Decipher Security Podcast
The editors of Decipher talk with a rotating cast of security practitioners, researchers, and executives about a variety of topics in the security and privacy fields.
Episodes
There may not be any computers in Home Alone, but few movie characters embody the old-school hacker ethos like Kevin McCallister does. Resourceful, clever, determined, and creative, Kevin uses all of the tools and talents at his disposal to repel a pair of relentless adversaries. Merry Christmas ya filthy animals!
As we ease into the holidays, the security news doesn't stop coming. This week we discuss the research from AWS threat intelligence on Russian adversaries targeting a variety of network edge devices for opportunistic exploitation, then we break down attacks by a Chinese threat actor that target a new zero day in Cisco's AsyncOS, and finally we discuss the continued exploitation of the React2Shell vulnerability.
Pete Baker and Zoe Lindsey join Dennis Fisher on the roof of Nakatomi Plaza to discuss one of the great action classics* and a beloved movie in the hacker community: Die Hard. Yippee ki-yay!
*NOT a Christmas movie
This week gave us the gift of some more React Server Components vulnerabilities and further exploitation of the previously disclosed bugs by a variety of threat groups. There were also a long list of vulnerabilities disclosed by Microsoft, Adobe, and others, which we discuss in the context of how difficult vulnerability management is right now. Finally, we discuss CISA's warning about continued Russian targeting of US critica...
Coming from a military family, Erin Whitmore was prepared for a career of service. But her path took her not into the military, but the intelligence community, first in the private sector supporting the DIA and NGA, and later as a cybersecurty program manager in the Office of the Director of National Intelligence. She eventually joined CIA as an operations officer and served in locations around the world before moving back to the p...
Dennis and Lindsey react (!) to the React2Shell vulnerability disclosure and the quick exploitation of it by Chinese threat actors, then discuss the continues intrusions into critical infrastructure by the Salt Typhoon actors and this week's congressional hearing on telecom network security. Finally, we talk about some upcoming hacker movie episodes, including Die Hard and maybe Home Alone!
Jeff Gothelf, a renowned author and product strategist and co-founder of Sense and Respond Learning, joins Dennis to discuss the need to design products with users in mind, how critical thinking can help teams succeed, and what the AI revolution means for security teams and other groups.
It's an acronym-filled, government-only bonanza this week! We discuss the DoJ sanctioning Russian bulletproof hosting provider Media Land (0:53), the SEC dropping its enforcement action against SolarWinds and its CISO (13:25), and the FCC reversing course on a longstanding security rule for telecom providers (26:00).
Dennis is joined by Rich Mogull, chief analyst at the Cloud Security Alliance, cloud security trainer, and all around good guy to talk about the Cloudflare outage, why the internet is now just six companies, and what, if anything, organizations can do to improve their resilience in the current environment.
This week was a bit of a throwback to olden times, with the disclosure by Amazon threat intelligence of zero days in Cisco and Citrix products that were exploited by an unnamed APT, and Google using legal action to disrupt the Lighthouse phishing service operation. We dig into those two stories, plus we discuss the challenge of trying to quantify the financial and other effects of a major cyber attack.
Related stories:
https://deci...
"You know, you really don't need a forensics team to get to the bottom of this. If you guys were the inventors of Facebook, you'd have invented Facebook." Melanie Ensign joins Dennis Fisher and Lindsey O'Donnell-Welch to discuss David Fincher's massively successful 2010 film, The Social Network, a movie that opens a window into the dark side of Silicon Valley and the lengths that some people will go to...
Yahoo CISO and Chief Paranoid Sean Zadig returns to the podcast for a discussion with Dennis Fisher about how to go about getting kids interested in technology and teaching them about hacking (in the broad, classical sense) safely (9:10). Then they talk about how rapidly the cybersecurity industry is changing and what effects AI is and is not having on offense, defense, and the job market (45:00).
We don't do holiday themed episodes in this house, so no tricks, but we have some treats for you. First we discuss the problem of shadow AI (1:00) and how it seems like we're just repeating the mistakes of previous tech waves in ignoring security until it's too late. Then we dig into a new report from Kaspersky about a crazy exploit they discovered for a Chrome sandbox escape that led them to identify the new version...
This week saw a blessed lack of major vulnerabilities, but there was plenty of other news to dig into. We discuss the fallout from the AWS outage (0:36), the conclusions from the latest Cyberspace Solarium Commission report (4:37), and the effects of CISA's shakeup on the private sector (14:07), and the continued effects of the F5 incident (21:21). Finally, we have some extremely important updates on whether Dennis has a dog y...
Mitch, there's something you need to know. Compared to you, most people have the IQ of a carrot. Real Genius has it all: '80s movie icon Val Kilmer at his coolest, a brilliant hacker named Laszlo living in a closet, a giant space laser, and the absolute embodiment of the hacker ethos. Join us as we dig into this classic with our pal Wendy Nather. It's a moral imperative.
Slate article on the inspiration for Jordan: ht...
In the wake of the disclosure of a serious intrusion at F5 that reportedly lasted about a year, we talk about the details of the disclosure, the potential link to Chinese state actors, the fallout from the attackers' access to source code and bug reports, and what this could mean in the long term.
Have you heard about this AI thing? It's wild. Turns out, attackers are using it for all kinds of things we'd rather not have them doing. Dennis Fisher is joined by two experts from CrowdStrike--Adam Meyers, head of counter adversary operations, and Elia Zaitsev, CTO--to talk about how both defenders and attackers are leveraging AI and where things might be going in the next few years.
This week brings some new insights into the origins and length of the Cl0p extortion attacks tied to the Oracle E-Business Suite vulnerability, big surges in scanning for Cisco ASA, Palo Alto, and Fortinet devices, and a huge upgrade to Apple bug bounty payouts. Plus: Does Dennis have a dog yet?
https://security.apple.com/blog/apple-security-bounty-evolved/
https://decipher.sc/2025/10/08/data-connects-scanning-surges-for-cisco-forti...
What you see on these screens up here is a fantasy; a computer-enhanced hallucination. WarGames may be 42 years old (!) but its prescience about our current technocracy and race to take humans out of the loop is as clear as ever. Dennis Fisher, Lindsey O-Donnell-Welch, Zoe Lindsey, and Pete Baker sit down in front of an IMSAI 8080 with some raw corn on the cob and a can of Tab to talk about this brilliant hacker movie classic.
Dennis and Lindsey dissect a busy week in security news, starting with the Cl0p group's extortion campaign against Oracle customers (3:24), then moving into the Crimson Collective's claimed breach of some of Red Hat GitLab's repos (12:41), and finally the consequences of the expiration of th CISA legislation and de-funding of the MS-ISAC (22:46).
PLUS! An exciting announcement about our partnership with Material Secu...
Popular Podcasts
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Listen to 'The Bobby Bones Show' by downloading the daily full replay.
The official podcast of comedian Joe Rogan.
Betrayal Weekly is back for a brand new season. Every Thursday, Betrayal Weekly shares first-hand accounts of broken trust, shocking deceptions, and the trail of destruction they leave behind. Hosted by Andrea Gunning, this weekly ongoing series digs into real-life stories of betrayal and the aftermath. From stories of double lives to dark discoveries, these are cautionary tales and accounts of resilience against all odds. From the producers of the critically acclaimed Betrayal series, Betrayal Weekly drops new episodes every Thursday. Please join our Substack for additional exclusive content, curated book recommendations and community discussions. Sign up FREE by clicking this link Beyond Betrayal Substack. Join our community dedicated to truth, resilience and healing. Your voice matters! Be a part of our Betrayal journey on Substack. And make sure to check out Seasons 1-4 of Betrayal, along with Betrayal Weekly Season 1.