The Threatpost Podcast

There is no question that companies are in the sights of would-be criminals looking to exploit them. While companies look at solutions and trainings to help keep the perimeter secure, the biggest fail point is often the employees, AKA the human element. In this Threatpost podcast, sponsored by Egress, we sit down with Jack Chapman to discuss the steps and tactics that companies can take to stay one step ahead of their adversaries. During our conversation, we discuss: Weaknesses that attackers look to exploit Evolution of toolkits Securing MFA and more

There is no question that the level of threats facing today's businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, , Chief Security Strategist & VP Global Threat Intelligence, Fortinet's FortiGuard Labs to discuss the threats facing CISOs along with more. During the course of our discussion, we dive into: What an attack on all fronts looks like The current state of the threat landscape New techniques being leveraged be adversaries The automation of threats We also lay out what CISOs need to consider when laying out and producing their threat action plan.

Can I tell you a secret? Will you keep it between us? You've probably said this or heard this when it comes to friends and family. However, do you also know that secret keeping, or lack thereof is one of the biggest issues that businesses face? According to the recent The State of the Secret Sprawl from GitGuardian further defines the breadth of business secrets. "A secret can be any sensitive data that we want to keep private. When discussing secrets in the context of software development, secrets generally refer to digital authentication credentials that grant access to services, systems and data. These are most commonly API keys, usernames and passwords, or security certificates. Secrets are what tie together different building blocks of a single application by creating a secure connection between each component. Secrets grant access to the most sensitive systems." In this podcast with Mackenzie Jackson, developer advocate at GitGuardian, we dive into the report and also the issues that corporations face with public leaks from groups like Lapsus and more, along with as ways that developers can keep their code safe. For the full report, click here.

It's about time, AttackIQ's Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill: Visibility into adversary behavior has been muck.

The ransomware group's benefits – monthly bonuses, fines, employee of the month, performance reviews and top-notch training materials – might be better than your own company's, says BreachQuest's Marco Figueroa.

There's a yawning gap between IT decision makers' confidence about security vs. their concession that repeated incidents are their own fault, says ExtraHop's Jamie Moles.

It's not just Ukraine: Threat intel experts are seeing a flood of data on Russian military, nukes and crooks, even with the Conti ransomware gang having shuttered its leaking Jabber chat server.

Stock your liquor cabinets and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say "Zero Trust."

With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.

Applications are the most preferred vectors for cybercriminals. Yet no single team or process can assure the rollout of safe cloud applications. From code design to unit testing to deployment, teams and tools have to work together to detect risks early while keeping the pipeline of digital products moving. Alex Rice, CTO at HackerOne and Johnathan Hunt, VP of Security at GitLab, help development teams evolve their processes to build security directly into their workflows for smooth and safe cloud app rollouts. They dropped by the Threatpost podcast recently to share tips on DevSecOps, including: How to build a continual testing, monitoring, and feedback processes to drive down application risk. Developing a continuous approach to application security and DevOps security tools. Why collaboration and continual feedback is essential across development, cloud and security teams. …as well as how to deal with the boatload of animosity between development and security teams. One tip: Assume positive intent!

Threatpost podcast: Cybereason CTO Yonatan Striem-Amit shares details about the company's vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show having been disclosed.

Imperva's Peter Klimek visited Threatpost podcast to discuss the evolution of DDoS attacks: They started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,