Podcasts about beyondtrust

Shane Tews — Non-Resident Senior Fellow at AEI and the person who explained the internet to Capitol Hill No Password Required Season 7: Episode 7 – Shane Tews Shane Tews is a Non-Resident Senior Fellow at the American Enterprise Institute, where she focuses on cybersecurity, privacy, artificial intelligence, and internet governance. She is also President of Logan Circle Strategies, a strategic advisory firm working at the intersection of technology and policy. Before her think tank work, Shane helped introduce modems to the George H.W. Bush White House, walked the halls of Capitol Hill explaining the internet to blank-staring legislators, and spent years at VeriSign helping shape the foundational frameworks of how the internet would be governed. In this episode, Shane traces her unlikely path from the Bush administration to becoming one of Washington's most trusted voices on tech policy. She breaks down why regulating outcomes rather than inputs is the only sensible approach to technology governance, why the US and EU are operating from fundamentally different innovation philosophies, and why a national privacy bill is long overdue. She also explains why most organizations and individuals are far less protected than they think and why nobody knows who to call when something goes wrong. Jack Clabby and co-host Kayley Melton talk with Shane about legacy system vulnerabilities, the cybersecurity implications of agentic AI, and what policymakers absolutely must get right over the next decade. She also reflects on what the CISA reauthorization limbo means for companies that don't even know they've lost liability protection. In the Lifestyle Polygraph, Shane reveals she has 20,000 emails across eight accounts, admits she fakes laughs at bad jokes out of Midwestern politeness, shares her obsession with The Bear and Peaky Blinders, and tells us about her children's book project using Google Omni called "Shane on a Train." Follow Shane on LinkedIn and on X at @ShaneTews. Find her work at AEI.org and TechPolicyDaily.com. No Password Required is presented by ThreatLocker   In this episode: Shane's path from the George H.W. Bush White House to becoming Capitol Hill's go-to internet explainer (00:34 - 02:22) Why the Clinton-era multi-stakeholder model got internet governance right and what that means for policy today (04:40 - 06:13) The case for a national privacy bill and why 50 state standards aren't working (07:24 - 09:27) What AEI covers and how Shane thinks about riding the top of the wave across the entire tech policy stack (09:35 - 11:23) Legacy systems, vendor debt, and why outdated software is the easiest entry point for bad actors (11:30 - 13:34) The gap between how protected people think they are and how exposed they actually are, including a generational perspective on MFA (14:07 - 16:25) The biggest disconnect between everyday cyber reality and the policy world (16:59 - 20:35) Government readiness for a major cyber attack and why most people don't have a plan (20:54 - 22:32) How the US and EU innovation philosophies differ and why Europe's banking system is the real tech problem (22:41 - 25:38) The DeepSeek false narrative and where the US is leading vs. reacting on AI (25:45 - 29:21) The shift from AI features to AI coordination and what agentic AI means for cybersecurity permissions (29:28 - 32:16) What policymakers must get right on AI over the next 10 years (32:25 - 34:11) The Lifestyle Polygraph: inbox chaos, fake laughs, The Bear, and Shane on a Train (00:04 - 12:48)   Timestamp Highlights: (00:34) Shane's origin story: modems at the White House and blank stares on the Hill (04:40) Why the internet got policy right early on and what we can learn from it (07:24) The case for harmonizing breach standards with a national framework (11:30) Legacy systems and vendor debt as the easiest attack vectors (14:07) The real gap between how protected people think they are and how exposed they actually are (20:54) Government cyber readiness: do you know who to call when something goes wrong? (22:41) US vs. EU innovation: why Europe's banking system is the real tech problem (29:28) Agentic AI and the cybersecurity risks of permissions you forgot you gave (32:25) What policymakers must get right on AI over the next decade (06:44) Shane on a Train: using Google Omni to write a children's book series   Resources & Links: AEI.org — Shane's think tank home base TechPolicyDaily.com — Daily tech policy coverage ThreatLocker — Supporter of this podcast Cyber Florida — The Mother Ship  

Are you facing the challenge of breaking into a new vertical with no prior experience? Wondering how to accelerate credibility and revenue in unfamiliar markets? Curious about how effective networking can create exponential sales opportunities in cybersecurity? This episode tackles these questions by unpacking hands-on strategies for rapid market entry and leveraging the power of the network effect.In this conversation we discuss

Today’s headline news for Canadian IT solution providers: Zscaler launches Project AI-Guardian: Zscaler announced a new initiative on Tuesday called Project AI-Guardian, partnering with global systems integrators Cognizant, EY, HCL, Infosys, TCS, and Wipro to help enterprises secure AI deployments. The program leverages Zscaler’s AI Protect portfolio – covering AI asset discovery, access controls for AI services, and real-time guardrails for AI infrastructure – to address what the company describes as the security blind spots created by autonomous AI agents acting with delegated permissions. According to CEO Jay Chaudhry, the initiative is designed to “ensure that AI adoption does not come at the cost of security.” Jamf names Beth Tschida CEO: Jamf named Beth Tschida as chief executive officer, effective immediately, on May 20. Tschida moves from interim CEO and former CTO to the permanent role, becoming the first woman to lead the company in its more than 20-year history. The appointment comes roughly four months after Francisco Partners completed its $2.2 billion acquisition of Jamf in January 2026; Tschida’s tenure as CTO saw Jamf’s security ARR grow 40 percent year over year to represent more than 30 percent of total revenue. Aura + TD SYNNEX: Aura Business has partnered with TD SYNNEX to bring its identity-centric BYOD security solution to MSPs through distribution. Aura debuted the offering at MSP Summit 2026, with Omdia research finding that demand for BYOD security among MSP clients is surging. SOCRadar AI agents: SOCRadar launched an AI Agent Marketplace and Identity Intelligence platform designed to help security teams automate detection and response against identity-driven attacks, positioning the agents as additions to existing security stacks. Akamai acquires LayerX: Akamai Technologies announced a definitive agreement to acquire browser security vendor LayerX, extending its workforce security strategy with browser-level visibility and governance over AI usage. Cisco Canada marketing: Jennifer Rideout has rejoined Cisco as head of Canada marketing, noting on LinkedInthat she is about a week into the new role. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Thursday, May 21, 2026, and here’s what’s happening in the channel today. On Tuesday, Zscaler announced Project AI-Guardian – a formalized initiative that brings together six major global systems integrators under a common framework for securing enterprise AI deployments. The partners are Cognizant, EY, HCL, Infosys, TCS, and Wipro, and together they’ll leverage Zscaler’s AI Protect portfolio to deliver what the company describes as a full 360-degree view of an organization’s AI footprint. The program is designed to address what Zscaler calls the “agentic world” problem – the reality that AI models don’t just respond to queries anymore. They act autonomously, connect to data and apps, trigger downstream actions with delegated permissions, and in doing so, create blind spots that traditional security tools simply aren’t built to see. According to Zscaler’s CEO Jay Chaudhry, “AI adoption does not come at the cost of security” – and the GSI partnerships are meant to scale that posture across the largest enterprises in the world. The GSI framing is enterprise-scale, but the underlying framework – discover your AI assets, control who accesses AI services, secure what AI builds and runs – is a blueprint that maps directly onto the conversations solution providers at every level are already having with their clients. As more organizations ask harder questions about what’s actually running on their networks, the partners who have this conversation early will have an edge. Jamf named Beth Tschida as its permanent chief executive officer yesterday, effective immediately. Tschida has served as interim CEO since March, and before that was the company’s chief technology officer. She becomes the first woman to lead Jamf in its more than 20-year history. The announcement lands about four months after Francisco Partners completed its $2.2 billion acquisition of Jamf in January, taking the company private. Strosahl, who shepherded that transition, has stepped away. Brian Decker of Francisco Partners cited Tschida’s “technical depth, operational discipline, and strategic vision” in a statement. The headline number from her CTO tenure: Jamf’s security ARR grew 40 percent year over year under her watch and now accounts for more than 30 percent of total company revenue. Her stated priorities going forward include autonomous device management, opening the platform for third-party AI tools, and building out an AI governance layer – all of which signal where the product is heading. The Francisco Partners angle is worth a second look. The PE firm also owns SonicWall, BeyondTrust, and Boomi – a portfolio of security and integration assets that, taken together, creates interesting possibilities for cross-platform plays. Channel partners who move Apple devices, or who sell into environments where Apple is a growing presence, should keep an eye on where this leadership takes the product roadmap. In Brief – Aura Business partners with TD SYNNEX to bring its identity-centric BYOD security solution to MSPs through distribution. SOCRadar launches an AI Agent Marketplace and Identity Intelligence platform targeting identity-driven cyberattacks. Akamai announces a definitive agreement to acquire LayerX, a browser-based AI usage control and workforce security vendor. Jennifer Rideout has rejoined Cisco as head of Canada marketing. Full details and links in the show notes or the blog post. Later today on In The Channel, Anthony Tanoury from Dell Technologies joins me to talk about how distribution has become the primary on-ramp for mid-market AI, and what that means as Dell’s Modern Partner Platform takes shape. It’s the last of three conversations I had at Dell Technologies World this week and a good one to end on. And if you haven’t caught Wednesday’s episode yet, Rob Emsley from Dell makes the case that the backup is the target – and why data protection needs to be reframed as a full cyber resilience practice. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

Removing local admin rights is a critical security step—but it doesn't have to hurt productivity. In this session, we'll walk through our real-world implementation of BeyondTrust and show how we balance security with flexibility.   Resources and links: https://rocketman.tech/lr-pb Upcoming meetups: https://rocketman.tech/lp-pb Also on YouTube: https://rocketman.tech/ly-pb

Your organization may have hundreds of AI agents running right now that your security team doesn't know exist. Every single one is an identity. Every identity is an attack surface. In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem sit down with Madhav Nakar, security researcher on the Phantom Labs team at BeyondTrust, to break down one of the most underexplored threats in enterprise security today: untracked AI agents creating exploitable "ghost identities." Madhav just returned from RSA — where he noticed every booth had an AI angle and a bubble forming — and he's here to cut through the noise with hard-hitting research and practical guidance. 

Madhav Nakar — AI Security Researcher and Documentarian of Spirituality and Play   No Password Required Season 7: Episode 3 - Madhav Nakar   Madhav Nakar is a Security Researcher at BeyondTrust specializing in identity threats, endpoint security, and cloud attack paths. With a background in theoretical mathematics, his current research focuses on analyzing attacker behavior to build practical systems of detection.   In this episode, Madhav shares the pivotal moments that shaped his career, including his first experience witnessing a nation-state attack unfold in real time from his seat in a SOC. He explains how mathematical thinking sharpens security strategy and why strong research is rooted in exploration, not predetermined outcomes.   Jack Clabby of Carlton Fields, joined by co-host Kayley Melton of the Cognitive Security Institute, welcomes Madhav for a conversation on modern cyber defense. From AI-driven attacks and agentic systems to privilege escalation risks in role-based access environments, Madhav breaks down what teams are getting wrong about AI and why defending against AI increasingly requires AI-powered tools.   The conversation turns to Madhav's philosophy of “serious play,” where curiosity, experimentation, and failure fuel better research and resilience. He also shares insights from his spiritual and philosophy project, The Fire of Knowing, exploring consciousness and belief through a neutral lens.   In the Lifestyle Polygraph, Madhav pitches a cybersecurity documentary, debates growth versus comfort, and reflects public dancing experiments.  Follow Madhav Nakar here: https://www.linkedin.com/in/madhav-nakar/ Follow "The Fire of Knowing" on Instagram and Youtube!  CHAPTERS:  00:00 Introduction with Kayley and Jack 08:08 Transition from Theoretical Math to Cybersecurity 16:13 Exploring Spiritual Traditions and Madhav's Documentary 19:48 The Intersection of Art and Science in Content Creation 25:20 The Lifestyle Polygraph: Challenging Perspectives on Security

Synopsis Dans l'épisode 0x288, Patrick, Richer, Francis, Steve et Jacques reçoivent Dominique Sigouin. Le fil conducteur de la discussion, c'est une vague de cyberattaques qui frappe des organisations québécoises, avec des impacts très concrets sur les opérations, la continuité des services et la préparation réelle des équipes. On revient notamment sur des incidents qui touchent une station de radio, le milieu scolaire et des entreprises, avec un constat simple: quand la préparation est faible, le retour au papier, les interruptions et les décisions improvisées reviennent vite au premier plan. L'équipe échange aussi sur l'évolution des menaces, l'automatisation de certaines attaques et la facilité avec laquelle des vulnérabilités nouvellement publiées peuvent être exploitées. En parallèle, l'épisode couvre aussi la hausse du jackpotting des guichets automatiques selon le FBI, l'exploitation active d'une faille BeyondTrust dans des attaques ransomware, ainsi que des enjeux de sécurité dans des applications Android manipulant des données sensibles. Invité Dominique Sigouin Crew Patrick Mathieu Richer Dinelle Francis Coats Steve Waterhouse Jacques Sauvé Liens et ressources Patrick Article choisir fournisseur sécurité pour les PMEs Video tiger team Francis Tuerie de Tumbler Ridge : des employés d'OpenAI ont envisagé d'alerter les autorités après des échanges troublants – entrevue Fin de la permanence à vie des fonctionnaires : Drainville, le futur Trump du Québec, selon les syndicats 20260220 - FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025 Jacques Du vinaigre: Une véritable vague de cyber incidents! Cyberattaque au CSS du Fer: retour forcé au papier et au crayon dans les écoles Le groupe Abbatiello, propriétaire des restaurants Salvatore, victime d'une cyberattaque AI-assisted threat actor compromises Android mental health apps with 147M installs filled with security flaws Get started in cybersecurity with 53 training course deal Learn ethical hacking with this hands-on hacking course deal Train for CompTIA AWS Cisco and more with this 40 course deal This 20 CISSP course bundle helps you study for this grueling certification Steve La délocalisation de 20 000 emplois décriée par les syndicats Poland restricts Chinese-made cars at protected military sites Microsoft error sees confidential emails exposed to AI tool Copilot FIRST - AI-augmented threat actor accesses FortiGate devices at scale CISA: BeyondTrust RCE flaw now exploited in ransomware attacks Proof-of-concept (PoC) exploits for CVE-2026-1731 became available shortly after, and in-the-wild exploitation started almost immediately. Shamelessplug Join Hackfest/La French Connection Discord #La-French-Connection Join Hackfest us on Masodon POLAR - Québec - 29 Octobre 2026 Hackfest - Québec - 29-30-31 Octobre 2026 Crédits Montage audio par Hackfest Communication Music par Ender - Fierce Equanimity - Shields Up Locaux virtuels par Streamyard

Public Sector organizations must meet customer expectations with limited resources while managing thousands of endpoints securely and efficiently across complex, distributed operating environments. To deliver high-quality services that protect critical systems from unauthorized users, Government and Education IT teams leverage BeyondTrust's remote support capabilities to improve response times, reduce friction for technicians and ensure operational continuity.

I dive into a devastating cyber attack on medical clinics in the US that sent them into downtime protocols, an update on the BeyondTrust vulnerability, rumors of new product launches by Apple and much more! Reference Links: https://www.rorymon.com/blog/ibm-stock-slide-clinics-taken-down-by-cyber-attack-beyondtrust-vulnerability-being-exploited/

A newly uncovered state-backed espionage group has compromised 70 organizations across 37 countries in a single year — and they were scanning infrastructure in 155 more. In this episode of Hacking News, we break down Palo Alto Unit 42's Shadow Campaigns investigation, a CVSS 9.9 pre-authentication RCE in BeyondTrust's remote access tools, a state-sponsored Signal phishing campaign targeting European politicians and military officials without using a single line of malware, CISA's aggressive new directive ordering federal agencies to rip out end-of-life edge devices, and an Everest ransomware claim against Iron Mountain that turned out to be far less than advertised. Whether you're a cybersecurity professional, IT admin, or just someone who wants to stay informed about the threats facing our digital world — this episode has critical takeaways you can act on today.

This episode covers multiple active threats and security changes. It warns of an actively exploited critical BeyondTrust remote access vulnerability (CVE-2026-1731, CVSS 9.9) enabling pre-authentication remote code execution in Remote Support and Privileged Remote Access, noting SaaS was patched while on-prem deployments require urgent manual updates and may already be compromised. Microsoft details an evolution of the ClickFix social engineering technique where victims are tricked into running NSLookup commands that use attacker-controlled DNS responses as a malware staging channel, leading to payload delivery (including a Python-based RAT) and persistence via startup shortcuts, alongside increased Lumma Stealer activity.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Researchers also report Mac-focused campaigns abusing AI-generated content and malicious search ads to push copy-paste terminal commands that install an info stealer (MaxSync) targeting Keychain, browsers, and crypto wallets. T The show describes fake recruiter campaigns targeting developers with coding tests containing malicious dependencies on repositories like NPM and PyPI, linked to the "Gala" operation and nearly 200 packages. Finally, it reviews NPM's authentication overhaul after a supply-chain worm incident—revoking classic long-lived tokens, moving to short-lived session credentials, encouraging MFA and OIDC trusted publishing—while noting remaining risks such as MFA phishing, non-mandatory MFA for unpublish, and the continued ability to create long-lived tokens. 00:00 Sponsor: Meter + Today's Cybersecurity Headlines 00:48 Urgent Patch: BeyondTrust Remote Access RCE (CVE-2026-1731) Actively Exploited 02:45 ClickFix Evolves: DNS Lookups (nslookup) Used as Malware Staging 04:34 Mac Malware via AI Search Results: Fake Terminal Commands Deliver Info-Stealer 06:08 Fake Recruiters, Real Malware: Coding Tests Poison Dev Environments 07:19 NPM Security Overhaul After Supply-Chain Worm—What's Better, What Still Risks 09:11 Wrap-Up, Thanks, and Sponsor Message

V této epizodě se podíváme na příběh bývalého hackera, který se z hraní Minecraftu dostal až ke krádeži kryptoměn za miliony dolarů, a na projekt The Hacking Games, který chce podobné talenty nasměrovat legální cestou do kyberbezpečnosti. Rozebereme také zatčení prodejce phishingového nástroje JokerOTP na obcházení MFA, první známý škodlivý Outlook add-in zneužívající opuštěnou infrastrukturu a aktivně zneužívanou kritickou chybu v BeyondTrust. Nechybí ani české téma – přes 4 800 ohlášení podle nového kyberzákona.

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Microsoft reshuffles security leadership. It doesn't spark joy. Russia is hacking the Winter Olympics. Again. But y tho? China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products An unknown hero blocks 23/tcp on the US internet backbone And James Wilson pops into talk about Claude's go at a C compiler This week's episode is sponsored by Ent.AI, an AI startup that isn't quite ready to tell us all what they're doing. But nevertheless, founder Brandon Dixon joins to discuss AI's role in security. Where does language-based understanding take us that previous methods couldn't? This episode is also available on Youtube. Show notes Updates in two of our core priorities - The Official Microsoft Blog Strengthening Windows trust and security through User Transparency and Consent | Windows Experience Blog Microsoft prepares to refresh Secure Boot's digital certificate | Cybersecurity Dive Microsoft Patch Tuesday matches last year's zero-day high with six actively exploited vulnerabilities | CyberScoop Microsoft releases urgent Office patch. Russian-state hackers pounce. - Ars Technica Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future News Germany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future News Norwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future News Singapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future News Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore's Telecommunications Sector | Cyber Security Agency of Singapore How Intel and Google Collaborate to Strengthen Intel® TDX Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug Hunters Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress EU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future News North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future News BeyondTrust warns of critical RCE flaw in remote support software Rapid7 Analysis of CVE-2026-1731 Building a C compiler with a team of parallel Claudes Anthropic (1) Post by @ryiron.bsky.social — Bluesky What AI Security Research Looks Like When It Works | AISLE South Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The Guardian White House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News

ZeroDayRAT delivers full mobile compromise on Android and iOS. The UK warns infrastructure operators to act now as severe cyber threats mount. Russia moves to block Telegram. The FTC draws a line on data sales to foreign adversaries. Researchers unpack DeadVax, a stealthy new malware campaign, while an old-school Linux botnet resurfaces. BeyondTrust fixes a critical flaw. And in AI, are we moving too fast? One mild training prompt may be enough to knock down safety guardrails. Our guest is Omer Akgul, Researcher at RSA Conference, discussing his work on "The Case for LLM Consistency Metrics in Cybersecurity (and Beyond)." A pair of penned pentesters provoke a pricey payout.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Omer Akgul, PhD, Researcher at RSA Conference, discussing his work on "The Case for LLM Consistency Metrics in Cybersecurity (and Beyond)." Selected Reading New ‘ZeroDayRAT' Spyware Kit Enables Total Compromise of iOS, Android Devices (SecurityWeek) NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting Critical National Infrastructure (Infosecurity Magazine) Russian Watchdog Starts Limiting Access to Telegram, RBC Reports (Bloomberg) FTC Reminds Data Brokers of Their Obligations to Comply with PADFAA (FTC) Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode (secureonix) New ‘SSHStalker' Linux Botnet Uses Old Techniques (SecurityWeek) BeyondTrust Patches Critical RCE Vulnerability (SecurityWeek) Critics warn America's 'move fast' AI strategy could cost it the global market  (CyberScoop) Microsoft boffins figured out how to break LLM safety guardrails with one simple prompt (The Register) County pays $600,000 to pentesters it arrested for assessing courthouse security (Ars Technica) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Quick Howto: Extract URLs from RTF files https://isc.sans.edu/diary/Quick%20Howto%3A%20Extract%20URLs%20from%20RTF%20files/32692 German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists German: https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html English: https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/praevention_wirtschafts-und_wissenschaftsschutz/2026-02-06-gemeinsame-warnmitteilung-phishing.pdf?__blob=publicationFile&v=3 Someone Knows Bash Far Too Well, And We Love It - Pre-Auth RCEs https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/ Pre-Auth RCE in BeyondTrust Remote Support & PRA CVE-2026-1731 https://www.hacktron.ai/blog/cve-2026-1731-beyondtrust-remote-support-rce https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 Fortinet FortiClientEMS SQLi in the administrative interface https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

Ivanti zero-days trigger emergency warnings around the globe. Singapore blames a China-linked spy crew for hitting all four major telcos. DHS opens a privacy probe into ICE surveillance. Researchers flag a zero-click RCE lurking in LLM workflows. Ransomware knocks local government payment systems offline in Florida and Texas. Chrome extensions get nosy with your URLs. BeyondTrust scrambles to patch a critical RCE. A Polish data breach suspect is caught eight years later. It's the Monday Business Breakdown. Ben Yelin gives us the 101 on subpoenas. And federal prosecutors say two Connecticut men bet big on fraud, and lost. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Ben Yelin, Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, talking about weaponized administrative subpoenas. Selected Reading EU, Dutch government announce hacks following Ivanti zero-days (The Record) Singapore says China-linked hackers targeted telecom providers in major spying campaign (The Record) Inspector General Investigating Whether ICE's Surveillance Tech Breaks the Law (404 Media) Critical 0-Click RCE Vulnerability in Claude Desktop Extensions Exposes 10,000+ Users to Remote Attacks (Cyber Security News)  Payment tech provider for Texas, Florida governments working with FBI to resolve ransomware attack (The Record) Chrome extensions can use unfixable time-channel to leak tab URLs (CyberInsider) BeyondTrust warns of critical RCE flaw in remote support software (Bleeping Computer) Hacker Poland's largest data leaks arrested (TVP World) LevelBlue will acquire MDR provider Alert Logic from Fortra. (N2K Pro Business Briefing) Men charged in FanDuel scheme fueled by thousands of stolen identities (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

La ATDT presenta el Plan Nacional de Ciberseguridad; es el primero en la historia | Firman “Declaración de Cuernavaca” para impulsar ciencia y tecnología | La FIFA prepara revolución tecnológica para mundial 2026 | AWS anunció agente de AI para prevenir incidentes | Grupo Financiero Actinver es una de las historias innovadoras | Así lo dijo el director general de Google Cloud México, Julio Velázquez | Las breves de la semana de multas | El ejecutivo de cuenta sénior de BeyondTrust, Carlos Ochoa, nos comparte el prompt que le cambió la vida | Antonio Encinas, CIO de Nutec, nos da el IT Masters Insight

Zero trust was once the leading cybersecurity strategy, but has it lost momentum? In this episode of Today in Tech, host Keith Shaw speaks with Morey Haber, Chief Security Advisor at BeyondTrust, about whether zero trust is failing or simply misunderstood. They explore why many companies struggle to implement zero trust effectively, the gap between intention and execution, and how vendor marketing may have added confusion to the conversation. Morey explains why identity and privileged access management are now critical, how lateral movement works during attacks, and why many AI agents are dangerously over-privileged. Topics include: The misconception that zero trust is a product How AI is reshaping the need for zero trust The role of identity in modern cybersecurity Real-world deployment challenges and mistakes Why secure-by-design is often an afterthought This episode is ideal for IT leaders, cybersecurity professionals, and anyone looking to better understand how zero trust fits into a world increasingly influenced by AI.

In this episode, James Maude sits down with Kevin E. Green, Chief Security Strategist at BeyondTrust, whose 25+ year career stretches from configuring Nokia firewalls in basements to shaping federal research initiatives. Kevin recalls how crashing systems during penetration tests at Ernst & Young was once considered a win - a “capture the flag” moment - and how he crossed paths with future industry leaders like Stuart McClure and George Kurtz, who went on to found Cylance. He shares his pivotal work in mapping NIST 800-53 controls to the MITRE ATT&CK framework, transforming static security catalogs into threat-informed heat maps that show which defenses light up against real-world attacks. Blending technical depth with cultural insight, Kevin also draws unexpected parallels between cybersecurity and hip-hop — from how attacker techniques echo rapper “signatures” to why his alter ego "Kevtorious" and his "Secure Coding by Nature" brand reflect the creativity and pattern recognition needed in both fields.

BeyondTrust's 2025 Microsoft Vulnerability Report dropped—and it's a wake-up call. With 1,360 new vulnerabilities and elevation of privilege attacks dominating the landscape, even insurance companies are backing away from covering privileged service accounts. In this special episode, cybersecurity veterans James Maude, Paula Januszkiewicz, Sami Laiho, Kip Boyle, and Charles Henderson dig into what the data from the 2025 report really means. Forget the fearmongering—this is about clear-headed, field-tested advice. You'll hear why flashy security tools often sit unused, how simple controls could prevent 60% of attacks, and why "secure by default" still hasn't delivered. From AI-driven vulnerability discovery to cloud missteps that could sink your stack, this isn't your usual “patch faster” sermon—it's a blueprint for getting real results. If you're overwhelmed by alerts, underwhelmed by your security stack, or just tired of doing more with less, this episode is your lifeline.

Viasat confirms it was breached by Salt Typhoon. Microsoft's June 2025 security update giveth, and Microsoft's June 2025 security update taketh away. Local privilege escalation flaws grant root access on major Linux distributions. BeyondTrust patches a critical remote code execution flaw. SMS low cost routing exposes users to serious risks. Erie Insurance says their ongoing outage isn't ransomware. Backups are no good if you can't find them. Veeam patches a critical vulnerability in its Backup software. SuperCard malware steals payment card data for ATM fraud and direct bank transfers. We preview our Juneteenth special edition. Backing up humanity.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are sharing an excerpt of our Juneteenth Special Edition conversation between Dave Bittner, T-Minus Space Daily's Maria Varmazis, and CISO Perspectives podcast's Kim Jones. Enjoy this discussion on the eve of Juneteenth and tune into your CyberWire Daily feed tomorrow on your favorite podcast app to hear the full conversation. Selected Reading Viasat hacked by China-backed Salt Typhoon in 2024 US telecom attacks (Cybernews) Microsoft's June Patches Unleash a Cascade of Critical Failures (WinBuzzer) New Linux udisks flaw lets attackers get root on major Linux distros (Bleeping Computer) BeyondTrust warns of pre-auth RCE in Remote Support software (Bleeping Computer) Two Factor Insecurity (Lighthouse Reports) Erie Insurance: ‘No Evidence' of Ransomware in Network Outage (Insurance Journal) Half of organizations struggle to locate backup data, report finds (SC Media) New Veeam RCE flaw lets domain users hack backup servers (Bleeping Computer) Russia detects first SuperCard malware attacks skimming bank data via NFC (The Record) Why one man is archiving human-made content from before the AI explosion (Ars Technica) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Segment description coming soon! This month BeyondTrust released it's 12th annual edition of the Microsoft Vulnerabilities Report. The report reveals a record-breaking year for Microsoft vulnerabilities, and helps organizations understand, identify, and address the risks within their Microsoft ecosystems. Segment Resources: Insights Security Assessment Tool: https://www.beyondtrust.com/products/identity-security-insights/assessment For a copy of the Microsoft Vulnerabilities Threat Report: https://www.beyondtrust.com/resources/whitepapers/microsoft-vulnerability-report Blog re: Report: https://www.beyondtrust.com/blog/entry/microsoft-vulnerabilities-report Stephan will discuss OpenText Core Threat Detection and Response, a new AI-powered solution designed to quickly spot and neutralize threats across an organization's attack surface without the need to overhaul existing security stacks. He will also provide insights into the most dangerous threats facing enterprises today along with practical steps to mitigate them. https://www.opentext.com/products/core-threat-detection-and-response https://www.prnewswire.com/news-releases/opentext-launches-next-generation-opentext-cybersecurity-cloud-with-ai-powered-threat-detection-and-response-capabilities-302381481.html This segment is sponsored by OpenText. Visit https://securityweekly.com/opentextrsac to learn more about them! This segment is sponsored by BeyondTrust. Visit https://securityweekly.com/beyondtrustrsac to for a copy of the Microsoft Vulnerabilities Threat Report! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-400

In this episode of Business Security Weekly, Mandy Logan, along with guests Peter Hedberg, Summer Craze Fowler, and Ben Carr, delve into the complexities of cyber insurance and the empowerment of Chief Information Security Officers (CISOs). The discussion covers the evolving landscape of cyber insurance, the critical role of underwriting, and the importance of collaboration between CISOs and insurers. The guests share insights on risk assessment, the significance of incident response planning, and the need for CISOs to be recognized as key players in the boardroom. The conversation emphasizes the necessity of building strong relationships with insurers and leveraging data to enhance security measures. This month BeyondTrust released it's 12th annual edition of the Microsoft Vulnerabilities Report. The report reveals a record-breaking year for Microsoft vulnerabilities, and helps organizations understand, identify, and address the risks within their Microsoft ecosystems. Segment Resources: Insights Security Assessment Tool: https://www.beyondtrust.com/products/identity-security-insights/assessment For a copy of the Microsoft Vulnerabilities Threat Report: https://www.beyondtrust.com/resources/whitepapers/microsoft-vulnerability-report Blog re: Report: https://www.beyondtrust.com/blog/entry/microsoft-vulnerabilities-report Stephan will discuss OpenText Core Threat Detection and Response, a new AI-powered solution designed to quickly spot and neutralize threats across an organization's attack surface without the need to overhaul existing security stacks. He will also provide insights into the most dangerous threats facing enterprises today along with practical steps to mitigate them. https://www.opentext.com/products/core-threat-detection-and-response https://www.prnewswire.com/news-releases/opentext-launches-next-generation-opentext-cybersecurity-cloud-with-ai-powered-threat-detection-and-response-capabilities-302381481.html This segment is sponsored by OpenText. Visit https://securityweekly.com/opentextrsac to learn more about them! This segment is sponsored by BeyondTrust. Visit https://securityweekly.com/beyondtrustrsac to for a copy of the Microsoft Vulnerabilities Threat Report! Show Notes: https://securityweekly.com/bsw-400

Segment description coming soon! This month BeyondTrust released it's 12th annual edition of the Microsoft Vulnerabilities Report. The report reveals a record-breaking year for Microsoft vulnerabilities, and helps organizations understand, identify, and address the risks within their Microsoft ecosystems. Segment Resources: Insights Security Assessment Tool: https://www.beyondtrust.com/products/identity-security-insights/assessment For a copy of the Microsoft Vulnerabilities Threat Report: https://www.beyondtrust.com/resources/whitepapers/microsoft-vulnerability-report Blog re: Report: https://www.beyondtrust.com/blog/entry/microsoft-vulnerabilities-report Stephan will discuss OpenText Core Threat Detection and Response, a new AI-powered solution designed to quickly spot and neutralize threats across an organization's attack surface without the need to overhaul existing security stacks. He will also provide insights into the most dangerous threats facing enterprises today along with practical steps to mitigate them. https://www.opentext.com/products/core-threat-detection-and-response https://www.prnewswire.com/news-releases/opentext-launches-next-generation-opentext-cybersecurity-cloud-with-ai-powered-threat-detection-and-response-capabilities-302381481.html This segment is sponsored by OpenText. Visit https://securityweekly.com/opentextrsac to learn more about them! This segment is sponsored by BeyondTrust. Visit https://securityweekly.com/beyondtrustrsac to for a copy of the Microsoft Vulnerabilities Threat Report! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-400

In this episode of Business Security Weekly, Mandy Logan, along with guests Peter Hedberg, Summer Craze Fowler, and Ben Carr, delve into the complexities of cyber insurance and the empowerment of Chief Information Security Officers (CISOs). The discussion covers the evolving landscape of cyber insurance, the critical role of underwriting, and the importance of collaboration between CISOs and insurers. The guests share insights on risk assessment, the significance of incident response planning, and the need for CISOs to be recognized as key players in the boardroom. The conversation emphasizes the necessity of building strong relationships with insurers and leveraging data to enhance security measures. This month BeyondTrust released it's 12th annual edition of the Microsoft Vulnerabilities Report. The report reveals a record-breaking year for Microsoft vulnerabilities, and helps organizations understand, identify, and address the risks within their Microsoft ecosystems. Segment Resources: Insights Security Assessment Tool: https://www.beyondtrust.com/products/identity-security-insights/assessment For a copy of the Microsoft Vulnerabilities Threat Report: https://www.beyondtrust.com/resources/whitepapers/microsoft-vulnerability-report Blog re: Report: https://www.beyondtrust.com/blog/entry/microsoft-vulnerabilities-report Stephan will discuss OpenText Core Threat Detection and Response, a new AI-powered solution designed to quickly spot and neutralize threats across an organization's attack surface without the need to overhaul existing security stacks. He will also provide insights into the most dangerous threats facing enterprises today along with practical steps to mitigate them. https://www.opentext.com/products/core-threat-detection-and-response https://www.prnewswire.com/news-releases/opentext-launches-next-generation-opentext-cybersecurity-cloud-with-ai-powered-threat-detection-and-response-capabilities-302381481.html This segment is sponsored by OpenText. Visit https://securityweekly.com/opentextrsac to learn more about them! This segment is sponsored by BeyondTrust. Visit https://securityweekly.com/beyondtrustrsac to for a copy of the Microsoft Vulnerabilities Threat Report! Show Notes: https://securityweekly.com/bsw-400

Kevin Greene, Chief Security Strategist for the Public Sector at BeyondTrust joins the show for a critical conversation on the evolving cybersecurity landscape in government. Together, we explore the mounting pressures government agencies face from increasingly sophisticated threat actors—and the urgent need for a proactive, threat-informed defense strategy. He also shares his perspectives on the critical role of identity security, the complexities of zero trust adoption, and the emerging role of AI and automation in cyber resilience.

Three Buddy Problem - Episode 34: We dig into the latest exploited Apple iPhone zero-day (USB Restricted Mode bypass), an AMD microcode flaw so serious it's not being fully disclosed, a barrage of Patch Tuesday updates, the helpless nature of trying to defend corporate networks, Russian threat actor movements, and fresh intel from Rapid7, Volexity, and Microsoft. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

Nakasone addresses AI at the Munich Cyber Security Conference. Court documents reveal the degree to which DOGE actually has access. Dutch police dismantle a bulletproof hosting operation. German officials investigate Apple's App Tracking. Hackers exploited security flaws in BeyondTrust. CISA issues 20 new ICS advisories. The new Astoroth phishing kit bypasses 2FA. Hackers waste no time exploiting a SonicWall proof-of-concept vulnerability. Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. Have I Been Pwned ponders whether resellers are worth the trouble.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. You can read more in "How Cybercriminals Are Using AI: Exploring the New Threat Landscape." Selected Reading Putting the human back into AI is key, former NSA Director Nakasone says (The Record) Court Documents Shed New Light on DOGE Access and Activity at Treasury Department (Zero Day) Musk's DOGE team: Judges to consider barring it from US government systems (Reuters) Anyone Can Push Updates to the DOGE.gov Website (404 Media) Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster (Bleeping Computer) Apple app tracking rules more strict for others – watchdog (The Register) PostgreSQL flaw exploited as zero-day in BeyondTrust breach (Bleeping Computer) CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits (Cyber Security News)  Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins (GB Hackers)  SonicWall Firewall Vulnerability Exploited After PoC Publication (SecurityWeek) Have I Been Pwned likely to ban resellers (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Forecast = Punxsutawney Phil saw his shadow, so we can expect continued Musk-y days ahead in these remaining DOGE days of Winter. ‍ In this week's episode of GreyNoise Storm⚡️Watch, we have a bit of an AI-theme. First, the Department of Government Efficiency (DOGE), led by Elon Musk, has sparked significant privacy and security concerns by accessing sensitive federal systems like Treasury databases and Education Department records through AI-driven analysis. Critics highlight undisclosed partnerships with vendors like Inventry.ai, which allegedly introduced algorithmic bias by disproportionately targeting diversity programs and climate initiatives while retaining fossil fuel subsidies. Cybersecurity experts warn about unvetted API integrations and data security risks, as Inventry.ai processed taxpayer information without proper FedRAMP authorization. These issues have led to bipartisan calls for stricter AI procurement rules and transparency mandates to rebuild public trust. Meanwhile, Chinese AI startup DeepSeek faces scrutiny over its claims of rivaling GPT-4 at lower costs, with analysts questioning its $5.6M training budget and geopolitical alignment. The models show systematic pro-China biases, refusing to answer 88% of sensitive questions about Tiananmen Square or Taiwan while promoting CCP narratives in responses. Security researchers flag its opaque training data—potentially using OpenAI outputs—and anti-debugging features that hinder independent audits. These concerns have triggered bans in Australia, South Korea, and U.S. agencies like NASA, with EU officials noting non-compliance with cybersecurity standards. On the defense front, Splunk's DECEIVE AI honeypot introduces innovative deception tech by letting users simulate systems via text prompts, democratizing access to advanced threat detection. While it offers dynamic behavioral analysis and safe sandboxing, security professionals caution about LLM hallucination risks that could tip off attackers and ethical questions around logging fabricated credentials. The open-source tool shows promise but remains untested against sophisticated adversaries. Rounding out the cybersecurity landscape, Censys research exposes the BADBOX botnet's infrastructure and BeyondTrust vulnerabilities, while VulnCheck highlights 2024's exploitation trends and Zyxel's unpatched telnet flaws; and GreyNoise's latest Noiseletter showcases new platform features + upcoming events. Storm Watch Homepage >> Learn more about GreyNoise >>  

JJ and Drew catch you up on cybersecurity news including new research that uncovers a host of 5G/LTE vulnerabilities, the chain of breaches in a BeyondTrust attack that led to infiltration of the US Treasury Dept., and a lawsuit against LinkedIn alleging that data from paying customers was used to train AI models. Researchers unpack... Read more »

JJ and Drew catch you up on cybersecurity news including new research that uncovers a host of 5G/LTE vulnerabilities, the chain of breaches in a BeyondTrust attack that led to infiltration of the US Treasury Dept., and a lawsuit against LinkedIn alleging that data from paying customers was used to train AI models. Researchers unpack... Read more »

Watch The X22 Report On Video No videos found Click On Picture To See Larger PictureMSNBC is trying to convince the people that the economy is doing well and they are being force to believe it is not. Yellen's computer has been hacked, they are preparing to bring the economy down. The Fed is trapping Trump but they fell into the trap. Audit the Fed is now gaining steam. The [DS] is panicking their power is diminishing, they know they have a certain amount of time to strike back. Trump and the patriots countered a [FF]. Trump has called off the inauguration and will have it in the rotunda. There will be fireworks only and everyone will be safe.   (function(w,d,s,i){w.ldAdInit=w.ldAdInit||[];w.ldAdInit.push({slot:13499335648425062,size:[0, 0],id:"ld-7164-1323"});if(!d.getElementById(i)){var j=d.createElement(s),p=d.getElementsByTagName(s)[0];j.async=true;j.src="//cdn2.customads.co/_js/ajs.js";j.id=i;p.parentNode.insertBefore(j,p);}})(window,document,"script","ld-ajs"); Economy MSNBC Panelist Says People Are Just ‘Believing' The Economy Was Poor Under Biden MSNBC panelist and Futuro Media founder Maria Hinojosa said Friday that voters are simply “believing” the economy is poor under President Joe Biden due to the constant negative narrative they are told. Throughout his 2024 campaign, President-elect Donald Trump said he would bring back a strong economy, as many Americans polled said the issue was one of their top concerns before heading to the ballot box in November. On “The ReidOut,” Hinojosa was asked if she believed Americans were still concerned about “the price of eggs” over the “fragility of democracy,” to which she said economists had told her Biden's economy is “great.” Source: dailycaller.com https://twitter.com/MarioNawfal/status/1880147369896845674  than 50 files on Yellen's machine. The breach occurred via BeyondTrust, a third-party cybersecurity provider, marking what Treasury officials labeled a "major incident." China denied involvement, stating it opposes hacking in all forms. This breach highlights rising cybersecurity tensions between the U.S. and China, raising concerns over safeguarding sensitive government systems. https://twitter.com/KobeissiLetter/status/1880396242863419605 Federal Reserve withdraws from global regulatory climate change group The U.S. Federal Reserve announced on Friday it had withdrawn from a global body of central banks and regulators devoted to exploring ways to police climate risk in the financial system. In a statement, the Fed said it was exiting the Network of Central Banks and Supervisors for Greening the Financial System (NGFS) because its increasingly broadened scope had fallen outside the Fed's statutory mandate. The central bank joined the group in 2020. The exit comes three days before President-elect Donald Trump, who is critical of efforts by governments to prescribe climate change policies, is set to take office. Source:  gazette.com  https://twitter.com/TrumpWarRoom/status/1879929501192454144 https://twitter.com/WatcherGuru/status/1879956982389699008   https://twitter.com/GovRonDeSantis/status/1880015040432218461   Political/Rights Nolte: Jury Finds CNN Guilty of Defamation, Awards $5 Million Plus Punitive Damages In their zeal to find a villain other than His Fraudulency Joe Biden for the debacle that was America's withdrawal from Afghanistan, the convicted liars at CNN (that's never gonna get old) decided to demonize Mr. Young as a black market operator exploiting desperate Afghans for huge sums of money to get them out of the country. Convicted liar Jake Tapper (tee hee) introduced the segment this way: “Afghans trying to get out of the country face a black market full of promises, demands of exorbitant fees, and no guarantee of safety or success.” Months later, the convicted liars and CNN tried to take it all back with an on-air apology from...

Snyk mysteriously deploys apparently malicious packages Baltic sea cable cuts can't be accident, says EU tech chief CISA warns of second BeyondTrust vulnerability Huge thanks to our sponsor, Dropzone AI Does your SOC feel like it's drowning in alerts? Dropzone AI cuts through the noise, triaging 100% of alerts and giving you clear, actionable insights. Ready to break free? Check out the demo at dropzone.ai. For the stories behind the headlines, head on over to CISOSeries.com

A draft cybersecurity executive order from the Biden administration seeks to bolster defenses. Researchers identify a “mass exploitation campaign” targeting Fortinet firewalls. A Chinese-language illicit online marketplace is growing at an alarming rate. CISA urges patching of a second BeyondTrust vulnerability. The UK proposes banning ransomware payments by public sector and critical infrastructure organizations. A critical flaw in Google's authentication flow exposes millions to unauthorized access.OWASP releases its first Non-Human Identities (NHI) Top 10. A Microsoft lawsuit targets individuals accused of bypassing safety controls in its Azure OpenAI tools. Our guest is Chris Pierson, Founder and CEO of BlackCloak, discussing digital executive protection. The feds remind the health care sector that AI must first do no harm.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Chris Pierson, Founder and CEO of BlackCloak, discussing digital executive protection. Selected Reading Second Biden cyber executive order directs agency action on fed security, AI, space (CyberScoop) Snoops exploited Fortinet firewalls with 'probable' 0-day (The Register) The ‘Largest Illicit Online Marketplace' Ever Is Growing at an Alarming Rate, Report Says (WIRED) CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks (SecurityWeek) UK Considers Ban on Ransomware Payments by Public Bodies (Infosecurity Magazine) Google OAuth "Sign in with Google" Vulnerability Exposes Millions of Accounts to Data Theft (Cyber Security News) OWASP Publishes First-Ever Top 10 “Non-Human Identities (NHI) Security Risks (Cyber Security News) Microsoft Sues Harmful Fake AI Image Crime Ring (GovInfo Security) Feds Tell Health Sector to Watch for Bias in AI Decisions (BankInfo Security) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

00:00:00 - PreShow Banter™ — Coffee With Wade Wells00:05:41 - BHIS - Talkin' Bout [infosec] News 2025-01-0600:06:45 - Story # 1: BeyondTrust says hackers breached Remote Support SaaS instances00:13:18 - Things Continued to be ignored in 202500:24:39 - Story # 2: Classified fighter jet specs leaked on War Thunder – again00:28:26 - Story # 3: New Proposed HIPAA Security Rule Changes00:34:33 - Story # 4: The Breachies 2024: The Worst, Weirdest, Most Impactful Data Breaches of the Year00:35:47 - Story # 5: AT&T and Verizon say networks secure after Salt Typhoon breach00:37:20 - Story # 6: Net Neutrality Rules Struck Down by Appeals Court00:41:56 - Story # 7: U.S. Army Soldier Arrested in AT&T, Verizon Extortions00:45:28 - Story # 8: New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy00:48:38 - Story # 9: Meta's AI Profiles Are Indistinguishable From Terrible Spam That Took Over Facebook00:50:42 - Story # 9b: Meta deletes AI character profiles after backlash, racism accusations00:51:40 - Story # 10: Watch: Tiny robot ‘kidnaps' 12 big Chinese bots from a Shanghai showroom, shocks world00:55:27 - Story # 11: China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks00:58:42 - Story # 12: Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence01:01:22 - Story # 13: Germany cuts hacker access to 30,000 devices infected with BadBox malware

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.We pause to honor the life and legacy of Amit Yoran, a visionary leader in the world of cybersecurity who passed away on January 4, 2025, after battling cancer.In April 2024, a threat actor known as "USDoD" advertised a massive database for sale on BreachForums, claiming it contained 2.9 billion records encompassing personal information of individuals from the United States, United Kingdom, and Canada. In December 2024, the U.S. Treasury Department disclosed a significant cybersecurity breach attributed to Chinese state-sponsored hackers. SafeBreach Labs has published a proof-of-concept (PoC) exploit for CVE-2024-49113, dubbed "LDAPNightmare." This vulnerability affects Windows Servers using the Lightweight Directory Access Protocol (LDAP) and enables attackers to crash unpatched systems.

In this episode of the SANS Internet Storm Center's Stormcast, we cover critical vulnerabilities affecting OpenSSH, BeyondTrust, and Nuclei, including the newly discovered "RegreSSHion" flaw and a bypass vulnerability in Nuclei. We also discuss how malware evasion techniques can impact analysis environments and highlight the dangers of fake exploits targeting researchers. Tune in for insights on patching, mitigation strategies, and staying ahead of emerging threats. Topics Covered: Make Malware Happy https://isc.sans.edu/diary/Make%20Malware%20Happy/31560 A look at how malware adapts and detects analysis environments, and why replicating operational settings is critical during malware analysis. Nuclei Signature Verification Bypass (CVE-2024-43405) https://www.wiz.io/blog/nuclei-signature-verification-bypass A critical vulnerability in Nuclei allows malicious templates to bypass signature verification, risking arbitrary code execution. Critical Vulnerability in BeyondTrust (CVE-2024-12356) https://censys.com/cve-2024-12356/ A high-risk flaw in BeyondTrust products allows unauthenticated OS command execution, posing a significant threat to privileged access systems. RegreSSHion Code Execution Vulnerability (CVE-2024-6387) https://cybersecuritynews.com/regresshion-code-execution-vulnerability/ OpenSSH vulnerability "RegreSSHion" enables remote code execution, and fake exploits targeting security researchers are in circulation.

Forecast: Cyber conditions are turbulent with two major Chinese state-sponsored storms impacting U.S. infrastructure, with aftershocks expected into mid-January. ‍ In today's episode of Storm Watch, we cover two major cybersecurity incidents that have significantly impacted U.S. infrastructure. The BeyondTrust breach, initially discovered in early December 2024, involved a compromised Remote Support SaaS API key that allowed attackers to reset passwords and access workstations remotely. The Treasury Department was notably affected, with attackers accessing unclassified documents in the Office of Financial Research and Office of Foreign Assets Control. The incident exposed critical vulnerabilities, including a severe command injection flaw with a CVSS score of 9.8, and over 13,500 BeyondTrust instances remain exposed online. The conversation then shifts to the extensive telecommunications breaches known as the Salt Typhoon campaign, where Chinese state actors successfully infiltrated nine major U.S. telecom companies. This sophisticated espionage operation gained the capability to geolocate millions of individuals and potentially record phone calls, though actual communication interception was limited to fewer than 100 high-profile targets. The breach revealed shocking security lapses, such as a single administrator account having access to over 100,000 routers and the use of primitive passwords like "1111" for management systems. Major carriers including AT&T, Verizon, and Lumen Technologies were among the affected companies, with varying degrees of impact and response effectiveness. T-Mobile stands out for their quick detection and mitigation of the attack. In response to these incidents, the FCC is preparing to vote on new cybersecurity regulations by mid-January 2025, while the White House has outlined key areas for improvement including configuration management, vulnerability management, network segmentation, and enhanced information sharing across the sector. The episode wraps up with insights from recent Censys Rapid Response posts and the latest GreyNoise blog entry about profiling benign internet scanners in 2024, along with VulnCheck's analysis of the most dangerous software weaknesses and a discussion of the Four-Faith Industrial Router vulnerability being exploited in the wild. Storm Watch Homepage >> Learn more about GreyNoise >>  

Three Buddy Problem - Episode 28: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by a lack of standardization, methodological inconsistencies and skewed, marketing-driven incentives. Plus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 CIA Hive malware, and exclusive new information on the Cyberhaven Chrome extension security incident. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

In this episode, we dive deep into two explosive cybersecurity stories making headlines right now: a major breach at the U.S. Treasury Department allegedly carried out by Chinese state-sponsored hackers, and the discovery of over 3.1 million fake stars on GitHub used to boost malicious repositories. We'll explore how third-party vendor BeyondTrust and telecom hacks tie into this growing wave of advanced persistent threats (APTs) and discuss how manipulative tactics on GitHub can sneak malware into widespread use. Whether you're a seasoned developer or just curious about the rising tide of global cyber threats, this episode will give you an in-depth look at how these hacks happen and why they matter.   Stay informed, stay alert, and learn about the latest vulnerabilities, breaches, and protective measures you can take. Don't forget to like, subscribe, and hit the notification bell for more cybersecurity breakdowns! #Cybersecurity #DataBreach #USTreasuryHack #ChineseHackers #SaltTyphoon #APTGroups #BeyondTrust #GitHub #FakeStars #Malware #CyberThreats #NetworkSecurity #NationStateHackers #APISecurity #SupplyChainAttack #DarkReading #BleepingComputer #Encryption #SoftwareDevelopment #TechNews #HackingUpdate #ZeroDay #Phishing #InformedSecurity #ExploitBrokers  

31st Dec: Blockchain DXB Podcast

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Zalewski, CISO in Residence Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. All links and the video of this episode can be found on CISO Series.com    

Three Buddy Problem - Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite. Plus, thoughts on the US government's controversial guidance on VPNs, Chinese reports on US intel agency hacking, TP-Link sanctions chatter, Mossad's dramatic exploding beeper operation and the ethical, legal, and security implications of escalating cyber-deterrence. Also, a mysterious BeyondTrust 0-day! Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

PaaS platform “FlowerStorm” attacking Microsoft 365 users CISA adds BeyondTrust flaw to its Known Exploited Vulnerabilities catalog Ascension Health ransomware attack impacted nearly 6 million people Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. For the story behind the headlines, go to CISOSeries.com

Russian hackers attack Ukraine's state registers. NotLockBit is a new ransomware strain targeting macOS and Windows. Sophos discloses three critical vulnerabilities in its Firewall product. The BadBox botnet infects over 190,000 Android devices. BeyondTrust patches two critical vulnerabilities. Hackers stole $2.2 billion from cryptocurrency platforms in 2024. Officials dismantle a live sports streaming piracy ring. Rockwell Automation patches critical vulnerabilities in a device used for energy control in industrial systems. A new report from Dragos highlights ransomware groups targeting industrial sectors. A Ukrainian national is sentenced to 60 months in prison for distributing the Raccoon Infostealer malware. We bid a fond farewell to our colleague Rick Howard, who's retiring after years of inspiring leadership, wisdom, and camaraderie. The LockBit gang tease what's yet to come.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest segment is bittersweet as we bid farewell to our beloved Rick Howard, who's retiring after years of inspiring leadership, wisdom, and camaraderie. Join us in celebrating his incredible journey, sharing heartfelt memories, and letting him know just how deeply he'll be missed by all of us here at N2K. Selected Reading Ukraine's state registers hit with one of Russia's largest cyberattacks, officials say (The Record) NotLockBit - Previously Unknown Ransomware Attack Windows & macOS (GB Hackers) Critical Sophos Firewall Vulnerabilities Let Attackers Execute Remote Code (Cyber Security News) Botnet of 190,000 BadBox-Infected Android Devices Discovered (SecurityWeek) BeyondTrust Security Incident — Command Injection and Escalation Weaknesses (CVE-2024-12356, CVE-2024-12686) (SOCRadar) Crypto-Hackers Steal $2.2bn as North Koreans Dominate (Infosecurity Magazine) Massive live sports piracy ring with 812 million yearly visits taken offline (Bleeping Computer) Rockwell PowerMonitor Vulnerabilities Allow Remote Hacking of Industrial Systems (SecurityWeek) Ransomware Attackers Target Industries with Low Downtime Tolerance (Infosecurity Magazine) Ukrainian Raccoon Infostealer Operator Sentenced to Prison in US (SecurityWeek) NetWalker Ransomware Operator Sentenced For Hacking Hundreds Of Organizations (Cyber Security News) LockBit Admins Tease a New Ransomware Version (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Android malware found on Amazon Appstore disguised as health app BeyondTrust suffers cyberattack Fortinet warns of critical flaw in Wireless LAN Manager Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. For the stories behind the headlines, head of CISOSeries.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO, The Carlyle Group Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. All links and the video of this episode can be found on CISO Series.com

Marc Maiffret is the Chief Technology Officer at BeyondTrust. In this episode, he joins host Heather Engel to discuss his past as a teenage hacker, including his experience at age 17 being raided by the FBI, before transitioning into a career as a security researcher and ethical hacker today. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Rob Spee, SVP Channels at BeyondTrust and host of the Channel Journeys podcast, shares his story of sailing 800 miles from Bermuda to New York. Just getting to the boat is a challenge in the middle of the Covid pandemic.

Join us in a special out-of-band episode of Adventures of Alice and Bob, where we explore the exciting expansion of BeyondTrust through its recent acquisition of Entitle, a pioneering privilege management solution. Discover how this strategic move enhances BeyondTrust's identity security solutions across the cloud. BeyondTrust CTO, Marc Maiffret, and Entitle co-founders, Ron Nissim and Avi Zetser, also cover what exactly just-in-time (JIT) access is, what modern identity security looks like across the cloud, and what this exciting new union means for the landscape of identity security and access management.