Verizon DBIR Marries MITRE ATT&CK – Podcast

There is no question that companies are in the sights of would-be criminals looking to exploit them. While companies look at solutions and trainings to help keep the perimeter secure, the biggest fail point is often the employees, AKA the human element. In this Threatpost podcast, sponsored by Egress, we sit down with Jack Chapman to discuss the steps and tactics that companies can take to stay one step ahead of their adversaries. During our conversation, we discuss: Weaknesses that attackers look to exploit Evolution of toolkits Securing MFA and more

There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, , Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s FortiGuard Labs to discuss the threats facing CISOs along with more. During the course of our discussion, we dive into: What an attack on all fronts looks like The current state of the threat landscape New techniques being leveraged be adversaries The automation of threats We also lay out what CISOs need to consider when laying out and producing their threat action plan.

Can I tell you a secret? Will you keep it between us? You’ve probably said this or heard this when it comes to friends and family. However, do you also know that secret keeping, or lack thereof is one of the biggest issues that businesses face? According to the recent The State of the Secret Sprawl from GitGuardian further defines the breadth of business secrets. “A secret can be any sensitive data that we want to keep private. When discussing secrets in the context of software development, secrets generally refer to digital authentication credentials that grant access to services, systems and data. These are most commonly API keys, usernames and passwords, or security certificates. Secrets are what tie together different building blocks of a single application by creating a secure connection between each component. Secrets grant access to the most sensitive systems.” In this podcast with Mackenzie Jackson, developer advocate at GitGuardian, we dive into the report and also the issues that corporations face with public leaks from groups like Lapsus and more, along with as ways that developers can keep their code safe. For the full report, click here.

It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill: Visibility into adversary behavior has been muck.

The ransomware group’s benefits – monthly bonuses, fines, employee of the month, performance reviews and top-notch training materials – might be better than your own company’s, says BreachQuest’s Marco Figueroa. 

There's a yawning gap between IT decision makers' confidence about security vs. their concession that repeated incidents are their own fault, says ExtraHop's Jamie Moles.