Podcasts about breaches

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

We were joined by James from The SWFC Trust who was present at an EFL meeting to shed light on the regulation breaches and charges against both the club and Dejphon Chansiri, and what it means for us moving forward. Hosted on Acast. See acast.com/privacy for more information.

SBS Finance Editor Ricardo Gonçalves speaks with Luke Laretive from Seneca Financial Solutions as the ASX200 edges closer to a record and CBA breaches $300bn market cap, while Stephen Wu from the Commonwealth Bank goes through the latest economic growth numbers.

SBS Finance Editor Ricardo Gonçalves speaks with Luke Laretive from Seneca Financial Solutions as the ASX200 edges closer to a record and CBA breaches $300bn market cap, while Stephen Wu from the Commonwealth Bank goes through the latest economic growth numbers.

ConnectWise has confirmed it was the target of a cyber attack by a nation-state threat actor, affecting a small number of its ScreenConnect customers. The company has since patched the software and implemented enhanced monitoring measures to secure its environment. This incident highlights the increasing targeting of remote monitoring and management (RMM) tools by advanced threat actors, particularly from Russian and Chinese intelligence services. The breach, occurring shortly before the IT Nation Secure Conference, raises concerns about the security of RMM tools, which are now viewed as critical infrastructure by hostile foreign actors.In the broader technology landscape, PC sales are projected to grow by 4.1% in 2025, primarily due to a temporary pause in tariffs that has encouraged manufacturers to increase shipments. However, this growth is not indicative of sustainable demand, as challenges such as rising prices and declining consumer sentiment loom. Meanwhile, U.S. smartphone sales are expected to decline due to ongoing tariffs, with the average selling price projected to rise by 4%. This situation reflects a complex interplay of market dynamics influenced by tariff policies.A global study from Kindle reveals that while 95% of organizations have adopted AI, a significant skills gap exists, with 71% of leaders believing their workforces are unprepared to leverage AI effectively. The report indicates that only 40% of leaders utilize AI-powered insights for decision-making, underscoring the need for better alignment between workforce strategies and AI technology. Additionally, the IoT Asset Tracking and Visibility Adoption Report 2025 highlights that 74% of asset tracking projects meet or exceed ROI expectations, emphasizing the importance of managed asset tracking solutions over in-house developed tools.Recent announcements from major companies like Barracuda, Red Hat, and Salesforce indicate a shift towards AI-driven solutions in the enterprise sector. Barracuda has launched an AI-powered cybersecurity platform, while Red Hat introduced AI-driven system administration tools to address the skills gap in Linux management. Salesforce's acquisition of Informatica aims to enhance its data management capabilities, further integrating AI into its offerings. These developments suggest that the focus is shifting from flashy AI features to practical applications that simplify security and enhance operational efficiency. Four things to know today 00:00 Tariffs Distort Tech Growth: PCs Surge While Smartphones Stall, AI and Asset Tracking Reveal Readiness Gaps05:11 Tariffs and AI Redefine Channel Strategy: Uncertainty, Automation, and the Margin Squeeze08:23 Enterprise AI Gets Real: Barracuda, Red Hat, and Salesforce Target Ops, Not Optics10:17 ConnectWise Breach Underscores Rising Nation-State Interest in RMM Tools Supported by:  https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorshiphttps://timezest.com/mspradio/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Your Breaches of the Week! May 26 to June 1, 2025 by Nick Espinosa, Chief Security Fanatic

The TSS Gang is here to answer your questions! On this episode we're asking what happened to Man City's points deduction woes, we're considering whether The USMNT should tank the Gold Cup, we're asking if there's a world where Man Utd gets its finances in order, and much more!WE HAVE A YOUTUBE CHANNEL!⁠⁠⁠⁠⁠⁠We're posting all our episodes here⁠⁠⁠⁠⁠⁠! Smash the like and subscribe etc.!JOIN THE TSS+ PATREON!Check out our Patreon, which houses bonus podcasts, access to our exclusive Discord, blog posts, videos, and much more. Hosted on Acast. See acast.com/privacy for more information.

When a rebuilding begins—of anything that has been broken down or destroyed by the powers of darkness—the enemy does not sit idly by. Ezra and Nehemiah experienced relentless opposition when they began rebuilding what their enemies had destroyed, but God equipped them with powerful weapons, which enabled them to complete the work.In this episode, we explore what those weapons were and how they are still weapons for us today as we work to rebuild through prayer what the enemy has destroyed. If we use these weapons, we will not have any breaches in the wall of God's protection. The battle is real—but so is the breakthrough.--------America Pray Now publishes a magazine on prayer that is free of charge and can be delivered directly to your home. You can sign up for this magazine on our website at americapraynow.comIn addition to our weekly podcast, we meet in 16 different cities every month to pray in person. Most of our in-person prayer meetings are in Virginia, and we also have meetings in Maryland, West Virginia, Delaware, and North Carolina. See our website for times and dates at americapraynow.comEnjoy the Podcast? Let us know! Email us at podcast@americapraynow.com

Chris and Hector break down a wild crypto kidnapping, supply chain sabotage in U.S. infrastructure, and the growing cyber risks of imported tech. Plus, shoutouts and real talk from the front lines of cybersecurity. Join our new Patreon! ⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠questions@hackerandthefed.com

Breaches of the Week - Possible Breach of the Year! by Nick Espinosa, Chief Security Fanatic

  In this episode of Cybersecurity today, host Jim Love reports on various critical cyber threats and data breaches. A newly discovered flaw in Windows Server 2025 allows attackers to seize full domain control, referred to by researchers as the 'bad successor' exploit. Government messaging app Telem Message, a customized version of Signal, was hacked, exposing sensitive communications of over 60 officials, leading to its shutdown. Microsoft disrupted the global Luma Stealer malware operation, which had infected nearly 400,000 computers. Coinbase suffered a major data breach affecting over 69,000 customers due to an insider compromise. Additionally, hackers distributed a malicious version of the KeyPass password manager, embedding it with malware to steal data and deploy ransomware. Jim Love encourages listeners to stay vigilant and download software only from official sources. He teases an upcoming interview with a knowledgeable guest working on open-source solutions to cybersecurity issues. 00:00 Introduction to Cybersecurity News 00:36 Windows Server 2025 Vulnerability 03:09 Telem Messages Hack Scandal 05:37 Microsoft Disrupts Luma Malware 07:29 Coinbase Breach Details 08:54 Malicious Password Manager Alert 10:55 Conclusion and Upcoming Interview

Small businesses are increasingly adopting artificial intelligence (AI) technologies, particularly in personalized email marketing, which has become a primary channel for nearly 19% of small to mid-sized businesses in 2025. Despite the growing interest, many businesses face challenges in implementation, with 35% citing a lack of familiarity with AI as a significant barrier. A recent survey indicates that while 38% of small and medium-sized businesses are utilizing AI across various functions, the actual productivity gains from AI investments, such as chatbots, have been minimal, with only a 3% time savings reported. This discrepancy highlights the gap between the hype surrounding AI and its real-world applications.Legislative developments are also shaping the tech landscape, with Washington State introducing a new sales tax on technology and digital services to address a significant budget shortfall. This tax, expected to generate billions over the next few years, has raised concerns among local tech industry leaders about its potential impact on competitiveness. Additionally, Congress is considering a moratorium on state regulations regarding AI, which could undermine privacy protections established by states. Critics argue that this could hinder essential consumer safeguards, while proponents believe a unified regulatory framework is necessary for innovation.Cybersecurity remains a pressing issue, with notable incidents highlighting vulnerabilities in the sector. Delta Airlines is pursuing legal action against cybersecurity firm CrowdStrike following a massive IT failure that led to significant flight cancellations and financial losses. Meanwhile, a new malware called LumaStealer has infected hundreds of thousands of devices, prompting a coordinated response from Microsoft and Europol. The FBI has also issued warnings about AI-generated voice scams, which pose a growing threat to trust-based systems like email and voice approvals.The podcast emphasizes the importance of resilience and responsibility in cybersecurity, urging IT service providers to focus on trust governance rather than merely managing technology. As AI continues to evolve, the need for systematic validation of communications and relationships becomes critical. The discussion underscores the necessity for businesses to navigate the complexities of AI adoption and cybersecurity effectively, ensuring that they are not only keeping pace with technological advancements but also safeguarding their operations and customer trust. 00:00 AI's Real Value Lies in Utility, Not Innovation, Say Analysts Tracking SMB Adoption Trends+06:36 U.S. Tech Policy in Flux: More States Tax IT, Feds Push AI Preemption, and Data Privacy Falters11:34 Cybersecurity's Trust Gap Widens: Delta Can Sue CrowdStrike, AI Voice Scams Rise, and North Korea Hacks U.S. Firms This is the Business of Tech.    Supported by:  https://afi.ai/office-365-backup/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Leicester City have been charged by the Premier League on three counts for alleged breaches of the EFL's financial rules for the 2023/24 season; the Foxes could face a points deduction in next season's Championship if found guilty. The Panel discuss.#LCFC #LCWFC #premierleague #Leicester #Leicestercity #leicestercityfc #epl #foxes #championship #efl #psr #ffp Hosted on Acast. See acast.com/privacy for more information.

Your Breaches of the Week! May 12 to May 18, 2025 by Nick Espinosa, Chief Security Fanatic

Arlene Watson, a product and engineering leader in the cybersecurity space with experience at CrowdStrike, ServiceNow, and Tenable, joins the show to unpack the critical challenges facing cybersecurity teams today. We dive into breach realities, the need for proactive defenses, how automation is reshaping security operations, and why AI is both a threat and an essential tool. If you're building, managing, or securing software in today's threat landscape, this episode is for you.

News this week has been dominated by dependency issues and attribution towards unwanted nation states and actors. Specifically, easyjson is developed by a Russian firm that is under sanctions. The podcast duo discuss the implications and how to protect apps from sub-dependency threats. This leads to a deep dive into breaches and whether a breach has an effect on the industry, company, or individual. Current regulations and certifications can be lost, but does not always have the effect we would expect.

PowerSchool, T-Mobile, iHeartMedia, LockBit ransomware group, Hertz and more are all part of this week's insanity!

India and Pakistan agreed to a ceasefire Saturday after the most serious military confrontation between the nuclear-armed neighbors in decades. But just hours later, multiple explosions were heard in India-controlled Kashmir and India’s foreign secretary accused Pakistan of breaching the truce. Laura Barrón-López speaks with Lisa Curtis at the Center for a New American Security for more. PBS News is supported by - https://www.pbs.org/newshour/about/funders

India and Pakistan agreed to a ceasefire Saturday after the most serious military confrontation between the nuclear-armed neighbors in decades. But just hours later, multiple explosions were heard in India-controlled Kashmir and India’s foreign secretary accused Pakistan of breaching the truce. Laura Barrón-López speaks with Lisa Curtis at the Center for a New American Security for more. PBS News is supported by - https://www.pbs.org/newshour/about/funders

This lecture text explores contract interpretation, discussing how courts determine the meaning of agreements using the plain meaning rule and extrinsic evidence, such as course of performance, course of dealing, and usage of trade, while also considering the parol evidence rule. It then differentiates performance obligations under common law and the U.C.C., contrasting substantial performance with the perfect tender rule, and introducing the concept of conditions. The material further explains breach, including material versus minor breaches and anticipatory repudiation, before outlining the rights of third parties through assignment, delegation, and third-party beneficiary contracts, finally addressing ways performance may be excused due to impossibility, impracticability, or frustration of purpose.This conversation provides a comprehensive overview of contract law remedies, focusing on what happens when a contract is breached. It covers legal remedies, including expectation damages, incidental and consequential damages, the duty to mitigate, and equitable remedies like specific performance and rescission. The discussion also touches on restitution, quasi-contracts, liquidated damages, and the limitations that can affect the recovery of damages. The importance of understanding these concepts for law students and practitioners is emphasized throughout.TakeawaysUnderstanding remedies is crucial for contract law.Expectation damages aim to put the non-breaching party whole.Incidental damages cover reasonable costs incurred due to a breach.Consequential damages depend on foreseeability at the time of contracting.The duty to mitigate prevents unnecessary loss escalation.Equitable remedies are granted at the court's discretion.Specific performance is used when money damages are inadequate.Restitution prevents unjust enrichment, focusing on the defendant's gain.Liquidated damages must be reasonable and not punitive.Various doctrines can limit the recovery of damages.According to the plain meaning rule, courts interpret unambiguous contract language according to its ordinary meaning, without considering outside evidence.If contract language is ambiguous, courts may consider extrinsic evidence such as prior negotiations, drafts, industry standards, or other contemporaneous writings to determine the parties' intent.Course of performance refers to the parties' behavior under the current contract, while course of dealing refers to their conduct in previous contracts. Both provide insight into the parties' understanding of terms.The parol evidence rule's purpose is generally to prevent parties from using prior or contemporaneous oral or written statements to contradict or change the terms of a complete and final written contract.Common law substantial performance allows enforcement if the essential purpose is met with minor deviations, while the U.C.C.'s perfect tender rule requires goods to conform exactly to contract terms for the buyer to be obligated to accept them.Under the perfect tender rule, a seller might satisfy their obligation despite nonconforming goods by exercising their right to "cure" the defective tender within the contract performance period.A condition precedent is an event that must occur before a party is obligated to perform. An example from the source is a loan disbursement being conditioned on providing proof of income.A material breach is a serious violation going to the essence of the contract that excuses the non-breaching party's performance, while a minor breach is less significant and only entitles the injured party to damages.Upon anticipatory repudiation, the non-breaching party can treat it as a breach and sue immediately, suspend performance and wait, or urge performance and await retraction.An assignment is a transfer of rights under a contract, while a delegation is a transfer of duties. In a delegation, the original party typically remains liable unless a novation occurs.

In this episode of Cybersecurity Today, host Jim Love discusses recent cybersecurity breaches and vulnerabilities. Key topics include a security flaw in the new default setting of Microsoft OneDrive, a ransom incident involving PowerSchool that compromised student data, and the breach of a DOGE staffer's computer by info-stealing malware. The episode emphasizes the importance of proper security oversight, the risks of paying ransoms to cyber criminals, and the critical need for government agencies to reevaluate their cybersecurity protocols. 00:00 Introduction to Cybersecurity Today 00:30 Microsoft OneDrive Security Vulnerability 02:52 PowerSchool Ransomware Attack 07:20 DOGE Staffer Malware Breach 10:50 Conclusion and Final Thoughts

Israeli innovation envoy Fleur Hassan-Nahoum returns to the JNS Jerusalem studio alongside journalist and Iranian expert Emily Schrader, women's rights advocate Shoshanna Keats Jaskoll and media entrepreneur & IDF reservist Raquel Karamsin for a no-holds-barred panel on the week's most urgent security and political developments.

Drex DeFord covers critical security updates affecting healthcare organizations. Ascension Health is notifying hundreds of thousands of patients about security incidents involving third-party partners. UnitedHealth Group has deployed thousands of AI applications across their operations. A new study reveals alarming password practices, with 8-character passwords and common words still widely used. Microsoft is making all new accounts passwordless by default to combat these vulnerabilities. Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Forecast = Cloudy with a chance of zero-days-watch for Spellbinder storms and scattered Git leaks! ‍ On this episode of Storm⚡️Watch, the crew dives into the fast-moving world of vulnerability tracking and threat intelligence, spotlighting how defenders are moving beyond the traditional CVE system to keep pace with real-world attacks. The show kicks off with a look at the latest listener poll, always a source of lively debate, before jumping into some of the most pressing cybersecurity stories of the week. A major focus of this episode is the recent revelation that a China-aligned APT group, dubbed TheWizards, is using a tool called Spellbinder to abuse IPv6 SLAAC for adversary-in-the-middle attacks. This technique lets attackers move laterally through networks by hijacking software update mechanisms-specifically targeting popular Chinese applications like Sogou Pinyin and Tencent QQ-to deliver malicious payloads such as the modular WizardNet backdoor. The crew unpacks how this approach leverages IPv6's stateless address autoconfiguration to intercept and redirect legitimate traffic, underscoring the evolving sophistication of lateral movement techniques in targeted campaigns. The episode then turns to Google's 2024 zero-day exploitation analysis, which reports a drop in the total number of zero-days exploited compared to last year but highlights a worrying shift: attackers are increasingly targeting enterprise products and infrastructure. Microsoft, Ivanti, Palo Alto Networks, and Cisco are among the most targeted vendors, with nearly half of all zero-day exploits now aimed at enterprise systems and network appliances. The discussion covers how attackers are chaining vulnerabilities for more impactful breaches and why defenders need to be vigilant as threat actors pivot to harder-to-monitor enterprise environments. Censys is in the spotlight for its recent research and tooling, including a new Ports & Protocols Dashboard that gives organizations granular visibility into their attack surface across all ports and protocols. This helps teams quickly spot risky exposures and misconfigurations, making it easier to prioritize remediation efforts and automate alerting for high-risk assets. The crew also highlights Censys's collaborative work on botnet hunting and their ongoing push to retire stale threat indicators, all of which are reshaping proactive defense strategies. runZero's latest insights emphasize the importance of prioritizing risks at the asset stack level, not just by CVE. The crew explains how misconfigurations, outdated software, and weak network segmentation can create stacked risks that traditional scanners might miss, urging listeners to adopt a more holistic approach to asset management and vulnerability prioritization. Rounding out the episode, GreyNoise shares new research on a dramatic spike in scanning for Ivanti Connect Secure VPNs and a surge in crawling activity targeting Git configuration files. These trends highlight the persistent risk of codebase exposure and the critical need to secure developer infrastructure, as exposed Git configs can lead to the leak of sensitive credentials and even entire codebases. As always, the show wraps up with some final thoughts and goodbyes, leaving listeners with actionable insights and a reminder to stay vigilant in the face of rapidly evolving cyber threats. If you have questions or want to hear more about any of these topics, let us know-what's on your mind this week? Storm Watch Homepage >> Learn more about GreyNoise >>  

Hometown Radio 04/01/25 6p: Dr. Larry Martinez reacts to recent breaches in cybersecurity

A nurse of Ned/Surg has been there for two years. She's interested in moving into cardiac care—she's always been interested in it—and as she sits in the break room, the clinical nurse specialist comes in to talk to her, and says, “Hey, we're going to be able to get you some time in the CCU! We should be able to do this in the next couple of weeks. I know you've really been wanting to get some experience there, and we have a new onboarding program.” But days turn into weeks, and weeks turn into months, and she never seems to be scheduled for the CCU. So finally one day she asks outright, “What happened with that?” And the clinical nurse specialist kind of blinks in surprise and says, “You know, we're just way too short staffed right now, I'm sure we'll get to it eventually.” This example of personal learning deferred is one of the most common breaches to what we call the psychological contract—when I either implicitly or explicitly make an offer to you, and then don't follow through on it the way you were expecting. This week we're going to focus on getting you ready to survive these very common situations, whether you've experienced the breach, or caused it. This week is a great place to hop into Curious Now, with a new chapter on how we interact with other people when we need to work together, but the standards we hold haven't been met. Coaching from Jenny Rudolph at www.harvardmedsim.org Curious Now on Spotify: https://open.spotify.com/show/72gzzWGegiXd9i2G6UJ0kP Curious Now on Apple Podcasts: https://podcasts.apple.com/us/podcast/the-center-for-medical-simulation/id1279266822

First, the UK's Co-operative Group was forced to shut down part of its IT systems after a suspected cyberattack, disrupting internal operations like stock monitoring and remote access—just weeks after a similar event hit Marks & Spencer. While customer-facing services stayed online, the breach highlights growing risks in the retail supply chain. Meanwhile, a ransomware attack crippled systems at the DuPage County Sheriff's Office and courthouse in Illinois. While 911 and public safety services remained active, critical infrastructure—including judicial and legal records—went dark. The FBI and Secret Service are now leading the investigation. But not all stories end in disruption—Doctors Hospital in the Cayman Islands successfully thwarted a ransomware attack thanks to quick action by its IT Director and a well-practiced incident response plan. No patient data was compromised, and operations resumed with minimal downtime. We'll break down what went right, what went wrong, and why tabletop exercises and segmented infrastructure may be your best defense in this era of relentless cyber threats.

The Police Association is underlining why aspiring recruits need to pass the physical aptitude test before joining police college. Police are doing an audit after revelations three applicants got in - even after failing to meet fitness requirements. Association Vice President Paul Ormerod says the college requires learning across driving, firearms, hand to hand combat - and more. "If your physical condition isn't up to at least the minimum level - invariably, you'll be injured and that'll put more pressure on your learning and it could probably even delay your graduation." LISTEN ABOVESee omnystudio.com/listener for privacy information.

Privacy rights take center stage as the BC Court of Appeal delivers a powerful message to organizations handling sensitive information. When an ICBC employee sold policyholder data to criminal organizations, resulting in targeted arson and shooting attacks against numerous victims, the insurance giant fought tooth and nail to minimize compensation. The Court ultimately upheld a $15,000 award for each affected individual, establishing a crucial precedent that privacy violations cause significant harm even without visible damage.The ruling recognizes that having your personal details sold to criminals creates genuine suffering, even when physical attacks don't materialize. This landmark decision enforces the principle that employers bear responsibility for their employees' actions when handling sensitive data. For anyone concerned about their digital privacy, this case represents a significant step toward protecting personal information in an increasingly connected world.Meanwhile, the courts navigate the complex territory where art meets evidence. A murder trial in Surrey broke new ground by allowing expert testimony on drill rap—a subgenre where violent lyrics are often performative rather than autobiographical. The defence successfully argued that without understanding this cultural context, jurors might mistakenly interpret rap about violence as literal confessions. This raises fascinating questions about how we evaluate artistic expression in criminal proceedings and acknowledges potential racial biases in interpreting such content.In Victoria, justice persisted despite a defendant's violent refusal to participate in his own trial. Charged with beating someone with their own wheelchair during a robbery, the accused fought with sheriffs and refused to enter the courtroom. The judge's ruling that this behaviour constituted "absconding" demonstrates how our legal system adapts to maintain functionality even when faced with extreme disruption.These cases highlight how Canadian courts are evolving to address modern challenges while upholding fundamental principles of justice. Have you ever wondered how much your privacy is actually worth in the eyes of the law? This week's developments provide some compelling answers.Follow this link for a transcript of the show and links to the cases discussed. 

Hertz, Legends International, H&R Block, Australia (the entire country), Canada's CRA, JPMorgan Chase and Bank of BNY Mellon rounds out this week's insanity.

In this episode of "The Daily Windup," we delve into the complex world of government contracts and the challenges faced by contractors and government officials alike. We emphasizes the importance of organizations like the National Contract Management Association (NCMA) as a platform for contractors and government personnel to collaborate and address such challenges. The conversation then shifts towards cybersecurity, a longstanding concern in the industry. We explore the introduction of the Cybersecurity Maturity Model Certification (CMMC) and its initial third-party certification approach, including the subsequent concerns raised by small businesses and the need for reimbursement of certification expenses. Listen to gain valuable insights into the need for improved training and collaboration, while also understanding the complexities surrounding cybersecurity in the contracting community.

Guest: Steve Ledzian, APAC CTO, Mandiant at Google Cloud Topics: We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making? Cybersecurity is rife with jargon. If you could eliminate or redefine one overused term, which would it be and why? How does this overloaded language specifically hinder effective communication and action in the region? The Mandiant Attack Lifecycle is a well-known model. How has your experience in the East Asia region challenged or refined this model? Are there unique attack patterns or actor behaviors that necessitate adjustments? Two years post-acquisition, what's been the most surprising or unexpected benefit of the Google-Mandiant combination? M-Trends data provides valuable insights, particularly regarding dwell time. Considering the Asia Pacific region, what are the most significant factors reducing dwell time, and how do these trends differ from global averages? Given your expertise in Asia Pacific, can you share an observation about a threat actor's behavior that is often overlooked in broader cybersecurity discussions? Looking ahead, what's the single biggest cybersecurity challenge you foresee for organizations in the Asia Pacific region over the next five years, and what proactive steps should they be taking now to prepare? Resources: EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive EP191 Why Aren't More Defenders Winning? Defender's Advantage and How to Gain it!  

EXCLUSIVE: Mark Levy has revealed that a childcare centre in Spring Farm, which came under the microscope during a recent Four Corners investigation, has been hit with a ban over breaches involving inappropriate child discipline and other serious concerns. Following ongoing violations and mounting media scrutiny, the centre will be shut down for three months.See omnystudio.com/listener for privacy information.

Hometown Radio 04/07/25 5p: Dr. Larry Martinez reacts to recent breaches in cybersecurity

  In this episode of Cyber Security Today, host Jim Love covers several major cybersecurity incidents and vulnerabilities. Key stories include the compromise of Windows Defender and other Endpoint Detection and Response (EDR) systems, a data breach on X (formerly known as Twitter) exposing over 200 million user records, and a security flaw in several UK-based dating apps that led to the exposure of approximately 1.5 million private images. The discussion highlights how attackers are increasingly using legitimate software tools to bypass security measures, the implications of these breaches for users, and offers practical tips for maintaining robust cybersecurity. 00:00 Introduction to Today's Cyber Security News 00:29 Compromised Endpoint Detection and Response Systems 01:06 Bypassing Windows Defender: Methods and Implications 02:52 Ransomware Tactics and Legitimate Tool Exploits 04:20 Time Traveling Attacks and EDR Limitations 06:33 Massive Data Breach on X (Twitter) 08:30 UK Dating Apps Expose Private Images 10:47 Fraud Alerts and Scams 13:25 Conclusion and Final Thoughts

Oracle, Check Point, Twilio, Royal Mail, NYU and more are all in the hot seat this week!

This week on the Security Squawk podcast, we're diving into the biggest cybersecurity stories shaking up the industry: ️ Oracle Health admits to a shocking breach. Ransomware downtime averages 24 days—crippling businesses. Healthcare providers remain dangerously vulnerable to ransomware. ️ Sam's Club investigates Clop ransomware breach claims. ❌ Check Point denies breach allegations while hackers sell access. Local doctor fights to save his practice after ransomware hits—insurance gaps exposed. Fake Zoom installer spreading dangerous ransomware—don't get tricked! Join us live to discuss these critical issues! Don't forget to LIKE and SUBSCRIBE for weekly cybersecurity updates.

Oracle, 23andMe, and a new contender for Breach of the Year: X

Jody Hamilton, filling in for Stephanie, explores the pressing need for a congressional investigation into recent national security breaches with guest Cliff Schecter. They discuss the implications of these breaches, the responsibilities of government officials, and the absurdity of current political events. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In this episode of 'Cybersecurity Today,' host Jim Love covers several major cybersecurity events. A devastating breach at Oracle Cloud Infrastructure has exposed 6 million records affecting 140,000 businesses, linked to a threat actor known as Rose87168. The attack exploited vulnerabilities in Oracle Fusion Middleware 11G. New browser-in-the-middle attack techniques are discussed, which can steal data by bypassing multi-factor authentication. The episode also highlights a severe vulnerability in Synology's DiskStation Manager software that could allow remote attackers to take full control of affected systems. Lastly, significant budget cuts in the Cybersecurity and Infrastructure Security Agency's (CISA) Red Team might weaken US government cyber defenses. Critical insights and mitigation strategies for these emerging threats are provided. 00:00 Massive Oracle Supply Chain Attack 03:08 Browser in the Middle Attack Explained 06:03 Synology's Major Security Flaw 08:08 US Government Red Team Disruptions 10:31 Conclusion and Final Thoughts

The week's breaches turn political, millions of students exposed, Oracle and millions of iPhone users all had a bad week.

Organizations continue to suffer from security breaches, too many of which contain a human element. But there's no consistent definition of the risk posed by human-related breaches, and recommendations are often limited to security awareness and training (SA&T). Understanding the depth and breadth of human-related breaches is critical to implementing adequate security controls within organizations. Jinan Budge, Research Director at Forrester, joins Business Security Weekly to discuss their Best Practice Report on Deconstructing Human-Element Breaches. Jinan will cover the breadth of human-related breaches, including: Social Engineering Human Error Loss/Theft of Physical Assets Social Media Compromise Insider Risk Deep Fake Scams Gen AI Misuse Narrative Attacks and why Security and Awareness Training is not the sole answer to solving human-related breaches. Join us, this discuss may get a little dicey. Segment Resources: https://www.forrester.com/blogs/breaking-down-human-element-breaches-to-improve-cybersecurity/ In the leadership and communications segment, Smart cybersecurity spending and how CISOs can invest where it matters, Grading CISOs: Effective Metrics and Personal Growth Strategies, The Pandemic Proved that Remote Leadership Works, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-387

Organizations continue to suffer from security breaches, too many of which contain a human element. But there's no consistent definition of the risk posed by human-related breaches, and recommendations are often limited to security awareness and training (SA&T). Understanding the depth and breadth of human-related breaches is critical to implementing adequate security controls within organizations. Jinan Budge, Research Director at Forrester, joins Business Security Weekly to discuss their Best Practice Report on Deconstructing Human-Element Breaches. Jinan will cover the breadth of human-related breaches, including: Social Engineering Human Error Loss/Theft of Physical Assets Social Media Compromise Insider Risk Deep Fake Scams Gen AI Misuse Narrative Attacks and why Security and Awareness Training is not the sole answer to solving human-related breaches. Join us, this discuss may get a little dicey. Segment Resources: https://www.forrester.com/blogs/breaking-down-human-element-breaches-to-improve-cybersecurity/ Show Notes: https://securityweekly.com/bsw-387