InfoSec ICU

Gerry and Brandon discuss a recent web application vulnerability that has caused a business to respond with what appears to be breach notifications. They discuss social engineers attacking Google results to trick victims into trusting contact information. Finally, they cover several hot IoT items this holiday season and the privacy implications. Show Notes Resources: Healthcare […] The post Web App Security, Social Engineering Google Results, and Privacy Not Included appeared first on MUSC...

Gerry and Steve celebrate their 1-year anniversary of InfosecICU. They discuss an Ohio medical center struck with ransomware and how attacking during a holiday weekend is more likely for bad guys. They discuss SIM swapping attacks against high net-value individuals. The finish with a discussion of social science research that looks at how much time […] The post Ransomware Strikes Again, SIM Swapping for Profit, and Social Science Breakthroughs with De-identified Datasets appeared first on...

Brandon and Steve discuss another incident involving insecurity in text messaging as an authentication mechanism. They discuss criminals success in compromising credit card security controls. They finish with the interesting and somewhat science fiction approach to authentication via microchipping humans. Show Notes Resources: Vovox Text Messaging Issues https://techcrunch.com/2018/11/15/millions-sms-text-messages-leaked-two-factor-codes/ Chipped credit card theft and fraud […] The post...

Gerry and Steve are fresh from BSides Charleston. The two share their favorite talks and the overall thoughts on the conference. They discuss the slippery slope of privacy concerns using Amazon Echo recordings in a court case. They finish up discussing the utility of the “Hack the Air Force” competition being executed. Show Notes Resources: […] The post BSides Charleston, Alexa as a Key Witness, and Hacking The Air Force appeared first on MUSC Podcasts.

The guys discuss how the CIA’s continued usage and organic growth of a communication system that was used well past its intention led to a catastrophic impact to CIA agents in Iran and China in 2013. Steve interviews Jack Rhysider, the creator of the hot podcast “Darknet Diaries”. They wrap the show revisiting election hacking […] The post Old Tech Blows CIA Cover, Interviewing Darknet Diaries Creator, Election Hacking Revisit appeared first on MUSC Podcasts.

The guys discuss the FDA’s new guidance, currently out for comment, on premarket submissions for management of cybersecurity in medical devices. They turn to the SOC and explore a published opinion of using AI to lighten the load on Analyst 1’s in the SOC and help with burn out. The wrap up by discussing recently […] The post FDA’s Medical Device Guidance, AI in the SOC, and Malware Starter Kits appeared first on MUSC Podcasts.

The guys discuss two dramatic stories of ABC filming reality shows in Boston and New York hospitals and the privacy infractions that followed. They shift to discussing the legislation that will go into effect January 2019 around insurance data cyber security and the recent Healthcare.gov breach. They round out the show theorizing on motives related […] The post Stories from the Front Lines, NAIC Insurance Cyber Law, Facebook Looking to Acquire a Security Firm appeared first on MUSC...

The guys discuss Medtronic’s recall of their cardiac device programmer system due to security vulnerabilities and how this is a good trend for the medical device industry. Next they discuss cyber lexicon and since words have meaning the nuances of each and how journalists may mistakenly say one thing when they mean another. They finish […] The post Medtronic Devices Recalled, Cyber Lexicon, OCR $16M Settlement with Anthem appeared first on MUSC Podcasts.

The guys dive into the hotly debated Bloomberg report about hardware compromised motherboards and the two sides of the story. They discuss the Apollo data service analytics publicly exposed database. They finish discussing Google’s decision to not disclose a data leak of their Google+ platform for political reasons and how they shuddered Google+ in response. […] The post Bloomberg Bombshell Report, Apollo Data Breach, and Google+ API Leak appeared first on MUSC Podcasts.

The guys discuss 5 recent Senate approved Cybersecurity bills and their potential impact if passed into legislation. They introduce the Department of Commerce of NTIA’s Request for Comments (RFC) regarding a US Consumer Privacy Data effort. They finish with the technical details regarding the recent Facebook breach and what the impact is to affected individuals. […] The post Senate Approved Cybersecurity Bills, US Consumer Privacy Data Efforts, and Facebook’s 50M User Account Breach...

This episode is on the move! InfoSecICU focuses on mobile device security taking a look at mobile OS cyber arms dealers NSO Group and Lucy Gang, diving into their business model and the evolution of cyber criminal enterprises. The guys pivot to mobile healthcare, discussing Apples continued move into the healthcare space and the risks […] The post Mobile Security! Cyber Arms Dealers NSO Group and Lucy Gang, and Apples Healthcare Moves appeared first on MUSC Podcasts.

Happy Anniversary to InfoSecICU! They guys celebrated the 52nd week of shows by discussing the HITRUST CSF framework for standardizing security certifications for healthcare-related vendors. They introduce a creepy story of Airbnb hosts using IoT devices to spy on guests. Finally, they discuss research that dives into the long term impact to a company’s value […] The post HITRUST CSF, Are Your Appliances Watching You, and Steps to Quantifying Reputational Harm appeared first on MUSC...

Steve and Gerry cover Health and Human Services Office of Civil Rights (HHS OCR) briefing presented to MUSC recently and discuss the clarification it brought with it. They cover the details of the recent British Airways hacked that compromised 380,000 individuals credit card information. Given the impending Hurricane Florence, the guys refresh on Disaster Recovery […] The post OCR Presents to MUSC, British Airways Hack, and Executing DR/BC appeared first on MUSC Podcasts.

Steve and Gerry discuss the privacy ramifications of the Google MasterCard deal that recently came to light. They discuss Instagram’s decision to support two-factor authenticator apps and the issues with SMS as a 2nd factor. They finish up discussing the dependence and concerns of using your phone number as your identity and authenticator. Show Notes […] The post Google MasterCard Deal, Instagram 2-Factor, Phone Number as an Identifier appeared first on MUSC Podcasts.

Steve is fresh from Gartner Catalyst and shares his experience and lessons learned. The guys discuss a follow up story from election officials that tells the other side of the story from the recent voting village hacks at DEF CON 26. They finish up with a discussion around the damages of NotPetya a year later […] The post Gartner Catalyst, Election Hacking, and NotPetya Damages appeared first on MUSC Podcasts.

Gerry and Brandon discuss the long term effect of the recently published Augusta University Medical Center Breach. They cover behavior based analysis for malicious activity on the network and utilizing RITA, a security tool from Black Hills Security Group to assist. Finally they touch on the recently enacted NIST Small Business Cybersecurity Act. Show Notes […] The post Augusta University Breach, New Age Detection Methodologies, NIST Small Business Cybersecurity appeared first on MUSC...

Gerry is back from BlackHat and he’s ready to tackle the oft-ignored member of the Confidentiality-Integrity-Availability triad as he digs into a new attack that tampers with medical device data to disastrous effect. While in Vegas, Gerry also had the opportunity to interview Jeremiah Grossman, CEO of BitDiscovery, to talk about the unique way his […] The post Biomedical Integrity Attacks, Jeremiah Grossman Interview, and Asset Inventory Reflection appeared first on MUSC Podcasts.

Brandon is back in the co-pilot’s chair as we talk about the recent GAO report that HHS is failing to protect PHI. We also share our intrigue surrounding the PHI breach at Iowa Health Group that was actually a Business Email Compromise attack. There’s also good news for Boston Childrens’ Hospital, as the hacktivist charged […] The post HHS dissed for poor cybersecurity, Iowa Health Group 1.4M patient breach, and BCG gets satisfaction against hacktivist appeared first on MUSC Podcasts.

Gerry and Steve cover the recently released practical guidance from NIST on securely integrating mobile devices into clinical practices. They discuss then poke holes in a recent, widely distributed report discussing America’s most cyber insecure airports, and with Blackhat on the horizon they provide a preview of things to expect from the event and in […] The post NIST Securing EHR on Mobile Devices, America’s Most Cyber Insecure Airports, and Blackhat Preview appeared first on MUSC...

Gerry and Steve discuss organizations challenge of securing their supply chain, citing a recent robotics company that lost IP from major car vendors. They provide an update on the Healthcare Sector Coordinating Councils efforts on executing on the 2017 Healthcare Cybersecurity Taskforce report. They dive into Emotet malware and how it has evolved from a […] The post Supply Chain Risks, Healthcare Sector Coordinating Council, and Emotet Threat Distribution appeared first on MUSC Podcasts.