Slack channel: https://defensivesecurity.org/slack-channel/ http://blog.checkpoint.com/2016/11/24/imagegate-check-point-uncovers-new-method-distributing-malware-images/ http://www.csoonline.com/article/3143713/analytics/shall-we-care-about-zero-day.html http://www.databreachtoday.com/umass-amherst-hit-650000-hipaa-settlement-a-9554 http://arstechnica.com/security/2016/11/elegant-0day-unicorn-underscores-serious-concerns-about-linux-security/ http://www.securityweek.com/disgruntled-gamer-likely-b...
Nov 28, 2016•1 hr 13 min•Transcript available on Metacast Book recommendations: https://defensivesecurity.org/resources/recommended-books/ Slack channel: http://https://defensivesecurity.org/slack-channel/ http://arstechnica.com/information-technology/2016/11/kaspersky-accuses-microsoft-of-anticompetitive-bundling-of-antivirus-software/ https://nakedsecurity.sophos.com/2016/11/11/yahoo-staff-knew-they-were-breached-two-years-ago/ http://www.csoonline.com/article/3139311/security/412-million-friendfinder-accounts-exposed-by-hackers.html
Nov 14, 2016•38 min•Transcript available on Metacast Overconfidence is putting organizations at higher risk for attacks http://arstechnica.com/security/2016/11/windows-zero-day-exploited-by-same-group-behind-dnc-hack/ http://www.bankinfosecurity.com/those-suing-anthem-seek-security-audit-documents-a-9498 https://it.slashdot.org/story/16/11/05/1744231/it-workers-facing-layoffs-jolted-by-ceos-message
Nov 07, 2016•54 min•Transcript available on Metacast http://www.securityweek.com/shadow-brokers-leaks-servers-allegedly-hacked-nsa http://www.bankinfosecurity.com/online-ad-industry-threatened-by-security-issues-a-9488 http://m.elpasoinc.com/news/local_news/article_92e82ee0-9f84-11e6-b429-0b2b853bae0b.html?mode=jqm http://researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-used-lure-operation-lotus-blossom-actors/
Nov 02, 2016•1 hr 6 min•Transcript available on Metacast Serious Dirty Cow Linux Vulnerability Under Attack http://news.softpedia.com/news/hackers-steal-research-and-user-data-from-japanese-nuclear-research-lab-509380.shtml https://www.databreaches.net/rainbow-childrens-clinic-notifies-33368-patients-of-ransomware-attack/ https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
Oct 24, 2016•41 min•Transcript available on Metacast http://conferences.oreilly.com/security/network-data-security-ny/public/content/buy-one-get-one-discount https://www.eventbrite.com/e/bsides-atlanta-2016-tickets-27895813128 http://www.cnbc.com/2016/10/14/british-banks-keep-cyber-attacks-under-wraps-to-protect-image.html http://www.lexology.com/library/detail.aspx?g=f17c1e55-5768-4ea6-a7e6-d555c4052eef https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly
Oct 16, 2016•40 min•Transcript available on Metacast http://cybersecurity.oxfordjournals.org/content/early/2016/08/08/cybsec.tyw001 The psychological reasons behind risky password practices http://www.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html?_r=0 http://www.databreachtoday.com/blogs/yahoo-breach-great-nation-state-cop-out-p-2260
Oct 03, 2016•43 min•Transcript available on Metacast http://www.csoonline.com/article/3119965/security/a-single-ransomware-network-has-pulled-in-121-million.html https://www.sans.org/reading-room/whitepapers/dataprotection/data-breaches-prevention-practical-37267 http://www.bankinfosecurity.com/aligning-cyber-framework-organizations-strategy-goals-a-9401 http://arstechnica.com/security/2016/09/swift-fraudsters-detection-system-bangladesh-bank-heist/ http://www.bankinfosecurity.com/blogs/ransomware-victims-please-come-forward-p-2255 http://www.nyti...
Sep 22, 2016•58 min•Transcript available on Metacast http://news.softpedia.com/news/retiring-sysadmin-fakes-cyber-attack-to-get-away-with-data-theft-507992.shtml https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf http://money.cnn.com/2016/09/08/investing/wells-fargo-created-phony-accounts-bank-fees/index.html http://spectrum.ieee.org/view-from-the-valley/computing/it/facebook-engineers-crash-data-centers-in-realworld-stress-test http://www.b...
Sep 11, 2016•59 min•Transcript available on Metacast http://www.csoonline.com/article/3110975/techology-business/how-do-you-measure-success-when-it-comes-to-stopping-phishing-attacks.html http://www.databreachtoday.com/equation-group-hacking-tool-dump-5-lessons-a-9358 http://www.csoonline.com/article/3109982/security/attackers-dont-need-vulnerabilities-when-the-basics-work-just-as-well.html http://www.securityweek.com/attacker-uses-virtual-machine-hide-malicious-activity http://www.networkworld.com/article/3110653/security/imperva-application-laye...
Aug 30, 2016•45 min•Transcript available on Metacast https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ http://www.extremetech.com/extreme/234031-your-guide-to-the-shadow-brokers-nsa-theft-which-puts-the-snowden-leaks-to-shame http://phys.org/news/2016-08-people-software-percent.html http://www.csoonline.com/article/3108025/cyber-attacks-espionage/cerber-ransomware-earns-2-3mil-with-0-3-response-rate.html
Aug 21, 2016•51 min•Transcript available on Metacast http://www.csoonline.com/article/3101863/security/report-only-3-percent-of-u-s-companies-pay-attackers-after-ransomware-infections.html http://www.bankinfosecurity.com/fed-reserve-a-9282 http://www.tripwire.com/state-of-security/featured/does-dropping-malicious-usb-sticks-really-work-yes-worryingly-well/ http://arstechnica.com/security/2016/08/frequent-password-changes-are-the-enemy-of-security-ftc-technologist-says/ http://spectrum.ieee.org/tech-talk/telecom/security/nigerian-scammers-infect-th...
Aug 14, 2016•1 hr 3 min•Transcript available on Metacast http://www.bankinfosecurity.com/report-new-york-fed-fumbled-cyber-heist-response-a-9281 http://motherboard.vice.com/read/ransomware-gang-claims-fortune-500-company-hired-them-to-hack-the-competition http://www.lexology.com/library/detail.aspx?g=d0f4e774-6c6a-4783-b993-4f165f1dcc7e
Jul 25, 2016•48 min•Transcript available on Metacast Tiaracon: http://tiaracon.org/ http://www.cbc.ca/news/technology/antivirus-software-1.3668746 http://www.csoonline.com/article/3089439/business-continuity/9-critical-controls-for-todays-threats.html http://www.bankinfosecurity.com/interviews/heartbleed-update-america-vulnerable-i-3242 http://www.bankinfosecurity.com/blogs/av-wars-sophos-vs-cylance-p-2172 http://www.reuters.com/article/us-cyber-fdic-china-idUSKCN0ZT20M http://blog.talosintel.com/2016/07/ranscam.html
Jul 17, 2016•58 min•Transcript available on Metacast http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html#.V3BKyvkrJhE http://www.zdnet.com/article/cvss-scores-are-not-enough-for-modern-security/ http://www.crn.com/news/security/300081157/sophos-slams-cylance-in-blog-post-as-market-for-endpoint-security-heats-up.htm?itc=refresh
Jun 30, 2016•1 hr 3 min•Transcript available on Metacast http://www.darkreading.com/vulnerabilities—threats/windows-badtunnel-attack-hijacks-network-traffic/d/d-id/1325875 http://krebsonsecurity.com/2016/06/adobe-update-plugs-flash-player-zero-day/ http://krebsonsecurity.com/2016/06/banks-credit-card-breach-at-cicis-pizza/ http://ieee-security.org/TC/SP2016/papers/0824a018.pdf https://securelist.com/blog/research/75027/xdedic-the-shady-world-of-hacked-servers-for-sale/ https://www.washingtonpost.com/world/national-security/guccifer-20-claims-credit-fo...
Jun 20, 2016•1 hr 1 min•Transcript available on Metacast TeamViewer Denies Hack, Blames Password Reuse for Compromises http://www.businessinsurance.com/article/20160602/NEWS06/160609935/chubb-p-f-changs-federal-insurance-co-cybersecurity-by-chubb-credit http://www.csoonline.com/article/3075385/backup-recovery/will-your-backups-protect-you-against-ransomware.html#jump http://www.csoonline.com/article/3077434/security/93-of-phishing-emails-are-now-ransomware.html#jump http://venturebeat.com/2016/06/04/federal-reserve-bank-was-hacked-more-than-50-times-b...
Jun 05, 2016•51 min•Transcript available on Metacast Vote for us! https://www.surveymonkey.com/r/secbloggerwards2016 http://www.csoonline.com/article/3071337/cyber-attacks-espionage/cybercriminals-are-increasingly-embracing-a-sophisticated-business-model-approach.html#tk.rss_all https://www.yahoo.com/news/special-report-cyber-thieves-exploit-banks-faith-swift-052100312–finance.html?ref=gs http://www.securityweek.com/google-soon-kill-sslv3-rc4-support-gmail https://threatpost.com/microsoft-warns-of-sneaky-new-macro-trick/118227/ http://www.networkw...
May 23, 2016•33 min•Transcript available on Metacast http://www.bankinfosecurity.com/researcher-hacks-symantecs-av-via-email-a-9109 http://www.v3.co.uk/v3-uk/news/2457773/hackers-exploiting-six-year-old-sap-software-flaw-warns-us-cert http://arstechnica.com/security/2016/05/1b-bangladesh-heist-officials-say-swift-technicians-left-bank-vulnerable/ http://www.csoonline.com/article/3069502/data-breach/malware-attacks-on-two-banks-have-links-with-2014-sony-pictures-hack.html https://www.surveymonkey.com/r/secbloggerwards2016
May 18, 2016•59 min•Transcript available on Metacast http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/ https://blog.osvdb.org/2016/04/27/a-note-on-the-verizon-dbir-2016-vulnerabilities-claims/
May 02, 2016•1 hr 27 min•Transcript available on Metacast http://baesystemsai.blogspot.nl/2016/04/two-bytes-to-951m.html https://threatpost.com/bangladesh-bank-hackers-accessed-swift-system-to-steal-cover-tracks/117637/ http://www.csoonline.com/article/3061229/fraud/swift-banking-network-warns-customers-of-cyberfraud-cases.html http://www.theregister.co.uk/2016/04/22/i_hacked_facebook_and_found_someone_had_beaten_me_to_it/
Apr 28, 2016•42 min•Transcript available on Metacast https://www.helpnetsecurity.com/2016/04/15/eu-data-protection-rules/ http://pastebin.com/raw/0SNSvyjJ https://threatpost.com/apple-deprecates-quick-time-for-windows-wont-patch-new-flaws/117427/ http://www.welivesecurity.com/2016/04/13/medical-data-breach-leads-record-cash-settlement/
Apr 19, 2016•47 min•Transcript available on Metacast https://offensivetechblog.wordpress.com/2016/03/29/systems-admins-we-need-to-talk/ http://m.sfgate.com/business/technology/article/Hackers-broke-into-hospitals-despite-software-7229722.php http://www.wired.co.uk/news/archive/2016-04/06/panama-papers-mossack-fonseca-website-security-problems http://arstechnica.com/security/2016/04/ok-panic-newly-evolved-ransomware-is-bad-news-for-everyone/
Apr 13, 2016•52 min•Transcript available on Metacast https://www.cooley.com/california-attorney-general-2016-data-breach-report http://www.csoonline.com/article/3049392/security/chinese-scammers-take-mattel-to-the-bank-phishing-them-for-3-million.html http://www.oreilly.com/security/newsletter http://conferences.oreilly.com/security/network-data-security-ny
Apr 05, 2016•1 hr 1 min•Transcript available on Metacast https://threatpost.com/apt-attackers-flying-more-false-flags-than-ever/116814/ http://www.csoonline.com/article/3048334/security/verizons-breach-experts-missed-one-right-under-their-noses.html http://www.wsj.com/articles/hackers-in-bangladesh-bank-account-heist-part-of-larger-breach-1458582678 http://krebsonsecurity.com/2016/03/hospital-declares-internet-state-of-emergency-after-ransomware-infection/
Mar 29, 2016•39 min•Transcript available on Metacast http://www.csoonline.com/article/3043975/security/compromised-data-goes-public-as-staminus-recovers-from-attack.html#tk.rss_all http://www.darkreading.com/endpoint/patch-management-still-plagues-enterprise/d/d-id/1324615 http://www.welivesecurity.com/2016/03/09/android-trojan-targets-online-banking-users/ http://arstechnica.com/security/2016/03/a-typo-costs-bank-hackers-nearly-1b/ http://www.cnet.com/news/home-depot-offers-19m-to-settle-customers-hacking-lawsuit/
Mar 15, 2016•48 min•Transcript available on Metacast http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf?_ga=1.157194172.685877305.1433735448 https://blog.agilebits.com/2015/06/17/1password-inter-process-communication-discussion/ http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest_xg_en.pdf
Mar 07, 2016•1 hr 1 min•Transcript available on Metacast http://www.databreachtoday.com/anthem-breach-lessons-one-year-later-a-8897 http://www.dw.com/en/hackers-hold-german-hospital-data-hostage/a-19076030 http://krebsonsecurity.com/2016/02/breached-credit-union-comes-out-of-its-shell/ http://arstechnica.com/security/2016/02/hackers-did-indeed-cause-ukrainian-power-outage-us-report-concludes/
Feb 28, 2016•40 min•Transcript available on Metacast http://www.scmagazineuk.com/russian-bank-licences-revoked-for-using-hackers-to-withdraw-funds/article/474464/ http://arstechnica.com/security/2016/02/hospital-pays-17k-for-ransomware-crypto-key/ http://news.softpedia.com/news/us-school-agrees-to-pay-8-500-to-get-rid-of-ransomware-500684.shtml http://www.scmagazineuk.com/44-of-ransomware-victims-in-the-uk-have-paid-to-recover-their-data/article/475426/ http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and...
Feb 25, 2016•47 min•Transcript available on Metacast http://www.tripwire.com/state-of-security/latest-security-news/cisco-patches-critical-asa-ike-buffer-overflow-vulnerability/ http://www.securityweek.com/we-cant-give-preventing-breaches http://www.csoonline.com/article/3033160/security/ransomware-takes-hollywood-hospital-offline-36m-demanded-by-attackers.html http://arstechnica.com/security/2016/02/clever-bank-hack-allowed-crooks-to-make-unlimited-atm-withdrawals/
Feb 16, 2016•50 min•Transcript available on Metacast 
