Decipher Podcast: Reddit’s Matt Johansen on Identity Attacks, Enterprise Security, and Burnout
Reddit's head of application security Matt Johansen joins Dennis Fisher to talk about the highlights of Black Hat USA, the
He is one of the co-founders of Threatpost and previously wrote for TechTarget and eWeek, when magazines were still a thing that existed. Dennis enjoys finding the stories behind the headlines and digging into the motivations and thinking of both defenders and attackers. His work has appeared in The Boston Globe, The Improper Bostonian, Harvard Business School’s Working Knowledge, and most of his kids’ English papers.
Reddit's head of application security Matt Johansen joins Dennis Fisher to talk about the highlights of Black Hat USA, the
Risk management is not one of humanity's strong points, but we can learn some lessons from our own real life experiences to apply
As software systems have become ever more complex, the opportunity for security researchers to show their value has grown, as
Longtime cloud security educator and researcher Rich Mogull, SVP of cloud security at FireMon, joins Decipher editor Dennis Fisher to dive into the challenges of securing multi-cloud environments, how cloud security has evolved, and how enterprises are learning to handle those changes.
New social engineering and vulnerability exploitation campaigns by North Korean threat actors are targeting people and organizations in the cryptocurrency industry.
The Sony Pictures hack in 2014 by the North Korean Lazarus Group was a seminal event both in Hollywood and in the security community, bringing to light the capabilities and ambitions of North Korean attackers and showing the damage a leak of sensitive data can be. Brian Raftery joins Dennis Fisher to discuss his new Ringer podcast, The Hollywood Hack, that digs deep into the incident, its repercussions in Hollywood, and how it helped set the tone for how companies handle public data leaks.
The focus was on Iranian APTs this week, both from private threat intelligence teams and CISA, exposing new operations from UNC757 and other groups targeting government, higher education, and private industry. We also check in on a new report from Google's Threat Analysis Group on APTs using the same exploits for zero days that were developed by private commercial surveillance vendors NSO Group and Intellexa.
CISA warns that the CVE-2024-38856 Apache OFBiz flaw disclosed earlier this month is being actively exploited.