-
Podcast Feb 22, 2024
Root Causes 364: Video Conference Deepfake Enables $25 Million Theft
Deepfakes continue to show themselves as part of the criminal toolkit. A recent deepfake spear phish enabled a $25 million Business Email Compromise (BEC).
-
Podcast Feb 19, 2024
Root Causes 363: Defending Yourself Against Use of Stolen Priveleges
We discuss the steps enterprises can take to protect themselves against malicious use of stolen access credentials.
-
Podcast Feb 13, 2024
Root Causes 362: When You're Attacked by a State Actor
In this episode we share the details of a recent nation state actor attack on Microsoft and some of the lessons learned.
-
Podcast Feb 09, 2024
Root Causes 361: The Premise of on Premise
Do on-premise systems give system administrators greater levels of control and is that better for security or other reasons?
-
Podcast Feb 06, 2024
Root Causes 360: Joe Biden Deepfake Plays in New Hampshire Primary
A deepfake of Joe Biden's voice made an appearance in robocalls leading up to the New Hampshire primary. We discuss this development and its implications.
-
Podcast Feb 02, 2024
Root Causes 359: 90-day SSL Won't Affect Organization Validation
With 90-day maximum term is coming for SSL certificates, we explain why we do not expect a reduction in the reuse period for organization validation.
-
Podcast Jan 30, 2024
Root Causes 358: Security Questionnaire Sins
We present a catalog of "security questionnaire sins," avoidable problems and errors that occur in the security questionnaires enterprises send to vendors.
-
Podcast Jan 26, 2024
Root Causes 357: Signed Digital Photographs
Three major camera manufacturers have joined to create a standard for signed digital images from their cameras.
-
Podcast Jan 23, 2024
Root Causes 356: Will MPDV Eliminate Email-based DCV?
MPDV is a necessary evolution of DCV to protect against BGP attacks. Will MPDV may affect accepted DCV methods, especially the email method?
-
Podcast Jan 19, 2024
Root Causes 355: Should Managed PKI Do Whatever the Customer Wants?
Should a managed PKI provider should give complete control over PKI decisions to the end customer or enforce minimum standards no matter what?
-
Podcast Jan 16, 2024
Root Causes 354: CyberSlash Attack Against CRYSTALS-Kyber
A new attack against implementations of CRYSTALS-Kyber illustrates how cryptographic implementations can be vulnerable even as the cyphers remain sound.
-
Podcast Jan 10, 2024
Root Causes 353: Why Isn't PKI Everywhere?
Our hosts firmly believe that PKI is a necessary component of all digital interactions. And yet there are still gaps in PKI implementation.