TrustedSec Security Podcast

On this episode of Security Noise, Geoff and Skyler chat with Security Consultant Shane Jones about how AI can accelerate workflows and the pros and cons of using automation in penetration testing. Skyler covers his experiences with voice cloning, which AI tools assisted his engagement, and how he was able to trick the IVR system. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.

On this episode of Security Noise, Geoff and Skyler chat with Identity Security Architect Sean Metcalf about securing Active Directory, Entra, DS, and that messy space in between. Sean also talks about his recent presentation at RSA, common challenges in the identity security space, frequently seen penetration test findings, and more! About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.

Who doesn't love a new tool? In this episode of Security Noise, Geoff and Skyler talk to Senior Research Analyst Alex Ball about his new open-source tool DIT Explorer. DIT Explorer opens a .dit file of your choosing (NTDS.dit is the file housing the data for Windows Active Directory), loads the directory schema, and presents the objects as a tree. Alex takes us through the tool's functions, why and how he created it, and upcoming updates. Learn more about DIT Explorer in Alex's blog: https://trustedsec.com/blog/exploring-ntds-dit-part-1-cracking-the-surface-with-dit-explorer About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.

Let's Encrypt now offers certificates with 6-day lifetimes but what does that mean for the commercial TLS trust anchor world? On this episode of Security Noise, Geoff and Skyler are joined by Principal Security Consultant Justin Bollinger to discuss new options for certificate lifetimes and the implications of the new maximum ages, good and bad. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.

In this episode of Security Noise, Geoff and Skyler talk with IR Practice Lead Carlos Perez and Security Consultant Zach Bevilacqua about the world of security operations. They discuss current trends, the role of AI, challenges with traditional SIEM tools, and the value of proper logging and monitoring configurations. How important are proactive measures and effective communication within SOC teams? Find out what our team has to say on this episode of Security Noise!  About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.

How has email security evolved over the years? What challenges do organizations face in protecting against sophisticated phishing attacks? Find out on this episode of Security Noise! Business Email Compromise (BEC) attacks are becoming increasingly common and sophisticated. In this episode, Geoff and Skyler speak with Incident Response Security Consultant Olivia Cate and Director of Advisory Innovation Rocky Brockway about BEC and what you can do to prepare your organization. We discuss which types of organizations are most vulnerable, the increasing rate of BEC attacks, and the methods used by attackers. Find out more about our Incident Response services on our website.  About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.

In this episode, Geoff and Skyler talk with TrustedSec Security Consultants Whitney Phillips and Justin Bollinger about their recent presentations and experiences at CactusCon in Mesa, Arizona. Justin delves deep into the complexities surrounding the Common Vulnerabilities and Exposures (CVE) identification process and bug bounty programs, highlighting key challenges security researchers face. Whitney shares her expertise on crafting and delivering impactful conference presentations, offering valuable insights into preparation, audience engagement techniques, and managing presentation anxiety. Both consultants provide their unique perspectives on the conference highlights, including notable keynotes, networking opportunities, and emerging security trends discussed at this prominent Southwest cybersecurity event. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.

It's time to talk about TikTok! On this episode of Security Noise, Geoff and Skyler speak with Senior Security Consultants Kelsey Segrue and Travis Kaun about algorithms, data security, and how we got to where we are today with the popular Chinese-owned app. They also discuss other Chinese technologies and devices that you may want to keep an eye on if you have them on your network. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.

In this episode of Security Noise, Geoff and Skyler are joined by two TrustedSec experts, Security Consultant Edwin David and Principal Security Consultant Justin Bollinger, to talk about the evolution of authentication and what it looks like in 2025. We discuss passwordless authentication, multi-factor authentication (MFA), and the implications of OAuth and identity providers. The crew also discusses the dangers of using antiquated methods like SMS for authentication. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet!

In this episode, Geoff and Skyler are joined by TrustedSec's Force Cloud Security Practice Lead @nyxgeek to talk about his findings after 3 years of user enumeration in Azure! He also dives into techniques and the implications of "presence data" in Microsoft Teams. We get a preview of his conference talks at (the now past) Shmoocon and HackCon, which he will be delivering in Norway on February 2, 2025. What is in the future of authentication and identity management? Listen now to hear nyxgeek's predictions for 2025.  About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Learn more at https://trustedsec.com/ Hack the planet!

Find out what's in Security Noise 2024 Wrapped in this special year-end episode! Is AI being used to shape public perceptions and military strategies? Are we living in a simulation or is this all one big PsyOp? Geoff and Skyler are joined by IR Practice Lead and Director of Security Intelligence Carlos Perez to discuss how cybersecurity has evolved in 2024, the effectiveness of AI tools in coding, and the accountability of vendors for vulnerabilities. Cut through all the noise from this past year and learn what stands out! About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet!

Are all IT admins cave-dwelling gnomes? In this episode of Security Noise, Geoff and Skyler swap hard-to-believe, humorous, and sometimes scary InfoSec stories with members of the TrustedSec team: Senior Security Consultant Joe Sullivan and Principal Security Consultants Drew Kirkpatrick and Adam Compton. Listen as they share insights on network security, proactive measures, and a few mishaps along the way. Join us for some great discussion and stories from the battle field! About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet!

In this episode, Geoff and Skyler dive deep into hardware hacking with Rob Simon! Rob is the Mobile and Hardware Security Practice Lead at TrustedSec and shares the deets on hardware security assessments. The importance of hardware fundamentals in security, especially when it comes to IoT devices, is one of the key takeaways this week. Rob answers questions like: Who needs hardware assessments? What tools and techniques are used? And what potential vulnerabilities are associated with IoT devices? Join us for great discussion, stay for the lolz, and clutch your Flipper Zeros tight! About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet!

Yeehaw

Let's talk about Threat Hunting! On this episode of Security Noise, Geoff and Skyler are joined by Principal Security Consultants Shane Hartman and Justin Vaicaro to discuss the essential components of a successful Threat Hunting program. But where do you start and how do you access the best resources? Listen as they share insights on building an effective program, operationalizing practices, and the importance of a proactive mindset.  About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. 

In this episode of Security Noise, we focus on Cloud Security Testing. Our guest , Security Consultant Edwin David, discusses current objectives for securing the cloud, tools for cloud testing, and the challenges of multi-cloud and hybrid environments. Key takeaways include: -The importance of MFA and conditional access -The need for strong password protection -The lack of a unified toolset for cloud testing -The complexities and security implications of multi-cloud and hybrid environments. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

This week on Security Noise, we talk about "Hacker Summer Camp" also known as DEF CON and BlackHat in Las Vegas. We chat with Senior Security Consultants Luke Bremer and Aaron James, who both attended for the first time, about initial impressions and takeaways from the cons and Vegas itself. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

On this episode of Security Noise, we discuss the recent CrowdStrike incident with our guests: Director of Advisory Innovation Rockie Brockway and Managing Director of Remediation Services Paul Sems. The incident occurred on July 19, 2024, when a CrowdStrike security platform update caused a large number of Windows platforms to fail to boot, resulting in the largest IT outage in history. We also touch on patch management and the balance between speed and risk. What is the potential for future attacks targeting kernel-level drivers? What can you expect from similar attacks in the future? Listen now as we cover all this and more on Security Noise! About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

In this episode, Geoff and Skyler are joined by special guests Keith Koehne and Matt Miller from Paradigm Cyber Ventures to discuss their mission to integrate cybersecurity into high school industrial tech education. Through this program, teachers at high schools around the U.S. are trained to deliver an in-depth cybersecurity curriculum to their students which introduces them to the field, giving them practical training and readying them for industry exams. The program prepares and empowers students to join the cybersecurity workforce, attend college, or both.  About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

On this episode of Security Noise, we talk to some veteran network guys to discuss CVE-2024–3661 and other thoughts about VPN security. Geoff and Skyler are joined by Security Consultant Philip DuBois and Principal Security Consultant Justin Bollinger to get their perspective on current issues. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

On this episode, Skyler talks to Principal Security Consultant Drew Kirkpatrick who recently gave a talk at CackalackyCon where he demonstrated new features of his tool, JS-Tap. The tool allows red teams to monitor and attack web applications by rewriting code in the user's browser. Drew introduced a new feature called Mimic, which automates the process of generating custom JavaScript payloads for performing actions as the user in the application. The payloads can be integrated with a Command and Control (C2) system to execute tasks in the user's browser. Drew provided a demo of the tool using a vulnerable WordPress site. JS-Tap is a powerful tool for monitoring and attacking web applications. It allows users to log in and track client activity, including cookies, local storage, and session storage. JS-Tap can intercept form submissions and network communications, making it useful for both monitoring and attacking. It can generate custom payloads and exfiltrate data from the target application. The tool is versatile and can be used for red teaming, penetration testing, and post-exploitation. JS-TAP is available on GitHub and is open source. Watch the podcast and demo on YouTube here - https://youtu.be/cU915mxLfTo About this podcast Security Noise, a TrustedSec Podcast, features our cybersecurity experts in conversation about the security topics that interest them the most. Hosted by Geoff Walton and Producer/Contributor Skyler Tuter. Listen and subscribe wherever you get your podcasts!

In this episode, we discuss state-of-the-art red team testing with Targeted Operations Practice Lead Jason Lang and Director of Security Intelligence Carlos Perez. The conversation is focused on how to extract more value via enhanced cooperation between the red team and the IT Security organization. We conclude with Jason sharing some highlights from his talk "Modern Hackery: A Look At Current Breaches Through An Attacker's Eyes" which will be presented at NolaCon in New Orleans on May 17, 2024.  Show References: https://services.google.com/fh/files/misc/m-trends-2024.pdf 

Join us as we continue our series on developing careers in InfoSec. In this episode, we talk about a unique opportunity for students at Bedford High School in Ohio, a school that is near and dear to TrustedSec Founder and CEO David Kennedy. We chat with Dave about the cybersecurity education program that was launched recently with help from long-time Bedford teacher Darren Pocek and others. Listen to learn how this program was created and how it helps prepare students for careers in cybersecurity. 

Security Noise starts a multi episode look at how to start or grow a career in infoSec. We begin by talking with Senior Security Consultant Kelsey Segrue and Security Consultant Olivia Cate who took what might be considered the traditional route. They share their stories and offer some insights into how to maximize the advantage of similar opportunities. About this podcast Security Noise, a TrustedSec Podcast, features our cybersecurity experts in conversation about the security topics that interest them the most. Hosted by Geoff Walton and Producer/Contributor Skyler Tuter. Listen and subscribe wherever you get your podcasts!

On this episode of Security Noise, we are revisiting the topic of open-source intelligence (OSINT) in the wake of the theories spurred by the Royal Family's social media photo that was quickly flagged as being altered. Along with guests, Senior Security Consultants Joe Sullivan and David Boyd, we delve into various theories surrounding the Princess of Wales' controversial Mother's Day photo and the media's subsequential reaction. Methods for spotting fake images, such as reverse image searches and metadata analysis, are discussed, highlighting the importance of scrutinizing visual content in today's digital age. Additionally, tools like AIornot.com and insights into Twitter/X's handling of metadata add depth to the discussion. Overall, the episode sheds light on the complexities of image authenticity in the era of digital manipulation and emphasizes the need for critical thinking when consuming visual media.  Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter. Links: https://fotoforensics.com https://www.aiornot.com/ https://www.getghiro.org/ https://www.suncalc.org

It's Leak Week for this episode of Security Noise! Geoff and Skyler chat with Security Consultant Whitney Phillips and Senior Security Consultant Kurt Muhl about a number of recent privacy pitfalls including destructive ransomware groups such as LockBit, leaked government emails, and other data and privacy mishaps.  References: https://krebsonsecurity.com/2024/02/u-s-internet-leaked-years-of-internal-customer-emails/ https://krebsonsecurity.com/2024/02/feds-seize-lockbit-ransomware-websites-offer-decryption-tools-troll-affiliates/  Security Noise, a TrustedSec podcast, is hosted by Geoff Walton and Producer/Contributor Skyler Tuter in conversation with cybersecurity experts discussing the security topics that interest them the most.

Skyler and Geoff chat with Senior Security Consultant Joe Sullivan about using open-source intelligence (OSINT) for gathering ideas and information. We discuss some of the ethical questions about what you can do with what you learn. 

Geoff and Skyler talk to Incident Response Practice Lead Tyler Hudak about when you need an IR plan, what kind of relationships you should have with your IR vendor, and what things to know before perusing an IR retainer. The conversation looks at the needs for businesses of various sizes, proposes some self-assessment questions, and concludes with some war stories!

Geoff and Skyler make bold predictions for 2024 about AI, changes to Air Tags, and Open Source! LINKS: https://techcrunch.com/2024/01/04/orrick-law-firm-data-breach/ https://arstechnica.com/security/2023/12/researchers-come-up-with-better-idea-to-prevent-airtag-stalking/ https://www.theregister.com/2023/12/27/bruce_perens_post_open/

In this very special year-end episode, we're cranking up the heat as we explore some of our favorite InfoSec tools of 2023. Guest Lineup: Drew Kirkpatrick - JS-Tap Unleashed Drew Kirkpatrick is the maestro behind "JS-Tap." He dropped this pentesting bombshell at Wild West Hackin' Fest this year with his talk, "JS-Tap: Weaponizing JavaScript for Red Teams." Skyler snagged an exclusive interview with Drew at the conference and we'll get to hear that discussion on this episode. Luke Bremer - Hackvertor Luke Bremer graces our podcast to dive into his blog, "What is Hackvertor (and why should I care?)." Get ready to dive into the use cases of this Burp Suite plugin and how you can utilize it on your next pentest! Ben Mauch (Ben Ten) - Unveiling Impede We end our discussion with Ben Mauch, aka @Ben0xA, as he unveils TrustedSec's latest software offering: Impede. Brace yourself for a deep dive into the features and innovations packed into this cybersecurity marvel. Gather 'round and settle in for our year-end episode of SECURITY NOISE!

In this episode, we wrap up our 4-part series, "The Road Ahead," with TrustedSec CTO Justin Elze and Targeted Operations Lead Jason Lang as they provide insight into how the targeted operations landscape has evolved for everyone, from client to consultant. We discuss what groups are doing red teaming and what the practice looks like today. Our guests also discuss the impacts of SSO, third-party IDP solutions, and assumed breach strategies. Get ready to be offensive on this episode of Security Noise! This episode concludes a short series called "The Road Ahead." Each episode highlights an area of Information Security and features guests who are experts in those areas. Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

In this episode, we discuss the evolution of the Internal Penetration Test with two experienced practitioners, David Boyd and Justin Bollinger. We cover how test preparation and planning have changed over the years, how hybrid environments with on-premises and cloud-hosted applications have impacted pen testing, and the effects of Zero Trust and contemporary security models. Of course we'll also talk shop, where we look at the current tools of the trade and what the client-consultant relationship looks like today. This episode is Part 3 of 4 in a short series called "The Road Ahead." Each episode highlights an area of Information Security and features guests who are experts in those areas. Come along as we explore the history and future of InfoSec! Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

Geoff and Skyler discuss how the defense and vulnerability side of application development and deployment has evolved over the years. They are joined on the panel by two other members of the TrustedSec team, Paul Sems and Mitch Parish, who were there to help and lead organizations through those transitions in their current and prior roles.  This episode is Part 2 of 4 in a short series called "The Road Ahead." Each episode will highlight an area of Information Security and feature guests who are experts in those areas. Come along as we explore the history and future of InfoSec! Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

On this episode of Security Noise, Geoff and Skyler speak with members of the TrustedSec Software Security team to discuss the past, present, and future of AppSec. Security Consultants Joe Sullivan and Philip DuBois and Director of Software Security Scott White weigh in on the evolution of security tools, how engagements have changed, and where AppSec is heading. This episode is Part 1 of 4 in a short series called "The Road Ahead." Each episode will highlight an area of Information Security and feature guests who are experts in those areas. Come along as we explore the history and future of InfoSec! Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

In this episode, nyxgeek joins us to change your mind about enumeration and federation, Producer Skyler Tuter tells us what happened at DEF CON in Vegas, and we hear from Security Consultant Whitney Phillips about her presentation and augmented reality. Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

On this episode of Security Noise, we remember the man who changed InfoSec forever—Kevin Mitnick, who recently passed away after a battle with cancer. TrustedSec CEO Dave Kennedy joins in to share some of our favorite stories and memories of Kevin. Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

This week on Security Noise, we discuss DOs and DON'Ts of Grey-hat work with the practice lead for research at TrustedSEc, Carlos Perez! Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

Are you afraid of the dark web? In this week's episode, several folks from TrustedSec's consulting team tell infosec campfire stories. Scott White, Kurt Mhul, Philip Dubois, Skyler Tuter, and Geoff Walton share tales of disaster, near disaster, spooky or straight-up funny stories, and discuss how those experiences changed their perspectives on infosec.

Artificial intelligence is progressing at a quick (and some say alarming) rate. Security Noise returns with a look at Large Language Models (LLMs) as well as AI audio and image generation, exploring emerging possibilities commercial, curious, and malicious. Listen in on the conversation with TrustedSec team members Carlos Perez and Rob Simon as they discuss current topics with host Geoff Walton and Producer/Contributor Skyler Tuter.

How much of your life is tied up on your phone? This week, Security Noise looks at the client side of mobile security. In this episode, we explore some current topics surrounding mobiles and how you should treat them. Joining us are several folks from the Mobile Security team at TrustedSec: Drew Kirkpatrick, Rob Simon, and Whitney Phillips. Security Noise is hosted by Geoff Walton with Producer/Contributor Skyler Tuter.

Security Noise kicks off its inaugural episode with host Geoff Walton and Producer/Contributor Skyler Tuter! This week, we discuss cloud transitioning topics with our expert guest panel: Paul Sems, Edwin David, and Phil Rowland. Our guests have a range of perspectives and backgrounds in design, defense, and offensive security. In this episode, we explore the changing roles of IT personnel, where identities live, hybrid environments, DOs and DONTs, and share some stories. 

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Elze, Justin Bollinger, and David Boyd. Get ahead of the new PCI requirements PCI 4.0 is coming! Find out how the new requirements will affect your organization's goals and prepare now, with a PCI DSS assessment from TrustedSec. Penetration testing the cloud isn't the same as your network Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test. Join the TrustedSec Discord Community TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.  Stories Title: Two U.S. Men Charged in 2022 Hacking of DEA Portal URL: https://krebsonsecurity.com/2023/03/two-us-men-charged-in-2022-hacking-of-dea-portal/ Author: Brian Krebs Title: Cancer patient sues hospital after ransomware gang leaks her nude medical photos URL: https://www.theregister.com/2023/03/15/cancer_lvhn_sues_hospital/?td=rt-3a Author: Jessica Lyons Hardcastle The Interview: Link: https://www.trustedsec.com/blog/critical-outlook-vulnerability-in-depth-technical-analysis-and-recommendations-cve-2023-23397/ Justin Elze, CTO and Director of Research at TrustedSec, talks to us about CVE-2023-23397, covering how TrustedSec investigated and responded as well as where it will land in the penetration tester's toolbox.

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Edwin David, Kelsey Segrue, and Alex Hamerstone. Get ahead of the new PCI requirements PCI 4.0 is coming! Find out how the new requirements will affect your organization's goals and prepare now, with a PCI DSS assessment from TrustedSec. Penetration testing the cloud isn't the same as your network Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test. Join the TrustedSec Discord Community TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.   Stories   Title: You can now run a GPT-3-level AI model on your laptop, phone, and Raspberry Pi URL: https://arstechnica.com/information-technology/2023/03/you-can-now-run-a-gpt-3-level-ai-model-on-your-laptop-phone-and-raspberry-pi/ Author: Benj Edwards   Title: OWASP Low-Code/No-Code Top 10 URL: https://owasp.org/www-project-top-10-low-code-no-code-security-risks/ Author: OWASP Project   Title: Biden admin's cloud security problem: ‘It could take down the internet like a stack of dominos' URL: https://www.politico.com/news/2023/03/10/white-house-cloud-overhaul-00086595 Authors: John Sakellariadis

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Edwin David, David Boyd and Skyler Tuter. Get ahead of the new PCI requirements PCI 4.0 is coming! Find out how the new requirements will affect your organization's goals and prepare now, with a PCI DSS assessment from TrustedSec. Penetration testing the cloud isn't the same as your network Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test. Join the TrustedSec Discord Community TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join. Stories Title: Hackers Scored Data Center Logins for Some of the World's Biggest Companies URL: https://www.bloomberg.com/news/features/2023-02-21/hackers-scored-corporate-giants-logins-for-asian-data-centers?leadSource=uverify%20wall Author: Jordan Robertson   Title: Best Practices for Securing Your Home Network URL: https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF Author: NSA   Title: US military email server left exposed for 2 weeks, allowing internal emails to leak URL: https://www.foxnews.com/politics/us-military-email-server-left-exposed-two-weeks-allowing-internal-emails-leak Authors: Jennifer Griffin, Adam Sabes

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Whitney Phillips, Skyler Tuter. Get ahead of the new PCI requirements PCI 4.0 is coming! Find out how the new requirements will affect your organization's goals and prepare now, with a PCI DSS assessment from TrustedSec. Penetration testing the cloud isn't the same as your network Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test. Join the TrustedSec Discord Community TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join. Stories Title: Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices URL: https://thehackernews.com/2023/01/realtek-vulnerability-under-attack-134.html?m=1 Author: Ravie Lakshmanan   Title: Extract Actionable Intelligence from Text-based Threat Intel using Sentinel Notebook URL: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-extract-actionable-intelligence-from-text-based/ba-p/3729508 Author: Vani Asawa   Title: Dashlane publishes its source code to GitHub in transparency push URL: https://techcrunch.com/2023/02/02/dashlane-publishes-its-source-code-to-github-in-transparency-push/ Author: Paul Sawers

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Whitney Phillips, Steven Erwin, and Mitch Parish. Announcements Join the TrustedSec Discord Community TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join. Stories Title: A call to action: Think seriously about “safety”; then do something sensible about it URL: https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2023/p2739r0.pdf Author: Bjarne Stroustrup   Title: U.S. airline accidentally exposes ‘No Fly List' on unsecured server URL: https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/ Authors: Mikael Thalen, David Covucci  

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Scott White, and Scott Nusbaum   Announcements   Join the TrustedSec Discord Community TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.     Stories Title: Lastpass: Hackers stole customer vault data in cloud storage breach URL: https://www.bleepingcomputer.com/news/security/lastpass-hackers-stole-customer-vault-data-in-cloud-storage-breach/ Author: Sergiu Gatlan   Title: Android is adding support for updatable root certificates amidst TrustCor scare URL: https://blog.esper.io/android-14-updatable-certificates/ Author: Mishaal Rahman   Interview Guest: Scott White Subject: Planning your Application Tests

Welcome to the TrustedSec Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Alex Hamerstone, and Skyler Tuter.   Announcements   Join the TrustedSec Discord Community TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.   Stories Title: FBI, CISA say Cuba ransomware gang extorted $60M from victims this year URL: https://techcrunch.com/2022/12/02/fbi-cisa-cuba-ransomware Author: Carley Page   Title: A new analysis urges CISO's to take strategic steps ahead of the advent of quantum computing. URL: https://www.nextgov.com/emerging-tech/2021/11/report-china-may-steal-encrypted-government-data-now-decrypt-quantum-computers-later/187020/ Author: Brandi Vincent   Title: Lastpass says hackers accessed customer data in new breach URL: https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-accessed-customer-data-in-new-breach/?mibextid=Zxz2cZ Author: Sergiu Gatlan

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Kurt Muhl, Justin Bollinger, and David Boyd   Title: A simple Android lock screen bypass bug landed a researcher $70,000 URL: https://techcrunch.com/2022/11/14/android-lock-screen-bypass-google-pixel/ Author: Zack Whittaker   Title: NSA Releases Guidance on How to Protect Against Software Memory Safety Issues URL: https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3215760/nsa-releases-guidance-on-how-to-protect-against-software-memory-safety-issues/ Author: NSA             Title: Flight Radar Report Shows FTX Co-Founder's Private Jet Flew to Argentina, SBF Says He's Still in the Bahamas URL: https://news.bitcoin.com/flight-radar-report-shows-ftx-co-founders-private-jet-flew-to-argentina-sbf-says-hes-still-in-the-bahamas/?fbclid=IwAR3iBvfrTl471Im9-OFdhuaoaBiJuG8PF8TFwcGtBO_8tf4SL_cWMAsO43g Author: Jamie Redman

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Joe Sullivan, and Whitney Phillips. Announcements Join the TrustedSec Discord Community TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.   Stories Title: Security certification body (ISC)² defends ‘undemocratic' bylaw changes URL: https://portswigger.net/daily-swig/security-certification-body-isc-defends-undemocratic-bylaw-changes Author: Emma Woollacott   Title: Chrome will finally force you to upgrade from Windows 7 in 2023 URL: https://www.androidpolice.com/chrome-windows-7-support/ Author: Stephen Schenck   Tool Time Link: https://portswigger.net/burp/dastardly Dastardly TL:DL docker run --user $(id -u) --rm -v $(pwd):/dastardly -e DASTARDLY_TARGET_URL=https://ginandjuice.shop -e DASTARDLY_OUTPUT_FILE=/dastardly/dastardly-report.xml public.ecr.aws/portswigger/dastardly:latest

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Luke Bremer, and Whitney Phillips.   Stories   Title: No fix in sight for mile-wide loophole plaguing a key Windows defense for years URL: https://arstechnica.com/information-technology/2022/10/no-fix-in-sight-for-mile-wide-loophole-plaguing-a-key-windows-defense-for-years/ Author: Dan Goodin     Title: Intel's Alder Lake BIOS Source Code Reportedly Leaked Online URL: https://www.tomshardware.com/news/intels-alder-lake-bios-source-code-reportedly-leaked-online Author: Paul Alcorn   Live-ish From GrrCon Our panel discusses their experience at GrrCon 2022 so far. Luke mentions some research into recovering old botnets ("Botnets Don't Die") by Aamir Lakhani.