JJ and Drew catch you up on cybersecurity news including new research that uncovers a host of 5G/LTE vulnerabilities, the chain of breaches in a BeyondTrust attack that led to infiltration of the US Treasury Dept., and a lawsuit against LinkedIn alleging that data from paying customers was used to train AI models. Researchers unpack... Read more »

Don’t underestimate the value of packet analysis in your security strategy. And if you’re analyzing packets, the open-source Wireshark software is a go-to tool. On today’s episode, we talk with Chris Greer, a Wireshark trainer and consultant specializing in packet analysis. Chris explains the critical role of packet analysis in cybersecurity, particularly in threat hunting... Read more »

You asked for more IPv6 and we listened. In today’s episode, we talk with Ed Horley, co-host of the IPv6 Buzz podcast about IPv6 security, migration, and adoption. We talk about how your general security strategy doesn’t change with v4 or v6, but the trouble starts with a lack of v6 knowledge. We talk about... Read more »

Transport Layer Security (TLS) relies on certificates to authenticate Web sites and enable encryption. On today’s Packet Protector we look at mechanisms that domain owners can take to ensure the validity of their digital certificates. More specifically, we cover Certification Authority Authorization (CAA) and Certificate Transparency (CT). Our guest is Ed Harmoush. Ed is a... Read more »

Autonomous Digital Experience Management, or ADEM, measures network and application performance from the user perspective and gives network and IT teams visibility into the entire data path—including the home user network, first mile and last mile, and the WAN. On today’s Packet Protector, we learn how ADEM can complement your network and security efforts with... Read more »

A Chief Information Security Officer (CISO) helps to architect and drive an organization’s security strategy. The role requires technical chops and business acumen. You also need strong communication skills to help executives understand risk and response, choose the right metrics to measure infosec effectiveness, and provide guidance to the technical teams actually running security operations.... Read more »

Our monthly news roundup discusses liability insurance for CISOs (if you are one, you should get it), serious intrusions of US telecom companies by Chinese state actors (according to the FBI), and a novel attack that leapt across multiple Wi-Fi networks. We also discuss significant vulnerabilities affecting Palo Alto Networks’ Expedition migration product, how fake... Read more »

Cyber insurance provides compensation if a company suffers financial loss due to a security incident such as a ransonware payment, costs of data recovery, legal expenses or fines, or damage to a company’s reputation. Today on the Packet Protector podcast, we discuss the ins and outs of cyber insurance with a policy holder. Joe Stern... Read more »

Surveillance is a fact of life with modern technology, be it corporate data harvesting or government snooping. If you’re thinking about personal privacy, today’s episode covers common tools for communication and Web browsing. We dig into the end-to-end encryption capabilities of the messaging tools Signal and WhatsApp, look at the capabilities and limits of the... Read more »

Microsoft’s Active Directory and Entra ID are valuable targets for attackers because they store critical identity information. On today’s Packet Protector, we talk with penetration tester and security consultant Eric Kuehn about how he approaches compromising AD/Entra ID, common problems he sees during client engagements, quick wins for administrators and security pros to fortify their... Read more »

Security professionals often have an impulse to want to move on to the next new thing. While that can be helpful in a field that thrives on change, it can also make it hard to focus on routine tasks and mundane (yet essential) security controls and practices. Whether this impulse is due to varying degrees... Read more »