Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

The hosts reflect on personal memories while blending humor with security insights. They introduce an AI bot, Expo, that's revolutionizing vulnerability identification. The chat turns to advanced application security tools and the growing role of AI in this field. Cyber threats are evolving, with new tactics like callback phishing emerging. There's an urgent call for organizations to step up their vulnerability management. Fans can look forward to exciting merchandise updates and exclusive content opportunities.

The hosts humorously discuss Patreon support and introduce new exclusive content for donors. They reveal a critical vulnerability in MegaRack systems that could allow hackers unauthorized access. The episode also highlights the importance of professionalism in cybersecurity marketing and the challenges new hires face regarding phishing risks, tying in historical malware stories. Engaging anecdotes about email overload during orientations blend with discussions on combating social engineering, making for an entertaining and informative listen.

The hosts kick off with light-hearted weekend stories, balancing gaming and home repairs. They dive into a staggering 16 billion credential leak, clarifying it's a rehash of existing breaches. The conversation shifts to new cyber threats like deepfake malware and Google security manipulations. They highlight the struggles of open-source software maintenance, stressing the unsustainable burden on volunteer contributors. Finally, the discussion emphasizes the necessity of cybersecurity awareness and the challenges of genuine networking in the InfoSec community.

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec Links:  https://www.bleepingcomputer.com/news/security/sentinelone-shares-new-details-on-china-linked-breach-attempt/https://thehackernews.com/2025/06/new-supply-chain-malware-operation-hits.html?m=1https://www.csoonline.com/article/4002103/cisos-beware-genai-use-is-outpacing-security-controls.htmlhttps://thehackernews.com/2025/06/fin6-uses-aws-hosted-fake-resumes-on.html?m=1

The speakers dive into the dark side of AI, discussing its misuse in creating deceitful applications and the ethical implications of such trends. They explore how cybercriminals are leveraging advanced AI tools and evolving ransomware tactics, raising alarm over the increasing complexity of cybercrime. Another key topic includes a significant Coinbase breach linked to bribed employees, spotlighting insider threats and the critical need for stringent security measures. The episode wraps up with reflections on community engagement and the importance of proactive cybersecurity strategies.

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a range of topics including the introduction of a new cryptocurrency, Guard Llama Coin, and the implications of recent cybersecurity incidents involving ConnectWise and ransomware attacks. They explore the challenges organizations face in responding to nation-state attacks, the complexities of ransomware tactics, and the importance of employee security awareness. The conversation emphasizes the need for timely patching and proactive security measures to protect against evolving threats. Links:  https://www.theregister.com/2025/05/30/connectwise_compromised_by_sophisticated_government/https://www.darkreading.com/application-security/dragonforce-ransomware-msp-supply-chain-attackhttps://www.darkreading.com/threat-intelligence/3am-ransomware-adopts-email-bombing-vishing

The conversation kicks off with a lighthearted vibe as the hosts share personal anecdotes. They dive into a significant Coinbase data breach tied to insider threats, emphasizing the importance of proactive cybersecurity. The challenges of patch management are explored, highlighting the need for adaptive strategies in a rapidly evolving threat landscape. They discuss the cybersecurity risks in mergers and acquisitions and the dangers of inflexible security programs. The episode wraps up with a troubling look at emerging threats, particularly ransomware targeting CPUs.

In this episode, Jerry and Andrew discuss  the importance of data security, phishing attacks targeting hiring managers, the implications of paying ransoms, and the recent Disney data breach incident. They emphasize the need for better training for employees and the challenges of managing software supply chains. The conversation highlights the evolving landscape of cyber threats and the necessity for organizations to adopt more robust security practices. Links:https://www.darkreading.com/cyber-risk/venom-spider-phishing-schemehttps://go.theregister.com/feed/www.theregister.com/2025/05/08/powerschool_data_extortionist/https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-npm-package-with-45-000-weekly-downloads/https://www.theregister.com/2025/05/02/disney_slack_hacker_revealed_to/ Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

In this episode, we discuss the Google Mandiant 2025 M-Trends report.  The report is available here: https://services.google.com/fh/files/misc/m-trends-2025-en.pdf Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss the latest trends in cybersecurity, focusing on the rise of BEC scams and the significant losses attributed to cybercrime in 2024. They explore emerging threats, including social engineering tactics and hardware vulnerabilities, particularly in management interfaces. The conversation also delves into the complexities of vulnerability management, the risks associated with supply chain attacks in open source software, and the alarming rate at which CVEs are being exploited. The hosts emphasize the need for organizations to be proactive in their security measures and to understand the evolving landscape of cyber threats. Links: https://www.cybersecuritydive.com/news/fbi-internet-crime-bec-scams-investment-fraud-losses/746181/ https://www.bleepingcomputer.com/news/security/asus-releases-fix-for-ami-bug-that-lets-hackers-brick-servers/ https://www.theregister.com/2025/04/21/microsoft_apple_patch/ https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html https://thehackernews.com/2025/04/159-cves-exploited-in-q1-2025-283.html Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec