Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

If SIM swap stories ever make the news, almost uniformly, they focus on people who lost a lot of money. But SIM swaps also take a psychological toll...

Nate Nelson speaks with Rich Murray, who leads the FBI’s North Texas Cyber unit, about how the Federal Bureau of Investigations dealt with dealt with another attack by REvil

Spamhaus's decision to add Cyberbunker to its list of Spam sources led the Stophaus coalition to initiate a DDoS attack later dubbed “The attack that almost broke the Internet.”

Sven Kamphuis and Herman Johan Xennt are quite dissimilar... and in 1996, their unlikely partnership coalesced around a mutual deep hatred towards authority...

2011 was a pivotal year for Netflix: the now hugely successful company was then in the midst of a formidable transformation, changing from a mail-based DVD rental service to the modern streaming service that it is today

Dr. Fred Cohen not only introduced the name ‘computer virus’, a term invented by his mentor, Leonard Adelman, but was also the first to analyze computer viruses in a rigorous mathematical way...

How does it feel to live for years with a virtual target mark on your back?… Malicious Life discusses the story of Thamar Gindin.

Nobody likes cheaters, especially in video games. That's why EA and other publishers are implementing kernel-mode anti-cheat software in their games. Yet some people warn that installing such kernel-level systems is extremely dangerous. In this episode of Malicious Life, we examine why.

When it was founded in 2011, Norse Corp. had everything going for it, but the startup blew up in smoke less than six years later. Malicious Life explores what went so horribly wrong.

An Australian white hat hacker demonstrated how easily hackers can take over farming equipment and the risks this creates for global food supplies.

Find out how the Russian Business Network, a once legitimate ISP, became the largest player in the Russian cybercrime world and a key component of Putin's attacks on democracy and misinformation campaigns in this episode of the Malicious Life podcast.

Find out what cybersecurity professionals can learn from MMA wrestlers and Chess Grand Champions about peak performance in this episode of Malicious Life, featuring Chris Cochran and Ron Eddings, the co-founders of Hacker Valley Media.

Information security executives explain how media companies can be hacked and why we, as consumers, should care in this Malicious Life BSide podcast.

One day in 2008, Michael Daugherty got a call from cybersecurity company TiVera, saying private medical data of some 9000 LabMD patients had been discovered online. When Michael refused to pay for TiVersa's hefty "consultation fee", a ten-year legal battle began that led to the demise of LabMD, but also cost the FTC dearly.

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

Rachel Tobac is a hacker and CEO of SocialProof Security, where she helps people and companies keep their data safe by training and pentesting them on social engineering threats like Vishing and the many psychological tricks attackers employ to hack people – check it out...

Some stock traders are willing to go to great lengths to get information before anyone else, even hacking into trading technologies to gain an unfair advantage and make a fortune along the way–check it out...

The Malicious Life Podcast Team is excited to announce that we won the This Week in Tech Technology Category honor at the 17th Annual People's Choice Podcast Awards...

As their name implies, LulzSec was known for trolling their victims:, and while their childish behavior might have fooled some people into thinking that LulzSec was harmless, the story you’re about to hear will show they were anything but – check it out...

The US government says that Kim Schmitz, better known as Kim DotCom, is the leader of a file sharing crime ring. He sees himself as an internet freedom fighter: a fugitive on the run from vindictive overly-powerful governments. Can King Kimble escape the wrath of the USA? Check it out...

Multi-Factor Authentication (MFA) is usually considered a better solution for authentication – but Roger Grimes, a veteran security professional and a Data-Driven Defense Evangelist claims that the sense of security current MFA solutions provide us is false - check it out...

Language models are everywhere today, and most interestingly they are available via several experiential projects trying to emulate natural conversations such as OpenAI’s GPT-3 and Google’s LaMDA. Can these models be hacked to gain access to the sensitive information they learned from their training data? Check it out...

In May 2021, following the SolarWinds and the Colonial Pipeline attacks, the Biden administration published a presidential Executive Order mandating the use of SBOMs - Software Bill of Materials - in all government agencies. What are SBOMs and how useful are they in cybersecurity? Nate Nelson talks to two experts: Allan Friedman (CISA) and Chris Blask (Cybeats) - check it out...

A ruthless person for whom the end truly justifies the means, Leo Kuvayev was very successful as a cybercriminal. But even a genius criminal can go just one step too far - check it out...

Railway systems are a mess of old systems built on top of older systems, running ancient operating systems. Why are railway systems so difficult to defend, and what are the most probable attack vectors against them? Israel Railway's first ever CISO discusses why - check it out...

The Anom was the holy grail of dark, illegal communication: a mobile phone that could send encrypted messages that even included a secret Kill-Switch to foil attempts by law enforcement agents to get to its contents. Thousands of criminals used the Anom, certain that they were completely safe from the police - they were wrong - check it out...

Ken Thompson is a legendary computer scientist who also made a seminal contribution to computer security in 1983 when he described a nifty hack that could allow an attacker to plant almost undetectable malicious code inside a C compiler. Surprisingly, it turns out a very similar hack was also used in the SolarWinds attack - check it out...

Silk Road’s success did more than bring the site more sellers and buyers, it also brought it more attention from law enforcement agencies as well as malicious hackers and other shady characters. Some of these shady characters, it turns out, were part of the task force aiming to shut down Silk Road - check it out...

Your organization was hit by ransomware, and it is now time to negotiate the terms of a deal that will bring back your data and (hopefully) won’t leave the company’s coffers empty. But are you sure you know what you’re doing? Are you certain that you won’t screw up the negotiations and do more harm than good? Check it out...

Ross Ulbricht always had a thing with testing his limits. He was also an avid libertarian who wanted to change the world. So, in 2010, he came up with the idea to build a truly free market: a website where anybody can buy and sell anything anonymously - including illegal drugs - check it out...

Will Bitcoin and the other cryptocurrencies be able to replace money as we know it today? Will governments embrace a future where they have no control over their currencies? Jacob Goldstein (Planet Money, What's Your Problem) talks to Nate Nelson about what the future holds for Bitcoin - check it out...

Years before credit card transactions gave banks and data-brokers free access to our private financial information, a man named David Chaum became the first person to really, materially grapple with the problem of privacy in money. His ideas inspired a movement of "Crypto Anarchists" who aspired to change money forever - check it out...

This special Malicious Live Ask Us Anything event celebrates the 5 year anniversary of the show: How did Malicious Life come to be? How do we choose the stories we tell? Who was Ran's most memorable guest? And why does Nate keep inserting weird names into the scripts? Check it out…

Hector - better known as Sabu, the ringleader of the LulzSec hacking group - knew the FBI was on to him. But it turned out that of all the people who broke or disregarded the law in this particular story, only one man had a reason to be worried: Jeremy Hammond - check it out…

George Friedman and Jeremy Hammond are two very different people: the former is a capitalist middleman, the latter an anarchist-communist hacker. A spy and a hacker; but in certain respects, they’re actually quite similar in what lines they are willing to cross to get to their goal - check it out…

AbdelKader Cornelius, a German Threat Researcher and an expert on the cybercrime ecosystem, shares a story about how he helped German police put a sophisticated cybercriminal behind bars by uncovering tiny mistakes the hacker made in the past. - check it out…

An anonymous hacker posted a list of 6.5 Million encrypted passwords for LinkedIn users on a Russian forum. These passwords were hashed using an outdated and vulnerable hashing algorithm and were also unsalted. Lawsuits followed shortly… can we trust big organizations to keep our secrets safe? Check it out…

We delve into a recently discovered cyber-espionage campaign targeting the Defense, Energy, Aerospace, Biotech and Pharma industries conducted by the Winnti Group (APT 41, BARIUM, and Blackfly) - a Chinese state-sponsored APT group known for its stealth and sophistication...

In 2007, Estonia suffered a large-scale DDoS attack which crippled many organizations and digital services. Joseph Carson, a Security Scientist and adviser to several governments discusses the lessons learned from that event and how Estonia became 'A Cloud Country' - check it out…

In May 1990, a massive operation carried out by hundreds of Secret Service and FBI agents was focused on a new type of crime: Hacking. But every action has an equal and opposite reaction, and the reaction to Operation Sundevil was the birth of a new power in the cybersphere: the Electronic Frontier Foundation - check it out…

The MITRE Attack Flow Project is a new way to visualize, analyze and share knowledge about sequences of adversary behavior. Ingrid Skoog, Ass. Director of R&D at the Center for Threat-Informed Defense, and Cybereason CISO Israel Barak discuss the benefits of the MITRE Attack Flow project to Defenders and executives alike - check it out…

When 24-year-old Aaron Swartz was caught scraping millions of science articles off of JSTOR, he faced up to 35 years in prison plus a fine of up to 1 million dollars. Did Aaron's crime justify such a harsh punishment? Check it out…

Several weeks after the invasion of Ukraine by Russian forces, and the lights are still on and other important infrastructure is still operating. Cybereason CEO Lior Div, CTO Yonatan Striem-Amit, and CSO Sam Curry examine what we know so far about the cyber aspect of the conflict...

Due to some controversy in the community over the airplane hacking episode, we have decided to remove it from the playlist...

What issues should CISOs be prioritizing, and how can they get the most bang for their buck? An esteemed panel of accomplished security leaders discuss the challenges for 2022 and more - check it out...

DIE, an acronym for Distributed, Immutable and Ephemeral, is a framework for designing secure systems where we should treat our precious data less like pets and more like cattle. Sound confusing? New paradigms always are - check it out…

Wayman Cummings, VP of Security Operations at Unisys, examines how industry stagnation impacts the security for our critical infrastructure, the value true public-private partnerships can bring and more - check it out...

We usually count the damage from a cyberattack in Dollars and Euros, but the psychological damage to the victims is rarely discussed. Can scams, hacks, and breaches lead to Cyber Post-Traumatic Stress Disorder? Check it out…

Renee Guttmann needed a way to determine and communicate the right decisions to the organization, so she developed the “Six-Minute Rule” as a guide - Renee explains how to help stakeholders make informed risk/reward decisions - check it out...

What is the most critical of all critical infrastructure? According to Jeff Engles, it's our Banking and Finance systems - Jeff joins us to discuss the resilience of our financial system and potential worst-case scenarios - check it out…

This final episode of the series is going to explore how the Crypto AG spying operation was kept secret for over 70 years from governments, military and intelligence services, and even the company’s own personnel - check it out…

ISACs were formed to promote the centralized sharing of threat intel within a particular sector. Grant Sewell, Director of Security at AHEAD, shares his experience in working with an ISAC and how this benefited his organization - check it out...

Quantum Computing is a revolutionary technology, but what's the threat posed by Quantum attacks on encryption, and is the first major attack even closer than most of us think? Check it out…

Richard Clarke, who spent several decades serving Presidents of both parties, provides some pragmatic tips for effectively communicating the need to invest in security in terms the Board of Directors can support - check it out...

How did Boris Hagelin succeed in selling compromised cipher machines to half the world over more than 50 years? Was there some kind of backdoor - or it was more clever than that? Check it out…

What was the Log4j vulnerability really, what can be done to reduce the risk it poses to organizations, and how can we better prepare for the next Log4j-level event? Benny Lakunishok, CEO of Zero Networks, takes us deeper - check it out...

Threat Research lead Assaf Dahan discusses new discoveries about Iranian APTs Moses Staff and Phosphorus that blur the line between state-sponsored attacks and criminal activity - check it out…

What issues should CISOs be prioritizing, and how can they get the most bang for their buck while minimizing risk and maximizing outcomes? Join our panel of esteemed CISOs from multiple industries as they share their perspectives...

How does the CISO establish the value proposition for an investment? Jack Jones, Chief Risk Scientist at RiskLens, discusses using a well-tested risk framework to evaluate current state of loss exposure - check it out...

General McArthur, Egypt's Anwar Sadat, and Iran's Ayatollah Khomeini: these are just a few of the dozens (likely hundreds) of targets in the biggest, most ambitious hacking operation ever - check it out…

Security departments need to acquire tool after tool over - Kevin Richards walks through a very creative method for getting the budget you need and explains how to leverage the current environment to “find” new sources of funding...

Attacks against Small-to-Medium size businesses (SMBs) accounts for 40% to 50% of all data breaches. Josh Ablett, founder and CISO of Adelia Risk, discusses security for SMBs - spoiler: it's not a pretty picture - check it out…

When a particular skill is needed that is not available, what do you do? Should you hire someone externally or bring in a consultant? CISO John Iatonna discusses his experience in making these tough decisions - check it out...

In this episode, we go back to the Yom Kippur War of 1973 to discover how a national trauma and an intelligence failure paved the way for Israel to become a cybersecurity mini-empire - check it out…

The locus of control has been slipping away from IT teams - and by default Security teams. Scott King, CISO at Encore Capital Group joins the podcast to discuss strategies to remain agile in the face of rapid change - check it out...

Pete Herzog, co-founder of ISECOM and Hacker Highschool, wants our kids to learn about cybersecurity - especially the more advanced stuff like security analysis and hacking - check it out...

Steve Orrin, Federal CTO at Intel, joins the podcast to discuss approaches to remaining compliant with the various laws when moving to the cloud - check it out...

A cryptic message posted on 4Chan in January 2012 started thousands of crypto-lovers competing to be the first to crack the puzzles created by the mysterious Cicada 3301. Who is Cicada3301, and what are their goals? Check it out...

Organization's may be leaking information without proper procedures in place - CCO/CPO Samantha Thomas explains how she changed this and the law in the process - check it out...

Jeff Man was one of the first people at the NSA to make the transition from hardware to software, and he shares with us his experiences from that period - check it out…

Dawn-Marie Hutchinson, CISO at BAT, has navigated organizations during crises with a “play like you practice” Incident Response approach - check it out...

When the FBI asked Apple to write code that would give the FBI access to a suspect's iPhone, Apple refused, arguing it violates the First Amendment - check it out…

CISO Leon Ravenna dives into cyber insurance and why D&O requirements may be on the horizon, regulatory burdens and what to expect out of the US Government, how the intersection of Security and Privacy is impacting CISOs...

Yonatan Striem-Amit, CTO & Co-Founder of Cybereason discusses the Log4j vulnerability and the unusual vaccine dubbed Logout4Shell that uses the the Log4Shell exploit to close the vulnerability - check it out…

Jim Routh joins the podcast to discuss his experience around creating over 300 models using data science, machine learning and automated incident response to bolster the security posture for a large commercial organization - check it out...

Shawn Carpenter - an employee of Sandia National Laboratory - was at a crossroads: should he ignore a Chinese attack against U.S. targets as his superiors ordered him to do, or continue investigating the case on his own? Check it out…

How does the CISO ensure that the proper skills are maintained to continue to lead the security organization? ISSA President Candy Alexander joins the podcast to discuss how CISOs can stay on top of their game - check it out...

Ken Westin, Director of Security Strategy, discusses the findings in recent report "Organizations at Risk: Ransomware Attackers Don’t Take Holidays" - including why ransomware attacks today are so effective and dangerous - check it out...

Are you reporting the same risks each year? This may be due to lack buy-in from senior management - Chris Apgar joins the podcast to discuss how to show that funding security initiatives is more than just risk avoidance - check it out...

Microsoft Tay could tweet, answer questions and even make its own memes - but within mere hours of going live, Tay began outputting racist, anti-Semitic and misogynist tweets - check it out...

Infosec skills don’t necessarily transfer to CISO skills, but CISO skills are 100% transferable to your infosec career - Richard Kaufmann VP/CISO at Amedisys discusses how growth begins outside of your comfort zone...

Black Hills Infosec founder John Strand discusses The Wild West Hackin’ Fest - a unique security conference that emphasizes diversity and lowering the barriers to entering the world of security...

Regulations provide the necessary motivation for many organizations to implement security controls that may not otherwise be present, but is this enough? Is it really security?

To capture Alexey Ivanov and his business partner and bring them to justice, the FBI created an elaborate ruse: a fake company named Invita, complete with a fake website and a fake office building - check it out...