-demandsbankinfosecurity.com/nist-drafts-guidelines-for-coping-ransomware-a-13679arstechnica.com/information-technology/2020/01/dozens-of-companies-have-data-dumped-online-by-ransomware-ring-seeking-leveragebankinfosecurity.com/doppelpaymer-ransomware-threatens-to-dump-victims-data-a-13683
Defensive Security Podcast Episode 244 Andrew Kalat 2020-01-21 | securityweek.com/attacker-installs-backdoor-blocks-others-exploiting-citrix-adc-vulnerabilitysecurityweek.com/court-approves-equifax-data-breach-settlementinfosecurity-magazine.com/news/equifax-breach-settlement-couldnatlawreview.com/article/ico-issues-fine-against-national-retailer-security-failings
Defensive Security Podcast Episode 243 Andrew Kalat 2020-01-13 | irishtimes.com/news/crime-and-law/courts/high-court/firm-being-blackmailed-by-hackers-for-6m-obtains-irish-court-injunction-1.4128069inews.co.uk/inews-lifestyle/travel/travelex-hack-cyber-attack-ransomware-sodinokibi-travel-money-uk-firm-data-breach-explained-1358454securityaffairs.co/wordpress/96046/hacking/microsoft-rdp-brute-force-study.htmlzdnet.com/article/company-shuts-down-because-of-ransomware-leaves-300-without-jobs-just-before-holidays
Defensive Security Podcast Episode 242 Andrew Kalat 2019-12-21 | wwltv.com/article/news/crime/city-government-in-recovery-mode-after-cyberattack/289-514a376e-16de-4b43-9756-a30baefe4c28arstechnica.com/information-technology/2019/11/hackers-paradise-louisianas-ransomware-disaster-far-from-overcsoonline.com/article/3488816/how-a-nuclear-plant-got-hacked.html
Defensive Security Podcast Episode 241 Andrew Kalat 2019-11-25 | bleepingcomputer.com/news/security/allied-universal-breached-by-maze-ransomware-stolen-data-leakedcsoonline.com/article/3454443/how-a-bank-got-hacked-a-study-in-how-not-to-secure-your-networks.html
Defensive Security Podcast Episode 240 Andrew Kalat 2019-11-21 | arstechnica.com/information-technology/2019/11/breach-affecting-1-million-was-caught-only-after-hacker-maxed-out-targets-storagecsoonline.com/article/3452747/what-you-need-to-know-about-the-new-owasp-api-security-top-10-list.htmlsecurityweek.com/pci-dss-compliance-between-audits-declining-verizonkrebsonsecurity.com/2019/11/study-ransomware-data-breaches-at-hospitals-tied-to-uptick-in-fatal-heart-attacks
Defensive Security Podcast Episode 239 Andrew Kalat 2019-11-06 | securityaffairs.co/wordpress/92484/data-breach/imperva-data-breach-2.htmlarstechnica.com/information-technology/2019/10/the-count-of-managed-service-providers-getting-hit-with-ransomware-mountszdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang
Defensive Security Podcast Episode 238 Andrew Kalat 2019-10-07 | csoonline.com/article/3441220/marriott-data-breach-faq-how-did-it-happen-and-what-was-the-impact.html
Defensive Security Podcast Episode 237 Andrew Kalat 2019-09-23 | krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack
