![2024-11-11 - The Old and The New - Talkin' Bout [Infosec] News cover](/_next/image?url=https%3A%2F%2Fpod.wave.co%2Flogo.png&w=1200&q=75)
Podcast Summary: "The Old and The New"
Talkin' About [Infosec] News, Powered by Black Hills Information Security
Release Date: November 15, 2024
In the November 15, 2024 episode titled "The Old and The New" of Talkin' About [Infosec] News, the Black Hills Information Security team navigates through a spectrum of cybersecurity topics, blending technical insights with engaging discussions. This episode covers everything from corporate missteps and software vulnerabilities to significant law enforcement victories and evolving security standards.
1. Opening Banter and Intros Poll [00:01 - 04:03]
The episode kicks off with light-hearted banter about merchandise and an internal debate over the podcast's intro graphics. The hosts discuss whether to stick with the traditional "old finger" graphic or adopt a newer version, ultimately deciding to present both and let listeners decide.
- Notable Quote:
John Strand [00:24]: "Wife accrual factor. Wife acquisition factor. Thank you."
2. Mattel's Withdrawal of Wicked Dolls [03:50 - 07:14]
The hosts delve into a recent incident where Mattel pulled thousands of Wicked dolls from shelves. The reason? The packaging mistakenly included the website wicked.com, which Cisco Umbrella’s content filtering erroneously categorized under pornography. This misclassification could lead to both sales issues and parental concerns.
- Notable Quote:
John Strand [05:07]: "That's why we just should never ask people their opinions. We should just do it."
3. Office Applications Crashing with CrowdStrike on Windows 11 [07:14 - 11:39]
A critical analysis unfolds regarding the compatibility issues between Office applications and CrowdStrike antivirus on Windows 11. The conversation highlights the broader implications for system administrators and questions the reliability of security software updates.
- Notable Quote:
Brian [09:35]: "They're cashing in on CrowdStrike's claim to fame."
4. Good News: Arrest of Suspected Snowflake Hacker in Canada [16:44 - 18:15]
Shifting to positive developments, the team reports the arrest of a suspected Snowflake hacker responsible for breaches at major companies like AT&T and Ticketmaster. The effective action by Canadian law enforcement marks a significant victory in the fight against cybercrime.
- Notable Quote:
John Strand [17:28]: "Mounties, by the way, don't mess around with Canadian Mounted Royal Mountain Police. Those guys do not play."
5. Interpol’s Cybercrime Sweep [18:15 - 21:15]
The podcast covers Interpol’s recent operation that dismantled 22,000 IP addresses and apprehended 41 individuals involved in generating spear phishing emails using generative AI. This crackdown underscores the growing threat of AI-assisted cyberattacks.
- Notable Quote:
Brian [21:15]: "John, I'm glad you pointed out some good news because usually we have bad news on the website."
6. AI in Cybersecurity and Deep Fakes [21:15 - 29:46]
The team explores the dual-edged sword of generative AI in cybersecurity. While AI can bolster defenses, it also enables more sophisticated attacks like deep fakes in phishing schemes. The discussion emphasizes the urgent need for enhanced security awareness training to combat these evolving threats.
- Notable Quote:
Kelly [22:46]: "I don't know that I want to feed the beast that fast and get it to grow that quickly."
7. Google Cloud Mandates MFA for All Users by 2025 [29:46 - 35:00]
A significant policy update is discussed: Google Cloud's requirement for Multi-Factor Authentication (MFA) for all users by 2025. The hosts analyze the potential benefits for security and the challenges it poses for both enterprise and individual users.
- Notable Quote:
Kelly [30:04]: "How is this a bad plan? Right?"
8. Acquisition of CompTIA by HIG Capital and Thoma Bravo [49:28 - 58:17]
The episode delves into the acquisition of CompTIA by venture capital firms HIG Capital and Thoma Bravo. Concerns are raised about potential price hikes and reduced accessibility of CompTIA certifications, which have long been an entry point for many in IT and cybersecurity.
- Notable Quote:
John Strand [50:25]: "They’re spawning or spinning that particular thing off and they’re going to be focusing on their library, they’re going to be focusing on their certifications and I think they have how many 35 million people, 3.5 million people have been, have been certified by CompTIA."
9. Penetration Testing Standards and Practices [47:28 - 49:28]
The hosts emphasize the importance of varied penetration testing methodologies, from standard vulnerability scans to advanced red and purple team exercises. They advocate for tailored testing approaches to effectively identify and mitigate security risks.
- Notable Quote:
John Strand [47:43]: "Any firm that you work with should help you kind of navigate that to get to the right thing."
10. Password Policies and NIST Updates [37:03 - 44:35]
A discussion on outdated password policies leads to the acknowledgment of recent updates by NIST, advocating for longer and more complex passwords. The team criticizes previous standards for minimal security and praises current improvements as crucial steps forward.
- Notable Quote:
John Strand [38:44]: "NIST guideline was updated. Minimum of eight characters in length. Should require passwords to be a minimum length of 15 characters. So that's a great update, like nothing but kudos to NIST for Making that change."
11. Closing Remarks and Community Engagement [59:57]
The episode wraps up with an encouragement for listeners to participate in the Sans Holiday Hack Challenge, promoting community involvement and skill enhancement in cybersecurity.
- Notable Quote:
John Strand [59:57]: "Thank you very much everybody for joining and we will see you all next week."
Conclusion:
"The Old and The New" episode offers a comprehensive exploration of current cybersecurity challenges and developments. From corporate missteps and software vulnerabilities to significant law enforcement successes and evolving security standards, the Black Hills Information Security team provides valuable insights for both professionals and enthusiasts in the infosec community. Their balanced approach ensures that listeners are not only informed but also engaged, blending serious discourse with relatable conversations.