InfoSec ICU show

InfoSec ICU

Summary: Each week, Gerry and Steve discuss Information Security topics relevant to the medical industry and to patients. From the latest hacks and bugs, to changes in the regulatory environment, and tips and tricks to keep your own personal information safe.

Join Now to Subscribe to this Podcast
  • Visit Website
  • RSS
  • Artist: Information Security at the Medical University of South Carolina
  • Copyright: Medical University of South Carolina 2017


 Google MasterCard Deal, Instagram 2-Factor, Phone Number as an Identifier | File Type: audio/mpeg | Duration: 33:13

Steve and Gerry discuss the privacy ramifications of the Google MasterCard deal that recently came to light. They discuss Instagram’s decision to support two-factor authenticator apps and the issues with SMS as a 2nd factor. They finish up discussing the dependence and concerns of using your phone number as your identity and authenticator. Show Notes Resources: Google Mastercard Instagram 2-Factor Phone Number Identity One Cool Things There Will Be Hops GMail Replacements Kolab Now, ProtonMail, Zoho Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 Gartner Catalyst, Election Hacking, and NotPetya Damages | File Type: audio/mpeg | Duration: 48:50

Steve is fresh from Gartner Catalyst and shares his experience and lessons learned. The guys discuss a follow up story from election officials that tells the other side of the story from the recent voting village hacks at DEF CON 26. They finish up with a discussion around the damages of NotPetya a year later with a case study of Maersk. Show Notes Resources: Gartner Catalyst Election Hacking NotPetya One Cool Things Netflix: Luke Cage 0-emission Jaguar E-Type Zero Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 Augusta University Breach, New Age Detection Methodologies, NIST Small Business Cybersecurity | File Type: audio/mpeg | Duration: 44:46

Gerry and Brandon discuss the long term effect of the recently published Augusta University Medical Center Breach. They cover behavior based analysis for malicious activity on the network and utilizing RITA, a security tool from Black Hills Security Group to assist. Finally they touch on the recently enacted NIST Small Business Cybersecurity Act. Show Notes Resources: Augusta University Medical Center Breach RITA NIST Small Business Cybersecurity Act One Cool Things AmazeFit Bip Fitness Trackers Principles of Fraud Examinations   Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 Biomedical Integrity Attacks, Jeremiah Grossman Interview, and Asset Inventory Reflection | File Type: audio/mpeg | Duration: 45:17

Gerry is back from BlackHat and he’s ready to tackle the oft-ignored member of the Confidentiality-Integrity-Availability triad as he digs into a new attack that tampers with medical device data to disastrous effect. While in Vegas, Gerry also had the opportunity to interview Jeremiah Grossman, CEO of BitDiscovery, to talk about the unique way his company is addressing asset discovery and management. To top it all off, they both present their One Cool Thing. Show Notes Resources: Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives Jeremiah Grossman BitDiscovery   One Cool Things Visual Impact Awareness Training Video Camp, L. Jean. [Security Awareness Videos]. (2015, May 25). Toothbrushes & Passwords. Retrieved from SCBIO 2018 Annual Conference Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 HHS dissed for poor cybersecurity, Iowa Health Group 1.4M patient breach, and BCG gets satisfaction against hacktivist | File Type: audio/mpeg | Duration: 40:41

Brandon is back in the co-pilot’s chair as we talk about the recent GAO report that HHS is failing to protect PHI. We also share our intrigue surrounding the PHI breach at Iowa Health Group that was actually a Business Email Compromise attack. There’s also good news for Boston Childrens’ Hospital, as the hacktivist charged with disrupting their network in 2014 is convicted. Show Notes Resources: HHS puts PHI at risk Iowa Health Group hit with 1.4M patient record breach Boston Children’s Hospital Hacktivist is convicted One Cool Things Malwarebytes Browser Extension  Sir Patrick Stewart ready to engage his Star Trek fans again.   Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 NIST Securing EHR on Mobile Devices, America’s Most Cyber Insecure Airports, and Blackhat Preview | File Type: audio/mpeg | Duration: 51:06

Gerry and Steve cover the recently released practical guidance from NIST on securely integrating mobile devices into clinical practices. They discuss then poke holes in a recent, widely distributed report discussing America’s most cyber insecure airports, and with Blackhat on the horizon they provide a preview of things to expect from the event and in the coming weeks. As always they wrap up with one cool thing. Show Notes Resources: NIST Securing Electronic Health Record on Mobile Devices  Most insecure Airports Blackhat One Cool Things Magic Leap Coming Soon Dune Remake Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 Supply Chain Risks, Healthcare Sector Coordinating Council, and Emotet Threat Distribution | File Type: audio/mpeg | Duration: 41:14

Gerry and Steve discuss organizations challenge of securing their supply chain, citing a recent robotics company that lost IP from major car vendors. They provide an update on the Healthcare Sector Coordinating Councils efforts on executing on the 2017 Healthcare Cybersecurity Taskforce report. They dive into Emotet malware and how it has evolved from a simple banking trojan in 2014 to a threat distribution platform. As always they wrap up with one cool thing. Show Notes Resources: Third Party Risk Healthcare Sector Coordinating Council Cybersecurity Working Group Emotet One Cool Things Alexa interprets sign language Flying Cars Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 Russia Indictments, Insurers Exploitation of Medical Data, and Sextortion | File Type: audio/mpeg | Duration: 41:55

Gerry and Steve have read the indictment of Russian nationals APT28 aka “Fancy Bear” aka Unit 26165 released by the DOJ. The techniques and extent of the attacks are covered and discussed. They turn their attention to an NPR investigation into techniques health insurers are employing to determine policy premiums. Thirdly, they touch on a ‘hot’ criminal email campaign going on right now dubbed ‘sextortion’. As always, they close the show with one cool thing. Show Notes Resources: DOJ Russia Indictment Health Insurers Are Vacuuming Up Details About You — And It Could Raise Your Rates  Sextortion    One Cool Things The Seedy Underbelly Stops for World Cup Scuba Jet Pack like Johnny Quest Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 Security Provider Being Sued for Effectiveness, California’s New “GDPR-esque” Law, and More Wearable Security Concerns | File Type: audio/mpeg | Duration: 54:20

Gerry and Brandon dig into a recent lawsuit of a cyber insurance company suing a security provider for gross negligence of protecting the insurer’s client systems and what this may mean for the industry going forward. They investigate Californias new privacy law and how it relates to individuals and the healthcare industry. They finish up discussing yet another wearable device security issue and the impact of it. As always, they close the show with one cool thing. Show Notes Resources: Security Firm Sued for Failing to Detect Malware That Caused a 2009 Breach   Why California’s New Privacy Law Is a ‘Whole New Ballgame’  More wearable security concerns  One Cool Things Skimmer Scanner 1962 “OG” Comms Satellite Launch Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 Magic Unicorns, Exactis Data Breach, and an Interview with Phishing Expert Elizabeth Snead | File Type: audio/mpeg | Duration: 46:42

Gerry’s on holiday and Security Architect Matt Jones joins the podcast to discuss the recent Magic Unicorn revelation that has forensics experts in a tizzy. We also dive into an interview with Elizabeth Snead, an expert on phishing campaigns, as she gives us insight into interesting types of phishes and what you can do to defend yourself. And since we’re talking about phishing, Matt and Steve discuss the recent Exactis breach and what that could mean for advancing spear-phishing campaigns. Finally, we wrap up with some One Cool Thing magic. Show Notes Resources: Magic Unicorn Exactis discloses 340M user profile records One Cool Things SpaceX delivers Death Wish Coffee Active Damping Phone Case Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 HIPAA Breaches, Fines, and Legislation | File Type: audio/mpeg | Duration: 40:33

It’s all HIPAA this week, and you’d be surprised at the meat on this bone! Steve and Gerry discuss the recent massive OCR fine to a Texas healthcare provider and how the poor understanding of HIPAA requirements and policies are leading to individuals violating HIPAA with the best of intentions. Finally, the guys cover the challenges individuals have attempting to bring HIPAA infractions to justice as citizens. Show Notes Resources: University of Texas MD Anderson Cancer Center ordered to pay $4.3M for 3 breaches involving 2 USB drives and a laptop  State of NY suspends nurse for unauthorized removal of PHI  Poor understanding of HIPAA requirements and policies can lead healthcare workers to deny or delay access to PHI. Judge Dismisses Lawsuit Charging LabCorp with HIPAA Violation.    One Cool Things Recon-NG Pi-Hole Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 Google Location Data Leaks, Defense-in-Depth on the Homefront, and Practicality in a Security Program | File Type: audio/mpeg | Duration: 51:07

Gerry and Steve discuss a recently released security research showing geo-location data leakage from unexpected sources. They provide a list of tried and true defense-in-depth techniques for non-corporate networks. They wrap-up with a discussion on the practical application of security in corporate settings to get end-user buy-in. Show Notes Resources: Location data leak on Google DigitalAssistants and Media Player Practicality in a security program—threats/3-tips-for-driving-user-buy-in-to-security-policies/a/d-id/1332053 One Cool Things Google AI – Universal Translator – Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 Microsoft Red Team, 7 Properties of Highly Secure Devices, and Azure Sphere | File Type: audio/mpeg | Duration: 49:15

Gerry and Steve discuss Microsofts Red Team and how its mission to beat the bad guys to finding vulnerabilities in Windows OS. They give their thoughts on a recently released research paper on the seven properties of highly secure devices and what the impact for IoT devices in general could be. They wrap up discussing Azure Sphere, Microsofts approach to end-to-end IoT security. Show Notes Resources: Microsoft Red Team – 7 Properties of Highly Secure Devices – Azure Sphere – One Cool Things Blackhat Arsenal Flush Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 Tool Time! NSM, SysMon and Malware Analysis Tools | File Type: audio/mpeg | Duration: 1:03:58

In a special edition of InfoSecICU, its tool time! Brandon and Gerry discuss their experiences and lessons learned with a bevy of security related software tools that you may utilize in your organization. NSM as a philosophy is covered, followed by SysMon. The guys round out discussing approaches and appropriateness of malware analysis tool sets. Show Notes Resources: Network Security Monitoring (NSM) SecurityOnion RocNSM SysMon PEStudio ApateDNS IDA Pro WinDbg VirusTotal Joe Sandbox Strings Wireshark   One Cool Things Gerry: 80’s Retro Synthwave Collection The Midnight FM-84 Timecop1983 Brandon: Caffe Shakerato  Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

 Cyberwar Collateral Damage, VPNFilter, and Digital Assistant Concerns | File Type: audio/mpeg | Duration: 39:45

Brandon and Gerry discuss the recent NH-ISAC Summit in Sawgrass and a keynote talk regarding cyberwar and civilian collateral damages. They discuss, technically, the recently published research on VPNFilter and finish discussing some additional Amazon Alexa mishaps. Show Notes Resources: NH-ISAC Summit VPNFilter  Amazon Alexa Records Conversation and Messages It  One Cool Things Privacy.Com Jupiters planet Europa Contact Email Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)


Login or signup comment.