Ping - A Firewalls.com Podcast

Multifactor authentication (MFA) is fast becoming a requirement for a secure business network. Not only that, it's becoming a requirement for a business to qualify for the added protection of cyber insurance. WatchGuard Technologies Director of Authentication Alexandre Cagnoni takes us through why multi-factor authentication is so important in the current cyber threat landscape for businesses of all sizes. He also explains why cyber insurers consider it vital. And then, he shares how WatchGuard AuthPoint makes implementing MFA simple for the organization and its employees. Hint: There's an app for that.Read a recent article on the subject by Alexandre here: https://www.securityinfowatch.com/cybersecurity/information-security/breach-detection/article/21229613/how-hackers-bypass-mfa-and-ways-to-stop-them.And find WatchGuard AuthPoint here: https://www.firewalls.com/brands/watchguard/cloud-security/watchguard-authpoint.html.In headlines, we discuss a Robinhood data theft, a discovery of breaches across key sectors, and an international ransomware bust.See the stories:Robinhood security breach compromised data of 7 million usershttps://www.engadget.com/robinhood-users-compromised-security-breach-063802932.html Hackers have breached organizations in defense and other sensitive sectors, security firm sayshttps://www.cnn.com/2021/11/07/politics/hackers-defense-contractors-energy-health-care-nsa/index.htmlRansomware crackdown spreads in U.S., Europe and Asiahttps://www.nbcnews.com/tech/security/ransomware-crackdown-spreads-us-europe-asia-rcna4829Get info on all things network security through our blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

Cybersecurity Awareness Month turns 18 this October 2021. And just like other 18-year olds, it's graduated from dealing with fairly straight-forward problems to facing complex issues. But National Cyber Security Alliance (NCSA) Interim Executive Director Lisa Plaggemier tells us, that there are a few simple steps individuals and businesses can take to Be Cyber Smart (that's also #becybersmart). Her top two: strong passwords and MFA (multifactor authentication).Lisa also discusses the origins of Cybersecurity Awareness Month, the evolution of the threat landscape, how awareness has improved, challenges in cyber careers, and much more. Find resources about the month, and general cyber awareness tips at www.staysafeonline.org.In the news, we cover a cyber awareness survey of EU businesses, and two ransomware attacks, one on TV and another on candy. Is nothing sacred?See the headlines:Deloitte surveys: businesses have a false sense of cybersecurity caused by positive self-evaluation of their capabilities and the lack of basic defense effortshttps://business-review.eu/tech/online/deloitte-surveys-businesses-have-a-false-sense-of-cybersecurity-caused-by-positive-self-evaluation-of-their-capabilities-and-the-lack-of-basic-defense-efforts-224450 Hacking tool linked with Russian crime ring used in Sinclair ransomware attack, analysts sayhttps://www.cnn.com/2021/10/20/media/sinclair-broadcast-evil-corp-ransomware/index.htmlSticky business: Ransomware hits U.S. candymaker ahead of Halloweenhttps://www.nbcnews.com/tech/security/ransomware-hits-us-candymaker-ahead-halloween-rcna3391Get info on all things network security through our blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

Ransomware infections have been rampant in recent months. But typically, we hear more about the aftermath then what leads to a successful attack. In this episode we get the other angle. Sophos VP of Managed Threat Operations Mat Gangwer shares the multi-week story of an attack, from unpatched vulnerability to execution. The responsible ransomware cell? A new name on the scene called Atom Silo. Hear how they got in, what they did when they were there, and what steps to take to avoid a similar fate.Here's the full story of this attack: https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/In the news, we cover a couple of very high profile cyber incidents - the Facebook/Instagram/Whats App outage and the Twitch breach. Plus we discuss burnout among cybersecurity pros.See the headlines:Facebook apologizes for second outage in a week, services back uphttps://www.reuters.com/technology/instagram-feeds-not-loading-some-users-2021-10-08/10 Biggest Revelations from the Unprecedented Twitch Leakhttps://www.inverse.com/gaming/twitch-leak-hack-data-breach-streamer-payout-earningsYour cybersecurity team will face burnout, and you need to helphttps://venturebeat.com/2021/10/09/your-cybersecurity-team-will-face-burnout-and-you-need-to-help/Get info on all things network security through our blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

Zero-trust is the hot term in network security in 2021.  But one reason it's so highly sought out is that many don't know exactly what it means. We called on Fortinet Senior Director of Product Marketing Peter Newton to shed some light on the subject. Peter discusses what makes a zero-trust network philosophy, what steps a company should take to plan for the shift, and what tools can make it easier. Plus, we talk about how the right zero-trust setup makes remote work both easier and more secure simultaneously.Read Peter's blog article on the subject: https://www.fortinet.com/blog/industry-trends/how-to-implement-a-zero-trust-security-strategy In the news, we cover some REvil drama, a new finger pointing at Russia, and states' troubles filling cybersecurity jobs.See the headlines:REvil Affiliates Confirm : Leadership Were Cheating Dirtbagshttps://threatpost.com/revil-affiliates-leadership-cheated-ransom-payments/174972/ EU 'denounces' Russian malicious cyber activity aimed at member states https://thehill.com/policy/cybersecurity/573867-eu-denounces-russian-malicious-cyber-activity-aimed-at-member-states States at disadvantage in race to recruit cybersecurity proshttps://apnews.com/article/business-technology-internships-0d7fc0ee18295585292b2e13b62e88f3Get info on all things network security through our blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

Many if not most workers began working from home in March of 2020, and while the numbers have shifted since, a significant portion are still doing at least some remote work. But according to a survey, neither the remote workers or their company IT staff are too happy about the cybersecurity of it all.For our featured topic this episode, we dive into the HP Wolf Rebellions & Rejections Report, which outlines security frustrations and outright rebellious behavior from work from homers, some misses on the cyber training front from employers, and some perceived scapegoating of IT staff.In the cyber news world, we discuss identity theft of condo collapse victims, a major DDoS attack in Russia, the new National Cyber Director, and an Apple IOS patch to counteract zero-click spyware.  Here are the stories:Florida 'cyber grave robbers' charged with condo collapse ID thefthttps://www.reuters.com/world/us/three-charged-with-stealing-identities-florida-condo-collapse-victims-2021-09-08/Yandex Pummeled by Potent Meris DDoS Botnethttps://threatpost.com/yandex-meris-botnet/169368/Chris Inglis scopes out cyber turfhttps://fcw.com/articles/2021/09/09/inglis-cyber-director-turf.aspxCyber arms dealer exploits new iPhone software vulnerability, affecting most versions, say researchershttps://www.reuters.com/technology/cyber-arms-dealer-exploits-new-apple-iphone-software-vulnerability-affects-most-2021-09-13/Get info on all things network security through our blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

We previewed cyber security policy under President Biden at the beginning of 2021. But a lot of big things have happened in cybersecurity since then, making now seem a pretty good time to check in on where things stand. So we brought in an expert to help: NextGov's Mariam Baksh. Mariam tells us about the latest developments from the White House relating to cyber policy, including what may really make a difference versus what actions could just be for show. She also discusses why the NIST framework is getting a revisit, the involvement of private industry in the latest policy directions, and more. Read more from Mariam: https://www.nextgov.com/voices/mariam-baksh/15380/. And find her on the Critical Update podcast: https://www.nextgov.com/podcasts/. In headlines, we follow up with more from the T-Mobile data breach, talk about Apple and its privacy compromise, and discuss another ransomware cell calling it quits.  Here are the stories: Updating the T-Mobile Data Breach Storyhttps://www.zdnet.com/article/t-mobile-ceo-apologizes-for-massive-hack-announces-cybersecurity-deal-with-mandiant/Apple Just Traded Your Privacy for $15 Billionhttps://www.inc.com/jason-aten/apple-just-traded-your-privacy-for-15-billion.htmlDiabolical Ransomware Gang Calls It Quitshttps://www.thedailybeast.com/ragnarok-diabolical-ransomware-gang-calls-it-quitsGet info on all things network security through our blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

While ransomware has taken center stage for several months now, bad actors aren’t resting on their laurels with existing tools. Threatpost Senior Editor Tara Seals joins us to discuss a newly discovered malware, dubbed Chaos. We talk about what it resembles, what it may do, and why you should be worried. Plus, Tara tells us why the Friends reunion special led to a spike in online fraud.Read more about Chaos: https://threatpost.com/chaos-malware-ransomware-wiper/168520/. In headlines, we discuss a guilty plea for SIM swapping, a data breach affecting T-Mobile, and some troubling password numbers.  Here are the stories: Hacker Pleads Guilty to SIM Swapping Attacks, Cryptocurrency Thefthttps://www.securityweek.com/hacker-pleads-guilty-sim-swapping-attacks-cryptocurrency-theftT-Mobile investigating claims of customer data breachhttps://www.reuters.com/business/media-telecom/t-mobile-investigating-claims-customer-data-breach-vice-2021-08-15/Most employees reusing personal passwords to protect corporate datahttps://www.helpnetsecurity.com/2021/08/16/employees-reusing-personal-passwords/?web_view=trueGet info on all things network security through our blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening! 

Ransomware takes center stage in SonicWall's Mid-Year Update to its 2021 Cyber Threat Report. Out in late July, the report outlines just how bad the ransomware situation currently is, and Brook Chelmo joins us to take a closer look. We also discuss other highlights including positive news about malware in general and non-standard ports, as well as never before seen threat detection.Get your hands on the report here: https://www.sonicwall.com/2021-cyber-threat-report/.In headlines, we go over a controversial newish online tool, the rebirth(?) of some popular ransomware cells, and harassment in cyber careers.Here are the stories:A Controversial Tool Calls Out Thousands of Hackable Websiteshttps://www.wired.com/story/punkspider-web-site-vulnerabilities/ BlackMatter & Haron: Evil Ransomware Newborns or Rebirthshttps://threatpost.com/ransomware-gangs-haron-blackmatter/168212/ One third of cybersecurity workers have faced harassment at work or online - this initiative aims to stamp it outhttps://www.zdnet.com/article/one-third-of-cybersecurity-workers-have-faced-harassment-at-work-or-online-this-initiative-aims-to-stamp-it-out/ Get info on all things network security through our blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

We've turned 50, as in 50 episodes old, yet cybersecurity hasn't aged a day since we started. Ok, maybe that's not true. We take a look back over our half a hundred's worth of podcasts, spotlighting some top clips, and seeing where things stand with them now. Highlights include a pre-pandemic prediction of work from home security issues, our first covid-19 Pod from Home, an update on diversity issues in cybersecurity careers, an update on ransomware relating to hospitals and beyond, and a check-in on cyber policy under President Biden. Plus we throw in a little Christmas in July clip to warm your hearts.In headlines, we discuss a scam targeting ecommerce stores involving fraudulent returns, a trove of spyware data connected to an Israeli firm, and China called out for the recent Microsoft Exchange hack.See the stories:Return Scams Jump as Fraudsters Exploit E-commerce Boomhttps://www.wsj.com/articles/return-scams-jump-as-fraudsters-exploit-e-commerce-boom-11626168601?mod=e2tw Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infectionshttps://threatpost.com/nso-group-data-pegasus/167897/U.S. and global allies blame China for widespread cybercrime, including massive Microsoft Exchange hackhttps://www.cbsnews.com/news/u-s-global-allies-blame-china-microsoft-exchange-hack-cybercrime/?ftag=CNM-00-10aab7e&linkId=124666975Find the latest from us on our blog https://firewalls.com/blog. Please drop us a rating and review wherever you listen, and feel free to email us at podcast@firewalls.com with any questions/suggestions/concerns.And before we close the episode, we drop in a little thank you to all our guests on the first 50 Ping Podcast episodes. We appreciate them and you for listening!

With ransomware attacks seemingly at a fever pitch of late, the cyber insurance industry has come into stark focus as well, as some companies turn to their insurers to cover a ransom when attacked. But Cyber Research Analyst Jamie MacColl with the UK’s Royal United Services Institute (RUSI) tells us cyber insurance is more than just paying ransoms. He discusses his latest research paper, titled "Cyber Insurance and the Cyber Security Challenge," which examines the industry - including the positives and negatives of the current setup. He also tells us what could be done to improve it, from better collaboration, incentives for cyber secure clients, and better government guidance.In headlines, we discuss another major ransomware attack, this one particularly widespread, as well as some Google Play apps that stole Facebook credentials, and why #infosecbikini was trending recently.See the stories:Up to 1,500 businesses affected by ransomware attack, U.S. firm's CEO sayshttps://www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/Google removes popular Android apps that stole Facebook passwordshttps://finance.yahoo.com/news/google-removes-android-apps-stealing-facebook-passwords-192721252.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAGd4Ur2DMwqZlNX5MgSuYbyFBvK7IsagBsxZ5n11U53x8Gwx1-OzxxLiRRe5OkbLOI3BsmbWSbmVIDBzK2EbJVXRWpreJCUtdpoD4eh07OnCuKzjtoZ948npUAPG7OjzgfigwOsrZX1WSyoeAxmXlWEJhoX29UfPVyZ6HrzJ1YnFCybersecurity Workers Flood Twitter With Bikini Pics to Protest Harassmenthttps://www.vice.com/amp/en/article/7kvwgb/cybersecurity-workers-flood-twitter-with-bikini-pics-to-protest-harassmentFind the latest from us on our blog https://firewalls.com/blog. Please drop us a rating and review wherever you listen, and feel free to email us at podcast@firewalls.com with any questions/suggestions/concerns.Thanks very much for listening!

The network perimeter basically no longer exists, and the latest security solutions need to account for the new normal. Aaron Chen and Shane Davis with Sophos join us to talk about how the network security landscape has changed just in the last couple of years, new business cybersecurity and connectivity priorities, and the latest Sophos products that address them, including XDR (extended detection and response) and the XGS firewall series - along with the Xstream protection included within.Learn more about Sophos https://www.firewalls.com/brands/sophos.html.In headlines, we talk US government action on cybersecurity, businesses willing to pay the ransom if attacked, and a nuclear North Korean cyber attack.See the stories:Biden Sets Red Line for Putin Over Ransomware Attackshttps://www.securityweek.com/biden-sets-red-line-putin-over-ransomware-attacksSenators draft bill that would require many entities to report cyber breaches within 24 hourshttps://www.cnn.com/2021/06/16/politics/bill-report-cyber-breach-24-hours/index.html 60% of Businesses Would Consider Paying a Ransomware Demandhttps://www.infosecurity-magazine.com/news/businesses-consider-paying-ransom North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institutehttps://thehackernews.com/2021/06/north-korea-exploited-vpn-flaw-to-hack.html Find the latest from us on our blog https://firewalls.com/blog. Please drop us a rating and review wherever you listen, and feel free to email us at podcast@firewalls.com with any questions/suggestions/concerns.Thanks very much for listening!

Cybersecurity jobs are there for the taking, whether for prospective students or career changers willing to train, as employers desperately search for qualified staff. Dr. Marc Rogers of Purdue University joins us to talk about the shortage of cybersecurity pros in our home state of Indiana and beyond, and how a new website serves as a cyber career matchmaking tool. Dr. Rogers also discusses Purdue's Cyber Apprenticeship Program, the need for companies of all stripes to recognize their cyber exposure, and the state of cybersecurity and cyber threats today. In cyber headlines, it's a ransomware-a-palooza...Feds recover millions from pipeline ransom hackers, hint at U.S. internet tactichttps://www.nbcnews.com/tech/security/u-s-recovers-millions-pipeline-ransom-because-hackers-mistake-n1269889REvil, A Notorious Ransomware Gang, Was Behind JBS Cyberattack, The FBI Sayshttps://www.npr.org/2021/06/03/1002819883/revil-a-notorious-ransomware-gang-was-behind-jbs-cyberattack-the-fbi-saysNew Triple Extortion Tactichttps://www.foxbusiness.com/technology/hackers-jbs-ransomware-new-triple-extortion-tactic Fujifilm confirms ransomware attackhttps://www.securitymagazine.com/articles/95369-fujifilm-confirms-ransomware-attackCapitol Hill vendor hit by ransomware attack: reporthttps://thehill.com/policy/cybersecurity/557272-capitol-hill-vendor-hit-by-ransomware-attack-report The rise of cybersecurity debthttps://techcrunch.com/2021/06/04/the-rise-of-cybersecurity-debt/?guccounter=1 Find the latest from us on our blog https://firewalls.com/blog. Please drop us a rating and review wherever you listen, and feel free to email us at podcast@firewalls.com with any questions/suggestions/concerns.Thanks very much for listening!

We're fortunate to have two excellent interviews to share on this episode of Ping. First, we discuss the op-ed Cyber Security as Counter-Terrorism: Seeking a Better Debate (https://warontherocks.com/2021/05/cyber-security-as-counter-terrorism-seeking-a-better-debate/) with co-authors Emma Schroeder and Trey Herr with the Atlantic Council's Cyber Statecraft Initiative. They suggest the way many view cyber crime as being single, major catastrophic events is wrong, when in reality cyber crime is similar to real-world terrorism, with an ongoing landscape of danger. Hear some tips they offer to better address vulnerabilities and reframe the conversation.Then, in lieu of our regular headlines segment, we welcome writer and former IT pro Lance Whitney to discuss the status of the DarkSide ransomware group following the Colonial Pipeline attack, plus a ransomware warning to healthcare organizations shared by the FBI. And finally, we touch on a consumer caution - the practice of vishing - or voice phishing - and how Amazon orders are being used for evil.See his stories at TechRepublic: https://www.techrepublic.com/meet-the-team/us/lance-whitney/And find the latest from us on our blog https://firewalls.com/blog. Please drop us a rating and review wherever you listen, and feel free to email us at podcast@firewalls.com with any questions/suggestions/concerns.Thanks very much for listening!

In the latest case of real world implications stemming from a cyber attack, operations of the Colonial Pipeline, supplying almost half of the gasoline to the east coast of the U.S., stopped suddenly. Why? Colonial was the victim of a ransomware attack connected to the DarkSide group. We dissect the details of the attack, how it happened, what it means, how Russia may factor in, and when things might return to normal in a supersized headlines segment.Also in headlines, hear about newly discovered vulnerabilities in IoT and OT devices thanks to Microsoft threat hunters, and how one UK company's phishing email training simulation couldn't have gone more wrong.See the stories:Colonial pipeline hack claimed by Russian group DarkSide spurs emergency order from White Househttps://www.nbcnews.com/tech/security/colonial-pipeline-hack-claimed-russian-group-darkside-spurs-emergency-rcna878 https://www.axios.com/colonial-pipeline-hack-fbi-darkside-b9bce545-c37e-4377-ad35-4c280ce04460.htmlhttps://www.bbc.com/news/business-57050690 Microsoft Discovers 25 Critical Vulnerabilities in IoT Security Affecting Google, Amazon, Samsung, and Other Devices, SDKs and Librarieshttps://www.cpomagazine.com/cyber-security/microsoft-discovers-25-critical-vulnerabilities-in-iot-security-affecting-google-amazon-samsung-and-other-devices-sdks-and-libraries/Train firm’s ‘worker bonus’ email is actually cybersecurity testhttps://www.theguardian.com/uk-news/2021/may/10/train-firms-worker-bonus-email-is-actually-cyber-security-testGet info on all things network security through our blog, https://firewalls.com/blog.Please do rate and review us wherever you listen, and reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review or comment, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first.Thanks for listening!

While HTML email is nothing new, a recently discovered trick means a pretty wide open security flaw has been there all along, too. Security researcher, engineer, & tech columnist Ax Sharma joins us to explain how just a bit of code in the wrong hands can manipulate the "external sender" warning on your organization's emails - to either remove it altogether or change it to trick unsuspecting users into malicious clicks. Ax also tells us what solutions are out there to cut your risk. See the full story: Attackers can hide 'external sender' email warnings with HTML and CSSPlus, we dive deeper into the story of Facebook and the 533 million users whose data was exposed. Ax discusses the difference between a breach and data scraping, how social media users should protect their privacy, and Facebook's responsibility in this incident.In headlines, we talk about a ransomware attack targeting a major police department, another update on SolarWinds & Russia's role, and we hear more about the current state of the ransomware threat.See the stories:Hackers threaten to release DC police data in apparent ransomware attackhttps://www.theverge.com/2021/4/27/22405339/washington-dc-police-hack-data-department-ransomeware-babuk Report: Russia 'likely' kept access to US networks after SolarWinds hackhttps://www.engadget.com/russia-us-network-access-after-solarwinds-hack-192305973.html Ransomware extortion demands are growing, and so is the downtime caused by attackshttps://www.zdnet.com/article/ransomware-extortion-demands-are-growing-and-so-is-the-downtime-caused-by-attacks/Ransomware: don’t expect a full recovery, however much you payhttps://nakedsecurity.sophos.com/2021/04/27/ransomware-dont-expect-a-full-recovery/ Get info on all things network security through our blog, https://firewalls.com/blog.Please do rate and review us wherever you listen, and reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review or comment, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first.Thanks for listening!

What's your password? If you can come up with just one off the top of your head for all your accounts, you're probably doing it wrong. We take a look at just how wrong some are doing passwords courtesy of a British survey (https://www.ncsc.gov.uk/news/national-pet-day-password-advice). But don't fret, we also offer tips on how to do your passwords right, without wracking your brain.In a second featured topic, we take a cybersecurity quiz that a surprising number of respondents have failed, and discuss why that may be. With questions on - you guessed it - passwords, as well as ransomware, spearphishing, USB drives, and more, you can follow along and imagine how you'd do as well. Plus, hear why network security training in and of itself is not enough to fix the problem. See the quiz and results: https://www.talentlms.com/blog/cybersecurity-statistics-survey/. Then, it's onto headlines, with stories on a Facebook (don't call it a) breach, Fed chairman Jerome Powell's cyber concerns, and a ParkMobile data breach.See the news:After Data Breach Exposes 530 Million, Facebook Says It Will Not Notify Usershttps://www.npr.org/2021/04/09/986005820/after-data-breach-exposes-530-million-facebook-says-it-will-not-notify-users Federal Reserve Chairman Says Cyber-Risk a Top Threat to National Economyhttps://www.darkreading.com/risk/federal-reserve-chairman-says-cyber-risk-a-top-threat-to-national-economy/d/d-id/1340647ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Usershttps://krebsonsecurity.com/2021/04/parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users/Get info on all things network security through our new, improved blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

Cybersecurity laws are somewhat in their infancy in the U.S., but states are starting to get on board. Our guest Cynthia Brumfield, creator of the Metacurity newsletter and writer of all things cyber, tells us about states getting on board with liability protection for companies that take reasonable actions to secure themselves against threats. What's reasonable and what kind of safe harbor protections will states provide in court? What about data protection laws? And how does the Biden Administration plan to address cybersecurity regulations? We discuss all that and more.Find Cynthia's article on Safe Harbor laws here: https://www.csoonline.com/article/3613176/states-enact-safe-harbor-laws-against-cyberattacks-but-demand-adoption-of-cybersecurity-frameworks.htmlAnd learn about the Metacurity newsletter: https://metacurity.substack.com/In our headlines segment, we discuss a trio of ransomware stories, from a cyber insurance firm's targeting, to an inside look at a ransomware attack, to a ransomware cell gone straight.See the stories:Policyholders may be the primary target in hack of cyber insurance provider CNAhttps://www.scmagazine.com/home/security-news/ransomware/policyholders-may-be-the-primary-target-in-hack-of-cyber-insurance-provider-cna FatFace pays out $2 million to Conti ransomware ganghttps://grahamcluley.com/fatface-pays-out-2-million-to-conti-ransomware-gang Ransomware admin is refunding victims their ransom paymentshttps://www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/ Get info on all things network security through our new, improved blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening! 

The year 2020 will be remembered for many things - few positive. And another ignominious distinction has to do with cybercrime. SonicWall's 2021 Cyber Threat Report, just released on March 16, dives deep into the threat landscape to show us just how bad the year was when it comes to cyber attacks - or good if you happen to be launching them. SonicWall's Brook Chelmo joins us to go over some highlights, discussing ransomware, IoT device vulnerabilities, reasons why remote work has led to security issues, and much, much more.Get your hands on the report here: https://www.sonicwall.com/2021-cyber-threat-report/.in headlines, we go over the Hafnium Microsoft Exchange hack, a criminal communications bust, and ransomware affecting beer production - the horror!Here are the stories:"Hack everybody you can": What to know about the massive Microsoft Exchange breachhttps://www.cbsnews.com/news/microsoft-exchange-server-hack-what-to-know/ US Indicts Head of Alleged Crime Chat Comms Servicehttps://www.securityweek.com/us-indicts-head-alleged-crime-chat-comms-service?&web_view=true Molson Coors Cracks Open a Cyberattack Investigationhttps://threatpost.com/molson-coors-cyberattack-investigation/164722/Get info on all things network security through our blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

Spring has sprung - or at least is springing - in many areas, and a major tradition of the season is spring cleaning. And just like you decide which boxes to keep and which ones to dump from your home, your network needs a similar evaluation. How old is your equipment? Does it still do all you need it to? Do you need a few tweaks, or a whole new setup? Firewalls.com Director of Sales Anthony Mercho tells us what you factors to consider when evaluating your network, from the age of your equipment to changes in your organization, to improvements in technology. We also discuss getting back into the office with the hopefully coming soon drawdown of the pandemic, and what settings you may need to revisit when turning back to an in office or hybrid environment rather than exclusively work from home. Oh, and there's lots of WiFi 6, too.In headlines, hear about Congress taking a closer look at the SolarWinds hack and the lessons learned from it, why zero trust should take over, and the aftermath of the water system attack in Florida.See the stories:Congress confronts US cybersecurity weaknesses in wake of SolarWinds hacking campaignhttps://www.cnet.com/news/congress-confronts-us-cybersecurity-weaknesses-in-wake-of-solarwinds-hacking-campaign/NSA, Microsoft promote a Zero Trust approach to cybersecurityhttps://www.bleepingcomputer.com/news/security/nsa-microsoft-promote-a-zero-trust-approach-to-cybersecurity/After Oldsmar attack, Nikki Fried calls for Florida cybersecurity updatehttps://www.tampabay.com/news/business/2021/02/19/after-oldsmar-attack-nikki-fried-calls-for-florida-cybersecurity-update/ Get info on all things network security through our blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

Employees can either be your first line of defense or your greatest cybersecurity vulnerability if they’re unprepared to deal with online threats. But what’s the best way to prepare them? We talk to Rebecca McKeown, an independent Chartered Psychologist and special advisor to Immersive Labs, for some answers. Rebecca specializes in Cognitive Readiness, which helps prepare people to respond in a crisis, like a cyber attack for instance. We discuss how regular, ongoing training (aka micro-drilling) along with after action follow-ups, is the most effective method of improving crisis response, and how it’s an even more effective tool in our current remote work environment. Plus much more on the psychology of crises and challenges of working from home.In our headlines segment, Andrew & Kevin discuss the top 25 companies most commonly used in phishing emails, the people most likely to be phished (watch out Australia), and the India/Kashmir conflict going cyber.See the stories:The Top 25 Most Phished Brandshttps://www.securitymagazine.com/articles/94574-the-top-25-most-phished-brandsHybrid, Older Users Most-Targeted by Gmail Attackershttps://threatpost.com/hybrid-older-users-gmail-attackers/163826/Military, Nuclear Entities Under Target By Novel Android Malwarehttps://threatpost.com/military-nuclear-entities-under-target-by-novel-android-malware/163830/Get info on all things network security through our blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!