Episode Artwork
1.0x
0% played 00:00 00:00
Sep 23 2024 51 mins   361
In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects rather than vulnerabilities, and the need for derogatory names for threat actors to deter cybercrime. The episode also covers Disney’s decision to ditch Slack following a data breach, and the impact of valid account misuse in critical infrastructure attacks. Additionally, they explore new tough cyber regulations in the EU under NIS2, and a Google security flaw from a Black Hat presentation concerning dependency confusion in Apache Airflow. The hosts share their thoughts on industry responses, regulations, and how enterprises can improve their security posture.

00:00 Introduction and Podcast Setup

00:59 First Story: CISA Boss on Insecure Software

03:26 Debate on Software Security Responsibility

11:12 Open Source Software Challenges

15:20 Cloud Imposter Vulnerability

22:22 Disney’s Data Breach and Slack

27:37 Slack Data Breach Concerns

29:26 Critical Infrastructure Vulnerabilities

35:21 EU’s New Cyber Regulations

43:42 Global Regulatory Challenges

48:42 Conclusion and Sign-Off

Links:



  • https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/

  • https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package

  • https://www.cnbc.com/2024/09/19/disney-to-ditch-slack-after-july-data-breach-.html

  • https://www.cybersecuritydive.com/news/cisa-critical-infrastructure-attacks/727225/

  • https://www.cnbc.com/amp/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html