Snowflake, a cloud storage platform used by some of the largest companies in the world, is investigating a targeted attack on its users who lack multifactor authentication. Join Matt Radolec and David Gibson for an episode of State of Cybercrime in which we discuss the increased attacks on Snowflake customers and share our five-point checklist for …

A new data leak of more than 500 documents published to GitHub reveals the big business behind China’s state-sponsored hacking groups — from top-secret surveillance tools to details of offensive cyber ops carried out on behalf of the Chinese government. Join Matt and David for a special State of Cybercrime, which dives into China's espionage campai…

CISA issued an emergency directive to mitigate Ivanti Connect Secure and Ivanti Policy Secure vulnerabilities after learning of malware targeting the software company, allowing unauthenticated threat actors to access Ivanti VPNs and steal sensitive data. CISA is requiring all federal agencies to disconnect from affected Ivanti products by EOD Febru…

Enjoy our first State of Cybercrime episode of 2024 as Matt Radolec and David Gibson cover: Who is to blame for 23andMe’s big breach SEC’s X account getting hacked Threat actors swatting patients Varonis Threat Labs research on a new, widespread vulnerability: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes Mentioned…

In this episode of 'State of Cybercrime', the hosts discuss various topics including an executive order on Artificial Intelligence(AI) by President Biden promoting a balance between AI safety, security, privacy and innovation, as well as implications for American leadership in AI. They covered the disruptive Mozi Botnet, SolarWinds CISO's challenge…

Few breaches have drawn as much social media fervor as the recent 23andMe incident, in which the genomics company was victim to a massive credential stuffing attack that leveraged leaked and reused passwords to target accounts without MFA. What differentiates this attack from others is that 23andMe itself was not breached, but an entire wave of its…

Join Matt Radolec and David Gibson for this episode of the State of Cybercrime, recording from Black Hat 2023, as they cover the latest threats you need to know about.Also be sure to check out our webinar, New SEC Cyber Rules: Action Plan for CISOs and CFOs on Tuesday, August 22 | 12 p.m. ET. Link here:https://info.varonis.com/en/webinar/what-the-n…

The Storm-0558 incident has proven to be even more widespread than initially reported. While Microsoft originally stated that only Outlook.com and Exchange Online were affected, Wiz Research has discovered that the compromised signing key may have allowed the cybercriminal group to forge access tokens for SharePoint, Teams, OneDrive, and every othe…

A Microsoft zero-day vulnerability has allowed hacking group Storm-0558 to forge Azure AD authentication tokens, and breach organizations — including U.S. government agencies — in the past week.Watch this State of Cybercrime episode to hear our experts break down how this attack happened, see the discoveries made by the Varonis Threat Labs team, an…

Across the globe, CL0P ransomware group is extorting hundreds of organizations after exploiting an unknown SQL injection vulnerability in file transfer service MOVEit. The victims need to contact the ransomware group by June 14 or their stolen data will be published publicly on the group’s extortion site.Join Matt Radolec, David Gibson, and special…

In the wake of the U.S. defense leak, the Pentagon CIO has given a one-week deadline for all defense agencies to ensure compliance with DOD information security protocols. But what does that actually mean?Join Matt, David, and Varonis Team Lead Engineer for U.S. Public Sector Trevor Brenn for a State of Cybercrime episode that breaks down what the …

Links mentioned in this episode: • Video course (free) on building an IR plan: https://info.varonis.com/thank-you/course/cyber-incident-response • Blog post about LockBit: https://www.varonis.com/blog/anatomy-of-a-ransomware-attack • Blog post about HardBit: https://www.varonis.com/blog/hardbit-2.0-ransomware…

Recent cyberattacks, zero-days, and APTs have positioned China as a cybersecurity adversary.Join Matt Radolec and David Gibson for a special State of Cybercrime episode, during which the two will discuss the recent wave of stealth Chinese cyberattacks against U.S. private networks and what this means for U.S.-Chinese relations in 2023.Matt and Davi…

Still reeling from last year’s data breach, password manager LastPass recently shared that the same attacker who targeted the organization in August has struck again, this time using stolen data to hack an employee’s home computer. Join Matt Radolec and David Gibson as they walk you through the multi-stage attack, revisiting the discussion of the i…

We're back! Kind of. We'll soon relaunch this podcast and wanted to give you a quick update on what's happening.By Kelsea Morrison

Thanks for watching the first season of the security tools podcast! Want more? We're live on the SecurityFwd YouTube channel twice per week! Come hack with us or watch any of the previously recorded streams.By Kody Kinzie

Nick's Twitter: https://twitter.com/nickgodshall Kody's Twitter: https://twitter.com/kodykinzie Varonis Cyber Attack Workshop: https://www.varonis.com/cyber-workshop/By Kelsea Morrison

Canary Tokens - https://canarytokens.org/generate Learn more about canaries - https://canary.tools/ Adrian's Twitter - https://twitter.com/sawabaBy Kody Kinzie, Adrian Sanabria

Apologies for the scratchy mic! Vic's Blog on Defeating Facial Recognition: https://vicharkness.co.uk/2019/02/01/the-art-of-defeating-facial-detection-systems-part-two-the-art-communitys-efforts/ Check out Vic's Twitter: https://twitter.com/VicHarkness Kody's Twitter: https://twitter.com/kodykinzie Varonis Cyber Attack Workshop: https://www.varonis…

Joshua's Twitter: https://twitter.com/jbrowder1 DoNotPay's website: https://donotpay.com Sue Phone Scammers: https://donotpay.com/learn/robocall-compensation This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/…

Mathy's Website: https://www.mathyvanhoef.com Mathy's YouTube Channel: https://twitter.com/vanhoefm Mathy's Paper on Defeating MAC Address Randomization: https://papers.mathyvanhoef.com/asiaccs2016.pdf This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/…

Seytonic's Malduino Website: https://maltronics.com/ Seytonic's Website: https://seytonic.com/ Seytonic's YouTube Channel: https://www.youtube.com/channel/UCW6xlqxSY3gGur4PkGPEUeA This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/…

Alex's Website: http://alexlynd.com Check out the Creep Detector Video: https://www.youtube.com/watch?v=ug9dHwm3h0s Alex Lynd's Twitter: https://twitter.com/alexlynd Check out Alex's GitHub: https://github.com/AlexLynd This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cy…

Check out Maltego: https://www.maltego.com/ Maltego Twitter: https://twitter.com/maltegohq Check out Maltego use cases: https://docs.maltego.com/support/solutions/articles/15000012022-use-cases This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/…

Check out Objective-See: https://objective-see.com/ Objective-See Twitter: https://twitter.com/objective_see Objective-See Patreon: https://www.patreon.com/objective_see While In Russia: Patrick's RSA talk on hacking journalists - Patrick's Twitter: https://twitter.com/patrickwardle This podcast is brought to you by Varonis, if you'd like to learn …

Stefan's Site with links to all of his projects: https://spacehuhn.io/ Twitter: https://twitter.com/spacehuhn YouTube: https://www.youtube.com/channel/UCFmjA6dnjv-phqrFACyI8tw An overview of the ESP8266 https://www.espressif.com/en/products/hardware/esp8266ex/overview Stefan's Github https://github.com/spacehuhn ESP8266 Deauther 2.0 https://github.…

A honeypot is a tool that acts as bait, luring an attacker into revealing themselves by presenting a seemingly juicy target. In our first Security Tools podcast, we explore a free tool called Grabify that can gather information about scammers or attackers when they click on a honeypot tracking link. https://grabify.link/ https://jlynx.net/ https://…

We wanted you to be the first to know that next week; we will be back in this same feed with a new security podcast from Varonis. The new Security Tools podcast will keep you up to date with the most exciting and useful tools the Infosec community has to offer. Join us on the new show to hear from the researchers and hackers behind tools like Grabi…

Summer is approaching, and of course, that’s when we feel the most heat. However, for cybersecurity managers, they feel the heat all the time. They must be right every time because cybercriminals only have to be right once. So summer can potentially feel like it’s year-round for cybersecurity pros and it can cause job burnout. Another problem that …

Searching a traveler’s phone or laptop is not an extension of a search made on a piece of luggage. As former commissioner of Ontario Ann Cavoukian said, “Your smartphone and other digital devices contain the most intimate details of your life: financial and health records.” In general, it’s also dangerous to connect laws made in accordance with the…

Lately, we’ve been hearing more from security experts who are urging IT pros to stop scapegoating users as the primary reason for not achieving security nirvana. After covering this controversy on a recent episode of the Inside Out Security Show, I thought it was worth having an in-depth conversation with an expert. So, I contacted Angela Sasse, Pr…

Over the past few weeks, Kaiser Fung has given us some valuable pointers on understanding the big data stats we are assaulted with on a daily basis. To sum up, learn the context behind the stats — sources and biases — and know that the algorithms that crunch numbers may not have the answer to your problems. In this third segment of our podcast, Kai…

It’s great to be Amazon to only have one on-call security engineer and have security automated. However, for many organizations today, having security completely automated is still an aspirational goal. Those in healthcare might would love to upgrade, but what if you’re using a system that’s FDA approved, which makes upgrading a little more difficu…

In part oneof our interview with Kaiser, he taught us the importance of looking at the process behind a numerical finding. We continue the conversation by discussing the accuracy of statistics and algorithms. With examples such as shoe recommendations and movie ratings, you’ll learn where algorithms fall short. Transcript Cindy Ng: In part one, Kai…

Recently in the security space, there’s been a spate of contradicting priorities. For instance, a recent study showed that programmers will take the easy way out and not implement proper password security. Antidotally, a security pro in a networking and security course noticed another attendee who covered his webcam, but noticeably had his bitlocke…

In the business world, if we’re looking for actionable insights, many think it's found using an algorithm. However, statistician Kaiser Fung disagrees. With degrees in engineering, statistics, and an MBA from Harvard, Fung believes that both algorithms and humans are needed, as the sum is greater than its individual parts. Moreover, the worldview h…

Should CISOs use events or scenarios to drive security, not checklists? It also doesn’t matter how much you spend on cybersecurity if ends up becoming shelfware. Navigating one’s role as a CISO is no easy feat. Luckily, the path to becoming a seasoned CISO is now easier with practical classes and interviews. But when cybersecurity is assumed to not…

Scott Schober wears many hats. He's an inventor, software engineer, and runs his own wireless security company. He's also written Hacked Again, which tells about his long running battle against cyber thieves. Scott has appeared on Bloomberg TV, Good Morning America, CNBC, and CNN. We continue our discussion with Scott. In this segment, he talks abo…

Scott Schober wears many hats. He's an inventor, software engineer, and runs his own wireless security company. He's also written Hacked Again, which tells about his long running battle against cyber thieves. Scott has appeared on Bloomberg TV, Good Morning America, CNBC, and CNN. In the first part of the interview, Scott tells us about some of his…

With data as the new oil, we’ve seen how different companies responded. From meeting new data privacy compliance obligations to combining multiple data anonymized points to reveal an individual’s identity – it all speaks to how companies are leveraging data as a business strategy. Consumers and companies alike are awakening to data’s possibilities …

By now, we’ve all seen the wildly popular internet of things devices flourish in pop culture, holding much promise and potential for improving our lives. One aspect that we haven’t seen are IoT devices that not connected to the internet. In our follow-up discussion, this was the vision Simply Secure's executive director Scout Brody advocates, as cu…

With the spring just a few short weeks away, it’s a good time to clean the bedroom windows, dust off the ceiling fans, and discard old security notions that have been taking up valuable mind space. What do you replace those security concepts with? How about ones that say that security systems are not binary “on-off” concepts, but instead can be see…

The combination of business and technology-related challenges and the requirement to meet regulatory compliance obligations as well as managing risk is no easy feat. European officials have been disseminating information on how to prevent online scams, general tips as well as warning signs. Other attorneys have been reflecting on legislative develo…

Tiffany C. Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes and speaks on the privacy implications of artificial intelligence, virtual reality, and other technologies. Our discussion is based on her recent paper on the difficulties with getting AI to forget. In this second part, we contin…

On the last week of the year, the Inside Out Security panelists reflected on the year’s biggest breaches, scams and fake everything. And is computer security warfare? Well, it depends on who you ask. A 7th grader trying to change her grades isn’t an enemy combatant. But keep in mind as another argues, “There's an opponent who doesn't care about you…

Tiffany C. Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes and speaks on the privacy implications of artificial intelligence, virtual reality, and other technologies. Our discussion is based on her recent paper on the difficulties with getting AI to forget. In this first part , we talk a…

The CIO is responsible for using IT to make the business more efficient. Meanwhile, the CISO is responsible for developing and executing a security program that’s aimed to protect enterprise systems and data from both internal and external threats. At the end of the day, the CISO makes security recommendations to the CIO has the final say. Perhaps …

We need to do better. Exhausting. Dramatic. That’s how the Inside Out Security panelists described our 2018 security landscape. We see the drama unfold weekly on our show and this week was no different. As facial recognition software becomes more prevalent, we’re seeing it used in security to protect even the biggest stars like Taylor Swift. Her se…

There’s a yin and yang to technology. For instance, the exchange for convenience and ease with our data. Unfortunately Facebook is getting most of the blame, when many companies have collect many points of data as the default setting. Meanwhile, as quickly as diligent security pros are eager to adopt and advance security solutions with biometrics, …

We’ve completed almost 100 podcast panels and sometimes it feels like we’re talking in circles. Over the years, the security and privacy landscape have gotten more complex, making baseline knowledge amongst industry pros ever so more important. Old concepts are often refreshed into current foundational security concepts. Technological advancements …