InfoSec ICU

Gerry and Steve have read the indictment of Russian nationals APT28 aka “Fancy Bear” aka Unit 26165 released by the DOJ. The techniques and extent of the attacks are covered and discussed. They turn their attention to an NPR investigation into techniques health insurers are employing to determine policy premiums. Thirdly, they touch on a […] The post Russia Indictments, Insurers Exploitation of Medical Data, and Sextortion appeared first on MUSC Podcasts.

Gerry and Brandon dig into a recent lawsuit of a cyber insurance company suing a security provider for gross negligence of protecting the insurer’s client systems and what this may mean for the industry going forward. They investigate Californias new privacy law and how it relates to individuals and the healthcare industry. They finish up […] The post Security Provider Being Sued for Effectiveness, California’s New “GDPR-esque” Law, and More Wearable Security Concerns appeared first on...

Gerry’s on holiday and Security Architect Matt Jones joins the podcast to discuss the recent Magic Unicorn revelation that has forensics experts in a tizzy. We also dive into an interview with Elizabeth Snead, an expert on phishing campaigns, as she gives us insight into interesting types of phishes and what you can do to […] The post Magic Unicorns, Exactis Data Breach, and an Interview with Phishing Expert Elizabeth Snead appeared first on MUSC Podcasts.

It’s all HIPAA this week, and you’d be surprised at the meat on this bone! Steve and Gerry discuss the recent massive OCR fine to a Texas healthcare provider and how the poor understanding of HIPAA requirements and policies are leading to individuals violating HIPAA with the best of intentions. Finally, the guys cover the […] The post HIPAA Breaches, Fines, and Legislation appeared first on MUSC Podcasts.

Gerry and Steve discuss a recently released security research showing geo-location data leakage from unexpected sources. They provide a list of tried and true defense-in-depth techniques for non-corporate networks. They wrap-up with a discussion on the practical application of security in corporate settings to get end-user buy-in. Show Notes Resources: Location data leak on Google […] The post Google Location Data Leaks, Defense-in-Depth on the Homefront, and Practicality in a Security...

Gerry and Steve discuss Microsofts Red Team and how its mission to beat the bad guys to finding vulnerabilities in Windows OS. They give their thoughts on a recently released research paper on the seven properties of highly secure devices and what the impact for IoT devices in general could be. They wrap up discussing […] The post Microsoft Red Team, 7 Properties of Highly Secure Devices, and Azure Sphere appeared first on MUSC Podcasts.

In a special edition of InfoSecICU, its tool time! Brandon and Gerry discuss their experiences and lessons learned with a bevy of security related software tools that you may utilize in your organization. NSM as a philosophy is covered, followed by SysMon. The guys round out discussing approaches and appropriateness of malware analysis tool sets. […] The post Tool Time! NSM, SysMon and Malware Analysis Tools appeared first on MUSC Podcasts.

Brandon and Gerry discuss the recent NH-ISAC Summit in Sawgrass and a keynote talk regarding cyberwar and civilian collateral damages. They discuss, technically, the recently published research on VPNFilter and finish discussing some additional Amazon Alexa mishaps. Show Notes Resources: NH-ISAC Summit https://nhisac.org/summits/2018-spring-summit/ VPNFilter https://blog.talosintelligence.com/2018/05/VPNFilter.html...

Steve and Gerry discuss recently published research of two attacks that can be use to compromise the Amazon Echo digital assistant device, and the implications for digital assistants in general going forward. Multi-factor authentication (MFA) is great, but not bulletproof. Steve and Gerry discuss attack vectors and what organizations should be thinking of when implementing […] The post Digital Assistant Attacks, MFA Attacks, and JavaScript for Excel Concerns appeared first on MUSC...

Steve and Gerry discuss the use cases and privacy implications of a new website that provides aggregated access to the Internet’s live streaming web cams. A major attack on email encryption and the argument security professionals are having about it is covered. They finish with thoughts on the recently released trove of published evidence from […] The post Aggregated Live Internet Web Cams, EFail, Russian Facebook Ads Evidence appeared first on MUSC Podcasts.

Steve and Gerry discuss a serious, but often overlooked issue of children identity theft and fraud. They shed light on how organized crimes are making substantial financial investments to improve phishing attacks. They round out discussing privacy concerns with individuals DNA and how it can be used to solve cold cases. Show Notes Resources: Children […] The post DNA Privacy Considerations, Children Identity Fraud, and Organized Criminals Phishing Attacks appeared first on MUSC Podcasts.

Its all about information sharing in this episode of Infosec ICU. Steve and Gerry interview Chris Bennett, sector chief for healthcare and public health for South Carolina’s InfraGard. They discuss the plethora of ISACs available to US based companies and what values you can realize. Finally they discuss the privacy and security concerns of the […] The post Healthcare InfraGard Sector Chief Interview, National ISACs, and CISA 2015 appeared first on MUSC Podcasts.

Steve and Gerry discuss the 34 tech company Cybersecurity Accord announced at RSA 2018, the new plan the FDA has published with respect to medical device cybersecurity. Show Notes Resources: Cybersecurity Accord https://www.scmagazine.com/tech-giants-combine-to-protect-civilians-from-cyberattack/article/759201/ https://cybertechaccord.org/ FDA Medial Device Safety Plan https://www.fda.gov/downloads/AboutFDA/CentersOffices/OfficeofMedicalProductsandTobacco/CDRH/CDRHReports/UCM604690.pdf...

Steve and Gerry discuss recent research that demonstrates data breaches are linked to higher patient mortality rates. IoTs in the enterprise and the impending future of them are discussed, introduced by a recent casino breach that started with a thermometer. Finally they socialize recent HHS guidance on acceptable privacy disclosure. Show Notes Resources: Do data […] The post Data Breaches Lead to Higher Mortality Rates, IoT the High Roller Database, and HHS OCR Guidance Updates appeared...

Steve and Gerry drill into the Verizon PHI Data Breach Report and discuss a few surprising findings. They offer their opinion on the recent attacks on Russian and Iranian Cisco devices and the value of Hacktivism. They close out with a scam that attacks a little known feature of all GMail email addresses. Show Notes […] The post Hactivism, Verizon Enterprise PHI Breach Report, and GMail Dots Attack appeared first on MUSC Podcasts.

Breach, breach, breach! Steve and Gerry talk the Good, the Bad, the Ugly of recent breaches, showcasing a comparison between organizations that handle breaches well and those that fail miserably. Cloudflare’s new DNS resolver and its privacy approach are discussed followed by the Ponemon report on the cost of a data breach. Show Notes Resources: […] The post Bundle of Breaches, Cloudflare DNS, and Cost of a Data Breach appeared first on MUSC Podcasts.

Steve and Gerry dive headfirst into a recent indictment against 9 Iranian nationals accused of hacking universities worldwide (a majority in the US) for research capital; showing the value of academic research, they discuss a recently published paper from China outlining a technique for tricking facial recognition biometric information. Finally Gerry shares his experiences from […] The post Higher Education a Target for Hackers, Biometric Authentication Shortcomings, and Dakotacon...

With Gerry in South Dakota presenting his proposal for his dissertation, guest-host Brandon Stephens steps up to the plate to discuss how Sun Tzu’s The Art of War is helpful in preparing for a cyber attack. He and Steve also discuss why Identity and Access Management is so important, as well as the challenges in […] The post The Art of (cyber) War, Identity Management, and the Cambridge Analytica and Facebook Debacle appeared first on MUSC Podcasts.

We all think it, but now we know it. The guys discuss statistical evidence that supports employees are a weak link in healthcare cybersecurity defenses. Also attackers have discovered that they can unleash unprecedented Distributed Denial of Service (DDoS) attacks using open memcached servers. The guys cover both these topics and dive into how the […] The post The Cybersecurity Culture War, Memcache, and Deputizing the Geek Squad appeared first on MUSC Podcasts.

Last year HHS executed their HIPAA Phase 2 audits across covered entities and business associates, but why have things been quiet at HHS? The guys provide insights regarding the findings and suggest ideas on why HHS’s focus may have changed. The guys look at the bigger picture of the effects breaches have had on public […] The post What Happened with the HHS OCR Phase 2 Audits, Breaches Eroding Public Trust, and New Twists to Old Cons appeared first on MUSC Podcasts.