Podcasts about cvss

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20August%202025%20Patch%20Tuesday/32192 https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/ libarchive Vulnerability A libarchive vulnerability patched in June was upgraded from a low CVSS score to a critical one. Libarchive is used by compression software across various operating systems, making this a difficult vulnerability to patch https://www.freebsd.org/security/advisories/FreeBSD-SA-25:07.libarchive.asc Adobe Patches Adobe released patches for 13 different products. https://helpx.adobe.com/security/Home.html

The often-overlooked truth in cybersecurity: Seeing the Unseen in Vulnerability ManagementIn this episode, Sean Martin speaks with HD Moore, Founder and CEO of RunZero, about the often-overlooked truth in cybersecurity: the greatest risks are usually the things you don't know exist in your environment.Moore's career has spanned decades of penetration testing, tool creation, and product development, including leading the creation of Metasploit. That background shapes his approach at RunZero—applying attacker-grade discovery techniques to uncover devices, networks, and vulnerabilities that traditional tools miss. Why Discovery Matters MostThrough repeated penetration tests for high-security organizations, Moore observed a consistent pattern: breaches rarely occurred because defenders ignored known issues, but rather because attackers exploited unknown assets. These unknowns often bypassed mitigation strategies simply because they weren't on the organization's radar. Beyond CVEsMoore emphasizes that an overreliance on CVE lists leaves organizations blind to real-world risks. Many breaches stem from misconfigurations, weak credentials, or overlooked systems—problems that can be exploited within days of a vulnerability being announced. The answer, he says, is to focus on exposure and attack paths in real time, not just lists of patchable flaws. Revealing the GapsRunZero's approach often doubles the asset count organizations believe they have, uncovering systems outside existing scanning or endpoint management coverage. By leveraging unauthenticated discovery techniques, they detect exploitable conditions from an attacker's perspective—identifying forgotten hardware, outdated firmware, and network segmentation issues that open dangerous pathways. Changing the GameThis depth of discovery enables security teams to prioritize the small subset of issues that pose the highest business risk, rather than drowning in thousands of low-impact findings. It also helps organizations rebuild their security programs from the ground up—ensuring that every device is accounted for, properly segmented, and monitored. Collaboration and CommunityMoore also shares his ongoing contributions to open source through Project Discovery, integrating and enhancing tools like the nuclei scanner to accelerate vulnerability detection for everyone—not just paying customers. The message is clear: if you want to close the gaps, you first need to know exactly where they are—and that requires a new level of visibility most teams have never had.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

How do SOC teams stop threats before they become breaches? In this power-packed episode of our SOC Analyst Essentials series, we uncover the triad every analyst must master: log analysis, vulnerability detection, and threat intelligence. From detecting anomalies in log files to prioritizing high-risk vulnerabilities and leveraging real-world threat intel, this episode dives deep into the day-to-day tools and tactics of top-tier SOC analysts.

Parce que… c'est l'épisode 0x615! Shameless plug 12 au 17 octobre 2025 - Objective by the sea v8 10 au 12 novembre 2025 - IAQ - Le Rendez-vous IA Québec 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2065 Description Dans ce podcast approfondi, Charles Hamilton partage sa vision du red teaming moderne et de l'évolution de l'écosystème cybersécurité. L'échange révèle les complexités d'un marché en constante mutation et les défis qui touchent tant les professionnels que les organisations. Le paradoxe du red teaming moderne Hamilton souligne un phénomène fascinant : les red teamers ciblent principalement des entreprises matures en sécurité, créant un écart croissant avec la réalité des attaques criminelles. Cette sophistication forcée des équipes rouges s'explique par la nécessité de contourner des solutions de sécurité avancées pour accomplir leurs missions d'évaluation. Paradoxalement, cette expertise finit par être publique et influence les techniques des vrais attaquants, créant un cycle où les défenseurs doivent constamment s'adapter. Les véritables cybercriminels, quant à eux, privilégient l'opportunisme au détriment de la sophistication. Ils concentrent leurs efforts sur des cibles plus vulnérables, rendant leurs techniques souvent moins raffinées mais plus pragmatiques. Cette approche business-oriented explique pourquoi on retrouve encore des outils anciens comme Mimikatz dans les incidents réels, alors que les red teamers développent des techniques d'évasion complexes. L'écart entre recherche et réalité opérationnelle L'expérience d'Hamilton illustre comment les innovations du red teaming finissent par être récupérées par les attaquants réels. Il raconte l'anecdote d'un code qu'il avait publié il y a plus de dix ans et qui fut récemment réutilisé par un groupe d'attaquants, devenant soudainement une “nouvelle backdoor” aux yeux des analystes. Cette récupération démontre que les criminels puisent largement dans les ressources publiques plutôt que de développer leurs propres innovations. Cette dynamique soulève des questions importantes sur l'équilibre entre le partage de connaissances défensives et les risques d'armement involontaire des attaquants. Hamilton défend néanmoins la publication de recherches, arguant que ces techniques finiraient par être découvertes de toute façon, et que leur divulgation permet aux défenseurs de mieux se préparer. La sophistication technique face à l'efficacité pratique Un point central de la discussion concerne l'appréciation des outils techniques. Hamilton insiste sur l'importance de comprendre la complexité sous-jacente d'outils comme Mimikatz, développé par Benjamin Delpy. Cet outil, souvent perçu comme “simple” par les utilisateurs, représente en réalité des centaines d'heures de recherche sur les structures internes de Windows. Cette incompréhension de la sophistication technique conduit à une sous-estimation de la valeur des outils et des compétences nécessaires pour les développer. Il établit un parallèle avec Metasploit, framework qui a démocratisé l'exploitation de vulnérabilités. Beaucoup d'utilisateurs peuvent lancer un exploit sans comprendre sa mécanique interne, comme l'exemple historique de MS08-067, exploitation particulièrement complexe impliquant des services RPC, des buffer overflows et des techniques de contournement de protections mémoire. La collaboration entre équipes rouges et bleues Hamilton prône une approche collaborative à travers les “Detection Capability Assessment”, exercices où red teamers et blue teamers travaillent ensemble. Ces sessions permettent aux défenseurs de voir les techniques en action et de développer des règles de détection appropriées. Cette collaboration bidirectionnelle enrichit les deux parties : les red teamers comprennent mieux les traces qu'ils laissent, tandis que les blue teamers apprennent à identifier des indicateurs subtils. Cette approche collaborative reste malheureusement rare, particulièrement au Québec où les budgets cybersécurité sont plus limités. Le recours massif aux services managés crée également une opacité problématique, où l'intelligence de détection développée reste propriété du fournisseur plutôt que de l'organisation cliente. Les défis de la détection moderne La conversation aborde la transition des signatures antivirales vers la télémétrie moderne. Cette évolution, bien que techniquement supérieure, reste mal comprise par de nombreux professionnels. La télémétrie génère d'importants volumes de données qui nécessitent une analyse contextuelle sophistiquée pour identifier les activités malicieuses. Hamilton illustre ce défi avec l'exemple d'un utilisateur non-technique exécutant soudainement PowerShell et effectuant des requêtes LDAP. Individuellement, ces actions peuvent sembler bénignes, mais leur combinaison et le contexte utilisateur révèlent une activité suspecte typique d'outils comme BloodHound. Cette contextualisation reste difficile à automatiser et nécessite une compréhension fine de l'environnement organisationnel. Critique des métriques de vulnérabilité L'expert critique vivement l'utilisation systématique du système CVSS pour évaluer les risques. Dans le contexte du red teaming, une vulnérabilité “low” selon CVSS peut devenir critique si elle constitue le maillon manquant d'une chaîne d'attaque vers des actifs sensibles. Cette approche contextuelle du risque contraste avec les évaluations standardisées des tests d'intrusion traditionnels. L'exemple de Log4J illustre parfaitement cette problématique. Plutôt que de paniquer et patcher massivement, une compréhension du vecteur d'attaque aurait permis de mitiger le risque par des mesures réseau, évitant le stress des équipes pendant les vacances de Noël. L'industrie de la cybersécurité et ses travers Hamilton observe une tendance préoccupante vers la sur-médiatisation et le marketing dans la cybersécurité. Les vulnérabilités reçoivent des noms accrocheurs et des logos, les groupes d'attaquants sont “glorifiés” avec des noms évocateurs et des représentations heroïques. Cette approche marketing dilue les vrais messages techniques et crée une confusion entre communication et substance. Il dénonce également la prolifération de contenu généré par IA sur les plateformes professionnelles, particulièrement LinkedIn, qui noie les discussions techniques pertinentes sous un flot de contenu vide mais bien formaté. Cette tendance marginalise les voix techniques expertes au profit de “cyber-influenceurs” qui recyclent des concepts obsolètes. Formation et transmission des connaissances Malgré ces défis, Hamilton continue de former la prochaine génération de professionnels. Il insiste sur l'importance de comprendre les fondamentaux plutôt que d'utiliser aveuglément des outils. Cette philosophie éducative vise à créer des professionnels capables d'adaptation et d'innovation plutôt que de simples utilisateurs d'outils. Il encourage également la publication de blogs techniques, même sur des sujets déjà connus, comme moyen de développer les compétences de communication essentielles dans le domaine. La capacité à documenter et expliquer son travail s'avère aussi importante que l'expertise technique elle-même. Vers une industrie plus collaborative La conversation se conclut sur un appel à plus de collaboration et moins de compétition stérile dans l'industrie. Hamilton plaide pour des échanges constructifs entre professionnels techniques et dirigeants, entre red teamers et blue teamers, entre chercheurs et praticiens. Cette vision d'une communauté unie contraste avec la réalité actuelle d'écosystèmes cloisonnés qui peinent à communiquer efficacement. Il partage son expérience personnelle des critiques et de la toxicité parfois présente dans la communauté cybersécurité, tout en réaffirmant son engagement à partager ses connaissances et à contribuer à l'évolution positive du domaine. Son parcours, depuis les débuts dans les années 2000 jusqu'à aujourd'hui, témoigne de l'évolution rapide du secteur et de l'importance de l'adaptation continue. Cette riche discussion révèle les multiples facettes d'un domaine en constante évolution, où l'équilibre entre technique et communication, entre offensive et défensive, entre innovation et pragmatisme, définit l'efficacité des approches sécuritaires modernes. Collaborateurs Charles F. Hamilton Crédits Montage par Intrasecure inc Locaux réels par Northsec

“It's got a [vulnerability] score of a 9.8, and this is on a scale of 10 and I've really never seen 10. So 9.8 is basically just as bad as it gets.”This episode is inspired by an ongoing global cybersecurity incident. In mid‑July attackers began actively exploiting Microsoft SharePoint vulnerabilities in what's now known as the “ToolShell” exploit chain.This flaw is classified as a remote code execution vulnerability with an extremely high CVSS (Common Vulnerability Scoring System ) score of 9.8, making it highly dangerous.Featuring Tyler Moffitt, Senior Security Analyst at OpenText Cybersecurity, the episode explores the severity of this 9.8 CVSS score vulnerability and its impact on organizations that haven't applied the necessary patches. Learn about the attack kill chain, what makes this flaw so dangerous, and practical steps to safeguard your systems. Patch immediately, audit your access logs, and stay ahead of the threat. CSA Advisory:https://www.csa.gov.sg/alerts-and-advisories/advisories/ad-2025-016Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

Aram Hovsepyan joins the podcast today to chat about the misconceptions behind common security metrics. Aram tells us how total vulnerability counts and CVSS scores can be misleading and he introduces us to the Goal Question Metric framework, this framework is a better approach to building truly effective security dashboards. Learn about the critical qualities of good metrics and how to ensure that your metrics accurately reflect your organization's security posture and readiness. Also, discover overlooked metrics that could offer deeper insights into your application security.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Podcast: Critical Assets PodcastEpisode: Vulnerability Overload: Making Prioritization Work in the Real WorldPub date: 2025-07-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Patrick Miller speaks with Kylie McClanahan, CTO at Bastazo, about the practical (and often messy) realities of patch and vulnerability management in operational technology (OT) environments. Kylie shares grounded insights into patching challenges, the gaps between IT and OT remediation cycles, and the real-world implications of relying too heavily on scoring systems like CVSS.The conversation covers CISA's Known Exploited Vulnerabilities (KEV) catalog, exploring how it's being used (and possibly misused) in prioritization workflows, and where the disconnects lie between policy directives and operational feasibility. Kylie also critiques the current state of vendor responsiveness, machine-readable vulnerability disclosure (CSAF), and the importance of asset and exposure awareness.This episode is essential listening for practitioners wrestling with patching fatigue, program prioritization, and the tradeoffs between theoretical vulnerability data and applied security outcomes in critical infrastructure environments.Links:CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilitiesCISA vulnrichment: https://github.com/cisagov/vulnrichmentVulnrichment, Year One: https://www.youtube.com/watch?v=g5pSVMnWD7kCISA SSVC: https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvcCarnegie Mellon SSVC: https://certcc.github.io/SSVC/CSAF: https://www.csaf.io/VulnCheck KEV: https://vulncheck.com/kevKylie McLanahan on LinkedIn: https://www.linkedin.com/in/kyliemcclanahan/Bastazo: https://bastazo.comThe podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Hiding Payloads in Linux Extended File Attributes Xavier today looked at ways to hide payloads on Linux, similar to how alternate data streams are used on Windows. Turns out that extended file attributes do the trick, and he presents some scripts to either hide data or find hidden data. https://isc.sans.edu/diary/Hiding%20Payloads%20in%20Linux%20Extended%20File%20Attributes/32116 Cisco Patches Critical Identity Services Engine Flaw CVE-2025-20281, CVE-2025-20337, CVE-2025-20282 An unauthenticated user may execute arbitrary code as root across the network due to improperly validated data in Cisco s Identity Services Engine. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 Oracle Critical Patch Update Oracle patched 309 flaws across 111 products. 9 of these vulnerabilities have a critical CVSS score of 9.0 or higher. https://www.oracle.com/security-alerts/cpujul2025.html Broadcom releases VMware Updates Broadcom fixed a number of vulnerabilities for ESXi, Workstation, Fusion, and Tools. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

In the security news: The train is leaving the station, or is it? The hypervisor will protect you, maybe The best thing about Flippers are the clones Also, the Flipper Zero as an interrogation tool Threats are commercial and open-source Who is still down with FTP? AI bug hunters Firmware for Russian drones Merging Android and ChromOS Protecting your assets with CVSS? Patch Citrixbleed 2 Rowhammer comes to NVIDIA GPUs I hear Microsoft hires Chinese spies Gigabyte motherboards and UEFI vulnerabilities McDonald's AI hiring bot: you want some PII with that? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-883

In the security news: The train is leaving the station, or is it? The hypervisor will protect you, maybe The best thing about Flippers are the clones Also, the Flipper Zero as an interrogation tool Threats are commercial and open-source Who is still down with FTP? AI bug hunters Firmware for Russian drones Merging Android and ChromOS Protecting your assets with CVSS? Patch Citrixbleed 2 Rowhammer comes to NVIDIA GPUs I hear Microsoft hires Chinese spies Gigabyte motherboards and UEFI vulnerabilities McDonald's AI hiring bot: you want some PII with that? Show Notes: https://securityweekly.com/psw-883

In the security news: The train is leaving the station, or is it? The hypervisor will protect you, maybe The best thing about Flippers are the clones Also, the Flipper Zero as an interrogation tool Threats are commercial and open-source Who is still down with FTP? AI bug hunters Firmware for Russian drones Merging Android and ChromOS Protecting your assets with CVSS? Patch Citrixbleed 2 Rowhammer comes to NVIDIA GPUs I hear Microsoft hires Chinese spies Gigabyte motherboards and UEFI vulnerabilities McDonald's AI hiring bot: you want some PII with that? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-883

In the security news: The train is leaving the station, or is it? The hypervisor will protect you, maybe The best thing about Flippers are the clones Also, the Flipper Zero as an interrogation tool Threats are commercial and open-source Who is still down with FTP? AI bug hunters Firmware for Russian drones Merging Android and ChromOS Protecting your assets with CVSS? Patch Citrixbleed 2 Rowhammer comes to NVIDIA GPUs I hear Microsoft hires Chinese spies Gigabyte motherboards and UEFI vulnerabilities McDonald's AI hiring bot: you want some PII with that? Show Notes: https://securityweekly.com/psw-883

　Cloudbase株式会社は7月29日に、ウェビナー「"脱CVSS依存！" セキュリティ担当者なら知っておくべきSBOMと脆弱性管理の本質」を開催すると発表した。

With @cktricky out on a grand tour across the country (or just unable to record for the day), @sethlaw succumbs to the dark side to give @lojikil a platform to talk about recent developments in the application security world. Specifically, a discussion on vulnerability data and scoring mechanisms, including CVE, CVSS, CWSS, and other acronyms. Wraps up with a longer discussion on the use of AI across multiple disciplines and provenance of AI Slop.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Over an eight-month period beginning in July of last year, China-backed threat actors carried out a coordinated campaign that included attempts to breach cybersecurity vendor SentinelOne.CISA has added two newly confirmed exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild.OpenAI has banned ChatGPT accounts linked to state-sponsored threat actors, including groups affiliated with governments in China, Russia, North Korea, Iran, and others.A critical vulnerability in Wazuh Server, CVE-2025-24016 (CVSS 9.9), is being actively exploited by threat actors to deliver multiple Mirai botnet variants for distributed denial-of-service (DDoS) operations.

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

Security teams often rely on scoring systems like Common Vulnerability Scoring System (CVSS), Exploit Prediction Scoring System (EPSS), and Stakeholder-Specific Vulnerability Categorization (SSVC) to make sense of vulnerability data—but these frameworks don't always deliver the clarity needed to act. In this episode, Tod Beardsley, Vice President of Security Research at runZero, joins host Sean Martin at InfoSec Europe 2025 to challenge how organizations use these scoring systems and to explain why context is everything when it comes to exposure management.Beardsley shares his experience navigating the limitations of vulnerability scoring. He explains why common outputs—like a CVSS score of 7.8—often leave teams with too many “priorities,” forcing them into ineffective, binary patch-or-don't-patch decisions. By contrast, he highlights the real value in understanding factors like access vectors and environmental fit, which help security teams focus on what's relevant to their specific networks and business-critical systems.The conversation also explores SSVC's ability to drive action through decision-tree logic rather than abstract scores, enabling defenders to justify priorities to leadership based on mission impact. This context-centric approach requires a deep understanding of both the asset and its role in the business—something Beardsley notes can be hard to achieve without support.That's where runZero steps in. Beardsley outlines how the platform identifies unmanaged or forgotten devices—including IoT, legacy systems, and third-party gear—without needing credentials or agents. From uncovering multi-homed light bulbs that straddle segmented networks to scanning for default passwords and misconfigurations, RunZero shines a light into the forgotten corners of corporate infrastructure.The episode closes with a look at merger and acquisition use cases, where runZero helps acquiring companies understand the actual tech debt and exposure risk in the environments they're buying. As Beardsley puts it, the goal is simple: give defenders the visibility and context they need to act now—not after something breaks.Whether you're tracking vulnerabilities, uncovering shadow assets, or preparing for your next acquisition, this episode invites you to rethink what visibility really means—and how you can stop chasing scores and start reducing risk.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: Tod Beardsley, Vice President of Security Research at runZero | On Linkedin: https://www.linkedin.com/in/todb/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, tod beardsley, runzero, exposure, vulnerability, asset, risk, ssdc, cvss, iot, brand story, brand marketing, marketing podcast, brand story podcast

Forecast = Stormy with a chance of TikTok malware showers—exploit scoring systems hot, but patch management outlook remains partly cloudy. Welcome to Storm⚡️Watch! In this episode, we're diving into the current state of cyber weather with a mix of news, analysis, and practical insights. This week, we tackle a fundamental question: are all exploit scoring systems bad, or are some actually useful? We break down the major frameworks: **CVSS (Common Vulnerability Scoring System):** The industry standard for assessing vulnerability severity, CVSS uses base, temporal, and environmental metrics to give a comprehensive score. It's widely used but has limitations—especially since it doesn't always reflect real-world exploitability. **Coalition Exploit Scoring System (ESS):** This system uses AI and large language models to predict the likelihood that a CVE will be exploited in the wild. ESS goes beyond technical severity, focusing on exploit availability and usage probabilities, helping organizations prioritize patching with better accuracy than CVSS alone. **EPSS (Exploit Prediction Scoring System):** EPSS is a data-driven approach that estimates the probability of a vulnerability being exploited, using real-world data from honeypots, IDS/IPS, and more. It updates daily and helps teams focus on the most urgent risks. **VEDAS (Vulnerability & Exploit Data Aggregation System):** VEDAS aggregates data from over 50 sources and clusters vulnerabilities, providing a score based on exploit prevalence and maturity. It's designed to help teams understand which vulnerabilities are most likely to be actively exploited. **LEV/LEV2 (Likely Exploited Vulnerabilities):** Proposed by NIST, this metric uses historical EPSS data to probabilistically assess exploitation, helping organizations identify high-risk vulnerabilities that might otherwise be missed. **CVSS BT:** This project enriches CVSS scores with real-world threat intelligence, including data from CISA KEV, ExploitDB, and more. It's designed to help organizations make better patching decisions by adding context about exploitability. Next, we turn our attention to a troubling trend: malware distribution via TikTok. Attackers are using AI-generated videos, disguised as helpful software activation tutorials, to trick users into running malicious PowerShell commands. This “ClickFix” technique has already reached nearly half a million views. The malware, including Vidar and StealC, runs entirely in memory, bypassing traditional security tools and targeting credentials, wallets, and financial data. State-sponsored groups from Iran, North Korea, and Russia have adopted these tactics, making it a global concern. For employees, the takeaway is clear: never run PowerShell commands from video tutorials, and always report suspicious requests to IT. For IT teams, consider disabling the Windows+R shortcut for standard users, restrict PowerShell execution, and update security awareness training to include social media threats. We also highlight the latest from Censys, VulnCheck, runZero, and GreyNoise—industry leaders providing cutting-edge research and tools for vulnerability management and threat intelligence. Don't miss GreyNoise's upcoming webinar on resurgent vulnerabilities and their impact on organizational security. And that's a wrap for this episode! We will be taking a short break from Storm Watch for the summer. We look forward to bringing more episodes to you in the fall! Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Mostly cloudy with a chance of rogue SSH access—keep your patches up to avoid a phishy forecast! Welcome to Storm⚡️Watch, where we unpack the latest in cybersecurity threats, research, and the tools that keep the digital world safe. In this episode, we invite GreyNoise Security Architect and researcher Matthew Remacle (a.k.a., Remy) to kick things off with a deep dive into a fascinating and highly sophisticated botnet campaign targeting ASUS routers—a story that starts with a little help from machine learning and ends with some hard lessons for defenders everywhere. GreyNoise researchers spotted this campaign using SIFT, their AI-powered network traffic analyzer, which sifted through more than 23 billion network entries and managed to flag just 30 suspicious payloads targeting ASUS routers. What made this botnet stand out was its surgical precision and stealth—far from the usual noisy, attention-grabbing attacks. The attackers knew exactly what they were doing, focusing on disabling TrendMicro security features embedded in the routers, essentially breaking in by first turning off the alarm. The attack chain reads like a masterclass in persistence: brute force and clever authentication bypasses got them in the door, a null byte injection tricked the router's authentication system, and a command injection vulnerability allowed them to manipulate logging features in a way that opened up even more attack paths. The real kicker? The final backdoor was installed using legitimate ASUS features, meaning it could survive firmware updates and stay hidden from traditional detection methods. This campaign affected thousands of routers globally, with over 4,800 compromised devices detected and counting. Even after ASUS released a patch—adding character validation rather than fixing the underlying flaw—researchers found that the fundamental vulnerability remained, and attackers could potentially work around the patch. This story highlights the ongoing challenges in IoT security: complexity breeds vulnerability, persistence is a nightmare to detect and remove when attackers use legitimate features, and patches often address symptoms rather than root causes. It's a reminder that traditional signature-based detection is no longer enough—behavioral analysis and AI-driven anomaly detection are now essential for spotting these advanced threats. We also touch on the bigger picture: the evolving cat-and-mouse game between attackers and defenders, the importance of defense in depth, and why understanding normal network behavior is more critical than ever. Plus, we look at the human element—attackers who are patient, technically sophisticated, and deeply aware of how to evade detection. For organizations, the takeaways are clear: defense in depth, behavioral monitoring, asset management, and patch management are all non-negotiable. And for everyone else, it's a reminder that the devices we trust to protect us are themselves complex and potentially vulnerable computers. Later in the episode, we take a closer look at vulnerability scoring systems—CVSS, EPSS, and SSVC—and why reading between the scores is so important for risk management. We also highlight the value of fresh, actionable data from sources like Censys and VulnCheck, and round things out with a nod to the ongoing conversation happening on the GreyNoise blog. Thanks for tuning in to Storm⚡️Watch. Stay vigilant, keep learning, and remember: in cybersecurity, the difference between safe and compromised can be as subtle as a single null byte. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this episode, I sit with long-time vulnerability management and data science experts Jay Jacobs and Michael Roytman, who recently co-founded Empirical Security.We dive into the state of vulnerability management, including:How it is difficult to quantify and evaluate the effectiveness of vulnerability prioritization and scoring schemes, such as CVSS, EPSS, KEV, and proprietary vendor prioritization frameworks, and what can be done betterSystemic challenges include setbacks in the NIST National Vulnerability Database (NVD) program, the MITRE CVE funding fiasco, and the need for a more resilient vulnerability database and reporting ecosystem.Domain-specific considerations when it comes to vulnerability identifiers and vulnerability management, in areas such as AppSec, Cloud, and Configuration Management, and using data to make more effective decisionsThe overuse of the term “single pane of glass” and some alternativesEmpirical's innovative approach to “localized” models when it comes to vulnerability management, which takes unique organizational and environmental considerations into play, such as mitigating controls, threats, tooling, and more, and how they are experimenting with this new approach for the industry

When artificial intelligence can generate code, write tests, and even simulate threat models, how do we still ensure security? That's the question John Sapp Jr. and Alex Kreilein examine in this energizing conversation about trust, risk management, and the future of application security.The conversation opens with a critical concern: not just how to adopt AI securely, but how to use it responsibly. Alex underscores the importance of asking a simple question often overlooked—why do you trust this output? That mindset, he argues, is fundamental to building responsible systems, especially when models are generating code or influencing decisions at scale.Their conversation surfaces an emerging gap between automation and assurance. AI tools promise speed and performance, but that speed introduces risk if teams are too quick to assume accuracy or ignore validation. John and Alex discuss this trust gap and how the zero trust mindset—so common in network security—must now apply to AI models and agents, too.They share a key concern: technical debt is back, this time in the form of “AI security debt”—risk accumulating faster than most teams can keep up with. But it's not all gloom. They highlight real opportunities for security and development teams to reprioritize: moving away from chasing every CVE and toward higher-value work like architecture reviews and resiliency planning.The conversation then shifts to the foundation of true resilience. For Alex, resilience isn't about perfection—it's about recovery and response. He pushes for embedding threat modeling into unit testing, not just as an afterthought but as part of modern development. John emphasizes traceability and governance across the organization: ensuring the top understands what's at stake at the bottom, and vice versa.One message is clear: context matters. CVSS scores, AI outputs, scanner alerts—all of it must be interpreted through the lens of business impact. That's the art of security today.Ready to challenge your assumptions about secure AI and modern AppSec? This episode will make you question what you trust—and how you build.___________Guests: Alex Kreilein, Vice President of Product Security, Qualys | https://www.linkedin.com/in/alexkreilein/John Sapp Jr., Vice President, Information Security & CISO, Texas Mutual Insurance Company | https://www.linkedin.com/in/johnbsappjr/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesJP Morgan Chase Open Letter: An open letter to third-party suppliers: https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliersLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

SAN FRANCISCO — RSA Conference 2025 "Sixty percent of the attacks we're tracking target low-profile vulnerabilities—things like privilege escalation and security bypasses, not the headline-making zero days," says Douglas McKee, Executive Director of Threat Research at SonicWall. Speaking live from the show floor at RSA 2025, McKee outlined how SonicWall is helping partners prioritize threats that are actually being exploited, not just those getting attention. In a fast-paced conversation with Technology Reseller News publisher Doug Green, McKee unveiled SonicWall's upcoming Managed Prevention Security Services (MPSS). The offering is designed to help reduce misconfigurations—a leading cause of breaches—by assisting with firewall patching and configuration validation. SonicWall is also collaborating with CySurance to package cyber insurance into this new managed service, providing peace of mind and operational relief to MSPs and customers alike. “Over 95% of the incidents we see are due to human error,” McKee noted. “With MPSS, we're stepping in as a partner to reduce that risk.” McKee also previewed an upcoming threat brief focused on Microsoft vulnerabilities, revealing an 11% year-over-year increase in attacks. Despite attention on high-profile CVEs, SonicWall's data shows attackers often rely on under-the-radar vulnerabilities with lower CVSS scores. For MSPs, McKee shared a stark warning: nearly 50% of the organizations SonicWall monitors are still vulnerable to decade-old exploits like Log4j and Heartbleed. SonicWall's telemetry-driven insights allow MSPs to focus remediation on widespread, high-impact threats. SonicWall's transformation from a firewall vendor to a full-spectrum cybersecurity provider was on display at RSA Booth #6353 (North Hall), where the company showcased its SonicSensory MDR, cloud offerings, and threat intelligence. "We've evolved into a complete cybersecurity partner," McKee said. "Whether it's in the cloud or on-prem, we're helping MSPs and enterprises defend smarter." Visitors to the SonicWall booth were treated to live presentations and fresh coffee—while those not attending can explore SonicWall's insights, including its February 2024 Threat Report and upcoming threat briefs, at www.sonicwall.com.

In this episode of CISO Tradecraft, host G Mark Hardy delves into the crucial topic of Common Vulnerabilities and Exposures (CVE) and the Common Vulnerability Scoring System (CVSS). Learn about the history, structure, and significance of the CVE database, the recent funding crisis, and what it means for the future of cybersecurity. We also explore the intricacies of CVE scoring and how it aids in prioritizing vulnerabilities. Tune in to understand how as a CISO, you can better prepare your organization against cyber threats and manage vulnerabilities efficiently. Transcripts: https://docs.google.com/document/d/13VzyzG5uUVLGVhPA5Ws0UFbHPnfHbsII Chapters 00:00 Introduction to CVE and CVSS 01:13 History of Vulnerability Tracking 03:07 The CVE System Explained 06:47 Understanding CVSS Scoring 13:11 Recent Funding Crisis and Its Impact 15:53 Future of the CVE Program 18:27 Conclusion and Final Thoughts

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

We take advantage of April Fools to look at some of appsec's myths, mistakes, and behaviors that lead to bad practices. It's easy to get trapped in a status quo of chasing CVEs or discussing which direction to shift security. But scrutinizing decimal points in CVSS scores or rearranging tools misses the opportunity for more strategic thinking. We satirize some worst practices in order to have a more serious discussion about a future where more software is based on secure designs. Segment resources: https://bsidessf2025.sched.com/event/1x8ST/secure-designs-ux-dragons-vuln-dungeons-application-security-weekly https://bsidessf2025.sched.com/event/1x8TU/preparing-for-dragons-dont-sharpen-swords-set-traps-gather-supplies https://www.rfc-editor.org/rfc/rfc3514.html https://www.rfc-editor.org/rfc/rfc1149.html Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-324

We take advantage of April Fools to look at some of appsec's myths, mistakes, and behaviors that lead to bad practices. It's easy to get trapped in a status quo of chasing CVEs or discussing which direction to shift security. But scrutinizing decimal points in CVSS scores or rearranging tools misses the opportunity for more strategic thinking. We satirize some worst practices in order to have a more serious discussion about a future where more software is based on secure designs. Segment resources: https://bsidessf2025.sched.com/event/1x8ST/secure-designs-ux-dragons-vuln-dungeons-application-security-weekly https://bsidessf2025.sched.com/event/1x8TU/preparing-for-dragons-dont-sharpen-swords-set-traps-gather-supplies https://www.rfc-editor.org/rfc/rfc3514.html https://www.rfc-editor.org/rfc/rfc1149.html Show Notes: https://securityweekly.com/asw-324

We take advantage of April Fools to look at some of appsec's myths, mistakes, and behaviors that lead to bad practices. It's easy to get trapped in a status quo of chasing CVEs or discussing which direction to shift security. But scrutinizing decimal points in CVSS scores or rearranging tools misses the opportunity for more strategic thinking. We satirize some worst practices in order to have a more serious discussion about a future where more software is based on secure designs. Segment resources: https://bsidessf2025.sched.com/event/1x8ST/secure-designs-ux-dragons-vuln-dungeons-application-security-weekly https://bsidessf2025.sched.com/event/1x8TU/preparing-for-dragons-dont-sharpen-swords-set-traps-gather-supplies https://www.rfc-editor.org/rfc/rfc3514.html https://www.rfc-editor.org/rfc/rfc1149.html Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-324

File Hashes Analysis with Power BI Guy explains in this diary how to analyze Cowrie honeypot file hashes using Microsoft's BI tool and what you may be able to discover using this tool. https://isc.sans.edu/diary/File%20Hashes%20Analysis%20with%20Power%20BI%20from%20Data%20Stored%20in%20DShield%20SIEM/31764 Apache Camel Vulnerability Apache released two patches for Camel in close succession. Initially, the vulnerability was only addressed for headers, but as Akamai discovered, it can also be exploited via query parameters. This vulnerability is trivial to exploit and leads to arbitrary code execution. https://www.akamai.com/blog/security-research/march-apache-camel-vulnerability-detections-and-mitigations Juniper Patches Junos Vulnerability Juniper patches an already exploited vulnerability in JunOS. However, to exploit the vulnerability, and attacker already needs privileged access. By exploiting the vulnerability, an attacker may completely compromised the device. https://supportportal.juniper.net/s/article/2025-03-Out-of-Cycle-Security-Bulletin-Junos-OS-A-local-attacker-with-shell-access-can-execute-arbitrary-code-CVE-2025-21590?language=en_US AMI Security Advisory AMI patched three vulnerabilities. One of the, an authentication bypass in Redfish, allows for a complete system compromise without authentication and is rated with a CVSS score of 10.0. https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf

Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage https://www.knostic.ai/what-we-do Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-865

Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: * https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage * https://www.knostic.ai/what-we-do Show Notes: https://securityweekly.com/psw-865

New "SparkCat" secret-stealing AI image scanner discovered in App and Play stores. The UK demands that Apple does the impossible: decrypting ADP cloud data. France moves forward on legislation to require backdoors to encryption. Firefox moves to 135 with a bunch of useful new features. The Five Eyes alliance publishes edge-device security guidance. Six NetGear routers contain CVSS 9.6 and 9.8 vulnerabilities. Sysinternals utilities allow malicious Windows DLL injection. Google removes restrictive do-gooder language from AI application policies. "AI Fuzzing" successfully jailbreaks the most powerful ChatGPT o3 model. Examining the well and deliberately hidden truth behind ransomware cyberattacks on U.S. K-12 schools Show Notes - https://www.grc.com/sn/SN-1012-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT zscaler.com/security uscloud.com 1password.com/securitynow

New "SparkCat" secret-stealing AI image scanner discovered in App and Play stores. The UK demands that Apple does the impossible: decrypting ADP cloud data. France moves forward on legislation to require backdoors to encryption. Firefox moves to 135 with a bunch of useful new features. The Five Eyes alliance publishes edge-device security guidance. Six NetGear routers contain CVSS 9.6 and 9.8 vulnerabilities. Sysinternals utilities allow malicious Windows DLL injection. Google removes restrictive do-gooder language from AI application policies. "AI Fuzzing" successfully jailbreaks the most powerful ChatGPT o3 model. Examining the well and deliberately hidden truth behind ransomware cyberattacks on U.S. K-12 schools Show Notes - https://www.grc.com/sn/SN-1012-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT zscaler.com/security uscloud.com 1password.com/securitynow

New "SparkCat" secret-stealing AI image scanner discovered in App and Play stores. The UK demands that Apple does the impossible: decrypting ADP cloud data. France moves forward on legislation to require backdoors to encryption. Firefox moves to 135 with a bunch of useful new features. The Five Eyes alliance publishes edge-device security guidance. Six NetGear routers contain CVSS 9.6 and 9.8 vulnerabilities. Sysinternals utilities allow malicious Windows DLL injection. Google removes restrictive do-gooder language from AI application policies. "AI Fuzzing" successfully jailbreaks the most powerful ChatGPT o3 model. Examining the well and deliberately hidden truth behind ransomware cyberattacks on U.S. K-12 schools Show Notes - https://www.grc.com/sn/SN-1012-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT zscaler.com/security uscloud.com 1password.com/securitynow

New "SparkCat" secret-stealing AI image scanner discovered in App and Play stores. The UK demands that Apple does the impossible: decrypting ADP cloud data. France moves forward on legislation to require backdoors to encryption. Firefox moves to 135 with a bunch of useful new features. The Five Eyes alliance publishes edge-device security guidance. Six NetGear routers contain CVSS 9.6 and 9.8 vulnerabilities. Sysinternals utilities allow malicious Windows DLL injection. Google removes restrictive do-gooder language from AI application policies. "AI Fuzzing" successfully jailbreaks the most powerful ChatGPT o3 model. Examining the well and deliberately hidden truth behind ransomware cyberattacks on U.S. K-12 schools Show Notes - https://www.grc.com/sn/SN-1012-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT zscaler.com/security uscloud.com 1password.com/securitynow

New "SparkCat" secret-stealing AI image scanner discovered in App and Play stores. The UK demands that Apple does the impossible: decrypting ADP cloud data. France moves forward on legislation to require backdoors to encryption. Firefox moves to 135 with a bunch of useful new features. The Five Eyes alliance publishes edge-device security guidance. Six NetGear routers contain CVSS 9.6 and 9.8 vulnerabilities. Sysinternals utilities allow malicious Windows DLL injection. Google removes restrictive do-gooder language from AI application policies. "AI Fuzzing" successfully jailbreaks the most powerful ChatGPT o3 model. Examining the well and deliberately hidden truth behind ransomware cyberattacks on U.S. K-12 schools Show Notes - https://www.grc.com/sn/SN-1012-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT zscaler.com/security uscloud.com 1password.com/securitynow

New "SparkCat" secret-stealing AI image scanner discovered in App and Play stores. The UK demands that Apple does the impossible: decrypting ADP cloud data. France moves forward on legislation to require backdoors to encryption. Firefox moves to 135 with a bunch of useful new features. The Five Eyes alliance publishes edge-device security guidance. Six NetGear routers contain CVSS 9.6 and 9.8 vulnerabilities. Sysinternals utilities allow malicious Windows DLL injection. Google removes restrictive do-gooder language from AI application policies. "AI Fuzzing" successfully jailbreaks the most powerful ChatGPT o3 model. Examining the well and deliberately hidden truth behind ransomware cyberattacks on U.S. K-12 schools Show Notes - https://www.grc.com/sn/SN-1012-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT zscaler.com/security uscloud.com 1password.com/securitynow

Plus: The AI Vulnerability Glut, Remotely Hacking Subarus, Criticism of CVSS, the United Breach, and much more... ➡ Protect Against Bots, Fraud, and Abuse. Check out WorkOS Radar at workos.com/radar Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.