YusufOnSecurity.com

Enjoying the content? Let us know your feedback!On June 27, 2024, millions of people worldwide suddenly couldn't access one of the internet's most popular DNS services—not because of a cyberattack in the traditional sense, but because a single network in Brazil convinced the internet that it owned an IP address that belonged to someone else. This wasn't hacking in the way most people understand it—no passwords were stolen, no systems were breached, yet traffic from 300 networks across 70 countries was instantly rerouted into oblivion. In this episode, we break down BGP hijacking: the invisible routing attack that lets anyone with the right access redirect your internet traffic anywhere they want, and why the protocol holding the entire internet together was built on a foundation of trust that no longer makes sense in 2026.- https://gcore.com: What IS BGP?- https://isbgpsafeyet.com: Is BGP Safe Yet?  - https://blog.apnic.net: APNIC Blog – BGP Security Analysis and Updates - https://en.wikipedia.org: Regional Internet RegistriesBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!On January 17, 2025, the European Union's Digital Operational Resilience Act — known as DORA — became fully enforceable, fundamentally changing how financial institutions across Europe manage cyber and operational risk. One year into enforcement, regulators have designated critical ICT providers, penalties are now being levied, and the January 2026 supervisory review is underway. In this episode, we break down what DORA actually requires, who it applies to, why it matters even if you're not in the EU, and what the upcoming review means for the financial sector globally.- https://www.eiopa.europa.eu: Digital Operational Resilience Act (DORA)- https://eur-lex.europa.eu: The regulationBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!After sixty years of password resets, forgotten credentials, and phishing attacks, the authentication landscape is finally shifting — and 2026 marks the tipping point. In this episode, we break down what passkeys actually are, why over a billion people have already adopted them, and what the regulatory push from NIST, CISA, and global financial regulators means for your organisation. Passwords aren't dead yet, but for the first time, they're genuinely on the way out.We have all that coming up next, in this week's podcast!- https://passkeys.io: Comprehensive implementation guides, device compatibility checker, and passkey directory- https://pages.nist.gov/800-63-4: Official SP 800-63-4 with AAL2/AAL3Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In Part 1 of this series, we explored why Microsoft is finally saying goodbye to NTLM authentication after more than 25 years of service. We discussed NTLM's security weaknesses, from relay attacks to weak cryptography, and touched on Kerberos as the obvious alternative that's been waiting in the wings since ...well....Windows 2000.Today in Part 2, we're getting practical. We'll explore the two groundbreaking major Microsoft is adding to Kerberos—IAKerb and Local KDC—that will finally allow organizations to eliminate NTLM entirely. More importantly, we'll discuss what this means for you as a defender, how to prepare your environment, and of course...what timeline you're working with.- techcommunity.microsoft.com: The evolution of Windows authentication- www.securityweek.com: Microsoft Improving Windows Authentication, Disabling NTLM- www.bleepingcomputer.com: Microsoft plans to kill off NTLM authentication in Windows 11- thehackernews.com: Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger AuthenticationBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today, we're diving into a significant announcement from Microsoft that will fundamentally change how Windows handles authentication. In this two-part series, we'll explore Microsoft's plan to phase out the NT LAN Manager protocol, better known as NTLM, and fully embrace Kerberos authentication in Windows 11. This isn't just a minor technical adjustment—this represents a major shift in how organizations will secure their Windows environments.In Part 1 today, we'll understand what NTLM is, why it's been around for so long despite its security weaknesses, and explore the fundamental reasons Microsoft has decided it's finally time to pull the plug.- techcommunity.microsoft.com: The evolution of Windows authentication- www.securityweek.com: Microsoft Improving Windows Authentication, Disabling NTLM- www.bleepingcomputer.com: Microsoft plans to kill off NTLM authentication in Windows 11- thehackernews.com: Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger AuthenticationBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!It has been a while since we've done a news update episode. So today, we're diving into two major stories that have been dominating cybersecurity headlines this past week. First, we'll unpack React2Shell, a critical vulnerability that's being called one of the most serious web application flaws in recent memory. Then we'll discuss the Instagram data breach affecting over seventeen million users. Both incidents highlight how quickly the threat landscape can shift.- https://react.dev: React Security Advisory- https://www.wiz.io: Wiz Research Technical Analysis- https://aws.amazon.com: AWS Threat Intelligence Report- https://www.cisa.go: CISA Alert on CVE-2025-55182- https://haveibeenpwned.com: Instagram Breach- https://www.cisa.gov: Multi-Factor Authentication GuideBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In late 2025, Jaguar Land Rover was hit by a debilitating cyberattack that brought its global production to a near-standstill and ultimately exposed sensitive employee and contractor data, marking one of the most disruptive breaches in the automotive industry in recent memory.** The incident not only shuttered factories and hammered sales, but also served as a stark reminder of how deeply cybersecurity failures can ripple through complex modern supply chains and operations.- https://treblle.com: JLR Breach Breackdown Analysis-https://www.cyfirma.com: Investigation Report on Jaguar Land Rover Cyber Attack- https://therecord.media: Juaguard Land Rover Quarter Loss Cyber AttackBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!As we've done at the end of each year, it's time to look back at what resonated most with you, our listeners. 2025 brought us some incredible episodes covering everything from fundamental security concepts to cutting-edge AI developments. But three episodes truly stood out—pulling the highest download numbers and sparking the most conversation.These weren't just popular because they covered trending topics. They addressed real, practical challenges that defenders face every single day. So let's dive into the best of 2025.First up: Episode 207 - Microsoft Windows Actively Exploited VulnerabilitiesReleased on January 18th, this episode tackled something every Windows administrator loses sleep over—actively exploited vulnerabilities. We broke down three critical flaws that attackers were leveraging in the wild, and more importantly, what you needed to do about them right away. This episode hit home because it wasn't theoretical—these were real threats demanding immediate action.Next: Episode 213 - Stealing Data in Plain Sight: How Cybercriminals Exfiltrate Your Secrets and How to Stop ThemPublished on March 1st, this deep dive into data exfiltration struck a nerve. We explored how attackers don't just break in anymore—they quietly steal your most valuable assets while blending into normal network traffic. From DNS tunneling to cloud storage abuse, we covered the techniques defenders need to recognize and the controls that actually work. This episode became essential listening because data exfiltration isn't just a technical problem—it's a business survival issue.And finally, wrapping up our 2025 year in review: Episode 219 - What Is Agentic AI?Released on April 12th, this episode ventured into territory that's reshaping our entire field—Agentic AI. We explored autonomous systems that can make decisions and take actions without human intervention. Why did this resonate so strongly? Because AI agents aren't science fiction anymore—they're being deployed in security operations, and defenders need to understand both their potential and their risks. This episode helped demystify where AI is heading and what it means for everyday security professionals.Enjoy!Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today, we're tackling one of the fastest-emerging threats of 2025—one that's probably already active in your organization right now, whether you know it or not. We're talking about Shadow AI, and the statistics are alarming: That means right now, as you're listening to this, someone in your organization is likely pasting sensitive data into ChatGPT, Claude, or another AI tool—and your security team has no idea it's happening. Lets peel the onion to see what this is so.- https://www.ibm.com: Cost of a Data Breach Report 2025-   https://www.splunk.com: Introduction to Shadow AI - https://www.nist.gov: NIST - AI Risk Management Framework (AI RMF) Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today we're talking about one of the most dangerous yet underestimated threats in cybersecurity right now. While everyone's worried about ransomware making headlines with million-dollar extortion demands, there's a quieter threat that's actually fueling those attacks. It's called infostealer malware, and in 2024 alone, these silent digital pickpockets were responsible for nearly one in four cyberattacks. They stole over 2 billion credentials and enabled some of the most devastating breaches of the year. The scary part? Most victims don't even know they've been infected until it's far too late.- https://nvlpubs.nist.gov: NIST Special Publication 800-83 Rev. 1 - Guide to Malware Incident Prevention and Handling- https://media.defense.gov: NSA Cybersecurity Advisory - Top Ten Cybersecurity Mitigation StrategiesBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Imagine discovering that your organization is running nearly ten times more applications than your IT team knows about. Imagine learning that two out of every three cloud tools being used by your employees were never approved, never vetted for security, and are completely invisible to your monitoring systems. Now imagine that one-third of all data breaches last year involved exactly these kinds of hidden applications. This isn't a hypothetical scenario from some dystopian cybersecurity future—this is happening right now in organizations of every size, including yours. Today, we're talking about Shadow IT and SaaS sprawl, the security crisis that's hiding in plain sight, costing companies millions, and creating vulnerabilities that most security teams don't even know exist yet.- https://csrc.nist.gov: NIST Special Publication 800-53 - Security Controls for Shadow IT- https://www.ibm.com: Data-breachBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today, we're lifting the hood on something you interact with dozens of times per day but probably never think about: Windows password security. What actually happens when you type your password and hit Enter? Where does Windows store that password? And perhaps most importantly, why do attackers spend so much time trying to steal password databases? https://learn.microsoft.com:Prevent Windows Store LMHash Password https://www.nist.gov: How Do I Create a good passwordBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today we're talking about the future of security operations, specifically three technologies that have dominated the conversation for the past few years: SIEM, XDR, and SOAR. And I'm going to make a case that might surprise some people: these tools are converging. They're merging into unified platforms, and that's actually a good thing.Now, if you're a security professional, you've probably noticed this trend already. Vendors are starting to blur the lines between these categories. SIEM vendors are adding XDR capabilities. XDR platforms are adding automation features that look a lot like SOAR. And everyone's claiming they can do everything.Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today we're tackling a question I get asked constantly: "Should we do a pentest, a red team engagement, or a vulnerability assessment?"These terms get thrown around interchangeably, but they're actually very different things with different goals, different costs, and they're appropriate for different situations. Choosing the wrong one can either waste money on overkill testing or leave you with a false sense of security.Here's the reality: most organizations need all three at different times. But if you're trying to figure out where to start, you need to understand what each one actually does.https://www.sans.org: Penetration Testing: The Shift to Red Team and Purple Team Strategies-https://nvlpubs.nist.gov: Technical Guide to Information Security Testing and AssessmentBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today we're talking about one of the most common yet misunderstood cyber attacks happening right now: credential stuffing. And I do mean right now. As I'm recording this, somewhere in the world, automated bots are attempting billions of login attempts across thousands of websites, trying to break into accounts using stolen usernames and passwords.- https://www.usenix.org: Protecting accounts from credential stuffing with password breach alerting- https://www.cs.cornell.edu: Beyond Credential Stuffing: Password Similarity Models using Neural NetworksBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today we're diving into something that keeps cybersecurity professionals up at night, and no, it's not the latest ransomware attack or data breach. It's something much more frustrating: the fact that despite spending billions of dollars on security awareness training every year, employees keep clicking on phishing emails, using weak passwords, and falling for social engineering attack.- https://www.sans.org: Security Awareness Training - https://www.verizon.com: 2025 Data Breach Investigations Report- https://ebbinghausmuseum.org: The Forgetting CurveBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Something fundamental changed in how we browse the internet in October 2025, and most people have no idea. In just 48 hours, OpenAI launched ChatGPT Atlas, Microsoft fired back with a revamped Edge, and suddenly every major tech company was racing to release AI-powered browsers that don't just load web pages—they can read your emails, book your travel, and access every logged-in account you have, all autonomously. The marketing promises unprecedented productivity, but security researchers found critical vulnerabilities within days—attacks where a single Reddit comment could drain your bank account or a malicious website could steal all your emails without you knowing. Today, we're breaking down what it means for your security, asking the question that actually matters: Are AI browsers a productivity breakthrough or a security disaster? Let's dive in.- https://openai.com: Introducing ChatGPT Atlas- https://www.perplexity.ai: Introducing Comet- https://blogs.windows.com: Your AI BrowserBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!So today, we're unpacking what vibe coding is, why it's creating serious security risks, and what you can do about it. Because whether you love it or hate it, vibe coding isn't going anywhere. The question is: are we shipping features, or are we shipping vulnerabilities?All that coming up next in today's episode.Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!This week, we've got three stories that really caught my attention, and honestly, they're all pretty alarming in their own ways. If you're new here, welcome to the show where we break down the latest cybersecurity news and help you understand what's really happening in the cyber security domains.We're going to talk about a shocking discovery about AI security - turns out it takes way fewer malicious documents than anyone thought to completely poison an AI model. Then we'll discuss something that should make every security professional cringe - CISA just added a dozen vulnerabilities to their Known Exploited Vulnerabilities catalog, and half of them are over a decade old. And finally, we'll cover Salesforce's bold decision not to pay ransom to hackers who claim to have stolen data from dozens of major companies.- https://www.anthropic.com: Small Samples Poison- https://www.turing.ac.uk: LLMS May Be More Vulnerable Data Poisoning W Thought- https://www.theregister.com: Salesforce Refuses To Pay Ransomware- https://www.sans.org: CISA Adds 12 CVEs to KEV; Half are a Decade or More OldBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Picture this: You're at London Heathrow, Europe's busiest airport, ready to check in for your flight. But the kiosks aren't working. The screens are blank. Airport staff are scrambling with iPads and even pen and paper to manually check passengers in. Your flight is delayed, maybe canceled. And you're stuck in a long line with thousands of other frustrated travelers.Today we're diving into something that disrupted the travel plans of thousands of people just a few weeks ago - a massive cyberattack that brought some of Europe's busiest airports to a grinding halt.This wasn't a scene from the 1970s - this happened in September 2025. And it wasn't just Heathrow. Brussels, Berlin, Dublin - major airports across Europe were hit simultaneously.Over the next 30 mins or so, we're going to unpack what happened, who was behind it, how the attack unfolded, and what this means for the future of critical infrastructure security. We'll also look back at other major airport attacks from recent years to understand the bigger picture.So whether you're a security analyst, a CISO, or just someone who travels and wants to understand these threats, stick around.Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Welcome back and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain English.I am your host Ibrahim Yusuf...This is part 2 of  where we will continue covering the debate that's been heating up in security circles: Are Web Application Firewalls obsolete?Now, if you've been in the security game for a while, you've probably heard the whispers. Some people are saying WAFs are dead weight, legacy technology from a bygone era. Others swear by them as the cornerstone of application security. So which is it?Well, listen to these two part episode. I suggest you start with episode 1 first  then come back to this one. In episode 1, we covered all the foundational parts and background. In our second part, we will kick off with modern attacks. Enjoy.Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In this week's episode I am joined by my good old friend Shakel Ahmed a cyber security practitioner with over 20 years of experience. We discussing how the cybersecurity landscape is at a tipping point as AI revolutionizes both defenses and threat capabilities. While tools like ML/LLM boost defender and developer efficiency, they're simultaneously empowering attackers with unprecedented advantages—operating without the ethical constraints that limit defenders. As traditional security measures struggle to keep pace, innovative strategies like specialized AI models and strategic honeypot deployments are emerging as critical weapons in this evolving digital battleground.- https://cyberdesserts.com: Shakel Ahmed's blogBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!We're tackling a debate that's been heating up in security circles: Are Web Application Firewalls obsolete?Now, if you've been in the security game for a while, you've probably heard the whispers. Some people are saying WAFs are dead weight, legacy technology from a bygone era. Others swear by them as the cornerstone of application security. So which is it?Well, stay tuned because this is exactly what you will find out in today's episode.- https://en.wikipedia.org: Web Application FirewallBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today we're unpacking one of the most significant supply chain attacks of 2025 - the Salesloft-Drift OAuth breach that sent shockwaves through the enterprise software world.We'll explore how a compromise at one marketing company led to data theft at some of the biggest names in cybersecurity and technology. We'll break down the technology at the  heart of it all - i.e. those digital keys that let applications talk to each other - and examine how threat actors turned them into free passes for corporate data theft.https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift- https://krebsonsecurity.com: The Ongoing Fallout From- A Breach At AI Chatbot-Maker SalesloftBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today's episode is all about Volt Typhoon, a Chinese state-sponsored hacking group whose stealthy techniques and strategic missions have caused significant concern for defenders worldwide. We'll break down who Volt Typhoon is, analyze the recent major report covering their activities, walk through real examples of the organizations they targeted, and explain every bit of technical jargon so everyone can follow along. By the end, you'll understand why this group is considered one of the top cyber threats facing critical infrastructure today—globally and in the West.- https://www.cyber.nj.gov: VOLT TYPHOON APT A Strategic Threat Assessment- https://www.cisa.gov: PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical InfrastructureBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!This week, the cybersecurity landscape delivers two major stories that demand attention. Microsoft's August Patch Tuesday brought a wave of critical updates and exposed gaps, challenging defenders to reassess their priorities and protections. Meanwhile, Google's Project Zero team is changing the rules on how and when the world learns about new vulnerabilities—speeding up transparency and raising fresh questions for vendors and users alike.- https://thehackernews.com: Microsoft August-= 2025 Patch Tuesday- https://www.infosecurity-magazine.com: Google to Publicly Report New Vulnerabilities Within One Week of Vendor DisclosureBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In this episode, we're diving into how companies are working to secure Generative AI—the technology behind chatbots, image creators, and code-writing assistants. We'll break down how it's different from traditional enterprise security, look at real-world attack examples, bust some myths, and explore what the future holds.- https://owaspai.org: AI Security Overview- https://artificialintelligenceact.eu: The EU AI ActBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today we're tackling a critical subject that causes countless data breaches yet often gets misunderstood: misconfiguration — what it is, why it's different from a software vulnerability, and why it remains one of the biggest security risks organizations face.One quick reminder before we dive into the main topic:Microsoft reminds of Windows 10 support ending in two monthsWindows 10 Sunset Alert: What You Need to Know Before October 2025- https://learn.microsoft.com: Windows 10 End Of Service Reminder-  https://owasp.org: Security MisconfigurationBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today, we focus on a critical and rapidly evolving Microsoft SharePoint vulnerability that's rocked the security world in July 2025. We'll walk you through what it is, why it matters, how attackers exploit it, and most importantly, what you and your organization can do to defend against it.For those new to cybersecurity, we'll also explain the tricky technical jargon around this vulnerability, so you can follow along confidently, whether you're an entry-level analyst or someone keen to learn more.- https://www.sans.org: Critical SharePoint Zero-Day Exploited: What You Need to Know About CVE-2025-53770- https://msrc.microsoft.com: Update Guide Vulnerability CVE-2025-53770- https://msrc.microsoft.com: Guidance For Sharepoint Vulnerability CVE 2025-53770/- https://www.bleepingcomputer.com: US nuclear weapons agency hacked in Microsoft SharePoint attacksBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!The world of cybersecurity isn't just about defending laptops and servers—it's also about safeguarding the “invisible” corners of our networks: those printers, cameras, routers, and dozens of other devices that quietly power our organizations. But what do you do when you can't install security software or agents on these endpoints? In this episode of YusufOnSecurity, we're digging into the art and science of protecting infrastructure you can't easily touch or monitor from within. From game-changing network tactics to clever monitoring tricks, we'll explore the evolving landscape of agentless security—and why protecting these overlooked devices just might be the next frontier in building a truly resilient environment. Stay with me as we unlock the secrets of securing the unmanageable.- https://www.techtarget.com: Agent vs Agentless Security Learn The DifferencesBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In this week's episode, we talk through the technical details of CI/CD (Continuous Integration/Continuous Development) pipelines: what they are, how they work, the jargon around them, and the potential security risks organizations need to be aware of. Finally, we'll bust a persistent myth in software development that you might find surprising.- https://www.cisco.com: What is CI/CD?Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today's episode takes you through three intersecting stories revealing how technology shapes both our vulnerabilities and our digital identity—from the sprawling and adaptable threat of AsyncRAT malware, to critical Bluetooth vulnerabilities threatening millions of vehicles globally, and finally to a thought-provoking glimpse into how AI models create intimate profiles of their users. - https://simonwillison.net/2025: Simon's ChatGPT dossier- https://blog.talosintelligence.com/AsyncRAT- https://www.bankinfosecurity.com: PerfektBlue BugBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today, we're focusing on the critical lessons from one of the most disruptive IT failures in recent memory: the global outage triggered by a CrowdStrike software update on July 19, 2024. While the headlines focused on grounded flights and downed systems, the real story lies in what this incident revealed about the way we build, secure, and rely on digital infrastructure.This episode isn't just about a faulty update—it's about the cascading impact of vendor trust, software architecture, and system design decisions made long before disaster strikes. We'll explore how over-reliance on a single vendor can introduce hidden points of failure, why resilience must be baked into every layer of our IT stack, and how incident response can make or break reputations in a hyperconnected world. We'll also look at Microsoft's rapid response and how this moment might reshape the rules for how security software integrates with Windows. The takeaway? In cybersecurity, it's not enough to be secure—you also have to be prepared for when your most trusted systems fail.Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!This week on YusufOnSecurity, we're diving into a topic that's become increasingly critical as our world grows more connected: the security of the Internet of Things, or IoT. From smart thermostats and wearable fitness trackers to industrial sensors and connected cars, IoT devices are now woven into the fabric of our daily lives and business operations. They promise greater convenience, efficiency, and innovation—but they also introduce new risks and vulnerabilities that many organizations and individuals are just beginning to understand.Securing IoT isn't just about protecting gadgets; it's about safeguarding the data they collect, the networks they connect to, and ultimately, the people and processes that rely on them. As the number of IoT devices skyrockets, attackers are finding new ways to exploit weak points—sometimes with far-reaching consequences. In this episode, we'll explore why IoT security matters, the unique challenges it presents, and practical steps you can take to protect your connected world.- https://www.cisco.com: What is iOT?- https://www.iiconsortium.org: Security Maturity ModelBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In today's interconnected world, the security of our digital infrastructure relies heavily on cryptography—the science of protecting information by transforming it into unreadable formats for unauthorized users. But how do we know the cryptographic solutions we use are truly secure? That's where standards like FIPS 140-3 come in.- https://csrc.nist.gov: FIPS-140-40-3Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In today's episode is about a seismic shift in the world of cyber threats. The emergence of AI-powered malware. We'll unpack how this new breed of malware works, the science behind it, real-world incidents, and what the latest academic research reveals. We will also look at the latest news that some are calling "The mother of all breaches".We have all that coming up next, in this week's podcast!- https://www.bleepingcomputer.com: No, the 16 billion credentials leak is not a new data breachBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Today, we'll answer a pressing question in cybersecurity: Is UTM still relevant in 2025? We'll trace the origins of UTM, explain why it was created, break down its core features, compare it to newer technologies, and finish by busting a common cybersecurity myth.Before we dive into our main topic, let's take a quick look at a major tech update making headlines: The emergence of AI powered malware is becoming more real- https://en.wikipedia.org: UTM- https://perception-point.io: AI Malware: Types, Real Life Examples, and Defensive MeasuresBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In this week's episode, we get into some detailed exploration of an up and coming  malware. Looking at it closer, it is one of the most advanced post-exploitation code families shaping the cybersecurity landscape in 2025. Over the time we have together, we'll unravel what this malware is, how it works, why it's so dangerous, and most importantly what businesses can do to defend themselves. Along the way, we'll break down technical terms and processes, to make the topic less complex as I need it to be accessible and engaging to everyone.Before we dive into our main topic, let's take a quick look at a major tech update making headlines: Microsoft Authenticator Now Warns To Export Passwords Before July Cut Off-https://www.bleepingcomputer.com: Ransomware gangs increasingly use Skitnet post-exploitation malware- https://otx.alienvault.com: Skitnet IOCsBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!This week we are exploring what Content Delivery Networks —commonly known as CDNs— are and whether they protect modern businesses. We'll dive deep into the mechanics of how CDNs work, the technologies behind them, and whether they defend organizations from  threats or just deliver content at blazing speeds. Along the way, we'll highlight two of the world's leading CDN providers.- https://en.wikipedia.org: Content Delivery Network- https://www.cloudflare.com: What Is CDN?- https://www.akamai.com: What Is CDN?Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In this week's episode, we are looking at the latest Cisco Talos' 2024 report.  In this comprehensive report, we will delve into the major cybersecurity trends and threats observed over the past year. Cisco Talos team, has compiled this report to provide valuable insights and guidance for organizations to enhance their security postures.But before we get in to the main topic, I have one security news for you and that is:- The European Union launches a new vulnerability Database - EUVD- https://euvd.enisa.europa.eu: EUVD- https://euvd.enisa.europa.eu/faq: EUVD FAQ- https://blog.talosintelligence.com: 2024 Year In Review Report- https://www.forbes.com: Why Quantum Computers Will Work Alongside Classical SystemsBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!This is the part 2 of RSAC 2025 episode. If you have not listened to episode 1 (that episode 222), I would suggest you listen to episode 1 before you listen this episode.Before you we get into part 2, lets review what has been happening last week on the news front.- UK shares security tips after major retail cyberattacks- https://www.bleepingcomputer.com: UK NCSC Cyber Attack A Wake Up call- https://www.ncsc.gov.uk:NCSC statement - Incident impacting retailersBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!It was RSAC week and it would be remiss of me if I did not give you a highlight on what went on this year, 2025. After all, RSAC has a critical role in security.  We will be reviewing the top key announcements from this year's event, including some exciting news from the major security players in the industry. Whether you're a cybersecurity professional, a tech enthusiast, or just curious about the latest in the world of cyber security, this episode is definitely for you. So, let's get started!Before we dive into the main segment, we will also add one more topic that I think is of major importance on top of everything else and that is from Microsoft.Microsoft makes All new Account Passwordless by default- https://techcommunity.microsoft.com: New User Experience- https://www.rsaconference.com: RSA Conference 2025Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!This week's episode looks at the FBI's 2024 Annual Internet Crime Report -an analysis that not only highlights the scale of cybercrime but also reveals the evolving tactics of cybercriminals and the staggering financial impact on individuals and businesses alike. This of course relates to US but it is an indicative what might be happening elsewhere.- https://www.ic3.gov: Federal Bureau Of Investigation - Internet Crime Report 2024Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!Imagine visiting your favorite website-one you trust, one you've browsed a hundred times before-only to discover it's become a silent gateway for cybercriminals. What if the real danger wasn't in suspicious emails or obvious scams, but lurking in the very places you feel safest online? In today's episode, we'll unravel a cunning technique that preys on trust and routine, catching even the most vigilant users off guard. Stay tuned as we explore the origins, methods, and real-world impact of one of the most deceptive cyber threats in existence.But before we get to the main topic, lets cover the top security news firstLazarus hackers breach multiple organisation in a not so new attack method. We will find out what the technique is.- https://attack.mitre.org: Lazarus- https://attack.mitre.org: Drive by compromiseBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In this week's episode we are touching an intriguing topic. We're going to explore Agentic AI, a fascinating area within artificial intelligence that focuses on autonomous systems capable of making decisions and performing tasks without human intervention. We'll break it down for those new to cybersecurity, delve into some technical details, and use analogies to make it all clearBut we before we dive into the topic, lets recap the top security news this week: Microsoft defender will isolate undiscovered endpoing to block attacks - https://learn.microsoft.com: Whatsbnew in Microsoft Defender Endpoint - Apri 2025- https://en.wikipedia.org: Alan Turing- https://www.nvidia.com: Agentic AIBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!This week, we re going to explore what Fast Flux is, a sophisticated technique used by cybercriminals to evade detection and maintain their malicious activities. We'll break it down for those new to cybersecurity, delve into some technical details, and use analogies to make it all clear. So without further ado, grab your coffee, or keep your eyes on the road if you are driving, sit back, and let's get started!"HellCat Ransomware- https://therecord.media: Schneider Electric Hackers Accessed Internal Project Tracking Platform- https://www.infosecurity-magazine.com: Hellcat Ransomware Humiliation- https://attack.mitre.org: Dynamic Resolution: Fast Flux DNS- https://www.cisa.gov: Fasst Flux, A National Security ThreatBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!This week's episode is continuation of Troy Hunt's cautionary tale , the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll continue to break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end where we bust our myth of the week!We will also look at this week's cyber security news which isUbuntu Linux security bypasses- https://blog.qualys.com: Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions- https://www.troyhunt.com: A sneaky phish just grabbed my Mailchimp mailing listBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In this week's episode we have a fascinating and cautionary tale about none other than Troy Hunt, the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end for tips on how to stay vigilant against phishing attacks and our myth of the week!we will also look at the cyber security news. Here is what caught my attention this week.- PSTools dll injection vulnerability- https://www.foto-video-it.de: Disclosure Sysinternals (You will need to translate to English if you are not a German speaker)- https://learn.microsoft.com: PSTool- https://www.troyhunt.com: A sneaky phish just grabbed my Mailchimp mailing listBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In this episode, we'll look into a cybersecurity assessment method that mimics real-world attacks to test an organization's security defenses and response capabilities: Threat emulation. It is one of the strategies to keep you ahead of the game.  Threat emulation aims to identify and mitigate security gaps before attackers exploit them, providing a more comprehensive evaluation than traditional assessments.Before we dive into the main topic, lets glance what is happening on the security front:March Microsoft Patch Tuesday has landed!- https://msrc.microsoft.com: March 2025 Security Updates- https://detect-respond.blogspot.com: Pyramid Of Pain- https://www.atomicredteam.io: Atomic Read Team- https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.htmlBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In this episode, we'll be exploring a particularly intriguing file types: polyglot files. These digital shapeshifters have become a powerful tool in the arsenal of cyber attackers, capable of bypassing security measures, confusing systems, and delivering malicious payloads in ways that are both creative and devastating.Over the next  20 to 30 minutes or so, we'll break down what polyglot files are, how they work, and why they're so dangerous. We'll also examine some real-world examples where polyglot files were used in cyberattacks. We will reference the MITRE ATT&CK framework to understand how these techniques fit into the broader landscape of adversarial tactics. Finally, we'll discuss mitigation strategies and close with a cybersecurity myth that needs bustingBefore we dive into the main topic, lets glance what is happening on the security front:UEFI Secure Boot bypass vulnerability- https://en.wikipedia.org: Polyglot- https://attack.mitre.org: Masquerading- https://arxiv.org: Where the Polyglots Are: How Polyglot Files Enable Cyber Attack Chains and Methods for Detection & Disarmament- https://medium.com: Polyglot Files A Hackers Best Friend- https://www.bleepingcomputer.com: New polyglot malware hits aviation, satellite communication firmsBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In today's episode, we're diving deep into Data Exfiltration; one of the most serious threats facing organizations today.We'll break down exactly what data exfiltration is, where it fits in the MITRE ATT&CK framework, the tools and techniques attackers use, and, most importantly, how organizations can defend themselves. We'll also cover real-world examples, including publicly known cases that had major consequences.So, whether you're a seasoned security professional or just starting out in the field, stick around as we unravel the methods attackers use and how to stop them.First lets look at one of the trending security news this week, and that is:News: Caldera Vulnerability- https://github.com/mitre/caldera: Security Notice- https://nvd.nist.gov: CVE-2025-27364- https://medium.com: MITRE Caldera Security Advisory — Remote Code Execution (CVE-2025–27364)- https://www.mitre.org: CalderaBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.