Vulnerability Management: False Confidence, the Remediation Gap and Other Challenges

November 29, 2015

This special episode is all about the challenges and issues around vulnerability management. David Hoelzer – SANS Fellow Instructor, dean of faculty for the SANS Technology Institute, and founder and CISO of CyberDefense, the parent company of Enclave Forensics – discusses the recent SANS survey and whitepaper "What Are Their Vulnerabilities?: A SANS Survey on Continuous Monitoring." Among the findings is that "we are approaching a dangerous state" where companies believe they are doing better than they are – leaving a window of opportunity for attackers.

Kenna Security's senior data scientist Michael Roytman also joins the podcast to discuss their recent report, "The Remediation Gap: Why Companies Are Losing the Battle Against Non-targeted Attacks." The report estimated that most companies take an average of 100-120 days to remediate vulnerabilities. We chat about the state of vulnerability management, the challenges facing organizations, and what businesses can do to improve on that front.


Episode 49: ISIS, Anonymous and What the JPMorgan Chase Arrests Mean with ThetaRay’s Mark Gazit

November 20, 2015

The Paris attacks have led to new cyber campaigns against ISIS by Anonymous and other Hacktivists as well as increased concerns that the group could target organizations with cyber-attacks. Advisories include several newly reported payment card breaches and new PoS malware as we head into the holiday shopping season. On the legal front, the long battle between LabMD and the FTC saw another development – this time in favor of LabMD.

This week's guest is Mark Gazit, CEO of ThetaRay. Last week prosecutors unveiled a 23-count indictment with alleged crimes targeting JPMorgan Chase, other financial firms, and media outlets such as The Wall Street Journal. We chat about the “diversified criminal conglomerate” behind the attack and what it signals for the future of cybercrime. The interview starts at 28:20.


Episode 48: More Ransoms, Another Big Leak, and Stolen Certificates with InfoArmor’s Christian Lees

November 13, 2015

ProtonMail paid a DDoS ransom and then proceeded to get attacked for more than a week anyway. TalkTalk is dealing with the aftermath of its breach. A new and improved version of CryptoWall is out – along with a few versions of ransomware that don't work quite as well. The Intercept published another big leak story; this time about a cache of 70 million phone records obtained from prison-phone provider Securus Technologies. There was a variety of legal developments including a man charged with manipulating the stock market and charges in the JPMorgan Chase breach. And a woman learned the hard way the dangers of taking selfies at a race track.

This week's guest is Christian Lees, CTO and CSO at InfoArmor. They recently released a report, "GovRat Advanced Persistent Threats: Digital Certificates for Sale in the Underground," and we talk about how malicious actors are using these certificates to make their malware harder to detect. The interview starts at 29:45.


Episode 47: TalkTalk’s Strange Week, FCC Fines and Taking Down Banking Trojans with Dell SecureWorks’ Dr. Brett Stone-Gross

November 6, 2015

TalkTalk had a rather unusual two-week long stretch before announcing the number of customers affected by its data breach. The FCC reached a settlement with Cox Communications – the agency's "first privacy and data security enforcement action." The KKK and British Gas also made headlines. Advisories include a new scare-tactic for ransomware, gas pump skimming, and a variety of new mobile vulnerabilities. On the legal front Morrison's is facing a lawsuit over its 2014 breach and criminals continue to be arrested for doing illegal things in very dumb ways.

This week's guest is Dr. Brett Stone-Gross, Senior Security Researcher at Dell SecureWorks Counter Threat Unit, which recently collaborated with various agencies in an effort to take over the Dridex banking Trojan. We talk about that operation, other banking Trojans, and new developments facing the financial sector. The interview starts at 26:30.