Episode 46: Another Snowden, ISIS Cyber Threat, and Selling Zero Days with Damballa’s Loucif Kharouni

October 23, 2015

Another big breach hit the government due to an Anonymous source leaking a cache of secret slides on the U.S. drone program. The hacking collective Anonymous has seen an increase in activity recently including some new Ops. ISIS is attacking the U.S. energy grid, and though the group is not doing a good job, some are concerned. Legal stories this week include Amazon, Sony, and several people taking advantage of their positions to steal money and information  and then being caught.

This week's guest is Loucif Kharouni, senior Threat Researcher at Damballa. A company called Zerodium, which describes itself as “the premium zero-day vulnerability and exploit acquisition program,” is offering $1 million for an iOS 9 zero day, and we chat with Loucif about the zero-day market, bug bounties, and then go into some of his observations regarding activity on the Dark Web. The interview starts at 28:00.

Episode 45: Retail Breaches Rise and Talking Data Breach Lawsuits with Thomas Rohback

October 16, 2015
Cybercrime activity in the Consumer Goods sector has been steadily increasing, and this week saw several more announcements related to payment card breaches. Yet another Flash Zero Day was among the handful of new advisories. Legal developments include several new California laws, and a variety of arrests were made.

This week's guest is Thomas Rohback, an experienced trial and appellate lawyer and a partner at Axinn, Veltrop & Harkrider. He explains some of the recent legal developments regarding data breach lawsuits and how the various court rulings are impacting whether those cases have standing. The interview starts at 26:45.

Episode 44: Big Data Breaches, Legal Shakeups and EMV Rollout with eConsumer Services’ Monica Eaton-Cardone

October 9, 2015

Several big names made headlines for data breaches this week including Scottrade, Patreon, Kmart, Experian, and Samsung-acquired LoopPay. Advisories were issued related to malware affecting iOS devices and the Outlook Web Application. And a European Court ruled the US-EU Safe Harbor framework invalid, potentially impacting thousands of companies.

This week's guest is Monica Eaton-Cardone, managing partner for eConsumerServices. October 1 was the deadline for merchants to transition to EMV, and the liability for some card present fraud has now shifted. We chat about how the deadline impacts consumers and businesses as well as some issues surrounding the transition in the U.S. The interview starts at 21:45.

Social Engineering: Tricked Employees, Stolen Data and How to Fight Back

October 1, 2015

This special episode is all about social engineering: what is it, how do cybercriminals use it to fool employees, and what can businesses do about it. Several guests are featured including Christopher Hadnagy, president and CEO of Social-Engineer, Inc and author of Unmasking the Social Engineer: The Human Element of Security, and Chris Blow, senior security advisor at Rook Security. A few old guests that have discussed the topic this year are included as well, such as Proofpoint's Kevin Epstein and John Zurawski, formerly at Authentify.

This special episode is the first in a series focused on cybersecurity best practices.