Podcasts
-
Risk & Repeat: Attacks ramp up on Cleo MFT software
Earlier this week, threat actors began exploiting a zero-day vulnerability in Cleo's managed file transfer products, but the details of the flaw remain unclear.
-
Risk & Repeat: China hacks major telecom companies
The FBI and CISA confirmed reports that Salt Typhoon breached several major telecom companies and accessed data related to law enforcement requests.
-
Risk & Repeat: SEC cracks down on cybersecurity disclosures
The SEC's charges against Unisys, Avaya, Check Point Software Technologies and Mimecast have raised questions about expectations for transparency in cybersecurity.
-
Risk & Repeat: Is Microsoft security back on track?
Microsoft has made significant changes to its cybersecurity practices and policies under the Secure Future Initiative. Are they enough to right the ship?
-
Risk & Repeat: Inside the Microsoft SFI progress report
The first Secure Future Initiative progress report highlighted improvements to Microsoft's security posture. But the company still faces major SecOps challenges.
-
Risk & Repeat: What's next for Telegram and Pavel Durov?
Telegram made updates to its FAQ and privacy policy following Pavel Durov's arrest. But will the changes influence cybercriminals' abuse of the platform?
-
Risk & Repeat: National Public Data breach questions remain
The breach of National Public Data may have put billions of personal records at risk, but the scope of the attack and impact on consumers are still unclear.
-
Risk & Repeat: Recapping Black Hat USA 2024
Highlights from Black Hat USA 2024 include a keynote panel on securing election infrastructure as well as several sessions on potential threats against new AI technology.
-
Risk & Repeat: Faulty CrowdStrike update causes global outage
Friday's outage, which was caused by a defective CrowdStrike channel file update, resulted in significant disruptions for airlines, critical infrastructure and more.
-
Risk & Repeat: AT&T's Snowflake database breached
AT&T disclosed a breach in which threat actors compromised the company's Snowflake instance and stole call and text records from 'nearly all' the company's cellular customers.
-
Risk & Repeat: Hacks, lies and LockBit
Months after an international law enforcement effort disrupted the notorious ransomware-as-a-service operation, LockBit falsely claimed that it breached the U.S. Federal Reserve.
-
Risk & Repeat: Microsoft under fire again over Recall
Microsoft made changes to its AI-driven Recall feature, but that didn't stop Congress from grilling company president Brad Smith during a House committee hearing.
-
Risk & Repeat: Sorting out Snowflake's security mess
This podcast episode discusses the recent attacks against Snowflake customers and a controversial report that claimed the cloud storage and analytics giant had been breached.
-
Risk & Repeat: Recapping RSA Conference 2024
Artificial intelligence was center stage at RSA Conference 2024, but the show also focused on secure-by-design principles, the ransomware landscape and more.
-
Risk & Repeat: Cyber Safety Review Board takes Microsoft to task
This podcast episode discusses the Cyber Safety Review Board's report on Microsoft and its conclusion that the software giant must overhaul its security culture.
-
Risk & Repeat: Microsoft's Midnight Blizzard mess
This podcast episode discusses the latest disclosure from Microsoft regarding Midnight Blizzard, which accessed internal systems, source code and some cryptographic secrets.
-
Risk & Repeat: CISA hacked via Ivanti vulnerabilities
The compromise of two internal CISA systems comes on the heels of ongoing attacks and developments related to two zero-day vulnerabilities Ivanti disclosed in January.
-
Risk & Repeat: Alphv/BlackCat's chaotic exit (scam)
This podcast episode discusses the possible exit scam of ransomware-as-a-service gang Alphv/BlackCat, as well as the chaotic months the gang had leading up to its closure.
-
Risk & Repeat: LockBit resurfaces after takedown
LockBit returns just days after an international law enforcement operation infiltrated the ransomware gang's network and seized infrastructure, source code and decryption keys.
-
Risk & Repeat: Breaking down SEC charges against SolarWinds
This episode covers the SEC charges against SolarWinds and CISO Timothy Brown for allegedly hiding known cybersecurity risks prior to the 2020 supply chain attack it suffered.
-
Risk & Repeat: Okta under fire after support system breach
This podcast episode covers a security breach suffered by identity vendor Okta involving its customer support systems, which has sparked criticism from customers.
-
Risk & Repeat: Rapid Reset and the future of DDoS attacks
This podcast episode covers the record-breaking DDoS attack Rapid Reset, why it stands out among other DDoS campaigns and whether it will be widely replicated in the future.
-
Risk & Repeat: MGM, Caesars casino hacks disrupt Las Vegas
This podcast episode compares the cyber attacks suffered by casino giants MGM Resorts and Caesars Entertainment in recent weeks and the fallout from them.
-
Risk & Repeat: Big questions remain on Storm-0558 attacks
Microsoft revealed that Storm-0558 threat actors stole a consumer signing key from its corporate network, but many questions about the breach and subsequent attacks remain.
-
Risk & Repeat: Digging into Microsoft security criticisms
Executives, researchers and former employees told TechTarget Editorial about issues with Microsoft security practices, including patch bypasses, poor transparency and more.
-
Risk & Repeat: Highlights from Black Hat USA 2023
Black Hat USA 2023 in Las Vegas covered several trends, such as generative AI and cloud security issues, as well as new vulnerabilities, including the Downfall flaw in Intel chips.
-
Risk & Repeat: Microsoft takes heat over Storm-0558 attacks
The Storm-0558 attacks have raised questions about Microsoft's response to a cloud flaw and a stolen MSA key that was used to compromise customer email accounts.
-
Risk & Repeat: Are data extortion attacks ransomware?
Ransomware gangs are focusing more on data theft and extortion, while skipping the encryption of networks. But should these attacks still be considered ransomware?
-
Risk & Repeat: How bad is Clop's MoveIt Transfer campaign?
Clop's data theft and extortion campaign against MoveIt Transfer customers marks some of the most high-profile threat activity this year, but its success level remains unclear.
-
Risk & Repeat: More victims emerge from MoveIt Transfer flaw
CISA last week said several federal agencies suffered data breaches resulting from a MoveIt Transfer zero-day vulnerability, though it's unclear what type of data was stolen.
-
Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks
Barracuda Networks attempted to fix the critical ESG zero-day vulnerability, but a Chinese nation-state threat actor was able to maintain access on compromised devices.
-
Risk & Repeat: Moveit Transfer flaw triggers data breaches
Several organizations, predominantly in the U.K., have confirmed data breaches that stemmed from exploitation of the critical Moveit Transfer zero-day vulnerability.
-
Risk & Repeat: A troubling trend of poor breach disclosures
This Risk & Repeat episode covers three data breach disclosures from Dish Network, Gentex Corporation and Clarke County Hospital and the troubling trends that connect all three.
-
Risk & Repeat: Ex-Uber CSO Joe Sullivan sentenced
This podcast episode covers the sentencing of former Uber CSO Joe Sullivan over the 2016 breach cover-up, and what it means for other security executives and the industry at large.
-
Risk & Repeat: Security industry bets on AI at RSA Conference
This podcast episode covers the focus on AI-powered security products and uses at RSA Conference 2023 in San Francisco last week, as well as other trends at the show.
-
Risk & Repeat: Inside the 3CX supply chain attack
This podcast episode discusses the 3CX supply chain attack, where it may have started, who was behind it and how the unified communications vendor has responded to the incident.
-
BreachForums taken down after arrest of alleged owner
This Risk & Repeat podcast episode covers the arrest of BreachForums' alleged owner and the site's subsequent closure, as well as possible connections to the DC Health Link breach.
-
Hacker claims exposed database led to DC Health Link breach
This Risk & Repeat podcast episode covers the breach of health insurance exchange DC Health Link, as well as a hacker's claim that the breach was caused by an exposed database.
-
Biden administration raises software liability questions
This Risk & Repeat podcast episode discusses the White House's National Cybersecurity Strategy and its proposal to hold technology companies liable for insecure software.
-
ESXiArgs attack vector unclear as infections continue
This Risk & Repeat podcast episode discusses the recent developments involving ESXiArgs, the ransomware variant that has been infecting vulnerable VMware ESXi servers this month.
-
ESXiArgs ransomware campaign raises concerns, questions
This Risk & Repeat podcast looks at the widespread ESXiArgs ransomware attacks and the questions they've raised about the threat landscape, vulnerability patching and more.
-
Risk & Repeat: The FBI's Hive ransomware takedown
This podcast episode discusses the law enforcement operation that led to the infiltration and takedown of the Hive network and what it could mean for other ransomware gangs.
-
Risk & Repeat: Another T-Mobile data breach disclosed
This podcast episode discusses the latest T-Mobile breach -- the third in less than three years -- in which a threat actor stole personal data from 37 million customer accounts.
-
Risk & Repeat: Breaking down the LastPass breach
This podcast episode discusses the fallout of the recent LastPass breach, in which a threat actor stole encrypted logins and unencrypted website URLs from the password manager.
-
Risk & Repeat: Analyzing the Rackspace ransomware attack
This Risk & Repeat podcast episode discusses new details of the Rackspace ransomware attack, as well as the questions remaining following the company's final status update.
-
Risk & Repeat: OT security progress, threats in 2022
This Risk & Repeat podcast episode discusses the current state of OT security, including the convergence with IT environments and an ever-evolving threat landscape.
-
Risk & Repeat: Breaking down Rackspace ransomware attack
This Risk & Repeat podcast episode discusses the recent ransomware attack against cloud provider Rackspace, as well as the major service outage affecting its customers.
-
Risk & Repeat: Twitter, Elon Musk and security concerns
This podcast episode discusses Twitter's security concerns following Elon Musk's acquisition last month, as well as a possible data breach from 2021 that came to light recently.
-
Risk & Repeat: Researchers criticize HackerOne
This podcast episode discusses a recent TechTarget Security article about bug bounty platform HackerOne in which researchers aired several complaints about the company.
-
Risk & Repeat: Microsoft, SOCRadar spar over data leak
This podcast episode discusses threat intelligence vendor SOCRadar's disclosure of a large Microsoft data leak and the contentious exchange between the two companies that followed.
-
Risk & Repeat: Breaking down the Joe Sullivan conviction
This podcast episode discusses conviction of former Uber CSO Joe Sullivan, who was found guilty last week of covering up the company's 2016 data breach.
-
Risk & Repeat: Uber and Rockstar Games hacked
This podcast episode discusses recent hacks against Uber and Rockstar Games, the techniques of the attackers and the possible connection to the Lapsus$ cybercrime group.
-
Risk & Repeat: The White House wants secure software
This podcast episode discusses the implications of the Biden administration's new purchasing and usage guidelines for software utilized by U.S. federal agencies.
-
Risk & Repeat: Whistleblower spells trouble for Twitter
A new whistleblower report unveiled troubling accusations against Twitter from the social media company's former head of security, Peiter 'Mudge' Zatko.
-
Risk & Repeat: Black Hat 2022 recap
This Risk & Repeat podcast episode discusses the Black Hat 2022 conference in Las Vegas and the notable sessions, major themes and hot topics from the show.
-
Risk & Repeat: Ransomware in 2022 so far
This podcast episode discusses ransomware in 2022, including an apparent decrease in attacks, the evolution of cybercrime operations and the lack of visibility into the threat.
-
Risk & Repeat: Recapping RSA Conference 2022
This Risk & Repeat episode discusses RSA Conference 2022 and major themes, such as the evolving ransomware landscape and the government's strategy to address nation-state threats.
-
Risk & Repeat: Lapsus$ highlights poor breach disclosures
This Risk & Repeat podcast episode examines two high-profile breaches by emerging threat group Lapsus$ and how Microsoft and Okta responded to these attacks.
-
Risk & Repeat: Conti ransomware gang gets breached
This Risk & Repeat podcast episode covers the massive Conti leaks, including the data that was published and what it reveals about the infamous ransomware gang.
-
Risk & Repeat: The complicated world of Monero
This Risk & Repeat podcast episode looks at the state of Monero, a privacy-focused cryptocurrency, as well as recent cyber attacks against crypto exchanges.
-
Risk & Repeat: Log4Shell shakes infosec industry
This Risk & Repeat podcast episode looks at the latest developments with Log4Shell and the efforts to mitigate the critical remote code executive vulnerability.
-
Risk & Repeat: Are ransomware busts having an effect?
International law enforcement agencies this year have stepped up efforts to address the ransomware threat with arrests, indictments and multimillion-dollar rewards.
-
Risk & Repeat: Apple bug bounty frustrations boil over
Security researchers criticized the Apple Security Bounty program and claimed the company ignored bug reports, denied bounty payments and silently patched vulnerabilities.
-
Risk & Repeat: ProxyShell problems mount
CISA warned threat actors have begun exploiting the dangerous ProxyLogon flaws, but tens of thousands of vulnerable Microsoft Exchange servers remain online.
-
Risk & Repeat: Vulnerability patching still falling short
Many organizations still fail to patch critical vulnerabilities, even when they're under exploitation in the wild. What are the best ways to improve patching rates?
-
Risk & Repeat: Breaking down the Kaseya ransomware attacks
Nearly two weeks after REvil ransomware hit hundreds of companies, Kaseya and its managed service providers are still assessing the damage from the supply chain attack.
-
Risk & Repeat: US opens door for hacking back
This episode of the Risk & Repeat podcast discusses the growing pressure on the U.S. to respond to cyber attacks and if hacking back will be part of the plan.
-
Risk & Repeat: Colonial Pipeline CEO grilled by Congress
Colonial Pipeline Co. CEO Joseph Blount faced criticism from several members of Congress this week during two different hearings on the recent ransomware attack.
-
Risk & Repeat: Security startups and trends from RSAC 2021
Analyst Carla Roncato of Enterprise Strategy Group weighs in on RSA Conference and the security startups featured during the show's Innovation Sandbox competition.
-
Risk & Repeat: Recapping RSA Conference 2021
Election security, nation-state threats and supply chain attacks were major topics at this year's RSA Conference, which was held as a virtual event.
-
Risk & Repeat: Will the Ransomware Task Force make an impact?
The Institute for Security and Technology's Ransomware Task Force published several recommendations to better address the growing security threat. Will they work?
-
Risk & Repeat: FBI's web shell removal raises questions
The FBI accessed computers -- without the knowledge or consent of the owners -- to remove hundreds of web shells placed in vulnerable Microsoft Exchange servers.
-
Risk & Repeat: Recapping the Exchange Server attacks
This week's Risk & Repeat episode looks back at the Microsoft Exchange Server attacks, plus the questions and mysteries surrounding the ongoing threat.
-
Risk & Repeat: Inside the SolarWinds Senate hearing
This week's Senate Intelligence Committee hearing on SolarWinds tackled the attribution case against Russian state-sponsored hackers, as well as questions for AWS.
-
Risk & Repeat: SolarWinds and the hacking back debate
This week's Risk & Repeat podcast looks at a recent '60 Minutes' episode that discussed the possibility of the U.S. government hacking back in response to the SolarWinds attacks.
-
Risk & Repeat: Oldsmar water plant breach raises concerns
This week's Risk & Repeat podcast looks at how an unknown threat actor used TeamViewer to manipulate chemical levels in a water treatment facility in Oldsmar, Fla.
-
Risk & Repeat: Diving into the dark web
This week's Risk & Repeat podcast discusses the state of the dark web in 2021, how it has changed and what enterprises should know about the threats that exist there.
-
Risk & Repeat: SolarWinds attacks come into focus
This week's Risk & Repeat podcast discusses the fallout from the SolarWinds backdoor attacks as new victims and additional information have come to light.
-
Risk & Repeat: SolarWinds backdoor shakes infosec industry
This week's Risk & Repeat podcast discusses the latest developments around the devastating SolarWinds backdoor attacks, which impacted several U.S. government agencies.
-
Risk & Repeat: Christopher Krebs out as CISA director
This week's Risk & Repeat podcast discusses President Trump's firing of CISA Director Christopher Krebs, which was a controversial move in the infosec community.
-
Risk & Repeat: 2020 election security in review
This week's Risk & Repeat podcast looks back at the 2020 election, which was free of major cyber attacks or hacks but has seen a rise in disinformation campaigns online.
-
Risk & Repeat: Black Hat 2020 highlights
This week's Risk & Repeat podcast recaps Black Hat USA 2020 and discusses some of the best sessions, worst vulnerabilities and the overall virtual conference experience.
-
Risk & Repeat: Sophos warns of evolving ransomware threats
Dan Schiappa and Chester Wisniewski of Sophos join the Risk & Repeat podcast to discuss how ransomware groups are evolving and embracing innovative evasion techniques.
-
Risk & Repeat: Twitter breach leads to account hijacking
This week's Risk & Repeat podcast discusses how threat actors gained access to Twitter's internal systems and hijacked the accounts of Jeff Bezos, Bill Gates and others.
-
Risk & Repeat: Vault 7 report slams CIA security practices
This week's Risk & Repeat podcast discusses the CIA's internal task force report on the Vault 7 leak, which blasted the agency for a variety of serious security lapses.
-
Risk & Repeat: Are ransomware groups joining forces?
This week's Risk & Repeat podcast discusses the prospect of ransomware gangs working together and what it could mean for enterprises and the overall threat landscape.
-
Risk & Repeat: When will mobile voting be ready?
This week's Risk & Repeat podcast examines the rise of mobile voting apps and how security experts have expressed concerns about the risks deploying the technology for elections.
-
Risk & Repeat: Black Hat, DEF CON canceled
This week's Risk & Repeat podcast looks at the recent cancellations of Black Hat USA 2020 and DEF CON 28 and what their virtual replacements will try to accomplish.
-
Risk & Repeat: RDP security under fire amid COVID-19
This week's Risk & Repeat podcast looks at how Microsoft's Remote Desktop Protocol, already a popular vector with hackers, has received even more attention during the pandemic.
-
Risk & Repeat: Are ransomware attacks up or down?
This week's Risk & Repeat podcast looks at the latest research and analysis around ransomware to see what effect the COVID-19 pandemic has had on the threat landscape.
-
Risk & Repeat: Are Zoom security fears overblown?
This week's Risk & Repeat podcast looks at the backlash against Zoom over security and privacy concerns and asks whether there's been an overreaction.
-
Risk & Repeat: Zoom security comes under fire
This week's Risk & Repeat podcast looks at several security issues Zoom faced over the last week, which led to questions about the company's privacy and security practices.
-
Risk & Repeat: COVID-19 boosting social engineering attacks
This episode of the Risk & Repeat podcast looks at how social engineering attacks have become more successful by taking advantage of the coronavirus pandemic.
-
Risk & Repeat: Coronavirus-themed threats on the rise
This week's Risk & Repeat podcast looks at the disruption caused by COVID-19, as well as the sharp increase in cyberthreats designed to exploit the pandemic.
-
Risk & Repeat: Recapping RSA Conference 2020
This Risk & Repeat podcast looks back at RSA Conference and discusses some of the highlights from the show, from ransomware trends to nation-state hacking discussions.
-
Risk & Repeat: Breaking down RSA Security's sale
This Risk & Repeat podcast discusses Dell's recent sale of RSA for $2.075 billion, plus insights from experts on where venture capital firms are investing this year.
-
Risk & Repeat: Mobile World Congress canceled, RSAC 2020 still on
This week's Risk & Repeat podcast discusses RSA Conference's decision to move ahead with the show after the cancellation of Mobile World Congress over coronavirus concerns.
-
Risk & Repeat: More McAfee executives depart
This week's Risk & Repeat podcast discusses the revelation that more executives have left McAfee amid the unexpected departure of longtime CEO Chris Young last month.
-
Risk & Repeat: 2019 data breaches in review
This week's Risk & Repeat podcast looks at some of the biggest data breach disclosures from the second half of 2019 and discusses the trends around these incidents.
-
Risk & Repeat: Trump takes aim at DNC hack and CrowdStrike
This week's Risk & Repeat podcast looks at President Trump's recent comments about CrowdStrike and the DNC 'server' and the misinformation around Russian election interference.
Videos
-
AI security concerns keeping infosec leaders up at night
-
Telework security requires meticulous caution, communication
-
Where does security fit into SDLC phases?
-
Security behavioral analytics: The impact of real-time BTA
-
As privacy requirements evolve, CISSPs must stay informed
-
Adjusting your network perimeter security