Podcasts
-
Risk & Repeat: Apple bug bounty frustrations boil over
Security researchers criticized the Apple Security Bounty program and claimed the company ignored bug reports, denied bounty payments and silently patched vulnerabilities.
-
Risk & Repeat: ProxyShell problems mount
CISA warned threat actors have begun exploiting the dangerous ProxyLogon flaws, but tens of thousands of vulnerable Microsoft Exchange servers remain online.
-
Risk & Repeat: Vulnerability patching still falling short
Many organizations still fail to patch critical vulnerabilities, even when they're under exploitation in the wild. What are the best ways to improve patching rates?
-
Risk & Repeat: Breaking down the Kaseya ransomware attacks
Nearly two weeks after REvil ransomware hit hundreds of companies, Kaseya and its managed service providers are still assessing the damage from the supply chain attack.
-
Risk & Repeat: US opens door for hacking back
This episode of the Risk & Repeat podcast discusses the growing pressure on the U.S. to respond to cyber attacks and if hacking back will be part of the plan.
-
Risk & Repeat: Colonial Pipeline CEO grilled by Congress
Colonial Pipeline Co. CEO Joseph Blount faced criticism from several members of Congress this week during two different hearings on the recent ransomware attack.
-
Risk & Repeat: Security startups and trends from RSAC 2021
Analyst Carla Roncato of Enterprise Strategy Group weighs in on RSA Conference and the security startups featured during the show's Innovation Sandbox competition.
-
Risk & Repeat: Recapping RSA Conference 2021
Election security, nation-state threats and supply chain attacks were major topics at this year's RSA Conference, which was held as a virtual event.
-
Risk & Repeat: Will the Ransomware Task Force make an impact?
The Institute for Security and Technology's Ransomware Task Force published several recommendations to better address the growing security threat. Will they work?
-
Risk & Repeat: FBI's web shell removal raises questions
The FBI accessed computers -- without the knowledge or consent of the owners -- to remove hundreds of web shells placed in vulnerable Microsoft Exchange servers.
-
Risk & Repeat: Recapping the Exchange Server attacks
This week's Risk & Repeat episode looks back at the Microsoft Exchange Server attacks, plus the questions and mysteries surrounding the ongoing threat.
-
Risk & Repeat: Inside the SolarWinds Senate hearing
This week's Senate Intelligence Committee hearing on SolarWinds tackled the attribution case against Russian state-sponsored hackers, as well as questions for AWS.
-
Risk & Repeat: SolarWinds and the hacking back debate
This week's Risk & Repeat podcast looks at a recent '60 Minutes' episode that discussed the possibility of the U.S. government hacking back in response to the SolarWinds attacks.
-
Risk & Repeat: Oldsmar water plant breach raises concerns
This week's Risk & Repeat podcast looks at how an unknown threat actor used TeamViewer to manipulate chemical levels in a water treatment facility in Oldsmar, Fla.
-
Risk & Repeat: Diving into the dark web
This week's Risk & Repeat podcast discusses the state of the dark web in 2021, how it has changed and what enterprises should know about the threats that exist there.
-
Risk & Repeat: SolarWinds attacks come into focus
This week's Risk & Repeat podcast discusses the fallout from the SolarWinds backdoor attacks as new victims and additional information have come to light.
-
Risk & Repeat: SolarWinds backdoor shakes infosec industry
This week's Risk & Repeat podcast discusses the latest developments around the devastating SolarWinds backdoor attacks, which impacted several U.S. government agencies.
-
Risk & Repeat: Christopher Krebs out as CISA director
This week's Risk & Repeat podcast discusses President Trump's firing of CISA Director Christopher Krebs, which was a controversial move in the infosec community.
-
Risk & Repeat: 2020 election security in review
This week's Risk & Repeat podcast looks back at the 2020 election, which was free of major cyber attacks or hacks but has seen a rise in disinformation campaigns online.
-
Risk & Repeat: Black Hat 2020 highlights
This week's Risk & Repeat podcast recaps Black Hat USA 2020 and discusses some of the best sessions, worst vulnerabilities and the overall virtual conference experience.
-
Risk & Repeat: Sophos warns of evolving ransomware threats
Dan Schiappa and Chester Wisniewski of Sophos join the Risk & Repeat podcast to discuss how ransomware groups are evolving and embracing innovative evasion techniques.
-
Risk & Repeat: Twitter breach leads to account hijacking
This week's Risk & Repeat podcast discusses how threat actors gained access to Twitter's internal systems and hijacked the accounts of Jeff Bezos, Bill Gates and others.
-
Risk & Repeat: Vault 7 report slams CIA security practices
This week's Risk & Repeat podcast discusses the CIA's internal task force report on the Vault 7 leak, which blasted the agency for a variety of serious security lapses.
-
Risk & Repeat: Are ransomware groups joining forces?
This week's Risk & Repeat podcast discusses the prospect of ransomware gangs working together and what it could mean for enterprises and the overall threat landscape.
-
Risk & Repeat: When will mobile voting be ready?
This week's Risk & Repeat podcast examines the rise of mobile voting apps and how security experts have expressed concerns about the risks deploying the technology for elections.
-
Risk & Repeat: Black Hat, DEF CON canceled
This week's Risk & Repeat podcast looks at the recent cancellations of Black Hat USA 2020 and DEF CON 28 and what their virtual replacements will try to accomplish.
-
Risk & Repeat: RDP security under fire amid COVID-19
This week's Risk & Repeat podcast looks at how Microsoft's Remote Desktop Protocol, already a popular vector with hackers, has received even more attention during the pandemic.
-
Risk & Repeat: Are ransomware attacks up or down?
This week's Risk & Repeat podcast looks at the latest research and analysis around ransomware to see what effect the COVID-19 pandemic has had on the threat landscape.
-
Risk & Repeat: Are Zoom security fears overblown?
This week's Risk & Repeat podcast looks at the backlash against Zoom over security and privacy concerns and asks whether there's been an overreaction.
-
Risk & Repeat: Zoom security comes under fire
This week's Risk & Repeat podcast looks at several security issues Zoom faced over the last week, which led to questions about the company's privacy and security practices.
-
Risk & Repeat: COVID-19 boosting social engineering attacks
This episode of the Risk & Repeat podcast looks at how social engineering attacks have become more successful by taking advantage of the coronavirus pandemic.
-
Risk & Repeat: Coronavirus-themed threats on the rise
This week's Risk & Repeat podcast looks at the disruption caused by COVID-19, as well as the sharp increase in cyberthreats designed to exploit the pandemic.
-
Risk & Repeat: Recapping RSA Conference 2020
This Risk & Repeat podcast looks back at RSA Conference and discusses some of the highlights from the show, from ransomware trends to nation-state hacking discussions.
-
Risk & Repeat: Breaking down RSA Security's sale
This Risk & Repeat podcast discusses Dell's recent sale of RSA for $2.075 billion, plus insights from experts on where venture capital firms are investing this year.
-
Risk & Repeat: Mobile World Congress canceled, RSAC 2020 still on
This week's Risk & Repeat podcast discusses RSA Conference's decision to move ahead with the show after the cancellation of Mobile World Congress over coronavirus concerns.
-
Risk & Repeat: More McAfee executives depart
This week's Risk & Repeat podcast discusses the revelation that more executives have left McAfee amid the unexpected departure of longtime CEO Chris Young last month.
-
Risk & Repeat: 2019 data breaches in review
This week's Risk & Repeat podcast looks at some of the biggest data breach disclosures from the second half of 2019 and discusses the trends around these incidents.
-
Risk & Repeat: Trump takes aim at DNC hack and CrowdStrike
This week's Risk & Repeat podcast looks at President Trump's recent comments about CrowdStrike and the DNC 'server' and the misinformation around Russian election interference.
-
Tenable CEO Amit Yoran wants to stop 'cyber helplessness'
This week's Risk & Repeat podcast features Tenable CEO Amit Yoran, who discusses what he calls 'cyber helplessness' and how the mentality is infecting enterprises.
-
Risk & Repeat: Cisco vulnerabilities raise backdoor concerns
This week's Risk & Repeat podcast looks at vulnerabilities in Cisco and Huawei products, which have raised concerns about backdoor access in networking equipment.
-
Risk & Repeat: RSA Conference 2019 in review
This week's 'Risk & Repeat' podcast looks back at RSA Conference and discusses the show's diversity and inclusion efforts as well as the top trends and sessions from the show.
-
Risk & Repeat: Apple restores enterprise certificates for Facebook, Google
This week's Risk & Repeat podcast looks at Apple's decision to temporarily revoke Facebook's and Google's enterprise certificates following reports of questionable app activity.
-
Risk & Repeat: DNC renews election hacking concerns
This week's Risk & Repeat podcast looks at the claims of the Democratic National Committee that Russian hackers tried to breach its network following the midterm elections.
-
Risk & Repeat: Expired certificates loom amid government shutdown
This week's Risk & Repeat podcast looks at the expiration of more than 80 TLS certificates for U.S. government websites amid the ongoing government shutdown.
-
Risk & Repeat: What APT10 means for managed service providers
This week's Risk & Repeat podcast discusses how a Chinese state-sponsored threat group known as APT10 hacked into managed service providers to gain access to their clients.
-
Risk & Repeat: Lessons from the Equifax breach report
This week's Risk & Repeat podcast looks at the U.S. House Committee on Oversight and Government Reform report on the Equifax breach and the infosec lessons to be learned from it.
-
Risk & Repeat: NRCC breach stokes election security fears
This week's Risk & Repeat podcast looks at the recently disclosed cyberattack on the National Republican Congressional Committee and the questions that remain about it.
-
Risk & Repeat: RSA Conference 2019 eyes diversity improvements
This week's Risk & Repeat podcast looks at RSA Conference's diversity and inclusion initiatives and discusses what they mean for both the event and the infosec industry.
-
Risk & Repeat: DeepMasterPrints spells trouble for biometrics
This week's Risk & Repeat podcast looks at the future of biometric authentication after researchers unveiled a new approach that uses neural networks to bypass fingerprint scanners.
-
Risk & Repeat: Who's to blame for bad passwords?
This week's Risk & Repeat podcast discusses whether users are responsible for creating and reusing weak passwords or if the technology systems themselves are to blame.
-
Risk & Repeat: Are we winning the war on cybercrime?
On this week's Risk & Repeat podcast, Chet Wisniewski of Sophos discusses his company's latest research and explains why there's reason for optimism in the war on cybercrime.
-
Risk & Repeat: MIT CSAIL discusses securing the enterprise
This week's Risk & Repeat podcast discusses the MIT CSAIL Securing the Enterprise conference and how experts there advocated for new strategies and approaches to infosec.
-
Risk & Repeat: Facebook breach raises regulatory questions
This week's Risk & Repeat podcast discusses new developments regarding Facebook's recent data breach, as well as the social networking giant's response to the incident.
-
Risk & Repeat: Military cybersecurity scrutinized in GAO report
This week's Risk & Repeat podcast discusses the GAO report on vulnerabilities and weaknesses in modern weapons systems and what they mean for the U.S. military.
-
Risk & Repeat: Inside the Facebook 2FA fail
This week's Risk & Repeat podcast discusses the latest controversy for Facebook, which has been using two-factor authentication numbers for advertising purposes.
-
Risk & Repeat: NSS Labs lawsuit shakes infosec industry
This week's Risk & Repeat podcast discusses NSS Labs' antitrust suit against several security vendors, including CrowdStrike and the Anti-Malware Testing Standards Organization.
-
Risk & Repeat: Trend Micro apps land in hot water
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Trend Micro's Mac apps, which have come under fire for questionable data collection features.
-
Risk & Repeat: Inside the GAO's Equifax breach report
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Government Accountability Office's report on the Equifax breach and the questions it raises.
-
Risk & Repeat: Fortnite flaw disclosure enrages Epic Games
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the dispute between Google and Epic Games over a newly disclosed flaw in the Android version of Fortnite.
-
Risk & Repeat: Are the Meltdown and Spectre flaws overhyped?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss whether or not Meltdown and Spectre deserved to be nominated for the Pwnie Awards' Most Overhyped Bug.
-
Risk & Repeat: Meltdown and Spectre disclosure in review
In this week's Risk & Repeat podcast, SearchSecurity editors discuss new insights -- and questions -- regarding the coordinated disclosure effort for Meltdown and Spectre.
-
Risk & Repeat: Can Disclose.io help protect vulnerability researchers?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Disclose.io project and what it could mean for the future of security research and vulnerability disclosure.
-
Risk & Repeat: A deep dive on SamSam ransomware
In this week's Risk & Repeat podcast, SearchSecurity editors talk about the SamSam ransomware campaign, which may be the work of a single hacker who's made nearly $6 million.
-
Risk & Repeat: DHS warns of power grid cyberattacks
In this week's Risk & Repeat podcast, SearchSecurity editors discuss a new warning from the Department of Homeland Security regarding Russian hackers targeting the U.S. power grid.
-
Risk & Repeat: Closing the gender gap at cybersecurity conferences
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the under-representation of women at cybersecurity conferences and how it affects the infosec industry.
-
Risk & Repeat: New concerns about smartphone spying
In this week's Risk & Repeat podcast, SearchSecurity editors discuss research that shows some Android apps record video of users' screens without permission or notifications.
-
Risk & Repeat: Is AI-driven identity management the future?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Identiverse 2018 and how artificial intelligence is being applied to identity and access management.
-
Risk & Repeat: U.S. government eyes offensive cyberattacks
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the risks of the U.S. Cyber Command engaging in offensive cyberattacks against foreign adversaries.
-
Risk & Repeat: New election security bill introduced
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Protecting American Votes and Elections Act of 2018, which requires paper ballots and audits.
-
Risk & Repeat: What do Google's AI principles mean for cybersecurity?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Google's new principles for artificial intelligence and how they may impact the use of AI for cybersecurity.
-
Risk & Repeat: More trouble for federal cybersecurity
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent federal cybersecurity report, which found the majority of agencies have significant security gaps.
-
Risk & Repeat: Are ICS threats being overblown or ignored?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss dangers to critical infrastructure in the wake of a new report on the threat actors behind the Trisis malware.
-
Risk & Repeat: Breaking down the Efail flaws
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Efail vulnerabilities in PGP and S/Mime protocols, as well as the rocky disclosure process for the flaws.
-
Risk & Repeat: Why Ray Ozzie's Clear proposal isn't so clear
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Ray Ozzie's solution for going dark, known as Clear, and what infosec experts are saying about it.
-
Risk & Repeat: Business email compromise on the rise
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rise in business email compromise activity based on new data from the FBI's 2017 Internet Crime Report.
-
Risk & Repeat: RSAC 2018 recap, part two
In this week's Risk & Repeat podcast, SearchSecurity editors discuss more trends and takeaways from RSA Conference 2018, from incident response services to AI and automation.
-
Risk & Repeat: Hacking back, GDPR and more from RSAC
In this week's Risk & Repeat podcast, SearchSecurity editors discuss some of the major themes and debates from RSA Conference, from hacking back to GDPR compliance.
-
Risk & Repeat: Breaking down the Verizon DBIR 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the '2018 Verizon Data Breach Investigations Report' and its findings about ransomware, phishing and more.
-
Risk & Repeat: RSAC 2018 trends focus on AI, blockchain
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the big questions ahead of RSA Conference 2018, as well as notable sessions and speakers scheduled for the event.
-
Risk & Repeat: New revelations in San Bernardino iPhone case
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the OIG report's findings on the FBI's effort to unlock the iPhone of one of the San Bernardino terrorists.
-
Risk & Repeat: IBM Think 2018 highlights AI, blockchain
In this week's Risk & Repeat podcast, SearchSecurity editors recap IBM Think 2018 and discuss Watson's Law and Big Blue's pledge to keep user data safe from misuse and exposure.
-
Risk & Repeat: OURSA takes RSA Conference to task
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the emergence of OURSA to highlight diversity and the RSA Conference's lack of female keynote speakers.
-
Risk & Repeat: Assessing the Memcrashed attacks
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Memcrashed exploit and the recent trend of record-setting DDoS attacks against enterprises.
-
Risk & Repeat: Trustico certificate drama a cause for concern
In this week's Risk & Repeat podcast, SearchSecurity editors discuss how a controversial move by reseller Trustico led to 23,000 Symantec SSL certificates being revoked.
-
Risk & Repeat: Is the cyberthreat landscape shifting to cryptomining?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss how new attacks, like cryptojacking, may be supplanting previous top cyberthreats, such as ransomware.
-
Risk & Repeat: Intel bug bounty tackles side channel attacks
In this week's Risk & Repeat podcast, SearchSecurity editors examine Intel's new bug bounty for side channel attacks and what it says about Meltdown and Spectre.
-
Risk & Repeat: Cyberinsurance market gets a shake-up
In this week's Risk & Repeat podcast, SearchSecurity editors discuss a new industry partnership designed to give Apple and Cisco customers beneficial cyberinsurance policies.
-
Risk & Repeat: Cryptomining malware on the rise
In this week's Risk & Repeat podcast, SearchSecurity editors discuss how the threat of cryptomining malware is evolving and what it means for enterprises and infosec vendors.
-
Risk & Repeat: Meltdown and Spectre mitigation efforts stumble
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Meltdown and Spectre mitigations efforts and why they're struggling with bad updates and miscommunication.
-
Risk & Repeat: Backdoor access, strong encryption debate rolls on
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the FBI's continued criticism of encrypted devices and the risks of vendor-created backdoor access points.
-
Risk & Repeat: Let's Encrypt certificates offer pros, cons
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Let's Encrypt certificates and weigh the positives and negatives the free certificate authority provides.
-
Risk & Repeat: Meltdown and Spectre vulnerabilities shake industry
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the discovery of the Meltdown and Spectre vulnerabilities and their effect on information security.
-
Business threat analytics: How does real-time data impact results?
Explore the top things you should know about real-time analytics with Johna Till Johnson and learn how it reduces false positives detected in your system on a daily basis.
-
Risk & Repeat: The TLS 1.3 clock continues to click
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the long wait for TLS 1.3 and the effects -- positive and negative -- the delays have had for enterprise security.
-
Risk & Repeat: Cybersecurity predictions for 2018
In this week's Risk & Repeat podcast, SearchSecurity editors offer their cybersecurity predictions for 2018, including forecasts for cryptojacking, DDoS attacks and other threats.
-
Risk & Repeat: Cryptojacking looms amid the bitcoin boom
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rising threat of cryptojacking and how hackers can steal computing power from unsuspecting users.
-
Risk & Repeat: The Bitcoin boom and its infosec effects
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent bitcoin boom and how the cryptocurrency's rising value could affect the cybersecurity landscape.
-
Risk & Repeat: Analyzing the accidental data breach
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rise of accidental data breaches following a series of enterprise exposures of user data online.
-
Risk & Repeat: Uber data breach has implications for infosec
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Uber data breach, which was concealed by company officials, and the ethics of data breach disclosure.
-
Risk & Repeat: Vulnerabilities Equities Process gets an update
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the new charter for the Vulnerabilities Equities Process and what it means for the infosec community.
Photo Stories
-
The evolution of MFA security tokens
-
Is FIDO authentication the future of online authentication products?
-
Slideshow: Five common Web application vulnerabilities and mitigations
-
Mobile security survey 2012 audio slideshow
Videos
-
AI security concerns keeping infosec leaders up at night
-
Telework security requires meticulous caution, communication
-
Where does security fit into SDLC phases?
-
Security behavioral analytics: The impact of real-time BTA
-
The OSI model layers explained: Get to know the network
-
As privacy requirements evolve, CISSPs must stay informed