Jerry Gamblin from Cisco Kenna joins this week's episode to talk about all things patching. If you're the average user, you probably don't think about patching much because many of them happen automatically in the background. However many admins and users can unknowingly fall behind when it comes to protecting themselves against the latest vulnerabilities.
Everyone is tired of getting spam emails at this point, and it can feel exhausting always to click that "report spam" button just to get another phony email a few hours later. But we're here to assure you that reporting and filtering spam really does help in the long run! Nick Biasini joins the show this week to discuss all things spam for Cybersecurity Awareness Month.
To continue our Cybersecurity Awareness Month series, Harpreet Singh from Talos Incident Response joins Jon to talk about password managers. They discuss the upside of using a third-party service like 1Password or LastPass, the potential dangers of using built-in browser password managers like Google Chrome and Safari, and other good password hygiene advice.
All of October, we'll be covering broad security-related topics for Cybersecurity Awareness Month. First up, we address the basics of implementing MFA in any environment, why any type of MFA is better than no MFA, the pitfalls of certain types of authentication, and whether going passwordless is the future.
Hazel Burton takes over as guest host for this episode as she talks to Nate Pors from Cisco Talos Incident Response. Nate was part of Talos IR's team that helped Veradigm, a healthcare technology company, prevent a Qakbot ransomware attack. Nate and his team recently wrote about this experience for the Talos blog, and Veradigm's CISO even joined the Cisco Security Stories podcast recently to discuss his company's relationship with Talos IR. Nate discusses how his team's pre-existing relationship with Veradigm helped them respond quickly and effectively. If you've ever wanted to hear a play-by-play of a security event, this is your chance.
What happens when the hackers become the hacked? Black Hat is one of the largest cybersecurity conferences in the world, and Talos had a hand in defending the on-site network for the past few years. Yuri Kramarz from Talos Incident Response worked in Black Hat's Network Operations Center this year to help defend Black Hat's network and attendees who connected to the network while attending the conference in August in Las Vegas. He joins Talos Takes this week to discuss what he's learned from the past few years working in the NOC, what types of threats Black Hat faces, and the lessons learned he now takes back into the field with customers. You can also read his reflections on working in the NOC in 2022 here.
Cisco Talos has recently written about malware families that go open-source, sometimes of their own volition, and sometimes because of leaks. In the case of SapphireStealer, we still don't really know why someone posted this malware to GitHub, but now that it's out there, we can't put it back in a box. Edmund Brumaghin, who assisted with Talos' research and blog post on SapphireStealer, joins Talos Takes this week to discuss this information-stealer. Edmund talks about the goals that someone has by making malware open-source, how that affects detection and what makes SapphireStealer unique among infostealers.
North Korea's infamous APT group is back on the scene, this time with two new remote access trojans. By now, you've probably heard of Lazarus Group and all the annoying things they do to steal sensitive information, make money for North Korea's missile program, etc. But we have an update on their current tactics and payloads they're sending around the globe. Asheer Malhotra from Talos Outreach joins Talos Takes this week to discuss the two new RATs he and his team discovered, why Lazarus Group is still creating new tools, and how their use of older, open-source software has made tracking them ever-so-slightly easier.
Everything about the modern workplace is different now from the start of the COVID-19 pandemic. Many companies are embracing the remote work lifestyle, while others are stuck in a hybrid model or pushing employees to come back to the office. With that in mind, we felt like it was a good time to check in on the incident response process for companies who have to deal with working remotely and those who prefer to conduct business in person. Yuri Kramarz and Gergana Karadzhova-Dangela from Cisco Talos Incident Response join the show this week to discuss how they handle onsite incident response versus engagements that need to be done remotely. There are drawbacks and benefits of both models, so it's up to the individual customer and specific circumstances to determine how a responder can best approach the event in question.
The stereotypical "hacker" who looks to do good in the world probably involves a Guy Fawkes mask and black hoodie. But hacktivism has become much more than that, especially since Russia invaded Ukraine. On the heels of a newly released overview on hacktivism, Lexi DiScola from the Talos Threat Intelligence and Interdiction team joins Talos Takes this week to discuss these actors. While not just anyone is likely a target for hacktivists, Talos has seen groups become more brazen and start looking to make money off their operations.