DrZeroTrust

DDoS hosts get arrested, but is it really a legit punishment? Cisco has an issue with remote access and a level 10 vuln, uh oh! Deepfakes are up over 1000% in countries with elections in 2024! And Snowflake adds MFA, after their issue, hurray! Buckle up!

In this conversation I discuss the Confucius Institute, cybersecurity search engines, ransomware defense evasion tactics, the GOP platform on protecting critical infrastructure, the OpenAI breach, cybersecurity concerns in the automotive industry, the White House's push for increased cyber funds, and the healthcare industry's pushback against cybersecurity reporting rules. Takeaways Augusta, Georgia is not an exciting place to visit The Confucius Institute raises concerns about its funding and curriculum Cybersecurity search engines like Greyhat Warfare can provide valuable information Ransomware attackers are focusing on defense evasion tactics The GOP platform emphasizes protecting critical infrastructure from hackers OpenAI faced a breach but did not inform law enforcement The automotive industry is increasingly concerned about cybersecurity The White House is seeking increased cyber funds for federal agencies The healthcare industry is pushing back against proposed cybersecurity reporting rules

New "listening" sites in Cuba, uh oh. Is Temu a threat, it is from China. OpenSSH has some serious issues. Will the Supreme Court affect our cyber security posture? TeamViewer gets hit as well. Buckle up!

Did Microsoft's leadership really say they don't have to play by China's rules? Did they potentially lie in front of Congress? Have you ever read the book that is guiding Chinese cyber warfare strategy? I'll tell you where it is. Those important points and WHOLE lot more on this one.

US government contracts pay big fine for doing "no no's" on cyber, why isn't that happening more often? A crime related database was hacked and leaked, not good for those who filed complaints. Microsoft's CEO took a beating on Capitol Hill for the companies issues with security, ouch. And more on this one!

What does it mean to be Breach Ready? A CISO tells me all about his views on this. How should we think about micro-segmentation? Is it really that hard to do right? Where should controls be applied to help limit lateral movement? Can software really help you be ready for an 8K filing with the SEC?

What does it take to really get hit hard for a "cyber" crime? Deepfake the President and find out. Why is it a risk to have a single vendor running all government IT systems? And how does that seem like "fair" competition as required by law? What is skill based hiring for cyber and is that a good thing? Check this episode out!

What should we know about micro-segmentation? How important is a policy engine to Zero Trust enterprises? Where does the focus for network controls need to be? And more on this one!

Was that Nigerian prince who wanted to share his money with you real? The US DoJ files paperwork on a Russian Lockbit "mastermind", so what? How much is it going to take before we see real action based on the aggression we see from our adversaries? Those and more on this one! Don't miss it!

What is cyber GRC? Why do we need to concern ourselves with it? Can any business do this? How can a business achieve smart compliance? Does AI introduce risk to the process or benefit it? Lots of great stuff here with Cypago.