Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec   /     Defensive Security Podcast Episode 280

Description

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects rather than vulnerabilities, and the need for derogatory names for threat actors to deter cybercrime. The episode also … Continue reading Defensive Security Podcast Episode 280 →

Summary

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects rather than vulnerabilities, and the need for derogatory names for threat actors to deter cybercrime. The episode also covers Disney’s decision to ditch Slack following a data breach, and the impact of valid account misuse in critical infrastructure attacks. Additionally, they explore new tough cyber regulations in the EU under NIS2, and a Google security flaw from a Black Hat presentation concerning dependency confusion in Apache Airflow. The hosts share their thoughts on industry responses, regulations, and how enterprises can improve their security posture.
00:00 Introduction and Podcast Setup
00:59 First Story: CISA Boss on Insecure Software
03:26 Debate on Software Security Responsibility
11:12 Open Source Software Challenges
15:20 Cloud Imposter Vulnerability
22:22 Disney’s Data Breach and Slack
27:37 Slack Data Breach Concerns
29:26 Critical Infrastructure Vulnerabilities
35:21 EU’s New Cyber Regulations
43:42 Global Regulatory Challenges
48:42 Conclusion and Sign-Off
Links:

* https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/
* https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
* https://www.cnbc.com/2024/09/19/disney-to-ditch-slack-after-july-data-breach-.html
* https://www.cybersecuritydive.com/news/cisa-critical-infrastructure-attacks/727225/
* https://www.cnbc.com/amp/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html

Subtitle
In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects ...
Duration
51:37
Publishing date
2024-09-23 20:01
Link
https://defensivesecurity.org/defensive-security-podcast-episode-280/
Contributors
  Jerry Bell and Andrew Kalat
author  
Enclosures
https://media.blubrry.com/1463551/content.blubrry.com/1463551/defensive_security_podcast_episode_280.mp3
audio/mpeg

Shownotes

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects rather than vulnerabilities, and the need for derogatory names for threat actors to deter cybercrime. The episode also covers Disney’s decision to ditch Slack following a data breach, and the impact of valid account misuse in critical infrastructure attacks. Additionally, they explore new tough cyber regulations in the EU under NIS2, and a Google security flaw from a Black Hat presentation concerning dependency confusion in Apache Airflow. The hosts share their thoughts on industry responses, regulations, and how enterprises can improve their security posture. 00:00 Introduction and Podcast Setup 00:59 First Story: CISA Boss on Insecure Software 03:26 Debate on Software Security Responsibility 11:12 Open Source Software Challenges 15:20 Cloud Imposter Vulnerability 22:22 Disney’s Data Breach and Slack 27:37 Slack Data Breach Concerns 29:26 Critical Infrastructure Vulnerabilities 35:21 EU’s New Cyber Regulations 43:42 Global Regulatory Challenges 48:42 Conclusion and Sign-Off

Links:

  • https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/
  • https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
  • https://www.cnbc.com/2024/09/19/disney-to-ditch-slack-after-july-data-breach-.html
  • https://www.cybersecuritydive.com/news/cisa-critical-infrastructure-attacks/727225/
  • https://www.cnbc.com/amp/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html