Podcasts about breaches

Breaches of the Week - Possible Breach of the Year! by Nick Espinosa, Chief Security Fanatic

  In this episode of Cybersecurity today, host Jim Love reports on various critical cyber threats and data breaches. A newly discovered flaw in Windows Server 2025 allows attackers to seize full domain control, referred to by researchers as the 'bad successor' exploit. Government messaging app Telem Message, a customized version of Signal, was hacked, exposing sensitive communications of over 60 officials, leading to its shutdown. Microsoft disrupted the global Luma Stealer malware operation, which had infected nearly 400,000 computers. Coinbase suffered a major data breach affecting over 69,000 customers due to an insider compromise. Additionally, hackers distributed a malicious version of the KeyPass password manager, embedding it with malware to steal data and deploy ransomware. Jim Love encourages listeners to stay vigilant and download software only from official sources. He teases an upcoming interview with a knowledgeable guest working on open-source solutions to cybersecurity issues. 00:00 Introduction to Cybersecurity News 00:36 Windows Server 2025 Vulnerability 03:09 Telem Messages Hack Scandal 05:37 Microsoft Disrupts Luma Malware 07:29 Coinbase Breach Details 08:54 Malicious Password Manager Alert 10:55 Conclusion and Upcoming Interview

Small businesses are increasingly adopting artificial intelligence (AI) technologies, particularly in personalized email marketing, which has become a primary channel for nearly 19% of small to mid-sized businesses in 2025. Despite the growing interest, many businesses face challenges in implementation, with 35% citing a lack of familiarity with AI as a significant barrier. A recent survey indicates that while 38% of small and medium-sized businesses are utilizing AI across various functions, the actual productivity gains from AI investments, such as chatbots, have been minimal, with only a 3% time savings reported. This discrepancy highlights the gap between the hype surrounding AI and its real-world applications.Legislative developments are also shaping the tech landscape, with Washington State introducing a new sales tax on technology and digital services to address a significant budget shortfall. This tax, expected to generate billions over the next few years, has raised concerns among local tech industry leaders about its potential impact on competitiveness. Additionally, Congress is considering a moratorium on state regulations regarding AI, which could undermine privacy protections established by states. Critics argue that this could hinder essential consumer safeguards, while proponents believe a unified regulatory framework is necessary for innovation.Cybersecurity remains a pressing issue, with notable incidents highlighting vulnerabilities in the sector. Delta Airlines is pursuing legal action against cybersecurity firm CrowdStrike following a massive IT failure that led to significant flight cancellations and financial losses. Meanwhile, a new malware called LumaStealer has infected hundreds of thousands of devices, prompting a coordinated response from Microsoft and Europol. The FBI has also issued warnings about AI-generated voice scams, which pose a growing threat to trust-based systems like email and voice approvals.The podcast emphasizes the importance of resilience and responsibility in cybersecurity, urging IT service providers to focus on trust governance rather than merely managing technology. As AI continues to evolve, the need for systematic validation of communications and relationships becomes critical. The discussion underscores the necessity for businesses to navigate the complexities of AI adoption and cybersecurity effectively, ensuring that they are not only keeping pace with technological advancements but also safeguarding their operations and customer trust. 00:00 AI's Real Value Lies in Utility, Not Innovation, Say Analysts Tracking SMB Adoption Trends+06:36 U.S. Tech Policy in Flux: More States Tax IT, Feds Push AI Preemption, and Data Privacy Falters11:34 Cybersecurity's Trust Gap Widens: Delta Can Sue CrowdStrike, AI Voice Scams Rise, and North Korea Hacks U.S. Firms This is the Business of Tech.    Supported by:  https://afi.ai/office-365-backup/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Your Breaches of the Week! May 12 to May 18, 2025 by Nick Espinosa, Chief Security Fanatic

Arlene Watson, a product and engineering leader in the cybersecurity space with experience at CrowdStrike, ServiceNow, and Tenable, joins the show to unpack the critical challenges facing cybersecurity teams today. We dive into breach realities, the need for proactive defenses, how automation is reshaping security operations, and why AI is both a threat and an essential tool. If you're building, managing, or securing software in today's threat landscape, this episode is for you.

News this week has been dominated by dependency issues and attribution towards unwanted nation states and actors. Specifically, easyjson is developed by a Russian firm that is under sanctions. The podcast duo discuss the implications and how to protect apps from sub-dependency threats. This leads to a deep dive into breaches and whether a breach has an effect on the industry, company, or individual. Current regulations and certifications can be lost, but does not always have the effect we would expect.

PowerSchool, T-Mobile, iHeartMedia, LockBit ransomware group, Hertz and more are all part of this week's insanity!

India and Pakistan agreed to a ceasefire Saturday after the most serious military confrontation between the nuclear-armed neighbors in decades. But just hours later, multiple explosions were heard in India-controlled Kashmir and India’s foreign secretary accused Pakistan of breaching the truce. Laura Barrón-López speaks with Lisa Curtis at the Center for a New American Security for more. PBS News is supported by - https://www.pbs.org/newshour/about/funders

India and Pakistan agreed to a ceasefire Saturday after the most serious military confrontation between the nuclear-armed neighbors in decades. But just hours later, multiple explosions were heard in India-controlled Kashmir and India’s foreign secretary accused Pakistan of breaching the truce. Laura Barrón-López speaks with Lisa Curtis at the Center for a New American Security for more. PBS News is supported by - https://www.pbs.org/newshour/about/funders

This lecture text explores contract interpretation, discussing how courts determine the meaning of agreements using the plain meaning rule and extrinsic evidence, such as course of performance, course of dealing, and usage of trade, while also considering the parol evidence rule. It then differentiates performance obligations under common law and the U.C.C., contrasting substantial performance with the perfect tender rule, and introducing the concept of conditions. The material further explains breach, including material versus minor breaches and anticipatory repudiation, before outlining the rights of third parties through assignment, delegation, and third-party beneficiary contracts, finally addressing ways performance may be excused due to impossibility, impracticability, or frustration of purpose.This conversation provides a comprehensive overview of contract law remedies, focusing on what happens when a contract is breached. It covers legal remedies, including expectation damages, incidental and consequential damages, the duty to mitigate, and equitable remedies like specific performance and rescission. The discussion also touches on restitution, quasi-contracts, liquidated damages, and the limitations that can affect the recovery of damages. The importance of understanding these concepts for law students and practitioners is emphasized throughout.TakeawaysUnderstanding remedies is crucial for contract law.Expectation damages aim to put the non-breaching party whole.Incidental damages cover reasonable costs incurred due to a breach.Consequential damages depend on foreseeability at the time of contracting.The duty to mitigate prevents unnecessary loss escalation.Equitable remedies are granted at the court's discretion.Specific performance is used when money damages are inadequate.Restitution prevents unjust enrichment, focusing on the defendant's gain.Liquidated damages must be reasonable and not punitive.Various doctrines can limit the recovery of damages.According to the plain meaning rule, courts interpret unambiguous contract language according to its ordinary meaning, without considering outside evidence.If contract language is ambiguous, courts may consider extrinsic evidence such as prior negotiations, drafts, industry standards, or other contemporaneous writings to determine the parties' intent.Course of performance refers to the parties' behavior under the current contract, while course of dealing refers to their conduct in previous contracts. Both provide insight into the parties' understanding of terms.The parol evidence rule's purpose is generally to prevent parties from using prior or contemporaneous oral or written statements to contradict or change the terms of a complete and final written contract.Common law substantial performance allows enforcement if the essential purpose is met with minor deviations, while the U.C.C.'s perfect tender rule requires goods to conform exactly to contract terms for the buyer to be obligated to accept them.Under the perfect tender rule, a seller might satisfy their obligation despite nonconforming goods by exercising their right to "cure" the defective tender within the contract performance period.A condition precedent is an event that must occur before a party is obligated to perform. An example from the source is a loan disbursement being conditioned on providing proof of income.A material breach is a serious violation going to the essence of the contract that excuses the non-breaching party's performance, while a minor breach is less significant and only entitles the injured party to damages.Upon anticipatory repudiation, the non-breaching party can treat it as a breach and sue immediately, suspend performance and wait, or urge performance and await retraction.An assignment is a transfer of rights under a contract, while a delegation is a transfer of duties. In a delegation, the original party typically remains liable unless a novation occurs.

In this episode of Cybersecurity Today, host Jim Love discusses recent cybersecurity breaches and vulnerabilities. Key topics include a security flaw in the new default setting of Microsoft OneDrive, a ransom incident involving PowerSchool that compromised student data, and the breach of a DOGE staffer's computer by info-stealing malware. The episode emphasizes the importance of proper security oversight, the risks of paying ransoms to cyber criminals, and the critical need for government agencies to reevaluate their cybersecurity protocols. 00:00 Introduction to Cybersecurity Today 00:30 Microsoft OneDrive Security Vulnerability 02:52 PowerSchool Ransomware Attack 07:20 DOGE Staffer Malware Breach 10:50 Conclusion and Final Thoughts

Drex DeFord covers critical security updates affecting healthcare organizations. Ascension Health is notifying hundreds of thousands of patients about security incidents involving third-party partners. UnitedHealth Group has deployed thousands of AI applications across their operations. A new study reveals alarming password practices, with 8-character passwords and common words still widely used. Microsoft is making all new accounts passwordless by default to combat these vulnerabilities. Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Forecast = Cloudy with a chance of zero-days-watch for Spellbinder storms and scattered Git leaks! ‍ On this episode of Storm⚡️Watch, the crew dives into the fast-moving world of vulnerability tracking and threat intelligence, spotlighting how defenders are moving beyond the traditional CVE system to keep pace with real-world attacks. The show kicks off with a look at the latest listener poll, always a source of lively debate, before jumping into some of the most pressing cybersecurity stories of the week. A major focus of this episode is the recent revelation that a China-aligned APT group, dubbed TheWizards, is using a tool called Spellbinder to abuse IPv6 SLAAC for adversary-in-the-middle attacks. This technique lets attackers move laterally through networks by hijacking software update mechanisms-specifically targeting popular Chinese applications like Sogou Pinyin and Tencent QQ-to deliver malicious payloads such as the modular WizardNet backdoor. The crew unpacks how this approach leverages IPv6's stateless address autoconfiguration to intercept and redirect legitimate traffic, underscoring the evolving sophistication of lateral movement techniques in targeted campaigns. The episode then turns to Google's 2024 zero-day exploitation analysis, which reports a drop in the total number of zero-days exploited compared to last year but highlights a worrying shift: attackers are increasingly targeting enterprise products and infrastructure. Microsoft, Ivanti, Palo Alto Networks, and Cisco are among the most targeted vendors, with nearly half of all zero-day exploits now aimed at enterprise systems and network appliances. The discussion covers how attackers are chaining vulnerabilities for more impactful breaches and why defenders need to be vigilant as threat actors pivot to harder-to-monitor enterprise environments. Censys is in the spotlight for its recent research and tooling, including a new Ports & Protocols Dashboard that gives organizations granular visibility into their attack surface across all ports and protocols. This helps teams quickly spot risky exposures and misconfigurations, making it easier to prioritize remediation efforts and automate alerting for high-risk assets. The crew also highlights Censys's collaborative work on botnet hunting and their ongoing push to retire stale threat indicators, all of which are reshaping proactive defense strategies. runZero's latest insights emphasize the importance of prioritizing risks at the asset stack level, not just by CVE. The crew explains how misconfigurations, outdated software, and weak network segmentation can create stacked risks that traditional scanners might miss, urging listeners to adopt a more holistic approach to asset management and vulnerability prioritization. Rounding out the episode, GreyNoise shares new research on a dramatic spike in scanning for Ivanti Connect Secure VPNs and a surge in crawling activity targeting Git configuration files. These trends highlight the persistent risk of codebase exposure and the critical need to secure developer infrastructure, as exposed Git configs can lead to the leak of sensitive credentials and even entire codebases. As always, the show wraps up with some final thoughts and goodbyes, leaving listeners with actionable insights and a reminder to stay vigilant in the face of rapidly evolving cyber threats. If you have questions or want to hear more about any of these topics, let us know-what's on your mind this week? Storm Watch Homepage >> Learn more about GreyNoise >>  

Hometown Radio 04/01/25 6p: Dr. Larry Martinez reacts to recent breaches in cybersecurity

A nurse of Ned/Surg has been there for two years. She's interested in moving into cardiac care—she's always been interested in it—and as she sits in the break room, the clinical nurse specialist comes in to talk to her, and says, “Hey, we're going to be able to get you some time in the CCU! We should be able to do this in the next couple of weeks. I know you've really been wanting to get some experience there, and we have a new onboarding program.” But days turn into weeks, and weeks turn into months, and she never seems to be scheduled for the CCU. So finally one day she asks outright, “What happened with that?” And the clinical nurse specialist kind of blinks in surprise and says, “You know, we're just way too short staffed right now, I'm sure we'll get to it eventually.” This example of personal learning deferred is one of the most common breaches to what we call the psychological contract—when I either implicitly or explicitly make an offer to you, and then don't follow through on it the way you were expecting. This week we're going to focus on getting you ready to survive these very common situations, whether you've experienced the breach, or caused it. This week is a great place to hop into Curious Now, with a new chapter on how we interact with other people when we need to work together, but the standards we hold haven't been met. Coaching from Jenny Rudolph at www.harvardmedsim.org Curious Now on Spotify: https://open.spotify.com/show/72gzzWGegiXd9i2G6UJ0kP Curious Now on Apple Podcasts: https://podcasts.apple.com/us/podcast/the-center-for-medical-simulation/id1279266822

First, the UK's Co-operative Group was forced to shut down part of its IT systems after a suspected cyberattack, disrupting internal operations like stock monitoring and remote access—just weeks after a similar event hit Marks & Spencer. While customer-facing services stayed online, the breach highlights growing risks in the retail supply chain. Meanwhile, a ransomware attack crippled systems at the DuPage County Sheriff's Office and courthouse in Illinois. While 911 and public safety services remained active, critical infrastructure—including judicial and legal records—went dark. The FBI and Secret Service are now leading the investigation. But not all stories end in disruption—Doctors Hospital in the Cayman Islands successfully thwarted a ransomware attack thanks to quick action by its IT Director and a well-practiced incident response plan. No patient data was compromised, and operations resumed with minimal downtime. We'll break down what went right, what went wrong, and why tabletop exercises and segmented infrastructure may be your best defense in this era of relentless cyber threats.

Are we surprised about some of the stories in here? Several breaches and several may not be from any actor at all. Here are the notes.I know we're behind with another Sans to be released soon, but we're doing the best we can. Lots of news including one that I did see an article about on Bleeping but I decided not to cocer it as I don't think the users here use the tool or software.You can view">https://view.email.sans.org/?qs=d156b8f498db80b16c01cfc8a99db54de0cee1864496cd67ad1b0ebb85cd531ff9c12cebd324005d677cfd3bd5d1b06a7020a353ad15ee4c7c252b20f063d04256783637c912849d22c205c8bc2bf0f5">view the newsletter as a web page and this newsletter is for April 25, 2025.

The Police Association is underlining why aspiring recruits need to pass the physical aptitude test before joining police college. Police are doing an audit after revelations three applicants got in - even after failing to meet fitness requirements. Association Vice President Paul Ormerod says the college requires learning across driving, firearms, hand to hand combat - and more. "If your physical condition isn't up to at least the minimum level - invariably, you'll be injured and that'll put more pressure on your learning and it could probably even delay your graduation." LISTEN ABOVESee omnystudio.com/listener for privacy information.

Privacy rights take center stage as the BC Court of Appeal delivers a powerful message to organizations handling sensitive information. When an ICBC employee sold policyholder data to criminal organizations, resulting in targeted arson and shooting attacks against numerous victims, the insurance giant fought tooth and nail to minimize compensation. The Court ultimately upheld a $15,000 award for each affected individual, establishing a crucial precedent that privacy violations cause significant harm even without visible damage.The ruling recognizes that having your personal details sold to criminals creates genuine suffering, even when physical attacks don't materialize. This landmark decision enforces the principle that employers bear responsibility for their employees' actions when handling sensitive data. For anyone concerned about their digital privacy, this case represents a significant step toward protecting personal information in an increasingly connected world.Meanwhile, the courts navigate the complex territory where art meets evidence. A murder trial in Surrey broke new ground by allowing expert testimony on drill rap—a subgenre where violent lyrics are often performative rather than autobiographical. The defence successfully argued that without understanding this cultural context, jurors might mistakenly interpret rap about violence as literal confessions. This raises fascinating questions about how we evaluate artistic expression in criminal proceedings and acknowledges potential racial biases in interpreting such content.In Victoria, justice persisted despite a defendant's violent refusal to participate in his own trial. Charged with beating someone with their own wheelchair during a robbery, the accused fought with sheriffs and refused to enter the courtroom. The judge's ruling that this behaviour constituted "absconding" demonstrates how our legal system adapts to maintain functionality even when faced with extreme disruption.These cases highlight how Canadian courts are evolving to address modern challenges while upholding fundamental principles of justice. Have you ever wondered how much your privacy is actually worth in the eyes of the law? This week's developments provide some compelling answers.Follow this link for a transcript of the show and links to the cases discussed. 

Hertz, Legends International, H&R Block, Australia (the entire country), Canada's CRA, JPMorgan Chase and Bank of BNY Mellon rounds out this week's insanity.

In this episode of "The Daily Windup," we delve into the complex world of government contracts and the challenges faced by contractors and government officials alike. We emphasizes the importance of organizations like the National Contract Management Association (NCMA) as a platform for contractors and government personnel to collaborate and address such challenges. The conversation then shifts towards cybersecurity, a longstanding concern in the industry. We explore the introduction of the Cybersecurity Maturity Model Certification (CMMC) and its initial third-party certification approach, including the subsequent concerns raised by small businesses and the need for reimbursement of certification expenses. Listen to gain valuable insights into the need for improved training and collaboration, while also understanding the complexities surrounding cybersecurity in the contracting community.

Guest: Steve Ledzian, APAC CTO, Mandiant at Google Cloud Topics: We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making? Cybersecurity is rife with jargon. If you could eliminate or redefine one overused term, which would it be and why? How does this overloaded language specifically hinder effective communication and action in the region? The Mandiant Attack Lifecycle is a well-known model. How has your experience in the East Asia region challenged or refined this model? Are there unique attack patterns or actor behaviors that necessitate adjustments? Two years post-acquisition, what's been the most surprising or unexpected benefit of the Google-Mandiant combination? M-Trends data provides valuable insights, particularly regarding dwell time. Considering the Asia Pacific region, what are the most significant factors reducing dwell time, and how do these trends differ from global averages? Given your expertise in Asia Pacific, can you share an observation about a threat actor's behavior that is often overlooked in broader cybersecurity discussions? Looking ahead, what's the single biggest cybersecurity challenge you foresee for organizations in the Asia Pacific region over the next five years, and what proactive steps should they be taking now to prepare? Resources: EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive EP191 Why Aren't More Defenders Winning? Defender's Advantage and How to Gain it!  

EXCLUSIVE: Mark Levy has revealed that a childcare centre in Spring Farm, which came under the microscope during a recent Four Corners investigation, has been hit with a ban over breaches involving inappropriate child discipline and other serious concerns. Following ongoing violations and mounting media scrutiny, the centre will be shut down for three months.See omnystudio.com/listener for privacy information.

It is frighteningly easy to clone someone else's identity using readily-available artificial intelligence tools, and its a real threat to cybersecurity. Our guest this morning proved how easy it is to realistically impersonate any person on the planet Joining Pat on the show this morning was Jake Moore - Global Cybersecurity Advisor at ESET | Former Police Head of Digital Forensics / Cybercrime Officer.

Hometown Radio 04/07/25 5p: Dr. Larry Martinez reacts to recent breaches in cybersecurity

  In this episode of Cyber Security Today, host Jim Love covers several major cybersecurity incidents and vulnerabilities. Key stories include the compromise of Windows Defender and other Endpoint Detection and Response (EDR) systems, a data breach on X (formerly known as Twitter) exposing over 200 million user records, and a security flaw in several UK-based dating apps that led to the exposure of approximately 1.5 million private images. The discussion highlights how attackers are increasingly using legitimate software tools to bypass security measures, the implications of these breaches for users, and offers practical tips for maintaining robust cybersecurity. 00:00 Introduction to Today's Cyber Security News 00:29 Compromised Endpoint Detection and Response Systems 01:06 Bypassing Windows Defender: Methods and Implications 02:52 Ransomware Tactics and Legitimate Tool Exploits 04:20 Time Traveling Attacks and EDR Limitations 06:33 Massive Data Breach on X (Twitter) 08:30 UK Dating Apps Expose Private Images 10:47 Fraud Alerts and Scams 13:25 Conclusion and Final Thoughts

Oracle, Check Point, Twilio, Royal Mail, NYU and more are all in the hot seat this week!

This week on the Security Squawk podcast, we're diving into the biggest cybersecurity stories shaking up the industry: ️ Oracle Health admits to a shocking breach. Ransomware downtime averages 24 days—crippling businesses. Healthcare providers remain dangerously vulnerable to ransomware. ️ Sam's Club investigates Clop ransomware breach claims. ❌ Check Point denies breach allegations while hackers sell access. Local doctor fights to save his practice after ransomware hits—insurance gaps exposed. Fake Zoom installer spreading dangerous ransomware—don't get tricked! Join us live to discuss these critical issues! Don't forget to LIKE and SUBSCRIBE for weekly cybersecurity updates.

Clark County Councilor Michelle Belkot has filed a civil rights lawsuit after being removed from the C-TRAN Board of Directors, claiming retaliation over a vote that could impact local taxpayers. Learn more at https://www.clarkcountytoday.com/news/belkot-files-suit-against-clark-county-alleging-civil-rights-violations-breaches-to-open-meeting-laws/ #localnews #ClarkCountyWa #civilrightslawsuit #MichelleBelkot #CTRAN #ClarkCountyCouncil #OpenMeetingsAct #WashingtonState

Oracle, 23andMe, and a new contender for Breach of the Year: X

On this week's episode, Kyla and Paul break down a hearing at Canada's highest court that could reshape how far police are allowed to go when entering private property during an impaired driving investigation. They also explore the implications of a recent BC Supreme Court ruling on police surveillance and personal privacy. Later, they discuss Mark Carney's plan to shift Canada's auto manufacturing to be fully domestic in response to potential U.S. tariffs, and what that might mean for Canadian drivers and consumers. Then, in Ridiculous Driver of the Week, a Florida man makes waves—literally—by driving his dad's Volvo into the ocean out of spite. Check out the "Lawyer Told Me Not To Talk To You" T-shirts and hoodies at Lawyertoldme.com and "Sit Still Jackson" at sitstilljackson.com.

Jody Hamilton, filling in for Stephanie, explores the pressing need for a congressional investigation into recent national security breaches with guest Cliff Schecter. They discuss the implications of these breaches, the responsibilities of government officials, and the absurdity of current political events. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In this episode of 'Cybersecurity Today,' host Jim Love covers several major cybersecurity events. A devastating breach at Oracle Cloud Infrastructure has exposed 6 million records affecting 140,000 businesses, linked to a threat actor known as Rose87168. The attack exploited vulnerabilities in Oracle Fusion Middleware 11G. New browser-in-the-middle attack techniques are discussed, which can steal data by bypassing multi-factor authentication. The episode also highlights a severe vulnerability in Synology's DiskStation Manager software that could allow remote attackers to take full control of affected systems. Lastly, significant budget cuts in the Cybersecurity and Infrastructure Security Agency's (CISA) Red Team might weaken US government cyber defenses. Critical insights and mitigation strategies for these emerging threats are provided. 00:00 Massive Oracle Supply Chain Attack 03:08 Browser in the Middle Attack Explained 06:03 Synology's Major Security Flaw 08:08 US Government Red Team Disruptions 10:31 Conclusion and Final Thoughts

Oranga Tamariki's privacy standards are in the spotlight after a critical review. The report highlighted nine cases it described as a 'snapshot of issues'. They include a locked cabinet of client files being donated to charity, and social workers giving a mother's and child's address to a father accused of rape. In another, a mother suffered more abuse - after her file was shared with her child's father. Minister for Children Karen Chhour says that case was particularly tough reading. "That gives me grave concern - which is why I set an expectation for Oranga Tamariki around privacy and privacy breaches. These are unacceptable." LISTEN ABOVESee omnystudio.com/listener for privacy information.

The week's breaches turn political, millions of students exposed, Oracle and millions of iPhone users all had a bad week.

"Grievous" privacy breaches have been revealed at Oranga Tamariki, including a staff member who took a screenshot of a mother's file and shared it with the child's father, leading to the mother suffering further physical abuse. Phil Pennington spoke to Ingrid Hipkiss.

Organizations continue to suffer from security breaches, too many of which contain a human element. But there's no consistent definition of the risk posed by human-related breaches, and recommendations are often limited to security awareness and training (SA&T). Understanding the depth and breadth of human-related breaches is critical to implementing adequate security controls within organizations. Jinan Budge, Research Director at Forrester, joins Business Security Weekly to discuss their Best Practice Report on Deconstructing Human-Element Breaches. Jinan will cover the breadth of human-related breaches, including: Social Engineering Human Error Loss/Theft of Physical Assets Social Media Compromise Insider Risk Deep Fake Scams Gen AI Misuse Narrative Attacks and why Security and Awareness Training is not the sole answer to solving human-related breaches. Join us, this discuss may get a little dicey. Segment Resources: https://www.forrester.com/blogs/breaking-down-human-element-breaches-to-improve-cybersecurity/ In the leadership and communications segment, Smart cybersecurity spending and how CISOs can invest where it matters, Grading CISOs: Effective Metrics and Personal Growth Strategies, The Pandemic Proved that Remote Leadership Works, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-387

Organizations continue to suffer from security breaches, too many of which contain a human element. But there's no consistent definition of the risk posed by human-related breaches, and recommendations are often limited to security awareness and training (SA&T). Understanding the depth and breadth of human-related breaches is critical to implementing adequate security controls within organizations. Jinan Budge, Research Director at Forrester, joins Business Security Weekly to discuss their Best Practice Report on Deconstructing Human-Element Breaches. Jinan will cover the breadth of human-related breaches, including: Social Engineering Human Error Loss/Theft of Physical Assets Social Media Compromise Insider Risk Deep Fake Scams Gen AI Misuse Narrative Attacks and why Security and Awareness Training is not the sole answer to solving human-related breaches. Join us, this discuss may get a little dicey. Segment Resources: https://www.forrester.com/blogs/breaking-down-human-element-breaches-to-improve-cybersecurity/ Show Notes: https://securityweekly.com/bsw-387

Organizations continue to suffer from security breaches, too many of which contain a human element. But there's no consistent definition of the risk posed by human-related breaches, and recommendations are often limited to security awareness and training (SA&T). Understanding the depth and breadth of human-related breaches is critical to implementing adequate security controls within organizations. Jinan Budge, Research Director at Forrester, joins Business Security Weekly to discuss their Best Practice Report on Deconstructing Human-Element Breaches. Jinan will cover the breadth of human-related breaches, including: Social Engineering Human Error Loss/Theft of Physical Assets Social Media Compromise Insider Risk Deep Fake Scams Gen AI Misuse Narrative Attacks and why Security and Awareness Training is not the sole answer to solving human-related breaches. Join us, this discuss may get a little dicey. Segment Resources: https://www.forrester.com/blogs/breaking-down-human-element-breaches-to-improve-cybersecurity/ In the leadership and communications segment, Smart cybersecurity spending and how CISOs can invest where it matters, Grading CISOs: Effective Metrics and Personal Growth Strategies, The Pandemic Proved that Remote Leadership Works, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-387

A very alarming FTC action that is raising my eyebrows... Allstate, MGM, PowerSchool again, Freddie Mac and so much more are part of this week's breaches!

Four healthcare breaches expose over 560,000 records Cyber attack allegedly behind X outages Case against MGM ransomware attack dropped Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines

In this hour of the Chris Merrill Show, Chris delves into the recent heated exchange between Elon Musk and Secretary of State Marco Rubio during a White House Cabinet meeting. He also discusses the shooting of an armed man by the Secret Service near the White House while President Trump was out of town. The conversation then shifts to the effects of Daylight-Saving Time on our bodies, weighing the benefits of more evening light against the disruption of our internal clocks. Chris also touches on a hot mic incident involving Vice President Vance and Speaker Johnson, where Vance commented on the length of the President's upcoming speech.  Additionally, he mentions astronauts currently stuck at the Space Station, humorously pondering how their spouses might feel about the extended mission. The hour wraps up with listener feedback on Daylight Saving Time and a discussion on the Justice Department's investigation into soaring egg prices, questioning why consumers don't consider egg alternatives.

3 Things To Know To Start Your Day - The Secret Service dealt with multiple security breaches over the weekend, more tariff news, Ukranian peace talks continue, a small plane crashed in Pittsburgh, teenager says she was inspired to kill by Menendez Brothers documentary, Virginia track runner hit with baton by competitor.

Bank of America, Rubrik, Rite Aid, NTT, Warby Parker and more this past week... oh, and it's all our faults...

Cybersecurity report cards are in, and let's just say—most companies would be grounded if their IT security grades were real school grades. With over 80% of Fortune 500s scoring a D or F, and healthcare companies hovering around the danger zone, it's clear that many organizations are securing data about as well as a cardboard vault. Just ask Warby Parker, which racked up multiple breaches over the years while seemingly skipping Cybersecurity 101. In this episode, we break down what these cybersecurity scores mean, how they were calculated, and what companies should be doing before they end up in the digital hall of shame. More info at HelpMeWithHIPAA.com/498

Zapier, T-Mobile, Nuna Baby and so many more is why we ended this one on an up note! Crime pays, kids, but only for a while.

February 24, 2025: Steven Ramirez, VP and CISTO of Renown Health, discusses how organizations are grappling with increasingly sophisticated threats. What makes the 60-minute breach window so critical in today's threat landscape, and how are healthcare organizations reshaping their approach to identity security? As Ramirez shares insights from his journey at Renown, we explore the delicate balance between rapid threat response and strategic planning, while questioning what makes an effective cybersecurity professional in today's healthcare environment.Key Points:02:35 The Role of a CISTO06:29 Renown Cybersecurity Initiatives12:09 Simplification in Cybersecurity18:36 Lightning RoundSubscribe: This Week HealthTwitter: This Week HealthLinkedIn: This Week HealthDonate: Alex's Lemonade Stand: Foundation for Childhood Cancer

In this episode, we discuss the value of cyber conferences (shout out to NetDiligence, Zywave, IAPP, PLUS, Execusummit, and all the others I missed). Specifically, beyond the sessions, how the conversations in the background help grow understanding of legal, market, and security trends, collaboration, and genuine connections in the industry. I can't neglect a special shout-out to meeting Shawn Melito in a buffet line at a Zywave conference in 2019, discussing the pros and cons of pasta salad. Further, we dive into the unforeseen consequences of mass-scale vendor breaches. Is the market ready for a vendor to throw its hands up, declare bankruptcy, and push all notification obligations to its insureds? Is the market ready for the mass-scale class actions that would follow? Do insurers need to start thinking about sublimit for these types of events? I would love to get everyone's thoughts so keep the questions, calls, and comments coming! E-mail me at spollock@mcdonaldhopkins.com or call me at 410-917-5189. 

Leo Laporte, Paul Thurrott, and Richard Campbell go over the latest batch of preview updates for January 2025, including KB5050094! The big story of the week revolves around DeepSeek and its noticeable effects on the modern AI world. Sinofsky even wrote a big piece on the latest AI assistant! Windows 11 Preview updates for Windows 11, 10 arrive ahead of February Patch Tuesday Windows 11 - Taskbar preview improvements, Windows Studio Effects in the system tray, many File Explorer fixes, more Windows 10 - New Outlook replaces Mail, Calendar, People New Dev and Beta channel builds - Overdue battery icon updates in Dev, Snap Layout experiments in Beta New Canary build today with new File Explorer home view tab Microsoft to remove Dev Home from Windows - This never made sense, so that's fine, but its most important features will live on Microsoft Edge for Windows now has a Scareware blocker in preview AI DeepSeek explodes out of the gate, sends Big Tech/AI stock reeling and opening up questions about how much money these companies are spending on AI Nadella, Altman, Nvidia all react to this change in interesting ways Steve Sinofsky - This was inevitable, disruption always comes from outside Ahead of this blockbuster development, a look at how the Microsoft/OpenAI relationship is changing - and now we need another look OpenAI announces Operator agent for ChatGPT in preview Google is bringing new Gemini features to Android and Pixel Google is also bringing NotebookLM to almost every Workspace tier, including the cheap one I (Paul) use, NotebookLM Plus to WS Standard and better Microsoft Microsoft preps smaller Surface Pro and Laptop models with Snapdragon chips for some reason Microsoft is closing its UK-based "experience center" Xbox Thanks to Activision Blizzard, Microsoft is the biggest game publisher in the world Phil Spencer: Xbox Series S a "real advantage" for coming portable gaming product Phil Spencer says hardware still "critical" to Xbox. More like "critical condition," am I right? No surprises at Xbox Developer_Direct, but a solid collection of games, including the new DOOM Tips and Picks Tip of the week: It's time to start watching Dave's Garage App pick of the week: PowerToys, now with Zoomit RunAs Radio this week: Querying for Breaches with Mark Morowcyznski Brown liquor pick of the week: Blair Athol 12 Floral & Fauna Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: Melissa.com/twit