We delve into a recently discovered cyber-espionage campaign targeting the Defense, Energy, Aerospace, Biotech and Pharma industries conducted by the Winnti Group (APT 41, BARIUM, and Blackfly) - a Chinese state-sponsored APT group known for its stealth and sophistication...

May 17, 2022 /

In 2007, Estonia suffered a large-scale DDoS attack which crippled many organizations and digital services. Joseph Carson, a Security Scientist and adviser to several governments discusses the lessons learned from that event and how Estonia became 'A Cloud Country' - check it out…

May 9, 2022 /

In May 1990, a massive operation carried out by hundreds of Secret Service and FBI agents was focused on a new type of crime: Hacking. But every action has an equal and opposite reaction, and the reaction to Operation Sundevil was the birth of a new power in the cybersphere: the Electronic Frontier Foundation - check it out…

May 2, 2022 /

The MITRE Attack Flow Project is a new way to visualize, analyze and share knowledge about sequences of adversary behavior. Ingrid Skoog, Ass. Director of R&D at the Center for Threat-Informed Defense, and Cybereason CISO Israel Barak discuss the benefits of the MITRE Attack Flow project to Defenders and executives alike - check it out…

April 25, 2022 /

When 24-year-old Aaron Swartz was caught scraping millions of science articles off of JSTOR, he faced up to 35 years in prison plus a fine of up to 1 million dollars. Did Aaron's crime justify such a harsh punishment? Check it out…

April 19, 2022 /

Several weeks after the invasion of Ukraine by Russian forces, and the lights are still on and other important infrastructure is still operating. Cybereason CEO Lior Div, CTO Yonatan Striem-Amit, and CSO Sam Curry examine what we know so far about the cyber aspect of the conflict...

April 11, 2022 /

Due to some controversy in the community over the airplane hacking episode, we have decided to remove it from the playlist...

April 5, 2022 /

DIE, an acronym for Distributed, Immutable and Ephemeral, is a framework for designing secure systems where we should treat our precious data less like pets and more like cattle. Sound confusing? New paradigms always are - check it out…

March 28, 2022 /

We usually count the damage from a cyberattack in Dollars and Euros, but the psychological damage to the victims is rarely discussed. Can scams, hacks, and breaches lead to Cyber Post-Traumatic Stress Disorder? Check it out…

March 22, 2022 /

What is the most critical of all critical infrastructure? According to Jeff Engles, it's our Banking and Finance systems - Jeff joins us to discuss the resilience of our financial system and potential worst-case scenarios - check it out…

March 16, 2022 /

This final episode of the series is going to explore how the Crypto AG spying operation was kept secret for over 70 years from governments, military and intelligence services, and even the company’s own personnel - check it out…

March 10, 2022 /

Quantum Computing is a revolutionary technology, but what's the threat posed by Quantum attacks on encryption, and is the first major attack even closer than most of us think? Check it out…

March 7, 2022 /

How did Boris Hagelin succeed in selling compromised cipher machines to half the world over more than 50 years? Was there some kind of backdoor - or it was more clever than that? Check it out…

February 28, 2022 /

Threat Research lead Assaf Dahan discusses new discoveries about Iranian APTs Moses Staff and Phosphorus that blur the line between state-sponsored attacks and criminal activity - check it out…

February 22, 2022 /

General McArthur, Egypt's Anwar Sadat, and Iran's Ayatollah Khomeini: these are just a few of the dozens (likely hundreds) of targets in the biggest, most ambitious hacking operation ever - check it out…

February 14, 2022 /

Attacks against Small-to-Medium size businesses (SMBs) accounts for 40% to 50% of all data breaches. Josh Ablett, founder and CISO of Adelia Risk, discusses security for SMBs - spoiler: it's not a pretty picture - check it out…

February 7, 2022 /

In this episode, we go back to the Yom Kippur War of 1973 to discover how a national trauma and an intelligence failure paved the way for Israel to become a cybersecurity mini-empire - check it out…

January 31, 2022 /

Pete Herzog, co-founder of ISECOM and Hacker Highschool, wants our kids to learn about cybersecurity - especially the more advanced stuff like security analysis and hacking - check it out...

January 24, 2022 /

A cryptic message posted on 4Chan in January 2012 started thousands of crypto-lovers competing to be the first to crack the puzzles created by the mysterious Cicada 3301. Who is Cicada3301, and what are their goals? Check it out...

January 18, 2022 /

Jeff Man was one of the first people at the NSA to make the transition from hardware to software, and he shares with us his experiences from that period - check it out…

January 10, 2022 /

When the FBI asked Apple to write code that would give the FBI access to a suspect's iPhone, Apple refused, arguing it violates the First Amendment - check it out…

January 4, 2022 /

Yonatan Striem-Amit, CTO & Co-Founder of Cybereason discusses the Log4j vulnerability and the unusual vaccine dubbed Logout4Shell that uses the the Log4Shell exploit to close the vulnerability - check it out…

December 27, 2021 /

Shawn Carpenter - an employee of Sandia National Laboratory - was at a crossroads: should he ignore a Chinese attack against U.S. targets as his superiors ordered him to do, or continue investigating the case on his own? Check it out…

December 20, 2021 /

Ken Westin, Director of Security Strategy, discusses the findings in recent report "Organizations at Risk: Ransomware Attackers Don’t Take Holidays" - including why ransomware attacks today are so effective and dangerous - check it out...

December 13, 2021 /

Microsoft Tay could tweet, answer questions and even make its own memes - but within mere hours of going live, Tay began outputting racist, anti-Semitic and misogynist tweets - check it out...

December 6, 2021 /

Black Hills Infosec founder John Strand discusses The Wild West Hackin’ Fest - a unique security conference that emphasizes diversity and lowering the barriers to entering the world of security...

November 29, 2021 /

To capture Alexey Ivanov and his business partner and bring them to justice, the FBI created an elaborate ruse: a fake company named Invita, complete with a fake website and a fake office building - check it out...

November 22, 2021 /

In 2016 communications between Canada and Korea were hijacked, and in 2017 traffic from Sweden and Norway was also hijacked - all routed to China. What is IP/BGP Hijacking and what are its security implications? Check it out...

November 15, 2021 /

Alexey Ivanov thought he had a brilliant idea: hack American corporations and then blackmail them to force them to contract his services as a security consultant - so what could go wrong? Check it out...

November 8, 2021 /

The NSA is one of the world's most formidable intelligence operations. We spoke at length with Ira Winkler, CISO, Skyline Technology Solutions, who started his career at the NSA - check it out...

November 1, 2021 /

Marcus Hutchins became a hero for stopping the WannaCry attacks despite his troubled past as the teenage hacker who created the dangerous rootkit KRONOS - should a criminal-turned-hero be punished for past crimes? Check it out...

October 25, 2021 /

Newly identified Iranian threat actor MalKamak that has been leveraging a new and sophisticated RAT (remote access trojan) dubbed ShellClient that abuses Dropbox for C2 (command and control)...

October 18, 2021 /

Smart TVs - equipped with microphones, cameras, and an internet connection - are the weakest link in smart home security. So, is a person's smart home still their castle? Check it out...

October 11, 2021 /

Cybereason CISO Israel Barak delves into the MITRE ATT&CK framework and explains how it can help organizations get better at detecting stealthy advanced attacks - check it out...

October 4, 2021 /

Every year there’s a new story of some software like 'Tik Tok' or 'FaceApp' from a hostile country that may be a security threat to us in the West - so what should be done in cases like this? Ira Winkler joins the discussion - check it out...

September 27, 2021 /

Jack Rhysider discusses the origins of Darknet Diaries and the effect the show’s success has had on his personal life - which you might be surprised to discover wasn’t always 100% positive - check it out...

September 20, 2021 /

A mysterious stranger approached an employee of Tesla's Gigafactory and offered him 1 million dollars to insert a malware-laden USB flash drive into a company computer - check it out...

September 13, 2021 /

Lt. Colonel (Ret.) Bill Hagestad examines how China's culture and troubled history of western colonialism influenced its government views regarding the internet and its interactions with western tech companies...

September 7, 2021 /

What do you get when you take a gun-toting cybersecurity pioneer and add a serious amount of money to the mix? You get John McAfee's unbelievable life and times - check it out...

August 30, 2021 /

So how far have security solutions and capabilities come in a decade? Art Coviello, former CEO of RSA Security, is joined by Malcolm Harkins, former CSO at Intel, to discuss the cybersecurity landscape 10 years after the RSA Breach - check it out...

August 23, 2021 /

Cybereason identified several attack campaigns targeting the telecoms industry across Southeast Asia that are assessed to be the work of multiple Chinese APT groups - Nocturnus Team lead Assaf Dahan discusses the implications...

August 16, 2021 /

The Jester is a patriotic, pro-American Hacktivist that since 2010 has waged a personal cyberwar against an array of targets. So, who is The Jester and what can we make of his reported exploits? Check it out…

August 9, 2021 /

When Albert Gonzalez was hacking the networks of retail chains credit cards were still very insecure. We are joined by special guest Sherri Davidoff, CEO of LMG Security, who discusses the past and present state of credit card security - check it out…

August 2, 2021 /

A fateful meeting between a U.S. Secret Service agent and a notorious European carder marks the beginning of the end for Albert Gonzalez and his 'All Star' crew of hackers...

July 26, 2021 /

Dave Kennedy, one of the founders of DerbyCon, talks about the unique vibe of the conference, his fear of clowns, and why he'll never listen to a Busta Rhymes album again - check it out…

July 19, 2021 /

Special guest Sherri Davidoff continues the story where we find ShadowCrew's Gonzales working with the Secret Service on orchestrating the largest cybercrime bust in U.S history - check it out…

July 12, 2021 / 1 minute read

Jeff Moss discusses the origins of DEF CON and its interesting relationship with law enforcement and the intelligence community over the years...

July 6, 2021 /

Special guest Sherri Davidoff has skillfully researched the fascinating life and exploits of Albert Gonzales, as detailed in her book Data Breaches - check it out…

June 28, 2021 /

How did a small-scale event in Chicago grow to become a major hacker conference? THOTCON co-founders Nick Percoco and Jonathan Tomek reveal all - check it out…

June 22, 2021 /

Special guest Lieutenant Colonel, USMC (retired) Bill Hagestad, a leading international authority on cyberwarfare and Chinese cyber operations and capabilities...

June 15, 2021 /

Threat researcher Assaf Dahan examines the DarkSide attack on Colonial Pipeline, and the implications for the security of critical infrastructure...

June 8, 2021 / 1 minute read

Nortel was positioning itself China's partner, not knowing it was China's primary target for corporate espionage and 'Unrestricted Warfare' doctrine...

June 1, 2021 /

No longer bound by NDA, former RSA execs share the untold story behind one of the most impactful attacks of all time - check it out...

May 24, 2021 / 1 minute read

No longer bound by NDA, former RSA execs tell how the infamous breach unfolded and share the untold story behind one of the most impactful attacks of all time - check it out...

May 20, 2021 / 1 minute read

Jack Daniel recalls how the BSides conference started and what 'community-oriented' events contribute that other events often cannot - check it out...

May 11, 2021 /

Special guest Bill Hagestad, a leading international authority on cyberwarfare, gives us a look inside Chinese cyber operations - check it out...

May 4, 2021 /

Andrew Ginter dives into cybersecurity challenges for Nuclear facilities - how secure are modern nuclear power plants from cyber attacks? Check it out...

April 27, 2021 /

Chris Wysopal, one of L0pht's founding members, talks about the group's 1998 Senate testimony and how they used shaming to force corporations to secure their software...

April 20, 2021 / 1 minute read

By the end of the ‘90s many of the L0pht hackers had quit their day jobs and incorporated under the name L0pht Heavy Industries...

April 13, 2021 /

'L0pht' was one of the most influential hacker collectives of the '90s: they were even invited to testify in front of Congress on the state of Internet security. In this episode of Malicious Life, four of L0pht's members talk about the beginning and influence of the L0pht on cybersecurity. - check it out...

April 6, 2021 /

The recent HAFNIUM attacks hit tens of thousands of organizations’ Microsoft Exchange servers. What happened, what were the vulnerabilities exploited in the attack, and what can we do to defend against such attacks in the future? In this episode, Host Ran Levi is joined by Israel Barack, Cybereason CISO

March 23, 2021 /

Listen as we break down the chain of events from the moment NotPetya began to spread around the world to the moment it was stopped by Amit Serper who was on his way to friends when he decided to take a swipe at the malware. Catch the latest episode of the Malicious Life podcast with guest Cyber Analyst Amit Serper

March 22, 2021 /

Host Ran Levi is joined by Amit Serper, the first researcher to tackle NotPetya and provide a solution when he was Principal Security Researcher at Cybereason...

March 3, 2021 /

Host Ran Levi is joined by attorney and privacy expert Ted Claypoole, and Andrew Maximov, CEO at Promethean AI who uses AI to fight Belarus's dictatorship, to explore the implications...

February 17, 2021 /

Clearview AI scrapes billions of images off social media and the open web, applies facial recognition algorithms on them, and sells that data to law enforcement agencies all over the world. But who are the people behind this secretive company, and what did a breach into its databases reveal?

February 12, 2021 /

Clearview AI scrapes billions of images off social media and the open web, applies facial recognition algorithms on them, and sells that data to law enforcement agencies all over the world. But who are the people behind this secretive company, and what did a breach into its databases reveal?

February 3, 2021 /

FC - aka 'Freaky Clown' - is an expert in physical security assessments - otherwise known as breaking into ultra-secure buildings like big international banks - check it out...

January 7, 2021 /

Security expert Israel Barak discusses the SolarWinds Supply Chain Attacks, how can organizations defend against similar attacks, and what all this has to do with evolution and natural selection - check it out...

December 28, 2020 /

Here's three stories that were just too good to leave on the editing room floor: Shadow Inc.  and Election Hacking, J&K / Max Headroom, and T-Shirt-Gate and Yahoo's Ugly Death - check it out...

December 21, 2020 /

In the mid-'90s, a Dutch TV repairman claimed he invented a revolutionary data compression technology that could compress a full-length movie into just 8KB - check it out...

December 7, 2020 /

Operation GUNMAN commenced debugging of electronic devices in the US embassy in the USSR and resulted in a surprising discovery that made the NSA what it is today - check it out...

November 22, 2020 /

The upcoming elections are plagued with uncertainty - and uncertainty and democracy go together like wet hands and electrical outlets - check it out...

November 2, 2020 /

Depending on which way this one state leans may bring the entire electoral college with it - a situation where the election systems cannot afford to be hacked, but might be - check it out...

October 26, 2020 /

The Cybereason Managed Detection and Response team (aka MDR) uncovered an attack involving Russian cybercriminals, POS devices and an new family of malware - check it out...

October 12, 2020 /

Between 2010 and 2014, Yahoo was hacked numerous times - each time setting a new 'world record' for the largest data breach in history. It also hid those breaches from it's investors, customers and the SEC...

September 24, 2020 /

When Marissa Mayer joined Yahoo as CEO, the company's stock rose 2% the day of the announcement. But the new CEO was basically initiated into her job by a major data breath - and the worst was yet to come...

September 11, 2020 /

Falun Gong movement members sued Cisco Systems for aiding and abetting the Chinese government in their persecution - having helped China erect Golden Shield - the massive IT infrastructure which combined internet censorship and cyber-spying...

August 22, 2020 /

The Great Firewall is just mind-bogglingly big, repressing freedom of speech and information for over 800 million Chinese internet users every year. How did the Chinese manage to build it in the first place?

August 14, 2020 /

Israel Barak, Cybereason CISO, discusses the latest development in ransomware evolution: multi-stage attacks. What does this new tactic mean for the use of backups as a mean to mitigate the risk from ransomware?

August 2, 2020 /

In 2015 Bastian Obermayer, an investigative journalist received a message about the biggest leak in journalism history. But dealing with the massive 2.7 Terabyte data dump, 11.5 million documents turned out to be a huge challenge...

July 16, 2020 /

Attackers keep modifying and improving their methods of operations. Assaf Dahan, Sr. Director and Head of Threat Research at Cybereason, tells us about the recent shift to double extortion blackmail as a way to pressure ransomware victims to pay up...

July 7, 2020 /

When Bitcoin forked, it wasn't the SegWit2x fork everyone was talking about - It was a different fork, supported by a coalition of miners who were essentially ditching SegWit2x in favor of their own scaling solution. What happened here and who betrayed SegWit2x?

July 2, 2020 /

SegWit2x was proposed as a solution to Bitcoin's network problems - but some people in the anti-2x movement claimed that it is nothing less than a cyber-attack: a 51% attack on Bitcoin, to be precise. This is getting ugly...

June 18, 2020 /

In 2017, Bitcoin was winning. It appeared that a Golden Age had dawned. But just under the surface, the network was teetering on the verge of collapse...

June 4, 2020 /

Amit Serper was doing a routine inspection on a client's network, when he came across a suspicious-looking pen-testing tool, exhibiting RAT-like behavior. We'll follow Amit's investigation, and in the process learn the basics of cyber research...

May 21, 2020 /

The COVID19 pandemic forced organizations to transition to a work-from-home model - CSO Sam Curry talks about the lessons learned and what steps should Cyber Security professionals take in order to be ready for a future outbreak...

May 14, 2020 /

It’s easy to blame people for reusing bad passwords, but since so many do we have to look at the common factor. - there are flaws inherent to the mechanism of authenticating users by static password strings...

May 7, 2020 /

At the end of our last episode, it seemed like Huawei was completely innocent. They were being accused of crimes they may not have committed, based on evidence that largely did not exist. But there’s another side to this story...

April 23, 2020 /

Over the past 20 years, western governments have accused Huawei of everything from IP theft to financial fraud to cyber espionage. Is Huawei really a national security threat, or are they a political scapegoat?

April 9, 2020 /

On November 22nd, 1987, a hacker took over the signals of two Chicago-area TV stations and broadcast two bizarre and somewhat vulgar messages. We explore this notorious hack and its implications...

March 24, 2020 /

The fact that ToTok came out of the UAE is no surprise: in recent years, the UAE has deployed some of the most sophisticated mobile device exploits ever seen. But they got a lot of help from one country in particular...

March 24, 2020 /

The corporate structure supporting ToTok involved at least half a dozen real companies, shell companies, and intelligence groups, with every path leading to one very rich and powerful man at the heart of the Emirati state...

March 10, 2020 /

Only a few months after its release, ToTok - an ordinary messaging app - had over 5 million downloads. What was it that made ToTok so popular, so quickly? The answer: nothing good...

March 5, 2020 /

As much as we can imagine what it’s like to be a defender in a cyber conflict, we don’t really know unless we’re in the shoes at the time of it happening. That's what simulations are for...

February 27, 2020 /

Banks and other financial institutions face a variety of security threats. - to survive in this hostile landscape, these organizations turned to the military for inspiration...

February 13, 2020 /

Petro Rabigh were facing lots of problems in defending their systems, but they did get lucky in one sense: their attackers were unprepared when their plan went awry...

January 29, 2020 /

Industrial Security requires a different skill set than working in IT does. We dive into the story of one of the most dangerous malware ever to be discovered in the wild: Triton/Trisis...

January 16, 2020 /

Deepfakes are set to revolutionize content creation and potentially two sow havoc, fear, and distrust via Social Networks. How can we identify deep fakes - even before they go online?

January 2, 2020 /

Over the past two years, the internet has been inundated with celebrity Deep Fake videos - their quality is surprisingly good and in some cases as good as what the biggest movie studios are able to produce with huge budgets...

December 19, 2019 /

Sam and Ran discuss insights into what 2020 will bring for the security industry: the rise of 5G cellular networks, the US Presidential Elections, the 2020 Tokyo Olympics, and more...

December 10, 2019 /