The Threatpost Podcast

Larry Cashdollar shares his craziest bug finding stories, including a flaw (CVE-1999-0765) found during his position as a UNIX Systems Administrator, which existed in the SGI IRIX midikeys program - and accidentally threw a wrench in a demo for a navy admiral on the Aegis destroyer class ship.

Sharon Brizinov, the principal vulnerability researcher with Claroty, who discovered vulnerabilities a software component used by various critical infrastructure systems, talks about why patching is a headache for manufacturers and other industrials firms.

The Zero Day Initiative team talks about the biggest vulnerability disclosure challenges that ethical hackers are facing - particularly in markets like the industrial world and IoT.

With the U.S. presidential elections looming, disinformation is a top challenge. In the four years since the previous 2016 presidential election, threat actors have created an entire sophisticated and intricate industry around misinformation - raising the bar for social media companies to detect and protect against this threat, new Wednesday Cisco Talos research found.

Threatpost editors Lindsey O'Donnell-Welch and Tara Seals discuss the top security news stories of the week ended Aug. 21, including: IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney's office after a 2019 lawsuit alleged that the app was deceiving its users in how it was using their geolocation data. A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services (AWS) cloud and collecting credentials. Researchers are urging connected-device manufacturers to ensure they have applied patches addressing a flaw in a module used by millions of Internet-of-Things (IoT) devices.

Researchers are warning of an active campaign that utilized HTML smuggling to deliver malware, effectively bypassing various network security solutions, including sandboxes, legacy proxies and firewalls. Because HTML smuggling is not necessarily a novel technique - it's been used by attackers for awhile - this campaign shows that bad actors continue to rely on older attack methods that are working. Learn more about this latest attack and how attackers are raising the bar during this week's Threatpost podcast.

Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, said that the semi-annual FortiGuard Labs Global Threat Landscape Report for the first half of 2020, released Wednesday, reveals an "unprecedented cyber threat landscape."

Information technology (IT) and operational technology (OT) may have many of the same objectives - but too often they don't see eye-to-eye when it comes to priorities, said Andrew Ginter, VP Industrial Security at Waterfall Security Solutions in this sponsored podcast.

Despite the coronavirus pandemic pushing the Black Hat USA 2020 conference onto a virtual platform for the first time ever, you can expect the same hot security research and threat intel, high-profile speakers, and vulnerability research being disclosed. Threatpost editors Tom Spring, Tara Seals and Lindsey O'Donnell-Welch break down the top sessions, keynotes, speakers and themes to look out for in this week's podcast.

From the coronavirus pandemic breaking out, and corporate workforces going remote, "uncertainty is a key word" for 2020, Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs said. Manky talks about the biggest lessons learned so far from 2020, including the most dire threats to date - from sophisticated social engineering lures, to Internet of Things (IoT) vulnerabilities to targeted ransomware attacks.

In this week's Threatpost news wrap podcast, editors Tara Seals and Lindsey O'Donnell-Welch break down the top security news stories, including: Hackers accessed direct messages (DMs) for 36 of the 130 high-profile users whose accounts were hacked in an unprecedented account breach last week, Twitter confirmed Wednesday. Privacy commissioners worldwide urged video conferencing systems like Microsoft, Cisco and Zoom to adopt end-to-end encryption, two-factor authentication and other security measures. Apple's Security Research Device program is now open to select researchers – but some are irked by the program's vulnerability disclosure restrictions.

Christoph Hebeisen, with Lookout, reveals the behind-the-scenes threat intel efforts for discovering a 7-year-old surveillance campaign that was targeting the Uyghur ethnic minority group.

A newly discovered, sophisticated threat group that targets organizations without DMARC implemented and relies on business email compromise is heralding what researchers call "a new age" of business email compromise. The group, called Cosmic Lynx, is the first reported Russian BEC cybercriminal ring, and it's bringing the once run-of-the-mill email scam attack vector to the next level. The group has been associated with more than 200 BEC campaigns targeting senior-level executives in 46 countries since last July. It uses clear, articulate emails -- with vocabulary like "accretive" and "synergistic" -- that purport to be related to an a "merger and acquisition," keeping with a sensitive theme that targeted employees likely won't discuss.

Jesus Molina, with Waterfall Security, talks to Threatpost host Cody Hackett about the risks that rail operators are facing - from the security issues in railways to the trains themselves - and how railways can stay up-to-date on the best cybersecurity measures by adopting unidirectional gateways and separating enterprise and operational networks.

Mac expert Thomas Reed talks about how the newly discovered EvilQuest ransomware is ushering in a new class of Mac malware.

After months of public concerns surrounding facial recognition's implications for data privacy, surveillance and racial bias, tech companies and governments alike are putting stoppers down on the technology until adequate regulation is proposed. Threatpost talks to Paul Bischoff, consumer privacy expert with Comparitech, about recent research showcasing flaws in the accuracy of Amazon's facial recognition platform - and why concerns around racial bias and data privacy aren't going away anytime soon.  

For the week ended June 19, Threatpost editors Lindsey O'Donnell Welch, Tom Spring and Tara Seals break down the top cybersecurity stories. This week's top news stories include: Google removing 106 Chrome browser extensions from its Chrome Web Store in response to a report that they were being used to siphon sensitive user data. An internal investigation into the 2016 CIA breach condemning the agency's security measures, saying it "focused more on building up cyber tools than keeping them secure." How the insider threat landscape is changing due to work from home - a topic that Threatpost will continue to discuss in its webinar coming up next week (register here).  

As a world afflicted by the coronavirus pandemic begins to re-open restaurants, retail stores and more, public health officials remain concerned about the spread of the virus. Technology for contact-tracing apps, intended to help citizens track whether they were exposed to someone who has tested positive for the virus, have been created by countries, U.S. states (like Utah) and by tech giants like Apple and Google. But behind the public health benefits of contact tracing are privacy worries, technology issues like interoperability, and other challenges.  Threatpost discusses the benefits - and the challenges - of contact tracing apps with Steve Moore, chief security strategist at Exabeam.

Threatpost editors Lindsey O'Donnell-Welch and Tara Seals discuss the top security news stories of the week, including: Reports emerged earlier this week that the Minneapolis police department had been breached by hacktivist group Anonymous. Security expert Troy Hunt debunked the reports, however. Zoom sparked debate after announcing that it would offer end-to-end encryption to paying users only - explaining that it couldn't offer it to everyone as it needs to work with law enforcement to crack down on platform abuse.  

With the proliferation of cloud in enterprise environments, identity today is very different than how it used to be. Threatpost host Cody Hackett talks to Brian Johnson, CEO and co-founder of DivvyCloud, about how identity access management (IAM) is rapidly changing - and how businesses can keep up.