DrZeroTrust

Rick Moy and I discuss ZT and the cloud. How developers can and should look at security (it's not how you think). Dealing with ethereal assets, 5G and a whole bunch of other great issues in this episode!

Should executives ever be exempt from security standards and practices, the answer rhymes with bell no. MGM got his with ransomware via a third party and some social engineering, but they spend hundreds of millions on security. So what should we learn from that? CISA wants to offer free scans for utilities, is that a good or bad thing? Congress wants to legislate around deepfakes for elections, how will that work? And a major university was found to be fudging their self certification for compliance, whoops! Those and more on this one!

What is Surf's new RBI extension? How does this fit with Zero Trust strategically? Why is RBI now a "thing" in security? Is this just for enterprises or all businesses? How hard is it to configure this thing? What about third parties and developers, does this help them be more secure? Those questions and more on this one!

Data from Blackberry points to the same methods of exploitation, shocker. Some recent revelations from the National Security Agency and #china threat. Additionally, more insights on some of the flaws in our #compliance and #regulatory #cyber spaces. SeeTickets gets hacked, again. What's up with that Dallas City hack? Those and more on this episode!

Cyberpsychology and the hacker mindset, what should we think? Malwarebytes and their funding and layoffs, what does that indicate about the market? AI and LLM's aren't people, stop treating them like they are from MIT. Compliance does not equal security, say what? Phishing as a service get smarter according to Microsoft. The FBI "brought down" a massive botnet, they'll never come back right? And a very suspect claim from a vendor on their "response time". All that and more on this one!

Thoughts on the recent RNC candidate debate where cybersecurity never came up, super. China is using Linkedin to recruit spies, how can you know when you are targeted? Trustwave published new research on BEC hacks, what do we get from that research? Two guys are arrested for laundering money via crypto, is that a treasonous act? MAC's get some new malware, hurray! Ransomware group deletes a providers entire customer base's data, whoops! Those and more on this one!

How to defend from a "Zero Day" attack that is "not in any anti-virus" engine. Proxy wars from AT&T. Interesting data from Flashpoint on the underground market. Is CISA really enforcing effective controls if they rely on training? Irish police department have a data breach that might lead to terrorist targeting, yikes! And rethinking the terminology and understanding around cyberwar! Those points and more on this episode!

Insider threats are a real thing, do you have the tools to detect malicious intent before it becomes a threat? How do we know if behavior equals threat? More data on ransomware and the insurance market. Companies selling insurance are considering "ratings" for premiums. Halcyon identifies "new" threat groups, or is the same one with a new fancy name? The new cyber workforce plan, good or bad? Those questions and more on this episode.

Does the Veterans Affairs Administration really do all it can for Veterans? I have a tale to tell about this one folks. Sophos released a report on the current state of ransomware for education, it's not encouraging. Ivanti has a bug that should be patched for mobile security customers. The FBI used a FISA database improperly, interesting. Cofense has some new data on phishing as a threat, guess what it's still a thing. And some thoughts on the 4 day rule from the SEC for disclosure of breach activity.

SECOPs teams have faith in the their tools, but question if they will "miss" something? What? Administration releases plan for IoT security and labeling, how will it work? Top10 predictions for 2023 and security. That Zero Trust thing is still in there I hope. The upcoming election and the explosion of AI are already going bonkers, what is next? Those questions and more insights on this episode!