When security firms get hacked, and your new North Korean remote worker

2024/10/23

Smashing Security

AI Deep Dive AI Chapters Transcript

People

Carole Theriault

知名网络安全播客主持人和信息安全咨询师，多次获奖的《Smashing Security》播客创始人。

Graham Cluley

一位全球知名的网络安全专家和播客主持人，专注于网络安全、黑客和在线隐私。

Topics

Graham Cluley：本期节目讨论了 SolarWinds 供应链攻击事件及其后续影响，包括多家网络安全公司因未能充分披露事件影响而被处罚。他还分析了 SolarWinds 公司自身的安全漏洞，例如使用弱密码等问题，以及攻击者如何利用这些漏洞植入恶意软件。此外，他还讨论了远程办公的兴起以及由此带来的安全风险，特别是公司如何意外雇佣来自朝鲜的远程员工，以及这些员工如何利用其访问权限窃取数据并进行勒索。 Carole Theriault：Carole Theriault 主要参与讨论了远程办公的利弊，以及如何平衡远程办公带来的便利性和安全风险。她还分享了自己对远程办公效率的看法，并讨论了公司在招聘远程员工时应采取的更严格的身份验证措施，以防范类似的事件发生。 Carole Theriault：本期节目中，Carole Theriault 主要关注远程办公的趋势和挑战。她指出，远程办公的普及使得公司能够接触到全球人才库，但也增加了安全风险。她强调了加强身份验证和安全协议的重要性，以应对潜在的网络安全威胁。她还分享了自己对远程办公效率和工作环境的个人体验，并讨论了公司在应对远程员工问题时应保持透明和诚实。

Deep Dive

Chapters

The SolarWinds hack, a significant cybersecurity breach in 2020, continues to impact major cybersecurity firms. These firms, including Avia, Checkpoint, MDC, and This, have been fined by the SEC for downplaying the breach's impact on their companies.

SolarWinds hack affected over 18,000 of its 300,000 customers.
Hackers infiltrated systems for up to nine months undetected.
Security firms fined for not being transparent about the breach.

Shownotes Transcript

The SolarWinds have returned to haunt four cybersecurity companies who tried to hide their breaches and ended up with their trousers around their ankles, and North Korea succeeds in getting one of its IT workers hired... but what's their plan?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

SolarWinds Sunburst supply chain attack) - Wikipedia.
Rep. Katie Porter slams SolarWinds for its poor passwords) - Twitter.
SEC Charges Four Companies With Misleading Cyber Disclosures) - SEC.
Western firm hacked by North Korean cybercriminal hired as remote IT worker) - Computing.
Engaging with a Remote Workforce: Statistics and Strategies for Success) - Government Events.
67% Of U.S. Employers To Lose Employees To Remote Work In 2024) - Forbes.
A company's remote-working hire turns out to be in North Korea. He tried to hold it to ransom) - Business Insider.
US company accidentally hires North Korean for remote work, gets blackmailed when they try to fire him) - IBTimes.
Watch “Undercover: Exposing the Far Right”) - Channel 4.
Undercover film exposing UK far-right activists pulled from London festival) - The Guardian.
Kermode and Mayo’s Take) - YouTube.
The Fear of God: 25 Years of the Exorcist) – BBC iPlayer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff))

Sponsored by:

1Password Extended Access Management) – Secure every sign-in for every app on every device.
Vanta) – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts) or Podchaser).

Become a supporter via Patreon) or Apple Podcasts) for ad-free episodes and our early-release feed!

**FOLLOW US:**

Follow us on Twitter at @SmashinSecurity), or Mastodon), or on the Smashing Security subreddit), and visit our website) for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks. This podcast uses the following third-party services for analysis: OP3 - https://op3.dev/privacy

When security firms get hacked, and your new North Korean remote worker 30:38 Share

Smashing Security

Deep Dive

Shownotes Transcript

When security firms get hacked, and your new North Korean remote worker