Cybersecurity Accord, Medical Device Safety Action Plan, and Deep FakesInfoSec ICU add
Steve and Gerry discuss the 34 tech company Cybersecurity Accord announced at RSA 2018, the new plan the FDA has published with respect to medical device cybersecurity. Show Notes Resources: Cybersecurity Accord https://www.scmagazine.com/tech-giants-combine-to-protect-civilians-from-cyberattack/article/759201/ https://cybertechaccord.org/ FDA Medial Device Safety Plan https://www.fda.gov/downloads/AboutFDA/CentersOffices/OfficeofMedicalProductsandTobacco/CDRH/CDRHReports/UCM604690.pdf DeepFakes: https://www.buzzfeed.com/davidmack/obama-fake-news-jordan-peele-psa-video-buzzfeed https://www.technologyreview.com/s/610784/this-algorithm-automatically-spots-face-swaps-in-videos/ One Cool Things SkyRim Mods “Thomas the Tank Engine” https://youtu.be/yNaTZV8qS1I My Tide Times […]
The post Cybersecurity Accord, Medical Device Safety Action Plan, and Deep Fakes appeared first on MUSC Podcasts.
Data Breaches Lead to Higher Mortality Rates, IoT the High Roller Database, and HHS OCR Guidance UpdatesInfoSec ICU add
Steve and Gerry discuss recent research that demonstrates data breaches are linked to higher patient mortality rates. IoTs in the enterprise and the impending future of them are discussed, introduced by a recent casino breach that started with a thermometer. Finally they socialize recent HHS guidance on acceptable privacy disclosure. Show Notes Resources: Do data […]
Hactivism, Verizon Enterprise PHI Breach Report, and GMail Dots AttackInfoSec ICU add
Steve and Gerry drill into the Verizon PHI Data Breach Report and discuss a few surprising findings. They offer their opinion on the recent attacks on Russian and Iranian Cisco devices and the value of Hacktivism. They close out with a scam that attacks a little known feature of all GMail email addresses. Show Notes […]
The post Hactivism, Verizon Enterprise PHI Breach Report, and GMail Dots Attack appeared first on MUSC Podcasts.
Bundle of Breaches, Cloudflare DNS, and Cost of a Data BreachInfoSec ICU add
Breach, breach, breach! Steve and Gerry talk the Good, the Bad, the Ugly of recent breaches, showcasing a comparison between organizations that handle breaches well and those that fail miserably. Cloudflare’s new DNS resolver and its privacy approach are discussed followed by the Ponemon report on the cost of a data breach. Show Notes Resources: […]
The post Bundle of Breaches, Cloudflare DNS, and Cost of a Data Breach appeared first on MUSC Podcasts.
Higher Education a Target for Hackers, Biometric Authentication Shortcomings, and DakotaconInfoSec ICU add
Steve and Gerry dive headfirst into a recent indictment against 9 Iranian nationals accused of hacking universities worldwide (a majority in the US) for research capital; showing the value of academic research, they discuss a recently published paper from China outlining a technique for tricking facial recognition biometric information. Finally Gerry shares his experiences from […]
The post Higher Education a Target for Hackers, Biometric Authentication Shortcomings, and Dakotacon appeared first on MUSC Podcasts.
The Art of (cyber) War, Identity Management, and the Cambridge Analytica and Facebook DebacleInfoSec ICU add
With Gerry in South Dakota presenting his proposal for his dissertation, guest-host Brandon Stephens steps up to the plate to discuss how Sun Tzu’s The Art of War is helpful in preparing for a cyber attack. He and Steve also discuss why Identity and Access Management is so important, as well as the challenges in […]
The post The Art of (cyber) War, Identity Management, and the Cambridge Analytica and Facebook Debacle appeared first on MUSC Podcasts.
The Cybersecurity Culture War, Memcache, and Deputizing the Geek SquadInfoSec ICU add
We all think it, but now we know it. The guys discuss statistical evidence that supports employees are a weak link in healthcare cybersecurity defenses. Also attackers have discovered that they can unleash unprecedented Distributed Denial of Service (DDoS) attacks using open memcached servers. The guys cover both these topics and dive into how the […]
The post The Cybersecurity Culture War, Memcache, and Deputizing the Geek Squad appeared first on MUSC Podcasts.
What Happened with the HHS OCR Phase 2 Audits, Breaches Eroding Public Trust, and New Twists to Old ConsInfoSec ICU add
Last year HHS executed their HIPAA Phase 2 audits across covered entities and business associates, but why have things been quiet at HHS? The guys provide insights regarding the findings and suggest ideas on why HHS’s focus may have changed. The guys look at the bigger picture of the effects breaches have had on public […]
Unauthorized Access of Patient Record Sanctions and Interview with Former Anthem Information Security LeaderInfoSec ICU add
Steve and Gerry discuss healthcare employee termination when they violate privacy and ‘snoop’ on patients’ medical records, a topic Steve was interviewed for in a recent Post and Courier article. Also the guys interview and discuss a former senior leader in information security at Anthem, and his experience of being on the front lines of […]
Insider Threats at Apple, The Cost of Malicious Cyber Activity, and When MFA Goes BadInfoSec ICU add
The guys discuss a diversity of topics this week! An intern at Apple abused access resulting in the release of sensitive intellectual property. Discussion around the Executive Branch report “The Cost of Malicious Cyber Activity to the U.S. Economy” and what the challenges are around improving information security at a national level. Finally, MFA sounds […]
The post Insider Threats at Apple, The Cost of Malicious Cyber Activity, and When MFA Goes Bad appeared first on MUSC Podcasts.
Cyber Threat Intelligence, Cybersecurity Summit, and More Monero Mining AttacksInfoSec ICU add
Steve and Gerry discuss the value and utility of the recently published SANS 2018 Cyber Threat Intelligence (CTI) report. Reflections on the debate around encryption from the Charleston School of Law Cybersecurity Summit are shared and government sites serving up more than information to visitors. Show Notes Resources: Information Sharing and Analysis Centers (ISACs): https://www.nationalisacs.org/ Charleston […]
The post Cyber Threat Intelligence, Cybersecurity Summit, and More Monero Mining Attacks appeared first on MUSC Podcasts.
National Cybersecurity Safety Board, “Smart” Data, and Cyber InsuranceInfoSec ICU add
Would the creation of a National Cybersecurity Safety Board (NCSB), akin to the National Transportation Safety Board (NTSB), be a reasonable and effective mechanism to increase overall cybersecurity for all industries in the United States? Academics propose it, Gerry and Steve discuss it! Also, how smart data is giving away sensitive personnel locations and the […]
The post National Cybersecurity Safety Board, “Smart” Data, and Cyber Insurance appeared first on MUSC Podcasts.
Women in Technology and Cyber Risk Reduction Low Hanging FruitInfoSec ICU add
Women in technology and cybersecurity is an important topic. We engage with two female cybersecurity professionals to provide first hand accounts of their experiences and thoughts on women in technology and discuss several initiatives that are supporting female opportunity to learn and have a successful career in the technology and cybersecurity space. Steve and Gerry […]
The post Women in Technology and Cyber Risk Reduction Low Hanging Fruit appeared first on MUSC Podcasts.
SamSam and Zyklon, Global Risk Report, and Social Engineering the CIA DirectorInfoSec ICU add
If it isn’t broke, don’t fix it! SamSam, an old standby ransomware-focused malware, returns for an encore performance. Steve and Gerry cover the (macro-level) Global Risk Report from World Economic Forum, shining a light on cyberattacks escalation to the “magic quadrant”, and a 15 year old hacktivist manages to social engineer his way into “pwning” […]
The post SamSam and Zyklon, Global Risk Report, and Social Engineering the CIA Director appeared first on MUSC Podcasts.
Cryptomining, GDPR, and Medical Device Technical DebtInfoSec ICU add
Do you believe in a money machine? Gerry and Steve discuss the current trends in cryptomining, which seems to makes money from electricity. They also give an overview of the EU’s new privacy regulations, the General Data Protection Regulation (GDPR) and they dig into the concept of technical debt, especially as it concerns medical devices. […]
The post Cryptomining, GDPR, and Medical Device Technical Debt appeared first on MUSC Podcasts.
Meltdown and Spectre, Cryptomining TeaserInfoSec ICU add
Gerry and Steve talk about the recently released vulnerabilities Meltdown and Spectre. They covered what they are, how disclosure was handled as an industry and what you need to know as system admin or end-user. They briefly introduce Cryptomining and tease next weeks episode. Much like an audible dessert, they wrap it all up with […]
NiceHash CTO is Darkode Founder, Websites Stealing Browser Autofill Data, and New Years Cyber-ResolutionsInfoSec ICU add
Gerry and Steve talk about the recent revelation that the CTO of Bitcoin mining company NiceHash did jail time for running the Darkode cybercrime forum and the need to perform background checks to better understand risk. They also dive into a recent finding out of Princeton that identified websites using hidden form fields to grab […]
Cyber Jobs in High Demand, Industry Certifications, and Security ConferencesInfoSec ICU add
The guys look toward 2018, helping with your cyber New Year’s resolutions! They discuss cyber jobs and the demand for a cybersecurity workforce in the United States and how you can pivot into the industry or charge your career if you are already working in information security. They also drill into industry specific certifications and […]
The post Cyber Jobs in High Demand, Industry Certifications, and Security Conferences appeared first on MUSC Podcasts.
Holiday Fraud Protection, California Voter Data Breach, and the SANS Holiday Hack ChallengeInfoSec ICU add
Steve gets a bank fraud alert on his credit card and he passes along some tips to protect yourself during the holiday shopping season. Gerry talks about some attackers who went shopping through a California voter database and wins big. They both share their experience with this year’s SANS Holiday Hack Challenge. If you have […]
The post Holiday Fraud Protection, California Voter Data Breach, and the SANS Holiday Hack Challenge appeared first on MUSC Podcasts.
Stanford Chief Digital Officer Resigns over Breach Coverup, House Energy and Commerce Commission Seeks to Improve Medical Device Security, and SambaCry Attack Encrypts NASInfoSec ICU add
If you discover an internal data breach do you, a. Report it to the affected Individuals, or b. Fix it quickly and say nothing? One official at Stanford University chose poorly. The U.S. House Energy and Commerce Commission asked some great questions of Health and Human Services (HHS), including requiring medical device managers to report […]
The post Stanford Chief Digital Officer Resigns over Breach Coverup, House Energy and Commerce Commission Seeks to Improve Medical Device Security, and SambaCry Attack Encrypts NAS appeared first on MUSC Podcasts.