Security Nation

In our latest episode of Security Nation, we talk to Philip Reiner about his work with the Ransomware Task Force. Stick around for our Rapid Rundown, where Tod talks about a recently released bulletin from CISA about APT exploiting both new and old SAP vulnerabilities.

In our latest episode of Security Nation, we speak with Beau Woods and Fotios Chantzis about their newly released book, "Practical IoT Hacking." Stick around for our Rapid Rundown, where Tod encourages listeners to patch their Apple iOS devices against the recently announced WebKit bug, and to not panic about PHP's compromised Git server.

In our latest episode of Security Nation, we talk with Katie Ledoux about her unconventional journey into the cybersecurity industry—from her marketing agency days to her time at Rapid7, to her current role as Head of Information Security at Starburst Data. Katie talks about imposter syndrome, what it was like to "start over" in her career,  the importance of contributions from non-technical roles—and, of course, what she would want to see out of a "Hackers" sequel.Stick around for our Rapid Rundown, where it's "All Exchange, all the time," in the wake of Microsoft's four critical bugs. Tod and Jen also discuss the recent Github controversy surrounding the ban of exploit code. 

In this week's episode of Security Nation, we interview Adrien Ogee, COO of the CyberPeace Institute.  He discusses what it was like to launch and staff a brand-new nonprofit during the COVID-19 pandemic, and how his team worked to get the cybersecurity industry to trust them and get involved. Adrien also talks about the CyberPeace Institute's recently released "Playing With Lives: Cyberattacks on Healthcare Are Cyberattacks on People" report.Stick around for our Rapid Rundown, where Tod discusses the National Cybersecurity Center's recently released Cyber Action Plan, a short questionnaire that generates actionable recommendations for shoring up your security. He also talks through Portswigger's recently published list of the top 10 web hacking techniques of 2020. 

In our latest episode of Security Nation, Ryan Weeks joined the podcast to discuss deploying thousands of assets into a hostile environment: the home offices of workers everywhere as they were forced remote amidst the pandemic. He’ll discuss how he balances privacy expectations with necessary regulations of workers’ computers and phones as they go remote. We’ll also talk about managing an attack surface you don’t understand as well as how lack of transparency can lead to security organizations earning bad reputations. Plus why Jen thinks the work-from-home culture is here to stay, and what organizations can do to prepare.

In our latest episode of Security Nation, Steve Ragan joined the podcast to discuss his unlikely journey from reluctant security expert to journalist. For Steve, having the tech knowledge is important, but so is crafting a good story.    We take deep dives on topics like where the industry was in the ‘90s plus the unique way he approaches Akamai’s “The State of the Internet” report (and their own podcast). We’ll hear why writing with empathy is a foundation of Steve’s process when tackling deeper technical subjects. Also, the joys of shameless self-promotion...  Stick around for our Rapid Rundown, where we get quite the rapid rundown of three big events in security: North Korea’s campaign targeting security researchers, the takedown of the Emotet botnet, and (most importantly) the long-awaited cracking of Tod’s seven-year-old Dogecoin CTF.     

https://community.signalusers.org/t/signal-should-warn-users-who-are-likely-using-insecure-ime-apps/10272

https://www.ncsc.gov.uk/cyberaware/home

In our latest episode of Security Nation, Rick Holland joined the podcast to discuss how his past informs his present, particularly when it comes to sourcing and hiring the best talent. Rick elaborates on how a lack of direct reports—for several years across multiple companies—led to a bit of imposter syndrome when he became CISO at Digital Shadows and suddenly was tasked with staffing and managing a team. Sometimes smaller talent pools can lead to inspired hiring choices.Stick around for our Rapid Rundown, where Tod delves into Samy Kamkar's NAT slipstreaming mechanism in which an attacker can trick a router into opening straight-shot ports to any listening service on a machine.  

In our most recent episode of Security Nation, we spoke with Maria Barsallo Lynch, Executive Director of the Defending Digital Democracy Project (D3P) at the Belfer Center for Science and International Affairs at the Harvard Kennedy School, about her work informing election officials of the rise of misinformation and disinformation campaigns centered around elections. Stick around for the Rapid Rundown, where Tod cautions against panicking if (completely normal) disruptions occur on Election Day. 

In our latest episode of Security Nation, we are joined by a rising star in Stanford University’s junior class: Jack Cable. We discuss everything from hacking the Pentagon in high school to ensuring progress in election security beyond just voting machines today. Stick around for our Rapid Rundown, where Tod ditches his talk about the FBI's disinformation campaigns warning to discuss what really matters—a potential "Hackers" movie reboot. Hey, we have priorities! 

In our latest episode of Security Nation, we are joined by Christian Wentz, CEO, CTO, founder of Gradient, and multiple Ph.D holder. From an electrical-engineering-applied-to-neuroscience background to a privacy and data protector present, we discuss what it’s like to thread the needle between internet profitability and end-user privacy. There’s technology, there’s politics, there’s policy, and there’s Tod getting very excited about code.Stick around for our Rapid Rundown, where Tod talks through CVE-2020-1472, a CVSS-10 privilege escalation vulnerability in Microsoft’s Netlogon authentication process that the paper's authors christened “Zerologon.”

In our latest episode of Security Nation, Dave Kennedy, founder of the cybersecurity firms TrustedSec and Binary Defense, stopped by to discuss how he’s staying busy while working from home during the pandemic. Wrangling dogs and keeping his skills sharp on Red Team engagements are a major part of the story. Stick around for our Rapid Rundown, where Tod talks about a fascinating attack he learned about at virtual Black Hat called EtherOops, as well as implications around election security that were discussed during the event.

On this week’s episode of Security Nation, Joe FitzPatrick, a lead researcher at securinghardware.com, discusses what it takes to run a successful hardware training session virtually—from organizing equipment logistics to audience engagement, and more.

Biohacking Village Executive Director Nina Alli joins the Rapid7 team this week to discuss the intersection of tech and medicine on our latest episode of Security Nation. Stick around for our Rapid Rundown, where Tod discusses the two vulnerabilities that plagued infosec professionals over the holiday weekend.

This week’s episode of Security Nation features Art Manion, Vulnerability Analysis Technical Manager at CERT Coordination Center. Join us as we discuss common API, network topologies, and the quickly evolving world of vulnerability reporting. Stick around for our Rapid Rundown, where Tod talks through the recent bug in the Samsung Quram image processor.

Katie Moussouris, CEO and Founder of Luta Security, joins us on this week’s episode of Security Nation to discuss vulnerability disclosure, bug bounties, and building systems that support sustainable security. Stick around for our Rapid Rundown, where Tod talks through the recent bug in the Samsung Quram image processor.

On this week’s episode of Security Nation, Josh Corman and Audra Hatch of I Am The Cavalry share insights into the software bill of materials (SBoM) and software transparency. Stick around for our Rapid Rundown, where Tod breaks down the latest iPhone bug that wasn’t and Sophos bug that was.

On our latest episode of Security Nation, we caught up with Casey Ellis, founder and CTO at Bugcrowd. Joining us during the 2020 RSA Conference, he takes the time to discuss normalizing vulnerability disclosure, the safe harbor debate, and the legal implications of crowdsourced security testing.Stick around for our Rapid Rundown, where Tod breaks down the recent controversy on online vs. mail-in voting, and gives the inside scoop on Rapid7’s newest project, AttackerKB.