InfoSec ICU

InfosecICU is closing its doors, and Steve and Gerry hop in the studio for a final farewell and thank you to the community that made this show such a pleasure and a success. Thank you for all the support through the 2 years we were publishing. It was a pleasure and an honor to serve […] The post Farewell InfosecICU – The Send Off Episode appeared first on MUSC Podcasts.

Gerry and Aaron discuss the exponential growth of cyber breaches in 2019, the explosion of Emotet in September, and out for comments CMS Exceptions to providing security services for free to competitors. As always they end with One Cool Thing. Show Notes Resources: Breaches up to 7.9 Billion in 2019 https://cyware.com/news/data-breaches-become-worse-as-79-billion-records-get-exposed-in-the-first-nine-months-of-2019-42139fbc Emotet surges 730%...

Gerry is riding solo this week. Laser attacks on personal digital assistants, a review on research showing a correlation between ransomware and increased heart attacks, Google’s Project Nightingale. As always they end with One Cool Thing. Show Notes Resources: Light Commands https://lightcommands.com/ Ransomware Leads to Heart Attacks https://krebsonsecurity.com/2019/11/study-ransomware-data-breaches-at-hospitals-tied-to-uptick-in-fatal-heart-attacks/ Google Project Nightingale...

Steve is back in studio for a special 100th Infosec ICU episode. The guys discuss an industry state of phishing report, the cover the problem with mHealth, and they revisit their bold cyber predictions for 2019 they made in 2018. As always they end with One Cool Thing. Show Notes Resources: Cofense Phishing Report https://cofense.com/phishing-report-2019/ […] The post Industry Phishing Report, Scoring Hosts’ 2019 Predictions, and the Problem w/ mHealth appeared first on MUSC Podcasts.

Its the PRIVACY Episode! Gerry and Matt review privacy implications of SRLabs recently released research on using digital assistants as eavesdropping devices. They interview Privacy Officer Kellie Mendoza for her perspective and reflect afterward on the interview. As always they end with One Cool Thing. Show Notes Resources: Digital Assistant Spies https://www.scmagazine.com/home/security-news/iot/malicious-voice-apps-can-turn-alexa-and-google-home-devices-into-spies-say-researchers/ Kellie...

Gerry and Matt dig into the proposed federal regulation ‘Mind Your Own Business Act’ and how it could shape privacy. They examine how to build a cybersecurity culture at your organization, and reflect on the recently released Ponemon global report on SMB cybersecurity. As always they end with One Cool Thing. Show Notes Resources: Mind […] The post Federal Privacy Legislation, Cybersecurity Culture Best Practices, SMB Still Struggling appeared first on MUSC Podcasts.

Gerry and Brandon discus various methods for malware analysis, the infosec job market, and multifactor authentication. As always they end with One Cool Thing. Show Notes Resources: Malware Analysis https://app.any.run/ Infosec Job Market https://www.cyberseek.org/heatmap.html Black Hills Information Security – 5 Year Path: Success in Infosec FBI Warning Around MFA https://www.zdnet.com/article/fbi-warns-about-attacks-that-bypass-multi-factor-authentication-mfa/ One Cool Thing Malware Traffic...

Gerry and Brandon interview professional red teamer and penetration test expert Paul Ihme. As always they end with One Cool Thing. Show Notes Resources: Paul Ihme https://www.linkedin.com/in/ihme/ One Cool Thing Security Onion https://github.com/Security-Onion-Solutions/security-onion/wiki/IntroductionToSecurityOnion Wappalyzer https://www.wappalyzer.com/ Contact Email infosecicu@musc.edu Twitter: Gerry Auger (@Gerald_Auger) Brandon Stephens (@bstephens418) The post Offensive Pentester Paul...

Gerry and Brandon discuss trends in malspam, a permanent iOS vulnerability, and a significant webkit exploit campaign. As always they end with One Cool Thing. Show Notes Resources: Malspam Trends https://www.zdnet.com/article/most-malspam-contains-a-malicious-url-these-days-not-file-attachments/ iOS Permenant Vulnerability https://www.healthcareinfosecurity.com/apple-ios-has-permanent-bootrom-vulnerability-a-13159 Webkit Zeroday for Mac and iOS...

Gerry and Brandon discuss an absurd amount of public cloud misconfigurations, IoT door locks, and things you can do to be involved with October’s National Cyber Security Awareness. As always they end with One Cool Thing. Show Notes Resources: Public Cloud Misconfigurations https://www.zdnet.com/article/99-percent-of-all-misconfiguration-in-the-public-cloud-go-unreported/ Digital and IoT Physical Security...

Gerry and Brandon discuss risk when working through merger and acquisitions and Gerry interviews Cyber Risk Underwriter’s Jeffrey Smith about cyber insurance. As always they end with One Cool Thing. Show Notes Resources: Mergers and Acquisitions Put Your IP at Risk https://www.scmagazine.com/home/opinion/executive-insight/ma-gone-bad-the-brutal-truths-about-insider-threat/ Interview with Cyber Risk Underwriter’s Jeffrey Smith Interview Commentary and Cyber Insurance One Cool […] The post...

Gerry and Brandon discuss Health Industry Cybersecurity Matrix – Information Sharing Organizations (HIC-MISO), ask how insider threats can affect your organization, and mention a NIST initiative for securing PACS systems. As always they end with One Cool Thing. Show Notes Resources: Health Industry Cybersecurity – Matrix of Information Sharing Organizations (HIC-MISO) https://healthsectorcouncil.org/hic-miso/ Insider Threats...

Gerry and Aaron discuss the current state of a HIPAA lawsuit featuring Google and UChicago Medical Center as defendants. They discuss the emerging security concerns surrounding Telehealth and what NIST is doing about it. They wrap up the main show discussing yet another major player in the market apologizing for letting humans hear private recordings. […] The post Telehealth Cybersecurity Considerations, Google and UChicago Lawsuit Updates, and Siri says Sorry appeared first on MUSC...

Gerry and Brandon discuss a breach at Massachusetts General Hospital, patient privacy reform around addiction treatment, and how to solve the cyber security problem. As always they end with One Cool Thing. Show Notes Resources: Breach at Massachusetts General Hospital https://www.idigitalhealth.com/news/data-breach-of-10k-at-mgh-puts-study-participants-genetic-info-at-risk Patient Privacy Reform for Addiction Treatment...

Gerry and Brandon discuss the coordinated attack on Texas municipalities, CHISL – a healthcare leadership security certification, and a third-party lawsuit from Delta for inadequate security. As always they end with One Cool Thing. Show Notes Resources: Texas Ransomware https://threatpost.com/coordinated-ransomware-attack-hits-23-texas-government-agencies/147457/ CHISL https://www.healthcareinfosecurity.com/interviews/new-credential-for-healthcare-security-leaders-i-4415 Delta Lawsuit...

Gerry and Brandon discuss Gerry’s Blackhat and DEFCON experience and feature a few key talks from the conference. As always they end with One Cool Thing. Show Notes Resources: BlackHat 2019 https://www.blackhat.com/us-19/ DEFCON 27 https://www.defcon.org/html/defcon-27/dc-27-index.html Deepfakes https://i.blackhat.com/USA-19/Thursday/us-19-Price-Playing-Offense-And-Defense-With-Deepfakes.pdf Cyber Insurance https://www.blackhat.com/us-19/micro-summits.html#cyber-insurance One Cool Thing...

Gerry and Brandon discuss the recent Capital One breach and how the alleged attacker was easily captured. The cover the release of 11 0-day vulnerabilities for a highly used but little discussed OS. They finish the discussion with securing healthcare patient portals. As always they end with One Cool Thing. Show Notes Resources: Capital One […] The post Capital One Breach, Urgent/11, and Securing Patient Portals appeared first on MUSC Podcasts.

Gerry and Brandon dig into a classic debate in the information security world: Encryption Backdoors. Atty General William Barr recently implored an audience of cybersecurity professionals to champion backdoors in technology implemented encryption. They discuss the utility and implementation of the state of Louisana’s ‘state of emergency’ declaration; is the National Guard a cyber fire […] The post Encryption Backdoors, State of Emergency for Ransomware Attacks, “Educating” the Human Factor...

Gerry and Brandon discuss the impending Equifax $700M settlement and what it means in a macrocosm manner. They follow up analyzing the quantified trend of CISOs on average lasting 18-24 months per job posting. They finish by interviewing Dr. Mike Ham around BGP security. As always they end with One Cool Thing. Show Notes Resources: […] The post Equifax Settling for $700M, CISOs 18-Month Shelf Life, and BGP Insecurity interview with Dr. Mike Ham appeared first on MUSC Podcasts.

Gerry and Steve discuss Zoom and Apples response and actions from the Zoom fallout of silent local webservers on endpoints. The guys discuss the Ponemon report on third party risk management in the healthcare industry. Finally they discuss the academic conference Gerry is currently attending in Charleston and feature a talk on Adversarial Attack Sampling […] The post Zoom Vulnerability Responses, Ponemon Report on 3rd Party Vendor Risk in Healthcare, Data and Privacy Security Academic...