This Week Health

Don't forget to subscribe!

Drex dives into three critical cybersecurity updates: the Salt Typhoon hacks targeting U.S. telecom giants, Palo Alto Networks' zero-day vulnerability impacting firewalls, and a UC San Diego study questioning the effectiveness of traditional security training programs.

Remember, Stay a Little Paranoid 

Subscribe: This Week Health

Twitter: This Week Health

LinkedIn: Week Health

Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

Transcript

 This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Hey everyone, I'm Drex, and this is the Two Minute Drill, where I do three stories twice a week, all part of one great community, the 229 Cyber and Risk Community, here at This Week Health. Today's Two Minute Drill is brought to you by ORDR, the Asset Inventory and Intelligence Company. Did you know that you can know everything about everything on your network?

Every vulnerability, every risk, every user, everything. Everything in real time. You can find out more at order. net slash healthcare. Thanks for joining me today. Here's some stuff you might want to know about. You've heard me talk about Chinese hacks on U. S. telecom companies referred to as salt typhoon on earlier drill episodes.

These hackers linked to Chinese intelligence agencies have been attacking companies like AT& T and Verizon and Lumen through vulnerabilities in their infrastructure like Cisco routers. Well, it turns out now that we can add T Mobile to the list of salt typhoon victims. In the broader hacking campaign, the Chinese were able to access cell phone lines used by national security and policy personnel and politicians.

In that process, they've been able to scoop up call logs and text and even some audio. As it turns out, most U. S. carriers also have special systems they've built to help facilitate their compliance with U. S. surveillance requests. And the Salt Typhoon hackers have made their way into those systems too, which obviously raises concerns about the privacy and security of ongoing intelligence and law enforcement investigations.

It looks like this story will continue to unfold I'll keep you posted. Palo Alto Networks has released new indicators of compromise, or IOCs, following their confirmation of a zero day vulnerability that affects its Pan OS firewall management interface. The vulnerability has already been exploited by cyber thugs at some locations, so this is a hot one.

I'm betting your security folks are already on it, but if you're a Palo Alto customer, it probably won't hurt to ask. By the way, Palo Alto? Love all the transparency on this one. And there's this story. The team from UC San Diego published a paper that addresses two staples of enterprise security training.

Annual cyber security awareness training and anti phishing training exercises. In their experiments involving 19, 500 employees over eight months, they report that the programs in their current form are unlikely to offer significant value relative to the cost, time, and effort involved. You can read the abstract and download the paper yourself.

You'll find that link at ThisWeekHealth. com slash news. That's also where you can find all these stories and a whole bunch of others. Today's 2 Minute Drill was brought to you by ORDR. Do you really know who all your devices are talking to? You can. Bring some ORDR to your enterprise. Find out more at ORDR.

net slash healthcare. That's O R D R dot net slash healthcare. That's it for today's 2 Minute Drill. Thanks for being here. Stay a little paranoid. I'll see you around campus.

2 Minute Drill is Sponsored By

Our Shows

Related Content

1 2 3 303
Healthcare Transformation Powered by Community

© Copyright 2024 Health Lyrics All rights reserved