Podcasts about cisa

If you like what you hear, please subscribe, leave us a review and tell a friend!

CISA staff may see pay cuts in 2026. Threat actors advertise a full chain zero-day exploit for iOS. A US-led international coalition releases joint guidance on integrating AI into operational technology. Microsoft lowers sales growth targets for its agentic AI products. A major fintech provider suffers a ransomware-linked breach. Arizona's Attorney General sues Temo over data collection practices. Lessons learned from Capita's handling of Black Basta. The UK sanctions Russia's GRU. My guest is Dave Baggett, co-founder and CEO of INKY (recently acquired by Kaseya), about the challenges of email security. A U.S. Bankruptcy Court insists on AI transparency. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Dave Bittner speaks with Dave Baggett, co-founder and CEO of INKY (recently acquired by Kaseya), about the need to update email security that was built on a 1971 design. Selected Reading US Slashes Pay Incentives at Already Weakened Cyber Agency (Bloomberg) Zero-Day Alert: Alleged iOS 26 Full Chain Exploit for Sale (Dataminr) Principles for the Secure Integration of Artificial Intelligence in Operational Technology (CISA) Microsoft drops AI sales targets in half after salespeople miss their quotas (Ars Technica) Marketing and Compliance Software Vendor to Banks Breached (Data Breach Today) Arizona attorney general sues Chinese online retailer Temu over data theft claims (AP News) What organisations can learn from the record breaking fine over Capita's ransomware incident (DoublePulsar) UK cracks down on Russian intelligence agency authorised by Putin to target Skripals (GOV.UK) General Order 210: Filings Using Generative Artificial Intelligence (Southern District of California, United States Bankruptcy Court) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-232 over Wi-Fi!?) to limited budgets. They talk about the different domains where OT appears and provide some examples of how the next generation of builders and breakers can start learning about this space. Segment Resources: Free Cyber OT Training (INL): https://ics-training.inl.gov/ Free Cyber Hygiene Training (CISA): https://www.cisa.gov/cyber-hygiene-services Recommendations for network hardening (CISA): https://www.cisa.gov/shields-up More OT and ICS resources: https://github.com/biero-el-corridor/OTICSressource_list   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-359

For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-232 over Wi-Fi!?) to limited budgets. They talk about the different domains where OT appears and provide some examples of how the next generation of builders and breakers can start learning about this space. Segment Resources: Free Cyber OT Training (INL): https://ics-training.inl.gov/ Free Cyber Hygiene Training (CISA): https://www.cisa.gov/cyber-hygiene-services Recommendations for network hardening (CISA): https://www.cisa.gov/shields-up More OT and ICS resources: https://github.com/biero-el-corridor/OTICSressource_list   Show Notes: https://securityweekly.com/asw-359

For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-232 over Wi-Fi!?) to limited budgets. They talk about the different domains where OT appears and provide some examples of how the next generation of builders and breakers can start learning about this space. Segment Resources: Free Cyber OT Training (INL): https://ics-training.inl.gov/ Free Cyber Hygiene Training (CISA): https://www.cisa.gov/cyber-hygiene-services Recommendations for network hardening (CISA): https://www.cisa.gov/shields-up More OT and ICS resources: https://github.com/biero-el-corridor/OTICSressource_list   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-359

For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-232 over Wi-Fi!?) to limited budgets. They talk about the different domains where OT appears and provide some examples of how the next generation of builders and breakers can start learning about this space. Segment Resources: Free Cyber OT Training (INL): https://ics-training.inl.gov/ Free Cyber Hygiene Training (CISA): https://www.cisa.gov/cyber-hygiene-services Recommendations for network hardening (CISA): https://www.cisa.gov/shields-up More OT and ICS resources: https://github.com/biero-el-corridor/OTICSressource_list   Show Notes: https://securityweekly.com/asw-359

European authorities take down an illegal cryptomixer. An Australian man is sentenced for running an airport evil twin WiFi campaign. Researchers unmask a Scattered LAPSUS$ Hunters impresario. CISA flags a cross-site scripting flaw in OpenPLC ScadaBR. A major South Korean retailer suffers a data breach affecting over 33 million customers. Threat actors abuse digital calendar subscription features. New York's new hospital cybersecurity mandates may raise the bar nationwide. Scammers target Cyber Monday shoppers. Monday business brief. Ann Johnson speaks with Microsoft's Amy Hogan-Burney on the Afternoon Cyber Tea segment. Google gets caught reheating someone else's holiday recipe.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you'll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠. Afternoon Cyber Tea segment Afternoon Cyber Tea host Ann Johnson speaks with Amy Hogan-Burney, Corporate Vice President of Customer Trust and Security at Microsoft, about how Microsoft Is redefining global cyber defense. Ann and Amy discuss Microsoft's evolving approach to combating global cybercrime and the importance of collaboration across the private and public sectors. You can listen to their full conversation here and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.  Selected Reading Cryptomixer crypto laundering service taken down by law enforcement (Help Net Security) Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison (Bleeping Computer) Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters' (Krebs on Security) U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog (Security Affairs) Data breach hits 'South Korea's Amazon,' potentially affecting 65% of country's population (The Record) Threat Actors Exploit Calendar Subscriptions for Phishing and Malware (Infosecurity Magazine) New York Hospital Cyber Rules to 'Raise the Bar' Nationwide (GovInfo Security) Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday (Hackread) Guardio secures $80 million in new funding. (N2K Pro Business Briefing) Google deletes X post after getting caught using a ‘stolen' AI recipe infographic (Bleeping Computer) Share your feedback.What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Monday Microsegment for the week of November 17th. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast.CISA flags new risks in both cloud and industrial systems.Congress calls Anthropic to explain AI-enabled threats.And a real-estate tech breach may spill into major U.S. banks.And John Kindervag joins us for his 2026 predictions! Head to The Zero Trust Hub: hub.illumio.comDownload The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

Join us for a timely and insightful live discussion on the evolving role of artificial intelligence in governance, risk, and compliance. Host Dave Bittner from N2K | CyberWire is joined by Kayne McGladrey from Hyperproof, Matthew Cassidy, PMP, CISA from Grant Thornton (US), and Alam Ali from Hyperproof to explore the current state of artificial intelligence in governance, risk, and compliance. The panel will discuss what AI is truly doing well today, the risks and challenges organizations need to watch for, and how AI is poised to influence the future of GRC. They will also share practical insights and real-world guidance for teams looking to adopt AI responsibly and effectively. Don't miss this timely conversation as our experts break down what's real, what's risky, and what's next in AI for GRC. Learn more about your ad choices. Visit megaphone.fm/adchoices

(Presented by Material Security (https://material.security): We protect your company's most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.) Three Buddy Problem - Episode 74: We attempt to parse the rumor-fog around Microsoft's CISO at CYBERWARCON and what it reveals about the company's shifting posture on intel sharing, regulation, and its outsized grip on the security ecosystem. Plus, coverage of the Shai-Hulud npm supply-chain mess, CISA's mobile spyware guidance, NSO's legal contortions, a sharp new GRU-linked intrusion from Arctic Wolf. We also discuss the FCC retreating on telco security rules, and the emerging AI arms race shaping how cloud giants hunt threats and how Washington misunderstands all of it. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

CISA warns of app break-ins StealC V2 spread through blender files Russia arrests cybersecurity entrepreneur for treason Huge thanks to our episode sponsor, KnowBe4 Cybersecurity isn't just a tech problem—it's a human one.   That's why KnowBe4's Human Risk Management platform allows you to measure, quantify and actually reduce human risk across your organization.   With AI-powered risk scoring, automated coaching and reporting, HRM+ helps you surface your highest risk users and reduce the risk of data breaches and cyberattacks proactively. Ready to move from awareness to action? Request a demo of HRM+ today at knowbe4.com.

CISA warns of spyware targeting messaging apps. CodeRED, this is not a test. Infostealer campaign spreads via malicious Blender files. Shai-Hulud's second coming. Real estate finance firm SitusAMC investigates breach. Dartmouth College discloses Oracle EBS breach. Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration's upcoming cyber strategy. And tis the season for deals — and digital deception. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration's upcoming cyber strategy. Read Tim's piece on the topic “Completed draft of cyber strategy emphasizes imposing costs, industry partnership”. Selected Reading ​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​ (CISA) CodeRED cyber attack leaves emergency notification system down, exposes user data (First Alert 4) Morphisec Thwarts Russian-Linked StealC V2 Campaign Targeting Blender Users via Malicious .blend Files (Morphisec) Shai-Hulud's Second Coming: NPM Malware Attack Evolved (Checkmarx) SitusAMC confirms breach of client data after cyberattack (The Register) Clop's Oracle EBS rampage reaches Dartmouth College (The Register) 2025 Retail Holiday Threat Report: Scams and Impersonation Attacks Targeting Retailers (BforeAI) The data privacy costs of Black Friday bargains: 100 Black Friday apps analyzed (Comparitech) 2025 Ransomware Holiday Risk Report (Semperis) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA orders feds to patch OIM Delta Dental of Virginia incurs data breach Systems down at postal operator in Ukraine Huge thanks to our episode sponsor, KnowBe4 Cybersecurity isn't just a tech problem—it's a human one.   That's why KnowBe4's Human Risk Management platform allows you to measure, quantify and actually reduce human risk across your organization.   With AI-powered risk scoring, automated coaching and reporting, HRM+ helps you surface your highest risk users and reduce the risk of data breaches and cyberattacks proactively. Ready to move from awareness to action? Request a demo of HRM+ today at knowbe4.com.

This week, Ethan Cook, N2K lead analyst and editor of the Caveat newsletter joins Dave and Ben with a rapid-fire download from Public Sector Ignite — from CISA's strategic pivot to the evolving threat landscape across China, Russia, Iran, and North Korea. He teases major takeaways on quantum risk and the ticking clock to “Q-Day,” why telecoms remain a soft underbelly, and how AI is turbocharging both defenders and attackers. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠⁠⁠⁠This week's ⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠ covers Europe's unexpected shift toward loosening its once-aggressive tech rules, as policymakers move to simplify GDPR, delay parts of the A.I. Act, and ease data-use restrictions to boost competitiveness. The move signals a major tone change in Brussels, raising questions about whether scaling back oversight will spark innovation — or weaken one of the world's strongest digital privacy regimes. Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloudflare's outage is rooted in an internal configuration error. The Trump administration is preparing a new national cyber strategy. CISA gives federal agencies a week to secure a new Fortinet flaw. MI5 warns that China is using LinkedIn headhunters and covert operatives to target lawmakers. Experts question the national security risks of TP-Link routers. The China-aligned PlushDaemon threat group hijacks software updates. Researchers discover WhatsApp's entire global member directory accessible online without protection. LG Energy Solution confirms a ransomware attack. ShinySp1d3r makes its debut. Rotem Tsadok, Director of Security Operations and Forensics at Varonis, is sharing lessons learned from thousands of forensics investigations. A judge says Google's claims to water use secrecy are all wet.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Rotem Tsadok, Director of Security Operations and Forensics at Varonis, sharing lessons learned from thousands of forensics investigations. Listen to Rotem's full conversation here. Selected Reading Cloudflare blames this week's massive outage on database issues (Bleeping Computer) National cyber strategy will include focus on ‘shaping adversary behavior,' White House official says (The Record) CISA gives govt agencies 7 days to patch new Fortinet flaw (Bleeping Computer) Chinese Spies Are Using LinkedIn to Target U.K. Lawmakers, MI5 Warns (The New York Times) No evidence that TP-Link routers are a Chinese security threat (CSO Online) PlushDaemon compromises network devices for adversary-in-the-middle attacks (welivesecurity) 3.5 Billion Accounts: Complete WhatsApp Directory Retrieved and Evaluated (heise online) LG Energy Solution reports ransomware attack, hackers claim theft of 1.7 terabytes of data (beyondmachines) Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters (Bleeping Computer) Google Strives To Keep Data Center Water Use Secret After Judge Orders Records Released (Roanoke Rambler) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Anthropic says a Chinese APT orchestrated attacks using its AI It's a day ending in -y, so of course there are shamefully bad Fortinet exploits in the wild Turns out slashing CISA was a bad idea, now it's time for a hiring spree Researchers brute force entire phone number space against Whatsapp contact discovery API DOJ figures out how to make SpaceX turn off scam compounds' Starlink service This week's episode is sponsored by Mastercard. Senior Vice President of Mastercard Cybersecurity Urooj Burney joins to talk about how the roles of fraud and cyber teams in the financial sector are starting to converge. Mastercard also recently acquired Recorded Future, and Urooj talks about how they aim to integrate cyber threat intelligence into the financial world. This episode is also available on Youtube. Show notes Full report: Disrupting the first reported AI-orchestrated cyber espionage campaign Researchers question Anthropic claim that AI-assisted attack was 90% autonomous - Ars Technica China's ‘autonomous' AI-powered hacking campaign still required a ton of human work | CyberScoop Amazon discovers APT exploiting Cisco and Citrix zero-days | AWS Security Blog CISA gives federal agencies one week to patch exploited Fortinet bug | The Record from Recorded Future News PSIRT | FortiGuard Labs CISA, eyeing China, plans hiring spree to rebuild its depleted ranks | Cybersecurity Dive This Is the Platform Google Claims Is Behind a 'Staggering' Scam Text Operation | WIRED A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers | WIRED DOJ Issued Seizure Warrant to Starlink Over Satellite Internet Systems Used at Scam Compound | WIRED Multiple US citizens plead guilty to helping North Korean IT workers earn $2 million | The Record from Recorded Future News Cyberattack leaves Jaguar Land Rover short of £680 million | The Record from Recorded Future News FBI: Akira gang has received nearly $250 million in ransoms | The Record from Recorded Future News Operation Endgame: Police reveal takedowns of three key cybercrime tools | The Record from Recorded Future News Inside a Wild Bitcoin Heist: Five-Star Hotels, Cash-Stuffed Envelopes, and Vanishing Funds | WIRED

Aon's Brent Rieth discusses the ripple effects of the Cyber Information Security Act (CISA) not being renewed, warning that insurers now face a major data gap in assessing … Read More » The post EP. 109: The Future of Cyber Risk Without CISA: How Insurers and Businesses Can Adapt appeared first on Insurance Journal TV.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The federal government recognizes that threats are multiplying at an exponential level. In fact, in October 2025, CISA released a free vulnerability scanner, and 10,000 organizations have signed up. Today, CISA is at its current capacity. Today, we examine solutions from a successful startup called CrunchAtlas. One of the co-founders, Ben Fabrelle, will share with the audience his experience in threat hunting in the federal government and why he combined with another veteran to form a company that can assist in threat intelligence, data analysis, and automation. During the interview, Fabrelle says that CrunchAtlas likes to attack "wicked" complex problems. One of the most complicated problems the federal government has is identifying threats in a world where the DoD is being attacked by malicious actors every day. Fabrelle suggests that the solution is a persistent cyber-hunt platform. It can search for threats in a wide range of environments. This means it can be deployed on-prem, in the cloud, or in an air-gapped environment. The founders view that a platform approach is the best way to scale against these adversaries. One of the key differentiators for CrunchAtlas is its ability to operate in the cloud, on-prem, and even in an air-gapped environment. In fact, their offering's code stack, from design, operates in an air-gapped environment. Automation in this kind of environment will allow for a reduction in false positives, which will, in turn, reduce fatigue and decrease the need for human threat hunters.  

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• Happy Birthday to CISA! The Cybersecurity and Infrastructure Security Agency turned seven on Sunday. • Government funding bill temporarily revives cybersecurity information-sharing law• The Gate 15 Interview EP 64: Cody Barrow, CEO, EclecticlQ. “Nothing in cyber happens without a reason.”• Faith-Based (U.S.): FB-ISAO Newsletter, v7, Issue 10Main Topics:Cybersecurity!• OWASP Top Ten. Welcome to the 8th installment of the OWASP Top Ten! • ASD: Annual Cyber Threat Report 2024-2025• Checkout.com: Protecting Our Merchants: Standing Up to Extortion: “We will not be extorted by criminals. We will not pay this ransom.” Holidays & Hostile Events!• Europol: 10 years on: remembering the victims of the 13 November terrorist attack in Paris• DOJ: New Jersey Man Charged with Cyberstalking in Connection with Violent Network ‘764'• Indiana Republican called out by Trump on redistricting is swatted• Marjorie Taylor Greene Says She Received Pipe Bomb Threat: What We Know• Terror plot arrests reveal ‘more dangerous' online pathway to ISIS radicalization in America• Suspects charged in alleged Michigan Halloween terror plot eyed attack on Chicago Pride Parade: Docs • Racists are now openly targeting Indian Americans• Is left-wing terrorism returning? Quick Hits:• Blended Threats! Risky Biz News - German TV station hacked: A cyberattack has disrupted the broadcast of German radio station Radio Nordseewelle. Hardware components were damaged in the attack and had to be replaced. The broadcaster said it had to rebuild large parts of its IT network. The hack took place days after a similar incident crippled the transmission of Dutch radio and TV station RTV Noord. [Tarnkappe]

The conversation delves into the alarming use of AI in espionage, highlighting a recent incident reported by Anthropic where AI tools were manipulated to conduct attacks on various global organizations. The discussion emphasizes the unprecedented nature of these threats and the significant role AI plays in modern cybersecurity challenges. Article: Anthropic warns state-linked actor abused its AI tool in sophisticated espionage campaign https://www.cybersecuritydive.com/news/anthropic-state-actor-ai-tool-espionage/805550/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExZzBzVlFKcDRKVzZLbmJ1T3NydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIIY2FsbHNpdGUBMgABHmJQUhzPLTfnQg0GYwFyPg3ARvkAWiKL6IZtIWEV7q5MgjQsVfHp1nipJKaT_aem_go7RwNdHcqn4lzSWflfhPg Cybersecurity Firm Deepwatch Fires One Third of Workforce for AI https://tech.co/news/cybersecurity-firm-deepwatch-fires-dozens-ai?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExZzBzVlFKcDRKVzZLbmJ1T3NydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIIY2FsbHNpdGUBMgABHlqDES7fqv92ODvciJ7E84px4O4JeOl2PpO47KtKihhVmbzhiPDk8PyZAxoA_aem_DHggk6C_uwwg_PLLcB2MJg Congress extends CISA 2015, but path to long-term reauthorization remains murky https://federalnewsnetwork.com/cybersecurity/2025/11/congress-extends-cisa-2015-but-path-to-long-term-reauthorization-remains-murky/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExZzBzVlFKcDRKVzZLbmJ1T3NydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIIY2FsbHNpdGUBMgABHk3k0ov9AK_1lZTBc7E8RiizrqvKCOoBpJNHQGWLgFw3ShwOmrLF8KllX7ES_aem_s_EruEoddKOwdCRNUu7vCw Buy the guide: https://www.theothersideofthefirewall.com/ Please LISTEN

Aon's Brent Rieth discusses the ripple effects of the Cyber Information Security Act (CISA) not being renewed, warning that insurers now face a major data gap in assessing … Read More » The post EP. 109: The Future of Cyber Risk Without CISA: How Insurers and Businesses Can Adapt appeared first on Insurance Journal TV.

Aon's Brent Rieth discusses the ripple effects of the Cyber Information Security Act (CISA) not being renewed, warning that insurers now face a major data gap in assessing … Read More » The post EP. 109: The Future of Cyber Risk Without CISA: How Insurers and Businesses Can Adapt appeared first on Insurance Journal TV.

Cloudflare suffers a major outage. Google issues an emergency Chrome update. Logitech discloses a data breach. CISA plans a major hiring push. The House renews the State and Local Cybersecurity Grant Program. The GAO warns military personnel are oversharing online. Tech groups urge governments worldwide to reject proposals that weaken or bypass encryption. Australian authorities blame outdated software for the death of a telecom customer. An alleged Void Blizzard hacker faces extradition to the US. Our guest is Kevin Kennedy from ManTech discussing the future battlefield and the importance of integrating non-kinetic effects. AI meets the IRS. What could possibly go wrong? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by ⁠Kevin Kennedy⁠ from ⁠ManTech⁠ discussing the future battlefield and the importance of integrating non-kinetic effects. You can hear Kevin's full conversation here. Selected Reading Cloudflare outage causes error messages across the internet (The Guardian) Google releases emergency Chrome update to patch actively exploited vulnerability (Beyond Machines) Logitech discloses data breach after Clop claims (The Record) CISA, eyeing China, plans hiring spree to rebuild its depleted ranks (Cybersecurity Dive) Full renewal of state and local cyber grants program passes in House (The Record) Pentagon and soldiers let too many secrets slip on socials (The Register) Dozens of groups call for governments to protect encryption (CyberScoop) Australia's TPG Telecom links customer's death to outdated Samsung phone (Reuters) Alleged Void Blizzard hacker arrested in Thailand (SC Media) Intuit signs $100M+ deal with OpenAI to bring its apps to ChatGPT (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Institute of Internal Auditors Presents: All Things Internal Audit In this episode, IIA Quality Services advisors share firsthand experience conducting external quality assessments (EQAs) in alignment with The IIA's Global Internal Audit Standards. From the importance of governance structure and CAE engagement to navigating the Standards, this episode highlights what makes a high-performing audit function and where even seasoned teams can stumble. HOST: Warren Hersh, CIA, CISA, CPA, CFE Director IIA Quality Services   GUESTS: Susan Verghese, CIA, CISA Lead Quality Advisor for IIA Quality Services LLC Keith Kahl, CIA, CPA, CFE, CGMA, CRMA Kahl Professional Services LLC Lead Quality Advisor for IIA Quality Services LLC Hania Abrous-McCarthy, CIA, CPA, CRMA, CGMA, CFE Managing Director at Gladclif LLC Lead Advisor for IIA Quality Services LLC KEY POINTS: Introduction [00:00–00:00:56] Welcome to Tales from the EQA Trenches — Introducing The IIA's Quality Services team.  Common Challenges When Starting an EQA [00:01:07–00:05:36] Susan Verghese discusses why understanding governance structures is critical, how CAE attitudes impact assessment outcomes, and common improvement areas like charters, manuals, and assurance mapping. Governance and Leadership Support Make or Break Audit Quality [00:05:36–00:07:55] Keith Kahl contrasts two real-world audit functions—one struggling under limited support and another thriving with strong audit committee engagement and trust. Opportunities Under the New Global Standards [00:07:55–00:10:56] Hania Abrous-McCarthy highlights how the new Standards give CAEs a chance to reset their functions, refresh independence, and fine-tune internal audit's value proposition. Advice for Organizations Preparing for EQAs [00:10:56–00:11:59] Warren Hersh encourages teams to use the IIA's Standards Knowledge Center and Quality Services webpage for resources like the Conformance Readiness Tool and insights on QAIPs and topical requirements. Closing and Future Episodes [00:11:59–00:12:16] Warren previews more "Tales from the Trenches" stories coming soon from The IIA's Quality Services team. IIA RELATED CONTENT:  Interested in this topic? Visit the links below for more resources: 2025 RISE Virtual Conference Quality Services Standards Knowledge Center Conformance Readiness Assessment Tool Internal Audit QA Checklist Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer

CannCon and Ashe in America break down Ed Martin's explosive comprehensive pardon memo...a document they call one of the most important filings since the 2020 election. They walk through Martin's sweeping legal argument detailing years of election-law violations, unconstitutional rule changes, mass censorship, mail-in ballot failures, fraudulent registrations, chain-of-custody breaches, and the refusal of courts to hear evidence. The hosts trace how contingent electors operated within constitutional authority, how historical precedent supports their actions, and why prosecutions in Michigan, Georgia, Nevada, and Arizona are collapsing. They highlight Brad Raffensperger's revealing 2020 interview, the censorship regime driven by CISA and EIP, and the way lawfare was weaponized against attorneys, electors, whistleblowers, and everyday citizens. Packed with legal analysis, historical context, and fiery commentary, this episode lays out the full scope of election misconduct, and why accountability is finally coming into focus.

Presented by Material Security: We protect your company's most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices. Three Buddy Problem - Episode 72: We unpack Anthropic's conflicting self-promotion around the “first AI-orchestrated cyberattack” using Claude Code and the future of automated APT attacks. Plus, Chinese cyber vendor KnownSec falls victim to data breach, fresh accusations that the U.S. stole billions in Bitcoin, Amazon warning about Cisco/Citrix zero-days, Google's new Private AI Compute and Microsoft kernel zero-day marked as "actively exploited." Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

The bill that reopened the government also includes a temporary extension of a landmark cyber information law, the Cybersecurity Information Sharing Act of 2015 expired on October 1. Now it's in force again, at least until January 30. Federal News Network's Justin Doubleday joins me with more on what could be a complicated reauthorization path for CISA 2015. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Topic 1: Is there a valid reason for Bitcoin to exist? You can now use Venmo (a subsidiary of PayPal) to pay for your tacos at Taco Bell. This is just the latest addition (see Apple Pay and Google Pay). Cash App is available indirectly as a card through Apple Pay and Google Pay.E-payments are expanding all the time. We can move money to relatives via apps from banks and services like Venmo.So what role does Bitcoin play other than hiding assets and transactions from the government?https://www.tacobell.com/offers-and-deals?utm_source=venmo Topic 2: Will Cyber Security have to Be a Private Function?CMMC (Cybersecurity Maturity Model Certification) became “effective” November 10th. At this point, it's unclear whether there's any funding for compliance with the regulations.At the same time, CISA staff and funding have been slashed and it's not yet clear what funding will look like going forward.Is security, monitoring of foreign actors, and distribution of cyber security-related information and alerts now simply left to the private sector by default? While some vendors will see money in pieces of this puzzle, is there a financial incentive to create a comprehensive cyber security infrastructure that's not funded by the government? Topic 3: Innovation Outpaces Adoption … Creating a Roadblock for Growthhttps://www.linkedin.com/pulse/speed-innovation-outpacing-adoptionwho-you-gonna-call-geoffrey-moore-4kyef/https://www.linkedin.com/pulse/disruptive-innovationthe-game-changing-geoffrey-moore-cjhyc/The speed of technology innovation has accelerated. The speed of technology adoption has not. This creates a backlog of trapped value for customers and a growth obstacle for vendors. How can we solve this? It's all about partners getting involved to deliver implementation / adoption services for emerging / disruptive technologies. Not “selling stuff” … but enabling customers to adopt stuff and get real value from it. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

If you like what you hear, please subscribe, leave us a review and tell a friend!

The expiration of the Cybersecurity Information Sharing Act (CISA) on September 30, 2025, has resulted in a notable decline in U.S. cyber defense capabilities, with a reported drop of over 70% in the sharing of threat indicators. This lapse has created a legal and operational vacuum, leading to increased delays in alert dissemination and a rise in cyber threats, particularly in critical sectors such as healthcare and energy. Federal agencies and private companies are now hesitant to report incidents without the liability protections that CISA previously provided, resulting in a fragmented response to cyber threats.In response to the growing concerns over cybersecurity, the U.S. Congress has included a provision in the federal government shutdown legislation to extend CISA through the end of January 2026. This extension is crucial for facilitating the sharing of threat data between businesses and government agencies. Meanwhile, the Cybersecurity and Resilience Bill introduced in the UK mandates that medium and large IT management and cybersecurity service providers comply with minimum security standards, reflecting a shift towards greater accountability in protecting critical infrastructure.Additionally, Microsoft and 1Password are advancing passwordless technology, with Microsoft enabling the syncing of passkeys across devices and 1Password integrating a new native Passkeys plugin API for Windows 11. These developments aim to enhance user convenience and security, signaling a shift away from traditional password reliance. EasyDMARC has also launched Touchpoint, an AI-driven sales enablement tool for MSPs, while Enable has introduced a cyber warranty program offering financial protection for cyber incidents.For MSPs and IT service leaders, these developments underscore the importance of adapting to evolving cybersecurity regulations and technologies. The expiration of CISA highlights the need for private networks and MSPs to fill the intelligence gap left by government agencies. As compliance requirements tighten in the UK and the U.S., MSPs that can navigate these changes and assist clients in maintaining security and compliance will find significant opportunities in a rapidly changing landscape. Three things to know today00:00 U.S. Cyber Defense Falters as CISA Act Expires, Threat Sharing Plummets 70% Amid Budget Cuts04:35 Compliance Crossroads: New EU, UK, and U.S. Rules Reshape Data Protection and Cybersecurity for MSPs09:42 Vendors Push Simpler, Smarter Security: Microsoft Syncs Passkeys, N-able Adds Cyber Warranty, EasyDMARC Targets MSP Sales This is the Business of Tech.     Supported by:  https://getflexpoint.com/msp-radio/https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship

Lyceum's Cybersecurity Series Part 1: "What You Don't Know CAN Hurt You"   Welcome to Episode 30, Season 9 of A CEO's Virtual Mentor® In this opening installment of Lyceum's new Cybersecurity Series, A CEO's Virtual Mentor® convenes five board members and cybersecurity experts from the Lyceum Circle of Leaders® to confront one of the most elusive challenges in modern governance – understanding what you cannot see. As Stephen Hawking warned, "The greatest enemy of knowledge is not ignorance — it is the illusion of knowledge." That illusion, we learn, is the hidden trap of board cybersecurity oversight. Across four parts, our guests – Jorge Benitez, Brook Colangelo, Michael Crowe, Michael Kehs, and Wendy Thomas – illuminate how directors can move from passive awareness to active preparedness, transforming cybersecurity from a technical checklist into an enterprise discipline rooted in governance, visibility, and human judgment. The program examines why boards miss what matters most, how to see beneath the "hidden surface" of cyber risk, and how disciplined frameworks turn uncertainty into resilience. Through their collective insight, a new picture emerges: cybersecurity not as compliance, but as the continuous practice of foresight. Program Guide A CEO's Virtual Mentor® Episode 30 Lyceum's Cybersecurity Series Part 1: "What You Don't Know CAN Hurt You"   0:00 | Introduction Host Tom Linquist introduces Season 9 and Lyceum's special Cybersecurity Series — the first podcast project to draw on multiple members of the Lyceum Circle of Leaders®. He frames the series' purpose: to help boards confront cybersecurity not as a technical topic, but as a behavioral and governance issue — an invisible domain where the illusion of knowledge endangers oversight itself.   Part 1 — Why the Subject Is Important (4:00 – 16:30) Cybersecurity has evolved from a back-office function to a boardroom imperative. Jorge Benitez recalls establishing Accenture's early information-security practice and how cyber risk became a universal business concern. Mike Crowe contrasts threat motives across industries and stresses that "cybersecurity is everyone's responsibility." Brook Colangelo links cyber vigilance to corporate sustainability and shareholder trust. Michael Kehs reminds boards to get started early; that "by the time you hear the thunder, it's too late to build the ark." Wendy Thomas draws the parallel between today's need for cyber fluency and boards' earlier journey toward financial literacy.  Together, they establish the stakes: what boards don't know can — and will — hurt them.   Part 2 — Visibility (16:50 – 31:20) True oversight requires seeing what lies beneath the surface. Brook Colangelo describes forming a Technology and Cyber Committee and applying the NIST framework to benchmark maturity. Mike Crowe explains hiring "offensive" experts to test defenses before attackers do. Wendy Thomas introduces the streamlined Prevent–Detect–Respond (PDR) model, connecting it to board metrics such as mean time to detect and mean time to respond. She also warns that during crises, boards must remember: "There's no watching the game tape during the game." This segment translates technical language into governance visibility — turning blindness into inquiry.   Part 3 — Risk Management (31:36 – 39:50) Cybersecurity joins the top tier of every board's risk matrix. Mike Crowe situates cyber alongside geopolitical and climate risks. Tom Linquist introduces the "hidden surface problem" — the behavioral bias that limits directors to what is easily seen. Brook Colangelo reframes preparedness as competitive advantage: companies that prove digital trust win customers and revenue. Jorge Benitez observes that the most progressive boards now embed cyber within comprehensive risk frameworks, enabling all directors to engage.  This section bridges oversight and enterprise resilience, urging boards to govern the unseen.   Part 4 — Objectives of the Cybersecurity Series (40:18 – 44:58) The series concludes its first installment by looking ahead. Brook Colangelo highlights how global conflict and artificial intelligence have accelerated the pace and complexity of cyber risk. Wendy Thomas calls for a stronger community of boards that collectively raise the cost of attack. Jorge Benitez encourages continuous learning through peer forums such as the Lyceum Circle of Leaders®. Tom Linquist closes with an invitation to continue the series — a journey from illusion to insight, from defense to resilience.   Total Runtime: ≈ 45 minutes     We would like to express our special thanks to the clients of Lyceum Leadership Consulting that enable us to bring you this podcast.     Informative and Helpful Links   NIST's Cybersecurity Framework: https://www.nist.gov/cyberframework   CISA's Cybersecurity Incident & Vulnerability Response Playbooks: https://www.cisa.gov/sites/default/files/2024-08/Federal_Government_Cybersecurity_Incident_and_Vulnerability_Response_Playbooks_508C.pdf   Your host Thomas B. Linquist is the Founder and Managing Director of Lyceum Leadership Consulting and Lyceum Leadership Productions. Over his 25 years in management and leadership consulting he has served a wide array of corporate clients.  This includes leadership assessment and search for chief executive officers, chief financial officers, chief operating officers and directors of boards.  He holds an MBA from the University of Chicago and over his 35-year career has served in a variety of roles: as an engineer with Shell Oil Company, a banker with ABN AMRO Bank, and as treasurer was the youngest corporate officer in the 150+ year history at Peoples Energy Company in Chicago.  He is an expert on hiring and promotion decisions and leadership development.  Over the course of his search and advisory career, Tom has interviewed thousands of leaders and authored numerous articles exploring group decision-making under uncertainty, board effectiveness, and leadership development.   Join the Lyceum Circle of Leaders®  a community of forward-thinking leaders  dedicated to improving leadership through shared intelligence. Please spread the word among your fellow executives and board colleagues.   Program Disclaimer The only purpose of the podcast is to educate, inform and entertain. The information shared is based on the collection of experiences of each of the guests interviewed and should not be considered or substituted for professional advice. Guests who speak in this podcast express their own opinions, experience and conclusions, and neither The Leadership Lyceum LLC nor any company providing financial support endorses or opposes any particular content, recommendation or methodology discussed in this podcast. Follow Leadership Lyceum on: Our website: www.LeadershipLyceum.com LinkedIn: The Leadership Lyceum LLC Email us: info@LeadershipLyceum.com     This podcast Leadership Lyceum: A CEO's Virtual Mentor® has been a production of The Leadership Lyceum LLC. Copyright 2025. All rights reserved.

The Institute of Internal Auditors Presents: All Things Internal Audit In the episode, Jami Shine joins Colin May to expose the hidden risks behind payroll and overtime fraud, one of the most underestimated threats to organizational integrity. From toxic workplace cultures to "impossible days" and data-driven red flags, they uncover how emotional intelligence, analytics, and collaboration among internal audit, HR, and leadership can keep timekeeping honest and controls effective. HOST: Jami Shine, CIA, CRMA, CISA, CRISC,  Corporate and IT Audit Manager, QuikTrip    GUEST: Colin May, CFE Professor of Forensic Studies and Criminal Justice, Stevenson University KEY POINTS: Introduction [00:00–00:00:35] Why Payroll Fraud Is on the Rise [00:00:54–00:03:59] Emotional Intelligence in Auditing [00:04:29–00:07:33] Culture as the Root Cause [00:07:33–00:08:10] Real-World Overtime Fraud Cases [00:08:10–00:11:02] Policy Gaps and Long-Standing Practices [00:11:13–00:13:38] Management Oversight and Data Dashboards [00:13:52–00:16:14] Identifying High-Risk Areas [00:17:21–00:18:35] Technology's Role in Prevention [00:19:17–00:21:30] The Importance of Communication [00:21:01–00:23:30] Behavioral Insights and Control Design [00:25:05–00:27:20] Balancing Trust and Surveillance [00:27:20–00:30:00] Technology, AI, and Future Controls [00:30:00–00:31:18] Final Thoughts [00:31:46–00:32:25] IIA RELATED CONTENT:  Interested in this topic? Visit the links below for more resources: 2025 RISE Virtual Conference On the Frontlines: Auditing Overtime Fraud Online Exclusive: Fraud in Transit COSO Enterprise Risk Management Certificate Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer

CISA reauthorization  Denmark and Norway investigating electric bus "kill switches" European Commission looking to simplify privacy laws for AI Huge thanks to our sponsor, Vanta What's your 2 AM security worry?   Is it "Do I have the right controls in place?"   Or "Are my vendors secure?"   ....or the really scary one: "how do I get out from under these old tools and manual processes?   Enter Vanta.   Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit-ready—ALL…THE…TIME. With Vanta, you get everything you need to move faster, scale confidently—and get back to sleep.   Get started at vanta.com/headlines

Confused about when to let you teen girl have a TikTok account?  Is she old enough for an Instagram account? Are you frustrated by your teenage daughter's constant use of her phone? Today I have cybersecurity expert Tom Arnold on with some tips on keeping your teens safe from online predators and the conversations you can have with her.   Tom Arnold (CISSP, ISSMP, CISA, CFS, GCFE-Gold, GNFA, GWEB, GBFA) is a cybersecurity expert, digital forensics investigator, and educator. He lectures on digital forensics and incident response at San Jose State University and the University of Nevada, Las Vegas, where he is also helping to develop a new digital evidence and forensics degree program. A co-founder of Payment Software Company (PSC), now part of NCC Group, Arnold has led large-scale breach investigations—some involving more than 7,000 servers—and served as lead investigator in complex threat-hunting operations. He has testified before the U.S. Senate and House on cybersecurity legislation and sits on the steering committee for the Las Vegas branch of the USSS/Cyber Fraud Task Force. He also serves as Operations Manager at Cloud 10 Studios, a full-service animation studio that creates original series, long-form content, and commercial projects. His novel The Digital Detective: First Intervention was inspired by a real-life cybersecurity scare when Arnold's grandson was approached by a stranger on Roblox despite parental controls. That moment launched Arnold's mission to help families and schools recognize hidden online dangers—and to give kids the tools they need to stay safe in the digital world.   Are you looking for ways to communicate with your girl so she can start opening up to you? Do you want to understand why is it so hard to approach your girl? Are you stuck on how to approach your teenage daughter in conversation without her freaking out?   SIGN UP FOR TALK TO YOUR TEEN GIRL FRAMEWORK!!  A 6-WEEK JOURNEY TO SHIFT HOW YOU COMMUNICATE SO SHE CAN COME TO YOU!   You'll walk away with a deeper understanding the changes happening to your girl, Equipped in your new role as COACH in this teen stage, and establish better communication pathways to connect and grow closer with your daughter   Imagine if you and your daughter can finally have conversations at a level where she doesn't need to hide anything from you! Plus, you'll get to meet other mamas who are all in the same boat.... SIGN UP HERE!      You can find me here: Work with me:  www.talktyourteengirl.com Connect: hello@jeanniebaldomero.com Instagram:   https://www.instagram.com/raisingherconfidently Free mom support community: www.raisingherconfidently.com  

Cisco patches critical vulnerabilities in its Unified Contact Center Express (UCCX) software. CISA lays off 54 employees despite a federal court order halting workforce reductions. Gootloader malware returns. A South Korean telecom is accused of concealing a major malware breach. Russia's Sandworm launches multiple wiper attacks against Ukraine. China hands out death sentences to scam compound kingpins. My guest is Dr. Sasha O'Connell, Senior Director for Cybersecurity Programs at Aspen Digital. Meta's moral compass points to profit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dr. Sasha O'Connell, Senior Director for Cybersecurity Programs at Aspen Digital, joins us to preview her Caveat podcast interview about "10 Years of Cybersecurity Progress & What Comes Next." Listen to Sasha and Dave's full conversation on this week's Caveat episode.  Selected Reading Critical Cisco UCCX flaw lets attackers run commands as root (Bleeping Computer) CISA plans to fire 54 employees despite court injunction (Metacurity) CISA reports active exploitation of critical vulnerability in CentOS Web Panel (Beyond Machines) Gootloader malware is back with new tricks after 7-month break (Bleeping Computer) KT accused of concealing major malware infection, faces probe over customer data breach (The Korea Times) Sandworm hackers use data wipers to disrupt Ukraine's grain sector (Bleeping Computer) ⁠China sentences 5 Myanmar scam kingpins to death ⁠(The Record) ⁠“Hackers” rig elections to IAN executive committee⁠ (Mumbai News) Meta is earning a fortune on a deluge of fraudulent ads, documents show (Reuters) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Who said cybersecurity had to be serious? The future of cyber is creative, human, and even a little sexy. In this special 400th episode, Ron Eddings celebrates six incredible years of Hacker Valley Studio with one of cyber's most creative voices, Maria Velasquez, Co-Founder of the Cybersecurity Marketing Society and Co-Host of Breaking Through in Cybersecurity Marketing. Together, they discuss how bold storytelling, authentic community, and a touch of fun are reshaping the way we connect in cybersecurity. Maria opens up about turning burnout into purpose, building a 4,000-strong global movement, and why the next frontier in cyber might just be entertainment.   Impactful Moments: 00:00 - Introduction 02:00 - CISA layoffs and collaboration fragility 04:00 - Welcoming Maria Velasquez 06:00 - How loneliness sparked a global community 08:00 - Why collaboration fuels cybersecurity growth 10:00 - When cybersecurity marketing was “boring” 12:00 - The rise of creativity and brand power 14:00 - Story behind Torque's “Kill the S.O.A.R” campaign 15:00 - Making cybersecurity emotional and human 17:00 - Maria's advice for bold marketing leaders 18:00 - The next big thing: experiential marketing 20:00 - Inside Cyber Marketing Con 2025 24:00 - Final reflections on community and creativity 27:00 - Ron's takeaways: connection drives innovation Links: Connect with Maria on LinkedIn: https://www.linkedin.com/in/maria-vepa/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

In this urgent and eye-opening episode of Life of a CISO, Dr. Eric Cole dives into one of the most consequential moments in U.S. cybersecurity history: the expiration of the Information Sharing Act of 2015, which quietly lapsed the same day the government shut down. Dr. Cole explains how this coincidence has effectively cut off the flow of critical cyber threat intelligence between the U.S. government and private sector, leaving organizations blind to emerging attacks and operating at a major disadvantage. He breaks down the data-driven realities every CISO must communicate to their executive teams: The collapse of formal information sharing protections and the resulting liability risks for companies. The severe reduction of federal cybersecurity capacity, with 65% of CISA furloughed. The surge in cyberattacks from foreign adversaries exploiting U.S. vulnerability. Practical strategies for regaining the upper hand—reducing attack surfaces, deploying AI-based threat detection, and reassessing over-reliance on cloud providers following suspicious AWS and Microsoft outages. Dr. Cole urges CISOs to lead with data, not emotion, and to act decisively in this new era of "cyber wartime." Whether you're an executive or a security professional, this episode delivers the critical insights and strategic playbook you need to safeguard your organization when the nation's early warning system has gone dark.  

Google uncovers PROMPTFLUX malware CISA warns of CentOS Web Panel bug Threat group targets academics Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker

Send us a textRansomware doesn't wait for your change window, and neither do we. This episode takes you inside the decisions that matter when privileged accounts start hopping across systems, Exchange servers attract fresh exploits, and the clock is running on recovery. We open with the newest CISA guidance on Microsoft Exchange and translate it into moves you can apply today: enforce least privilege with a real PAM, choose stronger MFA than SMS, disable basic auth, and lock in transport protections that withstand downgrade tricks.From there, we get practical about TLS and HSTS. Rolling TLS everywhere sounds simple until certificates, ciphers, and legacy services push back. We map a staged path that starts with critical links, reduces misconfigurations, and grows coverage without breaking internal apps. HSTS then adds a policy backbone that reduces user error, blocks session hijacking, and tightens browser behavior, with clear notes on latency, preload lists, and subdomain scope.When incidents hit, priorities flip. We break down the right call when lateral movement continues during a ransomware event: disable privileged accounts and switch to preapproved emergency access. On evidence handling, we reinforce the nonnegotiable step for integrity—cryptographic hashing before and after imaging—plus secondary measures for custody and confidentiality. Disaster recovery gets the same scrutiny: meeting RTO while missing RPO means your backup cadence or replication policy failed, not your failover drill. We also cover immutable logs with WORM storage to prevent admin tampering and why emergency patches should be followed by a retrospective CAB review to keep governance intact after the fire is out.If you're preparing for the CISSP or sharpening day-to-day security operations, this session delivers clear, actionable guidance you can put to work immediately. Subscribe, share with your team, and leave a review to help more practitioners find these practical playbooks. What's the one control you'd implement tomorrow to cut lateral movement in half?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Live from #DCDVirginia 2025, Alexandra Bromson, Managing Director of Origination at Available Infrastructure, joins JSA TV to discuss the urgent need for national security-grade cyber protection for smart cities and digital infrastructure.In this discussion, Alexandra breaks down the serious risks of "AI Poisoning" where attackers corrupt AI models by feeding them bad data and how it can be used to cause serious risk to operations, safety and reputation.Learn how Available Infrastructure's SanQtum AI platform provides a defense, using a CISA-compliant zero trust architecture, NIST-approved quantum-resilient encryption, and a nationwide fleet of quantum-ready micro data centers to protect the future of AI. #CriticalInfrastructure #Cybersecurity #AIPoisoning

The government shutdown is now in week number four, which gives us a checkpoint to gauge the impacts so far and those to come for federal agency operations.Part one of this two-part episode sees Carten Cordell and Edward Graham, respectively managing editors at WT's partner publications Government Executive and NextgovFCW, join Nick and Ross to go over the shutdown from every angle.Carten and Ed detail what operations are still ongoing inside government, who is still working, the impacts of the shutdown and key checkpoints to watch out for ahead of the eventual reopening.Then in part two, Nick and Ross unpack the CEO transition at Science Applications International Corp. and put it into context against a market landscape that looks very different here in October versus what it was in January.Shutdown furloughs will permanently cost the economy at least $7 billion, CBO saysFederal employee groups want to reopen government. They disagree on howShutdown layoffs indefinitely blocked following new court injunctionRepublicans float paying some feds as Dems maintain shutdown approachHouse Dems demand furloughs end for nuclear security agencyTop cyber lawmaker wants answers on CISA workforce reductionsMultiple CISA divisions targeted in shutdown layoffs, people familiar sayInside Mission Daybreak: VA's effort to support innovative suicide preventionCyberCorps talent pipeline buckles under Trump hiring freezesSAIC parts ways with CEO Toni Townes-WhitleyLeonardo DRS CEO William Lynn to retire after 14-year run at the companyBooz Allen cuts more jobs, lowers outlook amid funding slowdownsFederal agencies may benefit from slower cloud adoption, Cloudera CEO saysDefense services companies face ‘structural issues' as tech disruptors surgeGSA lines up 118 more OASIS+ awardsTrump's ‘pincer maneuver' reshapes federal contracting landscape

CISA says cooperation between federal agencies and the private sector remains steady. Long-standing Linux kernel vulnerability in active ransomware campaigns confirmed. A Chinese-linked group targets diplomatic organizations in Hungary, Belgium, and other European nations. A government contractor breach exposes data of over 10 million Americans. Luxury fashion brands fall victim to impersonation scams. Phishing shifts from email to LinkedIn. Advocacy groups urge the FTC to block Meta from using chatbot interactions to target ads. A man pleads guilty to selling zero-days to the Russians. Emily Austin, Principal Security Researcher at Censys, discusses why nation state attackers continue targeting critical infrastructure. When M&S went offline, shoppers hit ‘Next'. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Emily Austin, Principal Security Researcher at Censys, as she discusses why nation state attackers continue targeting critical infrastructure. Selected Reading Cyber info sharing ‘holding steady' despite lapse in CISA 2015, official says (The Record) CISA: High-severity Linux flaw now exploited by ransomware gangs (Bleeping Computer) CISA and NSA share tips on securing Microsoft Exchange servers (Bleeping Computer) UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities (Arctic Wolf) More than 10 million impacted by breach of government contractor Conduent (The Record) Luxury Fashion Brands Face New Wave of Threats in Lead-up to 2025 Holiday Shopping Season (BforeAI) LinkedIn phishing targets finance execs with fake board invites (Bleeping Computer) Coalition calls on FTC to block Meta from using chatbot interactions to target ads, personalize content (The Record) Ex-L3Harris exec pleads guilty to selling zero-day exploits to Russian broker (CyberScoop) Business rival credits cyberattack on M&S for boosting profits (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Drawing from his extensive government and private sector experience, Jeff Greene, former Assistant Executive Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), former Chief of Cyber Response and Policy on the National Security Council, Distinguished Fellow at the Aspen Institute and Founder of Salty Coffee Consulting, explored how public-private partnerships strengthen critical infrastructure protection, highlighted emerging threat actors, discussed the latest cybercrime tactics and shared practical strategies businesses can implement to enhance their cyber resilience. Check out the conversation to gain actionable insights from a seasoned expert who has helped shape national cybersecurity policy and learn how to better protect your organization in an increasingly complex digital environment.Watch the original Wednesdays with Woodward® webinar: https://institute.travelers.com/webinar-series/symposia-series/global-cyber-resilience.  ---Visit the Travelers Institute® website: http://travelersinstitute.org/.Join the Travelers Institute® email list: https://travl.rs/488XJZM.Subscribe to the Travelers Institute® Podcast newsletter on LinkedIn: https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7328774828839100417.Connect with Travelers Institute® President Joan Woodward on LinkedIn: https://www.linkedin.com/in/joan-kois-woodward/.

Explosions rock a shuttered Myanmar cybercrime hub. The Aisuru botnet shifts from DDoS to residential proxies. Dentsu confirms data theft at Merkle. Boston bans biometrics. Proton restores journalists' email accounts after backlash. Memento labs admits Dante spyware is theirs. Australia accuses Microsoft of improperly forcing users into AI upgrades. CISA warns of active exploitation targeting manufacturing management software. A covert cyberattack during Trump's first term disabled Venezuela's intelligence network. Our guest is Ben Seri, Co-Founder and CTO of Zafran, discussing the trend of AI native attacks. New glasses deliver fashionable paranoia. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Ben Seri, Co-Founder and CTO of Zafran, discussing the trend of AI native attacks and how defenders should use AI to defend and remediate. Selected Reading Stragglers from Myanmar scam center raided by army cross into Thailand as buildings are blown up (AP News) Aisuru Botnet Shifts from DDoS to Residential Proxies (Krebs on Security) Advertising giant Dentsu reports data breach at subsidiary Merkle (Bleeping Computer) Boston Police Can No Longer Use Facial Recognition Software (Built in Boston) Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency (The Intercept) CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware (TechCrunch) Australia sues Microsoft for forcing Copilot AI onto Office 365 customers (Pivot to AI) CISA warns of actively exploited flaws in Dassault DELMIA Apriso manufacturing software (Beyond Machines) CIA cyberattacks targeting the Maduro regime didn't satisfy Trump in his first term. Now the US is flexing its military might (CNN Politics) Zenni's Anti-Facial Recognition Glasses are Eyewear for Our Paranoid Age (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A breach at the Kansas City National Security Campus (KCNSC), a facility responsible for manufacturing roughly 80% of the non-nuclear components for U.S. nuclear weapons, was enabled by two critical Microsoft SharePoint vulnerabilities.COLDRIVER, a Russian state-sponsored group also tracked as UNC4057, Callisto, or Star Blizzard, has shifted rapidly toward new malware development following the public exposure of its previous malware, LOSTKEYS, in May 2025.CISA has officially added three newly exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, urging swift remediation efforts across federal environments. Newer article link.Amazon Web Services (AWS) experienced a major outage on October 20th that impacted thousands of applications globally, disrupting operations for companies and end-users alike.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

A former defense contractor is charged with attempting to sell trade secrets to Russia. Researchers uncover critical vulnerabilities in TP-Link routers. Microsoft patches a critical Windows Server Update Service flaw. CISA issues eight new ICS advisories. “Shadow Escape” targets LLMs database connections. Halloween-themed scams spike. Our guest is Chris Inglis, first National Cyber Director, speaking on cybercrime and the upcoming documentary on cyber war, "Midnight in the War Room". WhatsApp's missing million-dollar exploit.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Inglis, first National Cyber Director, speaking on cybercrime and the upcoming documentary on cyber war, "Midnight in the War Room" presented by Semperis. Learn more and check out the trailer. Selected Reading Hacking Lab Boss Charged with Seeking to Sell Secrets (Bloomberg) Dark Covenant 3.0: Controlled Impunity and Russia's Cybercriminals (Recorded Future) New TP-Link Router Vulnerabilities: A Primer on Rooting Routers (Forescout) Windows Server emergency patches fix WSUS bug with PoC exploit (Bleeping Computer) CISA Releases Eight Industrial Control Systems Advisories (CISA) Cyberattack on Russia's food safety agency reportedly disrupts product shipments (The Record) Shadow Escape 0-Click Attack in AI Assistants Puts Trillions of Records at Risk (Hackread) Trick or Treat: Bitdefender Labs Uncovers Halloween Scams Flooding Inboxes and Feeds (Bitdefender) Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta (SecurityWeek) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of This Week in AML, Elliot Berman and John Byrne dive into a packed agenda of financial crime compliance developments across the U.S., Canada, and Europe. They discuss the newly introduced bipartisan Senate bill proposing changes to SAR and CTR reporting thresholds, the troubling budget cuts at CISA, and New York's latest cybersecurity guidance. The conversation also explores open banking debates, TRM Labs' crypto adoption report, and Fed Governor Michael Barr's remarks on stablecoins. Internationally, they cover Canada's record-setting penalty against Xeltox Enterprises and the UK's AML supervisory overhaul.

CISA warns a Windows SMB privilege escalation flaw is under Active exploitation. Microsoft issues an out of band fix for a WinRE USB input failure. Nation state hackers had long term access to F5. Envoy Air confirms it was hit by the zero-day in Oracle's E-Business Suite. A nonprofit hospital system in Massachusetts suffers a cyberattack. Russian's COLDRiver group rapidly retools its malware arsenal. GlassWorm malware hides malicious logic with invisible Unicode characters. European authorities dismantle a large-scale Latvian SIM farm operation. Myanmar's military raids a notorious cybercrime hub. Josh Kamdjou, from Sublime Security discusses how teams should get ahead of Scattered Spider's next move. Eagle Scouts are soaring into cyberspace. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Josh Kamdjou, CEO and co-founder of Sublime Security and former DOD white hat hacker, is discussing how teams should get ahead of Scattered Spider's next move. Selected Reading CISA warns of active exploitation of Windows SMB privilege escalation flaw (Beyond Machines) Windows 11 KB5070773 emergency update fixes Windows Recovery issues (Bleeping Computer) Hackers Had Been Lurking in Cyber Firm F5 Systems Since 2023 (Bloomberg) Envoy Air (American Airlines) Confirms Oracle EBS 0-Day Breach Linked to Cl0p (Hackread) Cyberattack Disrupts Services at 2 Massachusetts Hospitals (BankInfo Security) Russian Coldriver Hackers Deploy New ‘NoRobot' Malware (Infosecurity Magazine) Self-spreading GlassWorm malware hits OpenVSX, VS Code registries (Bleeping Computer) Police Shutter SIM Farm Provider in Latvia, Bust 7 Suspects (Data Breach Today) Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People (SecurityWeek) Scouts will now be able to earn badges in AI and cybersecurity (CNN Business) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fortra confirms an exploitation of the maximum-severity GoAnywhere flaw. Harvard investigates a claim of a breach. Banking Trojan targets Brazilian WhatsApp users. Reduction-in-force hits CISA. SimonMed says 1.2 million hit by Medusa ransomware. Netherlands invokes the Goods Availability Act against a Chinese company. We have our Business Breakdown. On today's Industry Voices, we are joined by Mickey Bresman sharing insights on hybrid identity security. And, beware of the shuffler. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Mickey Bresman, Semperis CEO, sharing insights on hybrid identity security and their HIP Conference. Mickey joined us as their 2025 Hybrid Identity Protection (HIP) Conference wrapped up.  If you want to hear the full conversation, you can tune in here. Selected Reading Fortra cops to exploitation of GoAnywhere file-transfer service defect (CyberScoop) Harvard Investigating Security Breach After Cybercrime Group Threatens To Release Stolen Data (The Crimson) WhatsApp Worm Targets Brazilian Banking Customers (Sophos News)  Government Shutdown Fallout: RIF Notices Hit CISA as Cyber Threats Rise (ClearanceJobs) SimonMed says 1.2 million patients impacted in January data breach (Bleeping Computer)  Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia (The Record) UK fines 4chan over noncompliance with Online Safety Act (The Record)   Synechron acquires RapDev, Calitii, and Waivgen. (N2K Pro Business Briefing)   Hackers Rig Casino Card-Shuffling Machines for ‘Full Control' Cheating (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices