Security Serengeti
Security Serengeti
David Schwendinger and Matthew Keener
A news analysis focused information security podcast dedicated to getting you the actionable information and analysis you need to improve your company's posture and response!
SS-NEWS-28: Passwords are Dead, Crypto Exchange Sanctions
In this week's episode, we turn our expert opinion and rapier wit on going password less, subjecting Crypto exchanges to sanctions, and finally the ethics of using stolen data in research. Article 1 - Microsoft makes a bold move towards a password-less futureSupporting Articles:Microsoft announces passwordless future – available across Microsoft Edge and Microsoft 365 appsModern Authentication vs. Basic Authentication Secure Quick Reliable Login Article 2 - US cryptocurrency exchange sanctions over ransomware likely not the lastSupporting Articles:Biden Administration Reportedly Plans ‘Sanctions’ to Combat Crypto’s Role in Ransomware Attacks—Whatever That Means Article 3 - Is it OK to use stolen data? What if it's scientific research in the public interest?Supporting Articles:Estimating the success of re-identifications in incomplete datasets using generative models As always, please subscribe on your favorite podcast app, and rate and review so that other people will come to know and love us as much as our mothers do
Sep 27, 2021
48 min
SS-SUBJ-27: More AI/ML with Tyler!
In this episode, we bring Tyler back one more time to discuss AI/ML.  We go back and discuss a previous news story about China stealing all of the info and feeding a ML training algorithm and detections using ML.   Revisited Article - China's Microsoft Hack May Have Had A Bigger Purpose Than Just Spying As always, please subscribe on your favorite podcast app, and rate and review so that other people will come to know and love us as much as our mothers do
Sep 19, 2021
43 min
SS-NEWS-26: Spearphishing with AI, Recruiting Cyber Talent
In this week's episode, we discuss a Defcon talk about using AI to parse open source intel and generate more convincing phishing emails, and how to recruit and retain top cyber talent. Article 1 - Using AI to Scale Spear PhishingSupporting Articles:Hacking Humans with AI as a Service Presentation Article 2 - Hacking the Hire: Three Ways to Recruit and Retain Cyber TalentSupporting Articles:Mismanagement Driving Cybersecurity Skills Gap: ResearchCyber Aptitude and Talent Assessment(CATA) As always, please subscribe on your favorite podcast app, and rate and review so that other people will come to know and love us as much as our mothers do
Sep 15, 2021
55 min
SS-NEWS-25: T-Mobile hacked AGAIN
In this week's episode, we discuss T-Mobile and how they've been compromised 6 times in the past 4 years, and maybe some root causes on why this keeps happening to them.  We have no inside knowledge, this is pure speculation.  We perform some additional speculation on why China wants the PII of the complete American population, and then, just so we have some real news... we discuss a new method of monitizing malware at the end! Article - T-Mobile CEO: Hacker brute-forced his way through our networkSupporting Articles:American hacker, 21, claims he used unprotected router to break into T-Mobile’s systemsHow I Learned to Stop Worrying and Embrace the Security FreezeThink You’ve Got Your Credit Freezes Covered? Think Again. Article - China's Microsoft Hack May Have Had A Bigger Purpose Than Just Spying Article - Cyberattackers are now quietly selling off their victim's internet bandwidthSupporting Articles:The Scrap Value of a Hacked PC, Revisited As always, please subscribe on your favorite podcast app, and rate and review so that other people will come to know and love us as much as our mothers do
Sep 6, 2021
55 min
SS-NEWS-24: Amazon monitoring keystrokes, CAPTCHA's hiding Cred stealing
In this week's episode, we discuss Amazon tracking keystrokes, attacker's using CAPTCHA's to hide credential stealing sites, and a bonus article that we decided to do a la minute and were completely unprepared for!   Please be warned, Matthew spends WAY too much time focused on Amazon being wary of USB Rubber Ducky's. Article - Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come? Article - Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware Article - Wanted: Disgruntled Employees to Deploy Ransomware As always, please subscribe on your favorite podcast app, and rate and review so that other people will come to know and love us as much as our mothers do
Aug 29, 2021
35 min
SS-NEWS-23: How to stop ransomware?  Ban payments?
In this week's episode, we end up spending wayyyyy too long talking about a Lawfare article on banning ransomware payments.  We had some other articles, but I guess they can wait until next week. Article - Ransomware Payments and the LawSupporting Links:The Lawfare Podcast: How Can Congress Take on the Ransomware Problem?RTF Report: Combatting RansomwareYoung people under pressure and fearful for the futureScience Says Happier People Are Raised by Parents Who Do This 1 Thing As always, please subscribe on your favorite podcast app, and rate and review so that other people will come to know and love us as much as our mothers do
Aug 23, 2021
45 min
SS-SUBJ-021: Security 101 - AI and ML Part 2!
In this episode, we continue our conversation with Tyler who works with AI and ML.  We talk a bit about how attackers may use AI in the future, and engage in some moderate speculation.  I had hoped for wild, but it ended up being grounded in reality. Several articles were mentioned in the episode:Chihuahua or Muffin?Hackers trick a Tesla into veering into the wrong laneMalware-GAN - Generating Adversarial Malware ExamplesCounterfit - A CLI that provides a generic automation layer for assessing the security of ML ModelsFraudsters Used AI to Mimic CEO’s Voice in Unusual Cybercrime CaseTwitter taught Microsoft’s AI chatbot to be a racist asshole in less than a day As always, please subscribe on your favorite podcast app, and rate and review so that other people will come to know and love us as much as our mothers do
Aug 8, 2021
42 min
SS-SUBJ-021: Security 101 - AI and ML!
In this episode, we bring in a ringer!  Tyler, a friend of ours who is deep into AI and ML, is here to explain how it works, complete with hand puppets and crayons.   No supporting articles this week, we just sit back and listened to Tyler, and the melodious sound of his voice. As always, please subscribe on your favorite podcast app, and rate and review so that other people will come to know and love us as much as our mothers do
Aug 1, 2021
37 min
SS-NEWS-020: Indicted Chinese Hackers, Lawyers and Backups
In this week's episode, we discuss indicted Chinese hackers, more lawyer discussion and backups.  Test your backups.  TEST THEM. Article 1 - US Accuses China of Using Criminal Hackers in Cyber Espionage OperationsSupporting Articles:Four Chinese Nationals Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information, Including Infectious Disease ResearchUS and Global Allies Accuse China of Massive Microsoft Exchange AttackUS, EU, UK, NATO blame china for “reckless” Exchange attacksBiden administration, US allies condemn China's malicious hacking, espionage actionsUS charges four suspected Chinese spies who coordinated APT40 hackersChinese State-Sponsored Cyber Operations: Observed TTPsTactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security DepartmentJCAT Intelligence Guide for First RespondersMajor foreign holders of U.S. treasury securities as of March 2020 Article 2 - Law Firm for Ford, Pfizer, Exxon Discloses Ransomware AttackSupporting Articles:Campbell Conroy & O'Neil Provides Notice of Data Privacy IncidentQuantifying the Costs of Data Breaches Article 3 - Don’t Wanna Pay Ransom Gangs? Test Your Backups. Updates mentioned at the end:NSO Says ‘Enough Is Enough,’ Will No Longer Talk to the Press About Damning ReportsKaseya Gets Universal Decryptor to Help REvil Ransomware Victims As always, plea
Jul 25, 2021
56 min
SS-SUBJ-019: Security 101 - CyberInsurance
In this week's episode, we discuss CYBERINSURANCE.  It's in caps, you have to read it in caps!  It's actually a more interesting topic than I expected. Supporting Articles:The cost of cyber insurance increased 32 per cent last year and shows no signs of easingWhat is cyber insurance?Types of Cyber InsuranceWhat Is Cyber Insurance, and Why Is It In High Demand?Cyber Insurance: A Hard ResetWhat does a ‘hard market’ mean for insurance customers? As always, please subscribe on your favorite podcast app, and rate and review so that other people will come to know and love us as much as our mothers do
Jul 18, 2021
32 min
Load more