In this week’s Cyber Security Brief, we discuss a bad week for cryptocurrencies, the new Google Chrome extension that will let you know if your password has been breached, why parents should be wary of kids’ smartwatches, and why we all should be wary of phone apps that promise to make you look beautiful. Plus, we chat about the experience of one Illinois family who felt the heat after their suite of Nest devices was hacked.
Feb 07, 2019•25 min•Ep 32•Transcript available on Metacast In this week’s Symantec Cyber Security Brief we discuss authorities' pursuit of Webstresser users, Japan allowing officials to hack civilians’ IoT devices in an attempt to improve security, and the much-discussed Apple Facetime bug. We also chat about the Razy malware attempting to steal cryptocurrencies, an evolution of business email compromise (BEC) scams, and a bizarre sting operation targeting the Citizen Lab internet watchdog group.
Jan 31, 2019•25 min•Ep 31•Transcript available on Metacast On this week’s Cyber Security Brief podcast, Symantec threat researcher Stephen Doherty joins us to discuss our recently published research into a wave of attacks against financial institutions in West Africa. We also discuss some new research that found that many free mobile VPNs could actually compromise people’s privacy, a hitman who was convicted thanks to evidence found on his smartwatch, and an embarrassing compromise of the ATLAS MMO game. Also this week, Russia is back in the headlines a...
Jan 24, 2019•23 min•Ep 30•Transcript available on Metacast In this week’s Cyber Security Brief, we discuss the indictment of two Ukrainian nationals for their role in a conspiracy to hack into the Securities and Exchange Commission’s (SEC) computer systems. We also chat about the recent controversy about GoDaddy quietly injecting scripts onto websites without the website owners knowing, and recent attacks on cryptocurrency exchanges. We also cover the Pwn2Own contest offering cash prizes for hacks on a Tesla vehicle for the first time, and how credit ca...
Jan 17, 2019•24 min•Ep 29•Transcript available on Metacast Welcome to the first Cyber Security Brief podcast of 2019! On this week’s episode we discuss the fact that most people don’t trust their internet of things devices, but also aren’t that willing to pay extra for improved security. We also chat about the major leak of personal data of high-profile politicians and others in Germany, and developments in the campaign of the hackers taking over printers and Chromecasts to express their support for PewDiePie (and highlight security issues). Finally, we...
Jan 10, 2019•22 min•Ep 28•Transcript available on Metacast In the final Cyber Security Brief podcast of 2018, we take a look back at the year that has gone by in cyber security, and count down the top 5 biggest cyber security stories of 2018. Listen to find out what we thought they were!
Dec 20, 2018•31 min•Ep 27•Transcript available on Metacast On this week’s Cyber Security Brief podcast, money is a big theme! We discuss a series of heists on banks in Eastern Europe that sound like something out of a Hollywood movie, a rise in the money lost to so-called “grandparent scams”, a crackdown by cops on money mules operating throughout Europe, and a new twist to the sextortion email scams we have previously discussed on this podcast. Also this week, we chat about new research Symantec has just published into the Seedworm group (aka Muddywate...
Dec 13, 2018•25 min•Transcript available on Metacast In this week’s Cyber Security Brief, we discuss the latest developments in the SamSam ransomware, with two of the people reportedly behind the ransomware having been recently indicted. Dick O’Brien, Candid Wueest and Brigid O Gorman also discuss the recent huge data breach at the Marriot-owned Starwood chain of hotels, as well as a large breach at Q & A website Quora. The hacker who hijacked 50,000 printers to spam people to support infamous YouTuber PewDiePie, a gaffe by an AI jaywalking detect...
Dec 06, 2018•25 min•Ep 25•Transcript available on Metacast On this week’s Cyber Security Brief, we discuss Symantec’s role in an FBI takedown of ad-fraud infrastructure dubbed Operation Eversion. We also discuss the latest developments in the Facebook/Cambridge Analytica scandal, as well as the most recent activity from Magecart. Also, the dangers of most phishing sites having the padlock sign beside their address, and the curious incident of a security researcher who responsibly reported a vulnerability but was still subsequently reported to the police...
Nov 29, 2018•21 min•Ep 24•Transcript available on Metacast On this week’s episode of the Cyber Security Brief, Brigid O Gorman is joined by Candid Wueest to discuss the infamous Conficker worm, which marks its 10th anniversary this week. This worm first appeared on November 21, 2008, and despite the many changes that have occurred in the cyber security landscape since then we still see hundreds and thousands of detections of Conficker in the wild today. As well as Conficker, we also discuss some of the other old threats that are still around today – and...
Nov 22, 2018•36 min•Ep 23•Transcript available on Metacast In this week’s Cyber Security Brief podcast, Dick O’Brien, Candid Wueest and Brigid O Gorman discuss new research into formjacking and the Megecart group; a subsidiary of French movie chain Pathe loses more than $20 million in a Business Email Compromise (BEC) scam, and a whole slew of vulnerabilities get patched.
Nov 15, 2018•22 min•Ep 22•Transcript available on Metacast In this week’s Cyber Security Brief podcast we discuss the FASTCash attacks, in which the Lazarus group has been emptying ATMs, and highlight the research we have published into this activity. We also discuss a new report highlighting small businesses’ cyber risk, the Inception Framework using a new backdoor, and a vulnerability in a building management software.
Nov 08, 2018•23 min•Ep 21•Transcript available on Metacast In this week’s Cyber Security Brief podcast we discuss our newly-published research into the SamSam ransomware, exposed Docker APIs being used for cryptojacking, and some new activity from the Emotet botnet. With the midterm elections in the U.S. fast approaching we also take a look at some of the election security stories that have come up in the last week. Finally, we discuss a cautionary tale underlining why you shouldn’t use your work laptop to visit “adult” websites.
Nov 01, 2018•26 min•Ep 20•Transcript available on Metacast In this week’s Cyber Security Brief podcast, we discuss the claims and counter claims related to the Bloomberg Businessweek story published at the start of October that alleged Chinese spies had infiltrated U.S. companies by implanting secret chips on Super Micro motherboards – a story that has been rebutted by almost all the companies mentioned in it, including Super Micro itself, Apple and Amazon. With calls from those companies now for Bloomberg to retract the story, we discuss this ongoing s...
Oct 25, 2018•20 min•Ep 19•Transcript available on Metacast Something a little different this week as we take a behind-the-scenes look at life in Symantec. Dick O’Brien chats to three Symantec engineers working in different parts of the company, and at different stages in their careers, to find out what it is really like to work as an engineer in a cyber security firm. Dick is joined by Symantec engineers Sayali Kulkarni, Conor Murray and Eric Chien to discuss the evolution of their careers in cyber security.
Oct 18, 2018•30 min•Ep 18•Transcript available on Metacast In this week’s Cyber Security Brief, Dick O’Brien is joined by Symantec threat researchers Jon DiMaggio and Candid Wueest to discuss the big cyber security stories of the last week. We talk about Symantec’s latest research on a previously-unknown attack group called Gallmaker, which is using “living off the land” and publicly-available hack tools to target organizations in the government and defense sectors. We also discuss the hack of the SpankChain cryptocurrency project, the breach at Garmin-...
Oct 11, 2018•23 min•Ep 17•Transcript available on Metacast In this week’s Symantec Cyber Security Brief we discuss two of our recently-published pieces of research. First, we are joined by Threat Analyst Stephen Doherty to discuss the recent activity of APT28 (aka Swallowtail, Fancy Bear), which made headlines in 2016 due to its involvement in cyber attacks against an organisation involved in the U.S. presidential election. Then, we talk about our newly published whitepaper examining the topic of cryptojacking – one of the hottest subjects in the world ...
Oct 04, 2018•29 min•Ep 16•Transcript available on Metacast In this week’s Symantec Cyber Security Brief, we discuss recent research Symantec has published on formjacking, as well as the formjacking attacks that have been carried out by the Magecart group. We also discuss how outdated plugins are allowing malicious code to be injected into WordPress sites, the Apple macOS Mojave zero day, and why it’s never a good idea for companies to store their customers’ passwords in plaintext.
Sep 27, 2018•25 min•Ep 15•Transcript available on Metacast On this week’s podcast Dick O’Brien is joined by threat researchers Candid Wueest and Brigid O Gorman to discuss the biggest cyber security stories of the week. We take a look at the newly-discovered Xbash malware family and what it can do, as well as discussing the first case of its kind where a man was convicted and imprisoned for writing fake reviews on TripAdvisor. Also, we look at some recent hacks against blockchain casinos, and speculate on the likely perpetrators behind DDoS attacks on U...
Sep 20, 2018•29 min•Ep 14•Transcript available on Metacast Dick O’Brien is joined by Symantec product manager Arvind Rao and architect Haik Mesropian to discuss their work, and what they are doing to combat software supply chain attacks, the products they are building, and how they are hoping their efforts will help developers combat these attacks.
Sep 13, 2018•25 min•Ep 13•Transcript available on Metacast In this week’s podcast we discuss how insiders are often the ones to blame for data breaches, and how often data breaches are caused by human error more often than malicious attackers. We look at the implications of a deal between Mastercard and Google that allows advertisers to figure out how effective their ads are at getting consumers to make purchases in the real world, and a development in the MikroTik routers hack. Also, we discuss $1 billion in Bitcoin that has suddenly started to move – ...
Sep 06, 2018•28 min•Ep 12•Transcript available on Metacast On this week’s podcast we discuss the DNC “hack” that wasn’t, developments on dark web marketplaces, and the release of a Windows zero day on Twitter. We also discuss the Andromeda botnet, following the release from prison of one of the people accused of being behind it.
Aug 30, 2018•22 min•Transcript available on Metacast This week, Dick O’Brien is joined by Symantec threat researcher Gillian Cleary, who discusses her recent research into the 100 most popular mobile apps, and how much information they are really gathering about their users. We also discuss an attack dubbed USBHarpoon that turns USB charging cables malicious, and we look at a court case in the U.S. where the government is reportedly attempting to compel Facebook to break the encryption on its Messenger service.
Aug 23, 2018•23 min•Ep 10•Transcript available on Metacast This week we bring you a special podcast taking an in-depth look at the financial threats cyber crime landscape. Brigid O’Gorman is joined by Symantec threat analysts Stephen Doherty and Eric Chien to discuss the threats facing both banking consumers and banks themselves. We also discuss the Lazarus group’s role in recent high-value attacks targeting financial institutions, and talk about the future of the financial threats landscape.
Aug 16, 2018•27 min•Ep 9•Transcript available on Metacast In this week’s cyber security news round-up, we chat about Threat Intel’s Liam O’Murchu’s Black Hat presentation: How To Use Machine Learning to Discover New Targeted Attacks. We also discuss the Snapchat source code leak, the coin mining campaign targeting MikroTik routers, and the concept of “security through obscurity” – adding more bugs to code to make it harder for black hat hackers to figure out which bugs are the exploitable ones.
Aug 09, 2018•27 min•Ep 8•Transcript available on Metacast Welcome to your weekly cyber security news round-up. This week we discuss the simple-seeming game that was exploiting users’ CPU to mine cryptocurrency. We look at the story of prisoners in the U.S. who hacked their prison-issued tablets, and discuss the teen who stole $5 million through SIM hijacking. We also consider some of the issues that can arise when you buy second-hand connected cars and, yet again, we cover another attack on the software supply chain.
Aug 02, 2018•31 min•Ep 7•Transcript available on Metacast In this week’s round-up of all things cyber security we discuss newly-released research from Symantec detailing the activity of Leafminer, a threat actor carrying out campaigns that target organisations in the Middle East. We also discuss the continuing problem of data breaches, and how these can facilitate credential stuffing attacks by cyber criminals. The Internet of things (IoT), and the security failures that often occur in that space, is also up for discussion.
Jul 26, 2018•28 min•Ep 6•Transcript available on Metacast This week we look back at the week that was in cyber security. Dick O’Brien is joined by threat researchers Candid Wueest and Brigid O Gorman to discuss the latest research Symantec has just published about how Powershell is being leveraged by malicious actors. We also discuss extortion scams where people are tricked into transferring money to scammers who claim they have video of them visiting adult websites, how Twitter is trying to clean up its platform, and the financial cost of data breache...
Jul 19, 2018•31 min•Ep 5•Transcript available on Metacast In this week’s podcast, we discuss software supply chain attacks, a subject we wrote about in this year’s ISTR. Software supply chain attacks increased by 200 percent between 2016 and 2017, with at least one attack every month in 2017. Dick O’Brien is joined by Symantec threat researchers Candid Wueest and Gavin O’Gorman to discuss this surge in attacks, and also to talk about two high-profile examples of these kind of attacks: the Petya/NotPetya and CCleaner attacks.
Jul 12, 2018•29 min•Transcript available on Metacast In this week’s podcast we take a look back at the first six months of the year, and review some of the biggest cyber security stories. We discuss VPNFilter, a router malware that, unusually, is able to survive the router being rebooted, as well as highlighting the tool that Symantec has released to tell users whether or not their router is infected with VPNFilter. We also look back at investigations into the Orangeworm and Inception Framework attack groups, as well as reviewing the impact of the...
Jul 05, 2018•33 min•Ep 3•Transcript available on Metacast 
