Podcasts

Risk & Repeat: Payment card security a growing concern

In this week's Risk & Repeat podcast, SearchSecurity editors discuss new research from Verizon on payment card security and the effectiveness of PCI DSS compliance for enterprises.
Risk & Repeat: Alternative infosec conferences on the rise

In this week's Risk & Repeat podcast, SearchSecurity editors discuss how smaller, more targeted infosec conferences are making a name for themselves in the shadow of much larger events.

Risk & Repeat: Was the DNC hack an inside job?

In this week's Risk & Repeat podcast, SearchSecurity editors examine claims from intelligence veterans that the DNC hack was an inside job, and not the work of Russian hackers.
Risk & Repeat: MalwareTech indictment raises questions

In this week's Risk & Repeat podcast, SearchSecurity editors explore the FBI's case against security researcher Marcus Hutchins, better known as MalwareTech.
Risk & Repeat: Voting machine hacking brings good and bad news

In this week's Risk & Repeat podcast, SearchSecurity editors look back at DEFCON 2017's voting machine hacking and what it could mean for the future of U.S. election security.
Risk & Repeat: Black Hat 2017 highlights

In this week's Risk & Repeat podcast, SearchSecurity editors recap Black Hat 2017 and discuss some of the big news from the event, including the Broadpwn remote exploit.
Risk & Repeat: Why are Amazon S3 buckets spilling on the web?

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the series of enterprise data leaks through misconfigured Amazon S3 buckets and what should be done about them.
Risk & Repeat: Kaspersky Lab removed from GSA Schedule 70

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Trump administration's removal of Kaspersky Lab from the GSA Schedule 70 for federal IT contracts.
Risk & Repeat: Should IAM systems be run by machine learning?

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the identity and access management industry and how machine learning algorithms could govern IAM systems.
Risk & Repeat: NotPetya ransomware raises the stakes

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the NotPetya ransomware, its impact and the growing trend of sophisticated ransomware attacks.
Risk & Repeat: RNC voter database left open to the public

In this week's Risk & Repeat podcast, SearchSecurity editors discuss how the Republican National Committee's voter database was accidentally exposed in an Amazon S3 bucket.
Risk & Repeat: Symantec, Mozilla spar over certificate issuance

In this week's Risk & Repeat podcast, SearchSecurity editors discuss Mozilla's suggested deadline for Symantec to turn over its certificate issuance operations.
Risk & Repeat: Comey warns of more election hacking

In this week's Risk & Repeat podcast, SearchSecurity editors discuss former FBI Director James Comey's testimony on election hacking and election interference from Russia.
Risk & Repeat: Shadow Brokers launch zero-day exploit service

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Shadow Brokers' monthly service for zero-day exploits and how it may affect enterprise security efforts.
Risk & Repeat: GDPR compliance clock is ticking

In this week's Risk & Repeat podcast, SearchSecurity editors discuss GDPR compliance and how the EU law will affect enterprise data privacy and security across the globe.
Risk & Repeat: Microsoft slams NSA over EternalBlue

In this week's Risk & Repeat podcast, SearchSecurity editors discuss Microsoft's sharp criticism of the NSA over the EternalBlue Windows vulnerability and WannaCry ransomware.
Using threat intelligence tools to prevent attacks on your enterprise

Using threat intelligence tools can help your enterprise stay one step ahead of attackers and possible threats. Learn how threat intelligence can be used in your company.
Risk & Repeat: WannaCry ransomware worm shakes tech industry

In this week's Risk & Repeat podcast, SearchSecurity editors look at the devastation caused by the WannaCry ransomware worm and discuss how it could have been prevented.
Risk & Repeat: Reviewing Trump's cybersecurity executive order

This week's Risk & Repeat podcast looks at President Trump's cybersecurity executive order and how it aims to address federal government and critical infrastructure issues.
Risk & Repeat: Critical Windows bug triggers disclosure debate

This week's Risk & Repeat podcast looks at how a simple tweet about a Windows bug from Project Zero researcher Tavis Ormandy sparked a debate about vulnerability disclosure.
Risk & Repeat: Symantec offers plan to restore certificate trust

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Symantec's continued struggles with certificate trust, and what Mozilla and Google are doing about it.
Risk & Repeat: More Equation Group cyberweapons leaked

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the latest round of Equation Group cyberweapons and how Microsoft patched them.
Risk & Repeat: Mozilla joins the Symantec certificate authority debate

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss mounting pressure on the Symantec certificate authority business to provide answers about its practices.
Risk & Repeat: Juniper's Kevin Walker on SDN security challenges

In this episode of SearchSecurity's Risk & Repeat podcast, Kevin Walker, Juniper Networks' security chief technology and strategy officer, talks about SDN security challenges.
Risk & Repeat: Strong encryption under fire again

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the latest round of the encryption debate and what it means for apps that use strong encryption.
Risk & Repeat: Google slams Symantec certificates

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Google's proposed plan to distrust Symantec certificates following more allegations of mis-issuance.
Risk & Repeat: Accused Yahoo hackers indicted

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the indictments of the alleged Yahoo hackers and how the attackers minted Yahoo authentication cookies.
Risk & Repeat: Leak of CIA hacking tools creates confusion

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the confusion around WikiLeaks' release of government documents regarding CIA hacking tools.
Risk & Repeat: Does the Amazon S3 outage raise security flags?

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Amazon Simple Storage Service outage and why the incident may have security implications.
Risk & Repeat: Cloudflare bug poses incident response challenges

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Cloudflare bug that leaked an undetermined amount of customer data over several months.
Risk & Repeat: RSA Conference 2017 highlights and trends

In this episode of SearchSecurity's Risk & Repeat podcast, editors recap RSA Conference 2017 and discuss how the show addressed many security problems, but had very few answers.
Top three steps to ensure security in big data environments

Ensuring security in big data implementations remains a problem for most enterprises. Learn about the reasons why this is, and how your company can protect sensitive data.
Risk & Repeat: Pentagon cybersecurity under fire

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Pentagon cybersecurity amid reports of misconfigured servers at the U.S. Department of Defense.
Risk & Repeat: Bad Symantec certificates strike again

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the discovery of more bad Symantec certificates and what it means for the antivirus software maker.
Risk & Repeat: Windows SMB warning raises questions, concerns

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the Shadow Brokers' alleged exploit for Windows SMB and what it means for both enterprises and Microsoft.
Risk & Repeat: Doxware emerges as a new threat to data privacy

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the emergence of doxware and extortionware and what that means for enterprises and their employees.
Risk & Repeat: CES Cybersecurity Forum tackles passwords, IoT

In this episode of SearchSecurity's Risk & Repeat podcast, editors highlight the topics discussed at the CES Cybersecurity Forum, as well as new technologies showcased at the event.
Risk & Repeat: Corero on DDoS defense in the IoT era

In this episode of SearchSecurity's Risk & Repeat podcast, Dave Larson of Corero Network Security discusses how DDoS defense has shifted to deal with IoT threats.
Risk & Repeat: Tatu Ylonen on solving SSH security woes

In this episode of SearchSecurity's Risk & Repeat podcast, SSH creator Tatu Ylonen talks about the SSH security issues facing enterprises today and how they should be addressed.
Risk & Repeat: Second Yahoo data breach uncovered

In this episode of SearchSecurity's Risk & Repeat podcast, the editors discuss the second major Yahoo data breach and what it means for both the company and its users.
Risk & Repeat: Avalanche crimeware as a service busted

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the takedown of Avalanche, the crimeware as a service operation, and why the victory may be short lived.
Risk & Repeat: IoT botnets spreading, evolving

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the newest developments around IoT botnets and the threats they pose to users, devices and enterprises.
Risk & Repeat: Rapid7 tackles IoT threats, vulnerabilities

In this episode of SearchSecurity's Risk & Repeat podcast, Tod Beardsley and Rebekah Brown of Rapid7 talk about the IoT threat landscape and improving IoT device security.
Risk & Repeat: Will Rule 41 changes become cybersecurity law?

In this Risk & Repeat podcast, SearchSecurity editors discuss the controversial Rule 41 changes and what they mean for law federal enforcement and cybersecurity practices.
Risk & Repeat: Yahoo data breach details emerge

In this Risk & Repeat podcast, SearchSecurity editors discuss new information on the Yahoo data breach, including how counterfeit cookies may have been used by attackers.
Preventing trusted users from misusing their privileges

Users with privileged accounts have the ability to make critical changes to your enterprise system. Find out how to control trusted users and prevent malicious actions.
Risk & Repeat: Windows zero-day sparks disclosure debate

In this Risk & Repeat podcast, SearchSecurity editors discuss the recent Windows zero-day flaw, Microsoft's criticism of Google over the vulnerability disclosure, and more.
Risk & Repeat: Breaking down the latest Mirai IoT botnet attacks

In this Risk & Repeat podcast, SearchSecurity editors discuss the latest information on the Mirai IoT botnet and the latest DDoS attacks, and what it means for enterprise security.
Risk & Repeat: DNS DDoS attacks raise concerns over IoT devices

In this Risk & Repeat podcast, SearchSecurity editors discuss the DDoS DNS attacks on Dyn and what they mean for DNS providers, IoT device manufacturers and enterprises.
Risk & Repeat: IoT attacks on the rise

In this Risk & Repeat podcast, SearchSecurity editors discuss the new wave of IoT attacks and what they mean for enterprises, security vendors and device manufacturers.
Risk & Repeat: US accuses Russia of state-sponsored cyberattacks

In this Risk & Repeat podcast, SearchSecurity editors discuss cyber attribution following the U.S. government's claim that Russia is behind recent state-sponsored cyberattacks.
Risk & Repeat: Yahoo breach response, security practices criticized

In this Risk & Repeat podcast, SearchSecurity editors discuss the Yahoo breach and questions and criticism regarding the company's enterprise security practices.
Risk & Repeat: More Symantec vulnerabilities emerge

In this Risk & Repeat podcast, SearchSecurity editors discuss the latest Symantec vulnerabilities reported by Google Project Zero and the Shadow Brokers' Cisco exploit.
Risk & Repeat: MobileIron's James Plouffe on Mr. Robot, mobile threats

In this Risk & Repeat podcast, SearchSecurity talks with James Plouffe, lead solutions architect at MobileIron and a technical advisor for the television series 'Mr. Robot.'
Risk & Repeat: OPM breach report sheds light on infosec failings

In this Risk & Repeat podcast, SearchSecurity editors discuss the recent OPM breach report from Congress and what it means for the state of federal government cybersecurity.
Risk & Repeat: Breaking down the Intel Security sale

In this Risk & Repeat podcast, SearchSecurity editors discuss the $3.1 billion Intel Security sale and what it means for the infosec industry, the McAfee brand and Intel.
Risk & Repeat: Voter database hacks trigger election concerns

In this Risk & Repeat podcast, SearchSecurity editors discuss the recent cyberattacks on state voter databases and what they could mean for this election season.
Risk & Repeat: Shadow Brokers' dump shakes IT industry

In part two of Risk & Repeat's podcast on the Equation Group, SearchSecurity editors discuss the zero-day vulnerabilities discovered in the Shadow Brokers' data dump.
Risk & Repeat: Equation Group hack raises questions for NSA

In this Risk & Repeat podcast, SearchSecurity editors discuss the mystery behind the recent Equation Group hack and the motives and identity of the Shadow Brokers.
Risk & Repeat: Highlights and lowlights from Black Hat 2016

In this Risk & Repeat podcast, SearchSecurity editors discuss the good and bad news from Black Hat 2016 in Las Vegas, including critical flaws in web protocols.
Risk & Repeat: Malicious Tor nodes caught snooping

In this Risk & Repeat podcast, SearchSecurity editors discuss the discovery of malicious Tor secretly collecting information on users and what it means for the project.
Risk & Repeat: ASN.1 compiler jeopardizes mobile networks

In this Risk & Repeat podcast, SearchSecurity editors discuss the newly disclosed ASN.1 compiler flaw and its implications for mobile communications and network carriers.
Risk & Repeat: How bad is the httpoxy vulnerability?

In this Risk & Repeat podcast, SearchSecurity editors analyze the httpoxy vulnerability and discuss why it took so long to uncover and address a 15-year-old security flaw.
Risk & Repeat: Catching the Pokémon GO app permissions flaw

In this Risk & Repeat podcast, SearchSecurity editors try to catch some answers to the controversy around the Pokémon GO app and its permissions flaw.
Clinton email server probe highlights government security issues

In this Risk & Repeat podcast, SearchSecurity editors discuss the security lessons of the Hillary Clinton email server probe and the state of federal government cybersecurity.
Risk & Repeat: More critical Symantec vulnerabilities emerge

In this Risk & Repeat podcast, SearchSecurity editors discuss a new Google Project Zero report on yet another round of critical Symantec vulnerabilities.
Risk & Repeat: Acer data breach shows payment security shortcomings

In this Risk & Repeat podcast, SearchSecurity editors discuss the recent Acer data breach and the questions it raises about the company's payment security practices.
Risk & Repeat: Can the Symantec-Blue Coat deal succeed?

In this Risk & Repeat podcast, SearchSecurity editors discuss Symantec's big move to acquire Blue Coat Systems and what it means for both security vendors.
Ransomware worm raises concerns for enterprise security

In this Risk & Repeat podcast, SearchSecurity editors break down the discovery of the ZCryptor ransomware worm and what it means for future ransomware threats.
Android security policies all enterprises should adopt

Securing Android devices in the enterprise can seem like an uphill task. Applying these Android security policies might reduce the struggle security professionals face.
Cyberextortion reaches new heights with bug poaching

In this Risk & Repeat podcast, SearchSecurity editors discuss how a cyberextortion campaign is targeting enterprises that don't have official bug bounty programs.
Crypto-confusion: The search for the real bitcoin creator continues

In this Risk & Repeat podcast, SearchSecurity editors discuss Craig Wright's failed effort to prove he is bitcoin creator Satoshi Nakamoto and what that means for cryptocurrency.
Symantec vulnerability raises big questions for antivirus industry

SearchSecurity's Risk & Repeat podcast discusses the Symantec vulnerability disclosed by Google Project Zero and what the bug means for the antivirus industry.
IAM strategy: Update to work with new technologies

Your organization needs to make decisions about its IAM strategy in order to keep up with the new technologies its deploying. Steps to take begin at the policy level.
Top five tips for perimeterless network perimeter security

As enterprise networks go perimeterless, new network perimeter security strategies gain importance. Expert Johna Till Johnson shares five top tips for perimeterless protection.
Five ways to prepare employees for social engineering scams

Social engineering scams are abundant, proper preparation and training is key to avoiding the danger. Expert David Sherry discusses social engineering basics and explains how to keep employees out of harm's way.
How network traffic analysis helps defeat advanced malware

In this podcast learn how advanced malware works and why network traffic analysis is essential to protect your enterprise's network.
New authentication technologies can help boost online success

What authentication technologies make logging in both simple and secure, for customers and companies? This podcast explores authentication techniques that can boost sales and security.
Podcast: Explaining CISSP value to infosec pros

Shon Harris of Logical Security offers an insider's perspective on the real value of the CISSP certification and why it has become the gold standard in security certifications.
Debunking the myths of authenticated vulnerability scans

When it comes to authenticated vulnerability scans, there are many misunderstandings about the technology that leave organizations wary. Security expert Kevin Beaver explains what to expect from your scans.
The top five employee responsibilities in a BYOD security strategy

Behind any successful enterprise BYOD strategy are employees who do the right things.
Five key security analytics reports and how to build them

There are security analytics reports so effective you should run them daily. Listen to this podcast to learn what they are and how to build them.
Virtual desktop security: Exploring VDI security features

Virtual desktop security is a critical concern for any deployment. VDI security capabilities include encryption application and virtual sandboxing.
Fact or fiction: Endpoint threat protection controls that work

In this podcast, Mike Rothman discusses threat protection myths and how to ensure enterprise endpoint security controls are effective.
Podcast: Trey Ford on Black Hat 2012 security conference

Security expert Trey Ford talks about the upcoming the Black Hat security conference. Ford is general manager of Black Hat 2012.
DNSSEC deployments: The top 5 concerns and how to avoid them

A DNSSEC deployment is possibly the best mitigation for cache poisoning attacks. Learn how to avoid the top five concerns in DNSSEC deployments.
Top 5 mistakes to avoid during log management implementations

In this podcast, learn about five key issues to avoid in log management implementations so you can make the most of security event logs to augment your organization’s security posture.
Verizon DBIR 2012 overview, attack mitigation strategies

Christopher Porter of Verizon explains some of the findings from the Verizon 2012 Data Breach Investigations Report. This year, hacktivists had a big impact on the numbers.
Countdown: Top five ways to prevent a security lapse from becoming a security breach

In this podcast, learn five information security mistakes organizations often make that lead to data breaches, and how to bring resources to bear quickly to mitigate mistakes and avoid a breach.
Top Five Ways to Detect Unwanted Data in the Enterprise

Our file servers, workstations, flash drives and cloud services all contain massive amounts of data, driven by the fact that storage has quickly become an inexpensive commodity. It’s often cheaper to just keep everything than to expend time and energy sorting through outdated, irrelevant or inapplicable data. However, this practice can dramatically increase risk to the enterprise by increasing the amount of data vulnerable to an attack. In this podcast, we look at five ways that you can detect the presence of unwanted data in your environment.
Information security podcasts

Download these weekly information security podcasts covering the top news and issues enterprise infosec pros care about to your PC or favorite mp3 player.
Read-only domain controllers: What are they and why should I care?

Learn the concept of a read-only domain controller and why security professionals should recommend its use in their enterprises.
Top 5 leading-edge authentication technologies

Listen to this podcast to learn about the top five leading edge authentication technologies, including facial recognition software, HSPD12 Smart Card, Authentication as a Service, personal portable security devices, and the credit card OTP form factor.
Fact or fiction: Pros and cons of database encryption

According to our latest survey of more than 608 enterprise security pros, 80% of enterprises say protecting data is more important in 2007 than last year, and 72% admit they need a better strategy. SearchSecurity.com is responding to this growing need with a multi-lesson Data Protection Security School to help you formulate a comprehensive strategy to secure sensitive info throughout your network. When you are encrypting data within a database you have two basic choices: encrypting the entire database or encrypting specific fields at the data level. This podcast explains the pros and cons of each approach.