The Threatpost Podcast

Imperva's Elad Erez discusses findings that 46% of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws.

Bryce Webster-Jacobsen – director of intelligence operations at digital risk protection/ransomware negotiators GroupSense – dropped by the Threatpost podcast to tell us what percentage of Ragnar Locker’s warning that victims shouldn't call the FBI/police/negotiators is a bluff and what, if anything, security teams should take seriously. 

Verizon's DBIR is already funny, useful & well-written. DBIR's Alex Pinto and Rich Struse, Director of MITRE Engenuity’s Center for Threat Informed Defense (CTID), discuss an enticing future: They say that with the mapping of DBIR to the ATT&CK framework, security teams could finally get the holy grail of security. Namely, the answer to “What's actually working, and what are we doing right?”

Splunk’s Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya & how to get ahead of encryption leaving your business a pile of broken shells.

Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021.

Interos CEO Jennifer Bisceglie drops by the Threatpost podcast to talk about avoiding the mess a T-Mobile size breach can lead to, with the damage it can do to a business's brand, reputation, customer loyalty and revenue stream. 

Trillions of dollars in notional value are controlled by hedge funds and private equity firms, many of which have no cybersecurity protection to speak of. The calamitous, widespread SolarWinds attacks was a wakeup call: Another attack of that ilk could lead to the next 2008-esque financial meltdown. Agio CEO Bart McDonough says AI-enabled service platform could maybe, just maybe, help avert it.

FuzzCon panelists Damilare D. Fagbemi of Resilience Software Security and Anmol Misra of Autodesk say join the party as they share fuzzing wins & fuzzing fails when building a security testing program

n the company’s annual Human Factor 2021 report assessing how the threat landscape morphed over the past year, Proofpoint researchers scratched their heads over the reasons for so many users succumbing to malicious email attachments. Could be that threat actors jumped on our Pavlovian work-from-home security conditioning, as suggested by Proofpoint vice president and general manager of email fraud defense Rob Holmes. Check out the Threatpost podcast for his take on how the pandemic influenced the threat landscape.

Podcast: Blood samples aren’t martinis. You can’t shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware.

SpecterOps researchers Lee Christensen and Will Schroeder discuss their work, to be presented at Black Hat, on how AD “misconfiguration debt” lays out a dizzying array of attack paths such as the one in the PetitPotam exploit for which Microsoft  rushed out a fix.

Threat actors have been building enormous botnets using IoT devices to try to compromise the computing systems that control crucial infrastructure, such as pipelines (case in point: the DarkSide ransomware attack on Colonial Pipeline) and other utilities, preying on legacy systems that have decades-old vulnerabilities. In this Threatpost podcast, Armis CISO Curtis Simpson delves into how to fight back.

Nothing good, now that the ransomware gang’s servers have vanished mid-negotiation, as ransomware negotiator Kurtis Minder details on Threatpost podcast. GroupSense's Minder offers tips on how to not need his help.

Podcast: Is protecting your phone from spyware attacks a la NSO Group's Pegasus as simple as getting a new SIM card? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block three types of spyware attacks.

SophosLabs Principal Researcher Andrew Brandt discusses what makes organizations prime targets for ransomware threat actors, what steps could help them to protect themselves, and what’s stopping them from implementing those steps.

"Trust is a human emotion. Computers don't have emotions. They don't need that trust, inherently" – that's the heart of Zero Trust cybersecurity, and SASE is how to make it happen.  Forcepoint’s Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust a reality.

Forcepoint’s Michael Crouse talks about risk-adaptive data-protection approaches and how to develop a behavior-based approach to insider threats and risk: particularly important as security perimeters have expanded due to the pandemic.

In this Threatpost podcast, Fortinet’s top researcher sketches out the ransom landscape, with takeaways from the DarkSide attack on Colonial Pipeline.

In this Threatpost podcast, Forcepoint’s SASE and Zero Trust director describes how the pandemic jump-started SASE adoption for easier, more affordable security and management.

Trend Micro's Mayra Fuentes talks about the threat actors on 600+ monitored forums who requisition exploits and why they eschew bug bounty programs.