InfoSec ICU

The guys discuss how a presidential candidate out of Texas is a member of the Cult of the Dead Cow, a hacktivist group started in 1990’s. They cover vishing attacks and how the government is trying to pass anti-robocall legislation. Finally they touch on pentesting in the gig economy. As always they end with One […] The post Cult of the Dead Cow Presidential Candidate, Vishing Robocalls, and Pentesting in the Gig Economy appeared first on MUSC Podcasts.

What are Gerry and Steve talking about this week? Steve had an opportunity to talk with the AMA and provide a deeper dive into their comments to HHSs’ recent request for information related to HIPAA updates. The guys dig into a rare instance of federal criminal prosecution of HIPAA violation. They finish up discussing an […] The post AMA Insights into HHS OCR RFI Comments, HIPAA Criminal Prosecution, and COPPA Compliance appeared first on MUSC Podcasts.

What are Gerry and Steve talking about this week? The guys discuss the federal government beginning to engage experts to develop a bill to address citizen’s privacy. The call out Facebook for offering multi-factor authentication and then using users phone numbers for other means. They round out with the obligation of media outlets to publish […] The post Federal Privacy Bill in the Works, Facebook Abuses Access to Users Phone Numbers, HIPAA Breach Notification for Media appeared first on...

What are Gerry and Steve talking about this week? The Office of Civil Rights (OCR) asked for input on their proposal for improving patient access to PHI and the AMA responded with 29 pages of well-crafted sense. Will OCR listen? A red teamer provides some lessons learned after 6 years of penetration testing engagements. The […] The post The AMA and Patient Access, Top 3 Red Team Findings, and University of Washington Medicine Breach appeared first on MUSC Podcasts.

Gerry and Steve discuss Apple’s iOS approach to security and the nuances with the recent FBI interaction with data requests from Apple. They talk about an HHS proposed rule released at HIMSS 19 this week on healthcare interoperability and data sharing and the security concerns that may introduce. They round out with mental health concerns […] The post FBi(Cloud), HHS Expanding Interoperability, and Mental Health in Information Security appeared first on MUSC Podcasts.

Gerry and Steve discuss an ongoing case of an insurance provider withholding a claim payment because NotPetya may have been an act of war. They discuss the privacy implications of Apple holding application developers accountability for notifying users of screen capping user sessions. Finally the guys get technical, discussing a Docker (and really most container […] The post Devil’s in the Details of Cyber Security Insurance, Apple Protects Privacy, Docker Vulnerability Released appeared...

Gerry and Steve discuss MITRE’s new CVSS scoring guide for medical devices that is currently out for comments and what it could mean for healthcare. They cover a trending issue of unethical behavior using Apple watch to cheat on exams, and they round out the show covering Apple’s revoking the enterprise certificates issued to Facebook […] The post MITRE’s CVSS for Medical Device Guide, Cheating with Apple Watch, and Apple v. Facebook/Google Spat appeared first on MUSC Podcasts.

Brandon Stephens joins Steve on the show as they dig into the latest Joint Security Plan from the Healthcare and Public Health Sector Coordinating Council on Medical Device and Health IT security. They also cast their gaze to the Far East to discuss China’s plan to encourage whistle blowers to turn in debtors via an […] The post The HSCC Medical Device JSP, China looking for debt holders, and Japan attacking IoT for the Olympics appeared first on MUSC Podcasts.

Steve and Gerry are in the studio discussing a massive password cache that was discovered and if you should actually be concerned. Steve interviews Dallas Haselhorst, an HL7 protocol security expert. Finally they finish off discussing the insecurity discovered by the OIG after reviewing security controls at several DoD healthcare facilities. Show Notes Resources: Password […] The post Major Password Cache Dumped, HL7 Expert Interview, Defense Health Agency Insecurity appeared first on MUSC...

Steve and Gerry discuss The Dark Overlords 9/11 related doxware activity with law firms and “extortionware” in general. Steve interviews CISO and CPO for UChicago Medical Erik Decker. Finally the guys discuss recent news of misuse and privacy violations of Amazon Ring video feeds. Show Notes Resources: 9/11 Ransomware https://motherboard.vice.com/en_us/article/yw79k5/hacker-group-threatens-dump-911-insurance-files-dark-overlord Amazon Ring Privacy...

Steve and Gerry unpack the newest report from the Department of Health and Human Services and detail the practicality of it for helping organizations of various sizes. The share research out of UC Berkley showing how AI can re-identify HIPAA compliant de-identified data. They finish by discussing the NSA disassembler tool that will be released […] The post DHHS Cybersecurity Guidance, AI Re-Identifying PHI, and NSA Tool Release appeared first on MUSC Podcasts.

Steve and Gerry reflect on a very busy 2018 in the cyber security industry. They discuss the big stories and the lessons learned from them including SamSam’s effective attacks and Facebook’s data practices. They also cover some overblown stories from the year. They put their soothsaying abilities to the test, each submitting two predictions for […] The post 2018 Cyber Year in Review and Predictions for 2019 appeared first on MUSC Podcasts.

Steve and Gerry dive head first into the Equifax Breach Report. There is much to learn from and parallels for many businesses to self-identify. They cover a recent IG report of US Missile Defense facilities and their poor security postures. Finally they touch on an oft overlooked element of information security, properly destroying paper records. […] The post (The Juicy) Equifax Breach Report, Insecure DoD facilities, and PHYSEC appeared first on MUSC Podcasts.

Gerry and Brandon are back in the studio discussing the Marriott Starwood breach. Steve interviews an RFID/NFC bio-hacked individual, and Gerry and Brandon discuss the ramifications and privacy legislation around RFID for personal identification. Show Notes Resources: Marriott / Starwood Breach https://www.washingtonpost.com/business/2018/11/30/marriott-discloses-massive-data-breach-impacting-million-guests/ Privacy Regulations...

Gerry and Brandon discuss a recent web application vulnerability that has caused a business to respond with what appears to be breach notifications. They discuss social engineers attacking Google results to trick victims into trusting contact information. Finally, they cover several hot IoT items this holiday season and the privacy implications. Show Notes Resources: Healthcare […] The post Web App Security, Social Engineering Google Results, and Privacy Not Included appeared first on MUSC...

Gerry and Steve celebrate their 1-year anniversary of InfosecICU. They discuss an Ohio medical center struck with ransomware and how attacking during a holiday weekend is more likely for bad guys. They discuss SIM swapping attacks against high net-value individuals. The finish with a discussion of social science research that looks at how much time […] The post Ransomware Strikes Again, SIM Swapping for Profit, and Social Science Breakthroughs with De-identified Datasets appeared first on...

Brandon and Steve discuss another incident involving insecurity in text messaging as an authentication mechanism. They discuss criminals success in compromising credit card security controls. They finish with the interesting and somewhat science fiction approach to authentication via microchipping humans. Show Notes Resources: Vovox Text Messaging Issues https://techcrunch.com/2018/11/15/millions-sms-text-messages-leaked-two-factor-codes/ Chipped credit card theft and fraud […] The post...

Gerry and Steve are fresh from BSides Charleston. The two share their favorite talks and the overall thoughts on the conference. They discuss the slippery slope of privacy concerns using Amazon Echo recordings in a court case. They finish up discussing the utility of the “Hack the Air Force” competition being executed. Show Notes Resources: […] The post BSides Charleston, Alexa as a Key Witness, and Hacking The Air Force appeared first on MUSC Podcasts.

The guys discuss how the CIA’s continued usage and organic growth of a communication system that was used well past its intention led to a catastrophic impact to CIA agents in Iran and China in 2013. Steve interviews Jack Rhysider, the creator of the hot podcast “Darknet Diaries”. They wrap the show revisiting election hacking […] The post Old Tech Blows CIA Cover, Interviewing Darknet Diaries Creator, Election Hacking Revisit appeared first on MUSC Podcasts.

The guys discuss the FDA’s new guidance, currently out for comment, on premarket submissions for management of cybersecurity in medical devices. They turn to the SOC and explore a published opinion of using AI to lighten the load on Analyst 1’s in the SOC and help with burn out. The wrap up by discussing recently […] The post FDA’s Medical Device Guidance, AI in the SOC, and Malware Starter Kits appeared first on MUSC Podcasts.