Podcasts about Cyber

  • 8,552PODCASTS
  • 32,358EPISODES
  • 35mAVG DURATION
  • 6DAILY NEW EPISODES
  • Sep 12, 2025LATEST

POPULARITY

20172018201920202021202220232024

Categories




    Best podcasts about Cyber

    Show all podcasts related to cyber

    Latest podcast episodes about Cyber

    The CyberWire
    WhatsAppened to Samsung?

    The CyberWire

    Play Episode Listen Later Sep 12, 2025 27:36


    Samsung patches a critical Android zero-day vulnerability. Microsoft resolves a global Exchange Online outage. CISA reaffirms its commitment to the CVE program. California passes a bill requiring web browsers to let users automatically send opt-out signals. Apple issues spyware attack warnings. The FTC opens an investigation into AI chatbots on how they protect children and teens. A hacker convicted of attempting to extort more than 20,000 psychotherapy patients is free on appeal. Our guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect M&A deal value and integrity. Schools face insider threats from students. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect deal value and integrity.Selected Reading Samsung patches actively exploited zero-day reported by WhatsApp (Bleeping Computer) Microsoft fixes Exchange Online outage affecting users worldwide (Bleeping Computer) CISA looks to partners to shore up the future of the CVE Program (Help Net Security) California legislature passes bill forcing web browsers to let consumers automatically opt out of data sharing (The Record) Apple warns customers targeted in recent spyware attacks (Bleeping Computer) FTC to AI Companies: Tell Us How You Protect Teens and Kids Who Use AI Companions (CNET) Defence, Space and Cybersecurity. Why the General Assembly in Frascati matters (Decode39) DSEI Takeaways: Space and Cyber and the Invisible Front Line (Via Satellite)  Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal (The Record) Children hacking their own schools for 'fun', watchdog warns (BBC) - kicker Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
    SANS Stormcast Friday, September 12th, 2025: DShield SIEM Update; Another Sonicwall Warning; Website Keystroke Logging

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

    Play Episode Listen Later Sep 12, 2025 6:38


    DShield SIEM Docker Updates Guy updated the DShield SIEM which graphically summarizes what is happening inside your honeypot. https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/32276 Again: Sonicwall SSL VPN Compromises The Australian Government s Signals Directorate noted an increase in compromised Sonicwall devices. https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/ongoing-active-exploitation-of-sonicwall-ssl-vpns-in-australia Website Keystroke Logging Many websites log every keystroke, not just data submitted in forms. https://arxiv.org/pdf/2508.19825

    T-Minus Space Daily
    ESA pushes for space, defense, and cybersecurity autonomy.

    T-Minus Space Daily

    Play Episode Listen Later Sep 12, 2025 24:11


    The European Space Agency's (ESA's) Director General (DG) Josef Aschbacher delivered the opening remarks at the ‘General Assembly Defence, Space and Cybersecurity'. Satlink is partnering with Rivada Space Networks to provide a network with the necessary security and performance to support Spanish enterprises and Defense Forces. Armada AI and Sophia Space have launched a fully integrated Earth-to-space scalable compute infrastructure platform, and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Guest Elysia Segal brings us the Space Traffic Report from NASASpaceflight.com. Selected Reading ESA Director General's opening remarks at the General Assembly on Defence, Space & Cybersecurity Satlink Partners with Rivada for Next Generation Defense Connectivity Armada and Sophia Space Unveil First-Of-Its-Kind, Fully Integrated Earth-to-Space Edge AI Platform Slingshot LinkedIn Post Redwire Establishes Rapid Capabilities Facility in Albuquerque to Advance Space-Based Defense Systems ReOrbit, a Leading Provider of Sovereign Satellites and Connected Systems, Expands into the United Kingdom DSEI Takeaways: Space and Cyber and the Invisible Front Line Intellian and Eutelsat Developing Ultra-Portable Military-Grade LEO Manpack Terminal Planet Releases First Light Image From Pelican-3; Multiple Pelican Launches Slated for the Next Year Telekom Srbija Expands and Extends Partnership with SES Share your feedback. What do you think about T-Minus Space Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    Audiovisual Library of International Law
    Nicholas Tsagourias - The Peaceful Settlement of Interstate Cyber Disputes

    Audiovisual Library of International Law

    Play Episode Listen Later Sep 12, 2025 35:36


    Nicholas Tsagourias - The Peaceful Settlement of Interstate Cyber Disputes

    Cyber Briefing
    September 12, 2025 - Cyber Briefing

    Cyber Briefing

    Play Episode Listen Later Sep 12, 2025 9:56


    If you like what you hear, please subscribe, leave us a review and tell a friend!Chinese-linked fake job sites target former U.S. officials, while researchers uncover CHILLYHELL macOS backdoor and ZynorRAT for Windows and Linux. Apple and CERT-FR warn of spyware campaigns hitting iCloud devices, and Hello Gym leaks 1.6M audio files tied to member data. LNER discloses a breach of customer contact details, Panama's Finance Ministry is hit by INC Ransom, and the DOJ moves to seize $5M in Bitcoin stolen via SIM swaps. SwissBorg pledges to repay users after a $41M crypto theft at partner Kiln, Geordie launches a $6.5M-funded AI security platform.

    The CyberWire
    Cyber and AI take center stage.

    The CyberWire

    Play Episode Listen Later Sep 11, 2025 25:32


    The House passes a defense policy bill that includes new provisions on cybersecurity and artificial intelligence. Senator Wyden accuses Microsoft of “gross cybersecurity negligence” after a 2024 ransomware attack crippled healthcare giant Ascension. The White House shelves plans to split U.S. Cyber Command and the NSA. The Pentagon finalizes its long-awaited Cybersecurity Maturity Model Certification (CMMC 2.0) rule. Akira ransomware group targets SonicWall devices. Officials warn solar-powered highway infrastructure should be checked for hidden radios. The Atlantic Council maps the global spyware market. Researchers uncover serious flaws in Apple's AirPlay. A European DDoS mitigation provider thwarts a record-breaking attack. My Caveat cohosts Ethan Cook and Ben Yelin unpack the cyber elements of the Big Beautiful Bill. Who fixes the vibe code?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Ethan Cook joining Caveat hosts Dave Bittner and Ben Yelin for this month's Policy Deep Dive. Together, they unpack HR1, the “Big Beautiful Bill”, and how its investments in technology, supply chain security, and defensive resiliency reflect the Trump administration's push for long-term technological dominance. If you want to hear the full conversation, head over to Caveat. Selected Reading House moves ahead with defense bill that includes AI, cyber provisions (The Record) FTC should investigate Microsoft after Ascension ransomware attack, senator says (The Record) Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat' (The Record) Pentagon Releases Long-Awaited Contractor Cybersecurity Rule (GovInfo Security) Akira Ransomware Group Utilizing SonicWall Devices for Initial Access (Rapid7) Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure (Reuters) Mythical Beasts: Diving into the depths of the global spyware market (Atlantic Council) Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance (SecurityWeek) DDoS defender targeted in 1.5 Bpps denial-of-service attack (Bleeping Computer) The Software Engineers Paid to Fix Vibe Coded Messes (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
    SANS Stormcast Thursday, September 11th, 2025: BASE64 in DNS; Google Chrome, Ivantii and Sophos Patches; Apple Memory Integrity Feature

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

    Play Episode Listen Later Sep 11, 2025 7:12


    BASE64 Over DNS The base64 character set exceeds what is allowable in DNS. However, some implementations will work even with these invalid characters. https://isc.sans.edu/diary/BASE64%20Over%20DNS/32274 Google Chrome Update Google released an update for Google Chrome, addressing two vulnerabilities. One of the vulnerabilities is rated critical and may allow code execution. https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html Ivanti Updates Ivanti patched a number of vulnerabilities, several of them critical, across its product portfolio. https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs Sophos Patches Sophos resolved authentication bypass vulnerability in Sophos AP6 series wireless access point firmware (CVE-2025-10159) https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6 Apple Introduces Memory Integrity Enforcement With the new hardware promoted in yesterday s event, Apple also introduced new memory integrity features based on this new hardware. https://security.apple.com/blog/memory-integrity-enforcement/

    Serious Privacy
    Fireside Chat with a UK DPO (with Jordan Hall)

    Serious Privacy

    Play Episode Listen Later Sep 11, 2025 33:35


    Send us a textOn this episode of Serious Privacy, while both Paul Breitbarth and Ralph O'Brien of Reinbo Consulting are out, Dr. K Royal connects with Jordan Hall, a DPO based in the UK. Discussion centers around scope of DPO, where the field has developed, and thoughts on current events. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

    Alliant Specialty Podcasts
    From First Notice to MOVEit: Navigating Coverage, Duty to Defend and Cyber Litigation

    Alliant Specialty Podcasts

    Play Episode Listen Later Sep 11, 2025 14:11


    Join Mike Radak, Alliant Financial Institutions, and David Finz, Alliant Claims & Legal, as they break down three recent legal developments shaping insurance and cyber risk. They discuss how strict notice provisions can result in claim denials, the importance of securing coverage for regulatory investigations and what the MOVEit litigation reveals about duty to defend versus choice of counsel. Together, they provide key insights for policyholders navigating coverage gaps, defense strategies and the evolving risks in the financial institutions and cyber markets.

    Cyber Briefing
    September 11, 2025 - Cyber Briefing

    Cyber Briefing

    Play Episode Listen Later Sep 11, 2025 9:44


    If you like what you hear, please subscribe, leave us a review and tell a friend!Multiple high-profile cyber incidents are impacting organizations worldwide, including ransomware attacks, data breaches, malware campaigns, and sophisticated DDoS operations. Notable events involve compromises of GitHub accounts affecting Salesloft and Drift, ransomware groups like LockerGoga, MegaCortex, and Nefilim, a massive DDoS hitting a defender platform, and breaches exposing sensitive financial and personal data in Vienna, VA, while Ukraine faces evolving Russian hacker tactics.

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
    SANS Stormcast Wednesday, September 10th, 2025: Microsoft Patch Tuesday;

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

    Play Episode Listen Later Sep 10, 2025 8:25


    Microsoft Patch Tuesday As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were already made public. Microsoft rates 13 of the vulnerabilities are critical. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20September%202025/32270 Adobe Patches Adobe released patches for nine products, including Adobe Commerce, Coldfusion, and Acrobat. https://helpx.adobe.com/security/security-bulletin.html SAP Patches SAP patched vulnerabilities across its product portfolio. Particularly interesting are a few critical vulnerabilities in Netweaver, one of which scored a perfect 10.0 CVSS score. https://onapsis.com/blog/sap-security-notes-september-2025-patch-day/

    Resilient Cyber
    Resilient Cyber w/ Cory Michal (AppOmni) - Unpacking the SaaS Security Supply Chain Landscape

    Resilient Cyber

    Play Episode Listen Later Sep 10, 2025 24:52


    - One of the biggest SaaS security incidents recently of course is the Salesloft Drive/Salesforce incident, which impacted hundreds of organizations and involved compromised OAuth tokens. Can you tell us a bit about the incident and the fallout?- In an AppOmni blog on the incident, you all discuss attackers taking advantage of persistent OAuth access, over-permissive access, limited monitoring, and unsecured secrets. Why do these problems continue to plague organizations despite incidents like this?This is part of a broader trend of increased SaaS supply chain attacks. What makes these attacks so enticing for malicious actors and challenging for organizations to prevent entirely?You recently published your State of SaaS Security Report, which projects SaaS to grow 20% YoY between 2025 and 2032. This is despite 75% of organizations reporting a SaaS security incident in the past year. Why do you think we're seeing continued growth in adoption but still lagging in SaaS security to accompany the adoption?The report discusses the rise of NHIs and GenAI and how this will exacerbate problems around SaaS Access and incidents. Can you unpack that for us?I was shocked to see the report find that just 13% of organizations use SSPM tooling despite SaaS's widespread adoption. When you talk to enterprises, for example, nearly everyone is doing some CSPM activity for IaaS. Why are so many neglecting hygiene and posture for their SaaS footprint?

    Cybercrime Magazine Podcast
    Mastering Cyber. Make A Digital Emergency Kit. Alissa “Dr Jay” Abdullah, Deputy CSO, Mastercard.

    Cybercrime Magazine Podcast

    Play Episode Listen Later Sep 10, 2025 1:32


    Welcome to Mastering Cyber with Host Alissa (Dr Jay) Abdullah, PhD, SVP & Deputy CSO at Mastercard, and former White House technology executive. Listen to this weekly one-minute podcast to help you maneuver cybersecurity industry tips, terms, and topics. Buckle up, your 60 seconds of cyber starts now! Sponsored by Mastercard: https://mastercard.us/en-us.html

    Cyber Briefing
    September 10, 2025 - Cyber Briefing

    Cyber Briefing

    Play Episode Listen Later Sep 10, 2025 8:28


    If you like what you hear, please subscribe, leave us a review and tell a friend!Recent cybersecurity incidents highlight a surge in data breaches, malware attacks, and espionage campaigns affecting major tech platforms, investment services, and government entities. From Microsoft and Apple to Wealthsimple and Cornwell Tools, hackers continue to exploit vulnerabilities, prompting forensic investigations, sanctions, and increased digital defenses.

    Communism Exposed:East and West
    US Government Imposes Sanctions on Cyber Scam Centers in Southeast Asia

    Communism Exposed:East and West

    Play Episode Listen Later Sep 10, 2025 5:00


    Money Talk
    Your Money - Cyber Incident Legal Issues

    Money Talk

    Play Episode Listen Later Sep 10, 2025 9:23


    Voice-Over-Text: Pandemic Quotables
    US Government Imposes Sanctions on Cyber Scam Centers in Southeast Asia

    Voice-Over-Text: Pandemic Quotables

    Play Episode Listen Later Sep 10, 2025 5:00


    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
    SANS Stormcast Tuesday, September 9th, 2025: Major npm compromise; HTTP Request Signature

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

    Play Episode Listen Later Sep 9, 2025 8:44


    Major npm compromise A number of high-profile npm libraries were compromised after developers fell for a phishing email. This compromise affected libraries with a total of hundreds of millions of downloads a week. https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydioq5swk2y https://github.com/orgs/community/discussions/172738 https://github.com/chalk/chalk/issues/656#issuecomment-3266894253 https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised HTTP Request Signatures It looks like some search engines and AI bots are starting to use the HTTP request signature. This should make it easier to identify bot traffic. https://isc.sans.edu/diary/HTTP%20Request%20Signatures/32266

    School Business Insider
    Inside a Cyber Attack: Lessons for Schools from the Front Lines

    School Business Insider

    Play Episode Listen Later Sep 9, 2025 45:00


    Cyber attacks on schools are on the rise — and when they happen, the impact is immediate and long-lasting.In this episode of School Business Insider, host John Brucato speaks with Johnty Mongan, Global Head of Cyber Risk Management at Gallagher Cyber Risk Management. With years of experience responding to some of the most challenging cyber incidents worldwide, Johnty pulls back the curtain on what really happens during an attack — from the first chaotic hours to the long-term fallout for students, staff, and communities.We cover:The anatomy of a school cyber attackWhy criminals target education and what they hope to gainThe turning points when attacks go from bad to worseThe lasting human and operational impactThe top five cyber controls schools should implement nowIf you've ever wondered how cyber criminals operate and what SBOs can do to protect their districts, this is a must-listen.Contact School Business Insider: Check us out on social media: LinkedIn Twitter (X) Website: https://asbointl.org/SBI Email: podcast@asbointl.org Make sure to like, subscribe and share for more great insider episodes!Disclaimer:The views, thoughts, and opinions expressed are the speaker's own and do not represent the views, thoughts, and opinions of the Association of School Business Officials International. The material and information presented here is for general information purposes only. The "ASBO International" name and all forms and abbreviations are the property of its owner and its use does not imply endorsement of or opposition to any specific organization, product, or service. The presence of any advertising does not endorse, or imply endorsement of, any products or services by ASBO International.ASBO International is a 501(c)3 nonprofit, nonpartisan organization and does not participate or intervene in any political campaign on behalf of, or in opposition to, any candidate for elective public office. The sharing of news or information concerning public policy issues or political campaigns and candidates are not, and should not be construed as, endorsements by ASBO Internatio...

    Cyber Briefing
    September 09, 2025 - Cyber Briefing

    Cyber Briefing

    Play Episode Listen Later Sep 9, 2025 8:38


    If you like what you hear, please subscribe, leave us a review and tell a friend!Multiple major cybersecurity incidents are hitting software and services. GPUGate malware targets Google Ads and GitHub, Windows Defender has a hijack vulnerability, and 20 popular npm packages were compromised. Plex and Lovesac confirm breaches after ransomware attacks, hackers steal thousands of secrets via GhostAction, SpamGPT fuels phishing, employees leak AI-sensitive data, and Signal adds secure cloud backups.

    Communism Exposed:East and West
    US Lawmaker Impersonated in Cyber Campaign, Suspects Chinese Hackers

    Communism Exposed:East and West

    Play Episode Listen Later Sep 9, 2025 3:52


    Irish Tech News Audio Articles
    Integrity360 announces exclusive Irish partnership with HackerOne to uncover hidden cyber risks

    Irish Tech News Audio Articles

    Play Episode Listen Later Sep 9, 2025 3:08


    More than 7.5 million global cyber incidents were reported in the first half of 2025, a 19% rise on the same period last year. To combat the surge in attacks, Integrity360 is announcing an exclusive Irish partnership with global bug bounty leader HackerOne. This partnership gives businesses direct local access to a trusted network of more than two million ethical hackers, delivering real-time vulnerability discovery and remediation before threats can be exploited. Cyber attacks are increasing in both sophistication and volume, with large organisations -particularly those with web-facing infrastructure - experiencing relentless attempts to identify and exploit weaknesses. While traditional penetration testing and red teaming remain essential, a well organised bug bounty programme takes cyber security to the next level. Integrity360's collaboration with HackerOne adds an 'always-on' layer of human-led testing, giving enterprises continuous visibility into emerging threats and an attacker's eye view of their systems. Drawing on HackerOne's global community of security researchers, Integrity360 identifies vulnerabilities that automated tools might miss. With access to over two million ethical hackers, security teams can prioritise and remediate critical risks faster - a capability that would be virtually impossible for any single organisation to replicate in-house. Furthermore, you only pay for exposures that are discovered, providing excellent return on investment. The collaboration expands the cyber security testing portfolio of Integrity360, enabling delivery of an end-to-end service that spans scheduled assessments, red teaming, and continuous researcher-led testing. While HackerOne underpins the platform with its unparalleled crowd-powered expertise, Integrity360 ensures seamless integration into clients' security programmes. "Technology alone can't match the creativity and persistence of a determined attacker," said Richard Ford, CTO at Integrity360. "By partnering with HackerOne, we are enabling organisations to tap into a vast, global community of security researchers who continuously probe for weaknesses. This is proactive defence in action, which is designed to uncover and fix issues before they become security incidents." John Addeo, VP of Global Channels at HackerOne, said: "Integrity360 brings deep enterprise security expertise, while our hacker community provides real-world insight that tools alone can't deliver. Together, we help organisations find and fix vulnerabilities faster, reducing their attack surface in an increasingly complex threat environment." The move reflects a wider industry shift from periodic, compliance-driven assessments to continuous, community-powered protection. As cyber threats continue to evolve, the ability to detect and respond to vulnerabilities in real-time will become a critical benchmark for effective cyber defence. See more stories here.

    Voice-Over-Text: Pandemic Quotables
    US Lawmaker Impersonated in Cyber Campaign, Suspects Chinese Hackers

    Voice-Over-Text: Pandemic Quotables

    Play Episode Listen Later Sep 9, 2025 3:52


    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
    SANS Stormcast Monday, September 8th, 2025: YARA to Debugger Offsets; SVG JavaScript Phishing; FreePBX Patches;

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

    Play Episode Listen Later Sep 8, 2025 5:34


    From YARA Offsets to Virtual Addresses Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with debuggers. https://isc.sans.edu/diary/From%20YARA%20Offsets%20to%20Virtual%20Addresses/32262 Phishing via JavaScript in SVG Files Virustotal uncovered a Colombian phishing campaign that takes advantage of JavaScript in SVG files. https://blog.virustotal.com/2025/09/uncovering-colombian-malware-campaign.html FreePBX Patches FreePBX released details regarding two vulnerabilities patched last week. One of these vulnerabilities was already actively exploited. https://github.com/FreePBX/security-reporting/security/advisories/GHSA-3r47-p39v-vqqf

    Risky Business
    Snake Oilers: Nebulock, Vali Cyber and Cape

    Risky Business

    Play Episode Listen Later Sep 8, 2025 46:33


    In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares: Automated, AI-powered threat hunting with Nebulock Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those “low” and “informational” findings your detection team doesn't have time to look at. Runtime security for hypervisors from Vali Cyber Austin Gadient from Vali Cyber stops by to talk about ZeroLock, its hypervisor security product. It's marketed as a counter-ransomware control but is just a generally useful security platform for virtualised environments. A secure mobile telco: Cape The only thing American cell providers love more than providing patchy coverage is getting their customers' data owned. Cape is here to change that. It's a security and anonymity-focussed virtual mobile network operator (MVNO) that's been spun up by a highly competent team. If we lived in the USA we would be customers, and a bunch of CISOs listening to this might want to consider Cape subscriptions for their workforce. This episode is also available on Youtube Show notes

    Everything Envy Podcast
    231 ) Wi-Fight for Security: Our Chat with a Cyber Pro

    Everything Envy Podcast

    Play Episode Listen Later Sep 8, 2025 24:51


    Running a business online comes with plenty of perks—but also some hidden risks we didn't fully realize until now. In this episode, we share what we learned after talking with a cyber specialist who gave us a serious wake-up call about just how vulnerable online businesses can be. We're spilling the details in our signature mother–daughter style. If you've ever wondered how safe your digital world really is, definitely tune in to this one.Everything Envy Links:Amazon Store: https://urlgeni.us/amzn/podcast_storefront_EEInstagram: https://urlgeni.us/instagram/podcast_IG_EETikTok:  https://urlgeni.us/tiktok/podcast_tiktok_EEPinterest:  https://urlgeni.us/pinterest/podcast_pinterest_Facebook Group:  https://urlgeni.us/facebook/podcast_FBdealsgroup_EESign up for our newsletter:  https://urlgeni.us/podcast_newsletter_EEOur website:  https://urlgeni.us/podcast_website_The TECH tools we use in our podcast recording studio: ⁠⁠https://urlgeni.us/amazon/podcast_influencertools_EEClick here to get our vision board template: https://urlgeni.us/podcast_visionboard_EEBelow are affiliate links to some really cool tools that we use in our business. We do earn a tiny commission if you click any of our affiliate links so THANK YOU in advance! :)Collecting all the data is probably one of the most important things you should do for your business! We use URLgenius to easily track ours!https://app.urlgeni.us/signup?urlg_referrer=everything_envyFloDesk is what we use to create our beautiful newsletters and emails: https://partners.flodesk.com/x7detoz05nk1Interested in the tool we use to collect email addresses and send them straight to FloDesk? Check out AppSumo using our affiliate link!  https://urlgeni.us/podcast_appsumo_EE

    The Lockdown - Practical Privacy & Security
    033 - Black Mirror - Is the UK's Surveillance State Coming to America?

    The Lockdown - Practical Privacy & Security

    Play Episode Listen Later Sep 8, 2025 38:14


    In this episode, I share news from my recent trip to the UK, noticing how it seems to have reached the epic proportions of a Black Mirror episode; from the absurd TV licensing program to the new Digital ID Brit cards that will track your behavior. I also explore how the UK may be serving as a testing ground for new levels of behavioral surveillance that could eventually spread globally. I dive into California's $900 “smart” license plates that track your every move, centralized government digital currencies, and my predictions for the next 20 years of Orwellian surveillance.Support the show on Patreon!In this week's episode:The UK's TV licensing system: Legal extortion through private contractorsThe Reviver R-plate: $900 to track yourself in California and ArizonaBrit Cards: UK's new “voluntary” Digital ID systemThe Bank of England's digital pound and programmable moneyHistorical patterns of control: From land ownership to neural interfacesWhy the UK is the blueprint for global surveillance rolloutPredictions for the next 20-50 years of biosurveillanceMatrix Community RoomsMatrix Community Space - https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links:https://matrix.to/#/#lockdown-intro:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-general:matrix.orgShow Links:PsySecure ODSF Framework - https://odsf.psysecure.comLCD License Plate (not privacy friendly!) - https://reviver.com/rplate/Black Mirror S03E01 "Nosedive" - https://www.imdb.com/title/tt5497778/Bank of England's Digital Pound - https://www.bankofengland.co.uk/the-digital-poundBrit Card Digital ID System - https://www.labourtogether.uk/all-reports/britcardTV Licensing Detector Ads (1980s-90s): The Detector Van - https://www.youtube.com/watch?v=8NmdUcmLFkw"We know exactly where he is" - https://www.youtube.com/watch?v=qF3-S2sCnb8Keep One Eye Open - https://www.youtube.com/watch?v=mVfOmR7gAekMore Powerful Dector Vans! - https://www.youtube.com/watch?v=1Q9CsRRhWQI“One believes things because one has been conditioned to believe them.”- Mustapha Mond (Brave New World ★ Support this podcast on Patreon ★

    Cyber Briefing
    September 08, 2025 - Cyber Briefing

    Cyber Briefing

    Play Episode Listen Later Sep 8, 2025 8:32


    If you like what you hear, please subscribe, leave us a review and tell a friend!Authorities disrupt major pirated streaming networks, investigate malicious emails targeting trade talks with China, and confirm breaches exposing millions of students and customer data. Microsoft Azure services face outages from undersea cable cuts. iCloud calendars and cracked software are being abused for phishing attacks, while Venezuela's president claims his Huawei phone is secure from US cyber spies. Czech authorities warn against using Chinese technology in critical infrastructure.

    Federal Drive with Tom Temin
    Patchy cyber workforce efforts face uncertain future under Trump

    Federal Drive with Tom Temin

    Play Episode Listen Later Sep 8, 2025 7:58


    Federal agencies have embarked on numerous initiatives in recent years to recruit and develop more cyber talent, but those efforts have been hobbled by a lack of good data, and now they face an uncertain future amid the Trump administration sweeping workforce changes. For more on what's happening with the cyber workforce Federal News Network's Justin Doubleday is here. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

    Defence Connect Podcast
    CYBER UNCUT: ‘Nudify' app ban, hacker threatens artists with AI punishment, and fake ID marketplace takedown

    Defence Connect Podcast

    Play Episode Listen Later Sep 8, 2025 35:09


    In this episode of the Cyber Uncut podcast, David Hollingworth and Daniel Croft discuss the latest AI news, some worrying trends in cyber crime, and this year's largest supply chain hack, impacting hundreds of companies worldwide. Hollingworth and Croft kick things off by looking at the NSW government embracing AI and the federal government's timely move to ban deepfake “nudify” apps that are being used to bully and harrass. The pair then catch up with the latest cyber crime news, from the wide-ranging Salesloft Drift hacks that have impacted companies like Zscaler and Palo Alto Networks, to a brazen local hack that's seen delicate health data published online by unscrupulous ransomware operators. Hollingworth and Croft wind things up with some mostly good news, with an AI stethoscope potentially a game changer for heart health, and an international operation to take down a fake ID marketplace. Enjoy the episode, The Cyber Uncut team

    Troy Hunt's Weekly Update Podcast

    A Week of School, Cyber and Food in Singapore https://www.troyhunt.com/weekly-update-467/See omnystudio.com/listener for privacy information.

    Dj Silver Nail
    DJ Silver Nail - Cyber Folk Russian Mix

    Dj Silver Nail

    Play Episode Listen Later Sep 7, 2025 73:30


    Предлагаю вашему вниманию переработанную версию ранее выпущенного микса, с дополнительными треками и частично переведенного! 01 00:00:00 Intro 02 00:00:35 ПЕВЧАЯ - Ты заря (Silver Nail Remix) 03 00:03:19 Moscow Village Band – Paranya 04 00:05:38 ABIEM Project – Порушка-параня 05 00:07:35 Татьяна Куртукова - Матушка (Index-1 Remix) 06 00:09:40 Ася Горбачёва, Silver Ace - Родина моя 07 00:11:58 Сюзанна Светличная - Ты живи моя страна (A-Traxx Remix) 08 00:13:39 Jakonda feat. DJ Nejtrino & ELIA - Летел голубь 09 00:15:33 ПЕВЧАЯ — Ранешенько (Silver Nail Remix) 10 00:17:39 Lebedeva, Ahigo, SLYOZY ALYASKI - Иван Купала 11 00:19:27 KILLTEQ x IZIFONK - Любушка 12 00:21:14 Nikita Rise — Полюбила пацана 13 00:22:46 Министерство Культуры СССР - Ой, дуся, oй, маруся 14 00:24:42 Надежда Кадышева и Г.Кадышев - Плывет веночек (Dmitry Air Remix) 15 00:26:45 Полынь Folk, ГАЛЕЯ, Тульская, Baltin - Солнце встало высоко 16 00:28:53 Chagunava - Золотой домик (Silver Ace Remix) 17 00:31:57 Bearwolf Валькирия (D. Anuchin Remix) 18 00:34:22 Sara Oks x Los Del Rio - Казак (Silver Nail MashUp) 19 00:36:17 Талица, Dj GROOV - Гори, гори ясно! 20 00:38:20 BVLVNS - Polyushko Pole 21 00:40:09 Галя, VEYA, Ася Зыкова, MATANYA - Туман 22 00:42:27 КоленкорЪ, Полынь Folk & DAN3A - Савич 23 00:44:22 Kvinn, Alexey Razumov - To ne vecher 24 00:46:11 Балаган Лимитед, Willi Nil - Тонкая рябина 25 00:48:43 Shadow Clouds - Russian Vibe 26 00:51:01 TRILTAPE, САМОВАРОЧКИ - KUPALA (Ragion remix) 27 00:53:38 Цветень - Матюшка 28 00:56:14 MOREBOY x NIKA DUBIK - Dom 29 00:58:23 Max Lansky - Ветерок 30 01:00:10 Белолуна - Девичья 31 01:02:44 Ruslan Babetskii ft. Yuki - Вереюшка 32 01:04:48 VELIKOPOLSKAYA - BANYA 33 01:07:08 Zventa Sventana - Месяц

    silver remix cyber folk index nail elia yuki veya dj nejtrino anuchin remix silver ace russian mix killteq jakonda dmitry air remix
    Resilient Cyber
    Resilient Cyber w/ Rob T. Lee - Navigating AI's Impact on Cyber & the Workforce

    Resilient Cyber

    Play Episode Listen Later Sep 6, 2025 39:08


    In this episode of Resilient Cyber, I sit down with the SANS Institute's Chief of Research (COR) & Chief AI Officer (CAIO), Rob T. Lee to discuss AI's impact on cybersecurity and the workforce. We will discuss SANS Critical AI Security Guidelines, the opportunities and obstacles AI presents for cybersecurity, and how practitioners should navigate AI's impact on the workforce.

    WCCO Tech Talk
    How vulnerable are we to cyber warfare?

    WCCO Tech Talk

    Play Episode Listen Later Sep 6, 2025 33:12


    Tech Talk with Steve Thomson and Doug Swinhart! Topics include: Cyber warfare and protecting cyber infrastructure and the threat level. Awareness especially for seniors who are often targeted for online scams Is it necessary to upgrade to Windows 11? Recovering an accidentally deleted email inbox Should you be wary of QR codes? Texts and calls from listeners

    Fazit - Kultur vom Tage - Deutschlandfunk Kultur
    Heiligsprechung des "Cyber-Apostels" Carlo Acutis

    Fazit - Kultur vom Tage - Deutschlandfunk Kultur

    Play Episode Listen Later Sep 6, 2025 9:50


    Main, Andreas www.deutschlandfunkkultur.de, Fazit

    The CyberWire
    Wheels left spinning after cyber incident.

    The CyberWire

    Play Episode Listen Later Sep 5, 2025 29:42


    A cyberattack disrupts Bridgestone's manufacturing operations. CISA warns of critical vulnerabilities in products used across multiple sectors. Additional cybersecurity firms confirm data exposure in the recent Salesforce–Salesloft Drift attack. A configuration vulnerability in Sitecore products leads to remote code execution. HHS promises stricter enforcement of healthcare information access rules. Texas sues an education software provider over a December 2024 data breach. A federal jury orders Google to pay $425 million over improperly collected user data. Nations unite for global guidance on SBOMs. On our Industry Voices segment, we are joined by Aron Anderson, Enterprise Security Manager of Adobe, on embracing the journey to zero trust. Chess.com gets caught in a tricky gambit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices On our Industry Voices segment we are joined by  Aron Anderson, Enterprise Security Manager of Adobe, as he is talking about embracing the journey to zero trust. If you want to hear the full conversation from Aron, you can check it out here. Selected Reading Tire giant Bridgestone confirms cyberattack impacts manufacturing (Bleeping Computer) CISA issues ICS advisories on hardware flaws in Honeywell, Mitsubishi Electric, Delta Electronics, rail communication protocols (Industrial Cyber) More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach (SecurityWeek) Unknown miscreants snooping around Sitecore via sample keys (The Register) HHS Says It's 'Cracking Down' on Health Information Blocking (BankInfo Security) Texas sues PowerSchool over breach exposing 62M students, 880k Texans (Bleeping Computer) Google hit with $425 million verdict in privacy class action suit (The Record) US and 14 Allies Release Joint Guidance on Software Bill of Materials (Infosecurity Magazine) Chess.com says 4,500 people had data stolen during June breach  (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    Everyday AI Podcast – An AI and ChatGPT Podcast
    EP 604: Beyond the Hype: Turning AI Ethics into Competitive Advantage

    Everyday AI Podcast – An AI and ChatGPT Podcast

    Play Episode Listen Later Sep 5, 2025 30:07


    AI growth with no rules? That's not bold. It's reckless.Everyone's racing to scale AI. More data, faster tools, flashier launches.But here's what no one's saying out loud:Growth without governance doesn't make you innovative. It makes you vulnerable.Ignore ethics, and you're building an empire on quicksand.In this episode, we're breaking down how to scale AI the right way—without wrecking trust, compliance, or your future.Newsletter: Sign up for our free daily newsletterMore on this Episode: Episode PageJoin the discussion: Questions for Rajeev or Jordan? Go ask.Upcoming Episodes: Check out the upcoming Everyday AI Livestream lineupWebsite: YourEverydayAI.comEmail The Show: info@youreverydayai.comConnect with Jordan on LinkedInTopics Covered in This Episode:Balancing AI Innovation with Ethical GovernanceIntroduction of Rajeev Kapur and Eleven o Five MediaRajeev Kapur's Background in AICompanies Balancing AI Innovation and EthicsFormation of AI Ethics BoardData Management as Competitive AdvantagePrivacy and Ethics as Product FeaturesGovernance and Ethical Standards in AI UseImpact of Regulatory Changes on AI UseDeepfakes and Their ImplicationsEncouragement for Companies to Lead Ethically in AITimestamps:00:00 Navigating AI: Innovation vs. Risks04:00 "AI Startup's Spatial Audio Journey"06:49 AI Ethics Oversight & Governance10:04 Strategic AI Advisory Team Formation15:34 AI Strategy and Governance Essentials16:55 Global Standardization Needed for AI Policies22:47 AI Ethics: Innovation vs. Deepfakes25:48 "Regulate Deepfakes Like Nukes"27:17 Leadership Vision for Future SuccessKeywords:AI innovation, Ethical governance, Large language models, Data privacy, AI ethics board, AI governance, TDWI, Microsoft stack, Generative AI, AI algorithms, Spatial audio, Deep fakes, Data differentiation, Machine learning, Cyber security, Enterprise technology, Rajeev Kapur, 11:05 Media, AI safety, OpenAI, Data utilization, Ethical AI alignment, Regulatory aspect, AI models, Innovation vs. ethics, AI data privacy, Explainability, Data scientists, Third-party audits, Transparent AI usage, AI-driven growth, Monitoring feedback loops, Worst case testing, Smart regulations, Digital twins, Disinformation, AI bias mitigation, Data as new oil, Refining dataSend Everyday AI and Jordan a text message. (We can't reply back unless you leave contact info) Ready for ROI on GenAI? Go to youreverydayai.com/partner

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
    SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

    Play Episode Listen Later Sep 5, 2025 8:18


    Unauthorized Issuance of Certificate for 1.1.1.1 Cloudflare published a blog post with more details regarding the bad 1.1.1.1 certificate that was issued by Fina. https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/ AI Model Namespace Reuse Deleted accounts on Huggingface can be taken over by other entities unrelated to the original owner. https://unit42.paloaltonetworks.com/model-namespace-reuse/ macOS vulnerability allowed Keychain and iOS app decryption without a password Excessive entitlements for the gcore binary facilitated access to key material that was sufficient to access secrets stored in Apple s keychain. https://www.helpnetsecurity.com/2025/09/04/macos-gcore-vulnerability-cve-2025-24204/

    Eggplant: The Secret Lives of Games
    EP: A Year of UFO 50 - Cyber Owls

    Eggplant: The Secret Lives of Games

    Play Episode Listen Later Sep 5, 2025 117:32


    We're joined by Izzy Kestrel (Gexfeld, A Good Videogame), Shawn Alexander Allen (Treachery in Beatdown City), and the one and only Rand Hall (UFO 50 Voicemailer Extraordinaire) to discuss Cyber Owls, the 50th and final* game in the UFO 50 collection. “A superweapon threatens to destroy the world, and it's up to the Cyber Owls to save the day!” Next week: [REDACTED] Audio edited by Dylan Shumway   Discussed in this episode: Eggplant Merch! https://cottonbureau.com/people/eggplant-the-secret-lives-of-games-podcast  Cherry Rush YouTube Highlights https://www.youtube.com/@Cherry-Rush  Derek Yu's Wikiquote https://en.wikiquote.org/wiki/Derek_Yu  Roguelike Celebration 2025 (Including Fireside Chat with Jon Perry!) https://www.roguelike.club/event2025.html  Izzy's itch.io https://iznaut.itch.io/  Izzy's bluesky https://bsky.app/profile/iznaut.com Izzy's Website https://iznaut.com/ Snap & Grab https://nogoblin.com/snapandgrab Shawn's Instagram https://www.instagram.com/shawndoublea/?hl=en Beatdown City Survivors https://store.steampowered.com/app/3383040/Beatdown_City_Survivors/  Tyriq's Bluesky https://bsky.app/profile/fourbitfriday.bsky.social Scrubbin' Trubble https://scrubbintrubble.com/ The Grasshopper (and "Words on Play")  https://broadviewpress.com/product/the-grasshopper-third-edition/#tab-description C.A. Brown https://www.youtube.com/@CABROWN https://www.youtube.com/eggplantshow http://discord.gg/eggplant https://www.patreon.com/eggplantshow

    TransMissions Podcast: Transformers News and Reviews! - All Shows Feed

    Worst Bot Ever is getting a sequel, we get caught up on all the episodes of Cyberworld, and in Japan you can now smell like your favorite Transformer. All this and much, much more on this episode of TransMissions Alt Mode! Order our exclusive Skybound Transformers #1 comic with cover art by E.J. Su! Want some TransMissions swag? Check out our online shop, powered by Dashery! Show Notes: If you enjoy TransMissions, please rate us and subscribe on Apple Podcasts and Spotify! These ratings greatly help podcasts become more discoverable to other people using those services and is an easy way to help out our show. Contact us: Continue reading The post Alt Mode 458 – It’s A Cyber, Cyber World appeared first on TransMissions Podcast Network.

    spotify japan cyber transformer transmissions cyber world cyber cyber transmissions podcast network transmissions alt mode
    Fault Lines
    Episode 497: Salt Typhoon — China's Cyber Blitz

    Fault Lines

    Play Episode Listen Later Sep 5, 2025 17:52


    Today, Jess, Martha, Morgan, and Algene break down Salt Typhoon — a years-long Chinese cyber campaign that impacted 80 countries, targeted U.S. telecommunications firms, and compromised millions of people, including political leaders and even National Guard systems. A new multinational report links the operation to three Chinese firms tied to Beijing's military services, underscoring the scale of China's push to dominate the global cyber domain even as the U.S. cuts cyber budgets.How much damage did Salt Typhoon really do, and why should Americans care? Will Congress step up to strengthen U.S. cyber defenses? And why is Washington pulling back at the very moment that Beijing is doubling down on cyber operations?Check out these sources that helped shape our experts' opinions: https://www.politico.com/news/2025/09/02/congress-pulls-the-rug-on-u-s-plan-to-beat-huawei-00527620https://www.nytimes.com/2025/09/04/world/asia/china-hack-salt-typhoon.html?smid=nytcore-ios-share&referringSource=articleSharehttps://www.washingtonpost.com/national-security/2025/05/23/cisa-cyberattacks-china-doge-cuts/ @marthamillerdc@morganlroach@NotTVJessJones@AlgeneSajeryLike what we're doing here? Be sure to rate, review, and subscribe. And don't forget to follow @faultlines_pod and @masonnatsec on Twitter!We are also on YouTube, and watch today's episode here: https://youtu.be/73tIjXQtUA0 Hosted on Acast. See acast.com/privacy for more information.

    Software Engineering Institute (SEI) Podcast Series
    Threat Modeling: Protecting Our Nation's Complex Software-Intensive Systems

    Software Engineering Institute (SEI) Podcast Series

    Play Episode Listen Later Sep 5, 2025 35:02


    In response to Executive Order (EO) 14028, Improving the Nation's Cybersecurity, the National Institute of Standards and Technology (NIST) recommended 11 practices for software verification. Threat modeling is at the top of the list. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Natasha Shevchenko and Alex Vesey, both engineers with the SEI's CERT Division, sit down with Timothy Chick, technical manager of CERT's Applied Systems Group, to discuss how threat modeling can be used to protect software-intensive systems from attack. Specifically, they explore how threat models can guide system requirements, system design, and operational choices to identify and mitigate threats.  

    Cyber Briefing
    September 05, 2025 - Cyber Briefing

    Cyber Briefing

    Play Episode Listen Later Sep 5, 2025 14:28


    If you like what you hear, please subscribe, leave us a review and tell a friend!Sap S4hana flaw exploited in the wild, Virustotal detects undetected svg phishing files, Russian Apt28 uses Outlook backdoor, Bridgestone cyberattack disrupts manufacturing, North Korean hackers run fake job interviews, Salesforce Salesloft breach impacts firms, Us and allies push Sboms, Ten million dollar reward for Russian Fsb hackers, Us sues robot toy maker exposing childrens data to Chinese developers.

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
    SANS Stormcast Thursday, September 4th, 2025: Dassault DELMIA Apriso Exploit Attempts; Android Updates; 1.1.1.1 Certificate Issued

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

    Play Episode Listen Later Sep 4, 2025 6:22


    Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086 Our honeypots detected attacks against the manufacturing management system DELMIA Apriso. The deserialization vulnerability was patched in June and is one of a few critical vulnerabilities patched in recent months. https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Dassault%20DELMIA%20Apriso.%20CVE-2025-5086/32256 Android Bulletin Google released its September update, fixing two already-exploited privilege escalation flaws and some remote code execution issues. https://source.android.com/docs/security/bulletin/2025-09-01 Mis-issued Certificates for SAN iPAddress:1.1.1.1 by Fina RDC 2020 Certificate authority Fina RDC issues a certificate for Cloudflare s IP address 1.1.1.1 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/SgwC1QsEpvc

    280+ Podcast
    Episode 206: Cyber Munchhausen

    280+ Podcast

    Play Episode Listen Later Sep 4, 2025 80:02


    Cyber Briefing
    September 04, 2025 - Cyber Briefing

    Cyber Briefing

    Play Episode Listen Later Sep 4, 2025 9:12


    If you like what you hear, please subscribe, leave us a review and tell a friend!Hackers and cybercriminals continue exploiting software and platforms, targeting schools, routers, Android devices, and AI systems. Major companies like Google, YouTube, Cloudflare, and Jaguar Land Rover face fines, disruptions, or security breaches. Law enforcement and regulators are taking action against violations, while threats like ransomware, malware, and zero-day exploits persist.

    Who Charted?
    Cyber Sigilism w/ Nate Craig

    Who Charted?

    Play Episode Listen Later Sep 3, 2025 65:13


    Standup Comedian Nate Craig rejoins the charts for a scorcher! Topics include: Humanizing The Beat. Parents Proud. Knives Out: Burning Man. 1892 Quiz.Join the Chart Mart on whochartedpod.com to get new episodes of TWO CHARTED every week, as well as the full archives of Whooch, Twooch, Preem Stream and more!See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
    SANS Stormcast Wednesday, September 3rd, 2025: Sextortiion Analysis; Covert Channel DNS/ICMP; Azure AD Secret Theft; Official FreePBX Patches

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

    Play Episode Listen Later Sep 3, 2025 5:29


    A Quick Look at Sextortion at Scale Jan analyzed 1900 different sextortion messages using 205 different Bitcoin addresses to look at the success rate, lifetime, and other metrics defining these campaigns. https://isc.sans.edu/diary/A%20quick%20look%20at%20sextortion%20at%20scale%3A%201%2C900%20messages%20and%20205%20Bitcoin%20addresses%20spanning%20four%20years/32252 Azure AD Client Secret Leak Attackers are stealing Azure AD client secrets from websites that are leaving them exposed. https://www.resecurity.com/blog/article/azure-ad-client-secret-leak-the-keys-to-cloud Covert Channel via ICMP and DNS A new bot combines ICMP and DNS in new ways for covert communication. The DNS requests use domains with a fixed prefix followed by a base64 encoded command, and the ICMP echo request packets include commands as a payload. https://blog.xlab.qianxin.com/mystrodx_covert_dual-mode_backdoor_en/ Official Release of Critical FreePBX Patch Sangoma has announced that the experimental patch released for the exploited FreePBX vulnerability is now considered stable, and users should update to apply it. https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
    SANS Stormcast Tuesday, September 2nd, 2025: pdf-parser Patch; Salesloft Compromise; Velociraptor Abuse; NeuVector Default Password

    SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

    Play Episode Listen Later Sep 2, 2025 5:39


    pdf-parser: All Streams Didier released a new version of pdf-parser.py. This version fixes a problem with dumping all filtered streams. https://isc.sans.edu/diary/pdf-parser%3A%20All%20Streams/32248 Salesloft Drift Putting OAuth Tokens at Risk OAuth tokens used by Salesloft Drift users to provide access to integrations with Salesforce, Google Workspace, and others have been compromised and heavily abused for additional compromise and large-scale data exfiltration from exposed services. https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift Velociraptor incident response tool abused for remote access Attackers are using the open source incident response tool Velociraptor to access remote systems in breached networks. Tools like Velocitraptor are ideal for attackers to perform lateral movement. https://news.sophos.com/en-us/2025/08/26/velociraptor-incident-response-tool-abused-for-remote-access/ Default Password in NeuVector (Rancher Desktop) SuSE fixed a default password vulnerability in NeuVector, a security tool included in Rancher Desktop. https://github.com/neuvector/neuvector/security/advisories/GHSA-8pxw-9c75-6w56

    Paul's Security Weekly
    AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Chris Boehm, Idan Plotnik, Josh Lemos, Michael Callahan - ASW #346

    Paul's Security Weekly

    Play Episode Listen Later Sep 2, 2025 68:11


    In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pulls back the curtain on how autonomous AI agents and centralized MCP hubs could supercharge productivity—while also opening the door to unprecedented supply chain vulnerabilities. From “shadow MCP servers” to the concept of an “API fabric,” Michael explains why these threats are evolving faster than traditional security measures can keep up, and why CISOs need to act before it's too late. Viewers will get rare insight into the parallels between MCP exploitation and DNS poisoning, the hidden dangers of API sprawl, and why this new era of AI-driven communication could become a hacker's dream. Blog: https://salt.security/blog/when-ai-agents-go-rogue-what-youre-missing-in-your-mcp-security Survey Report: https://content.salt.security/AI-Agentic-Survey-2025_LP-AI-Agentic-Survey-2025.html This segment is sponsored by Salt Security. Visit https://securityweekly.com/saltbh for a free API Attack Surface Assessment! At Black Hat 2025, live from the Cyber Risk TV studio in Las Vegas, Jackie McGuire sits down with Apiiro Co-Founder & CEO Idan Plotnik to unpack the real-world impact of AI code assistants on application security, developer velocity, and cloud costs. With experience as a former Director of Engineering at Microsoft, Idan dives into what drove him to launch Apiiro — and why 75% of engineers will be using AI assistants by 2028. From 10x more vulnerabilities to skyrocketing API bloat and security blind spots, Idan breaks down research from Fortune 500 companies on how AI is accelerating both innovation and risk. What you'll learn in this interview: - Why AI coding tools are increasing code complexity and risk - The massive cost of unnecessary APIs in cloud environments - How to automate secure code without slowing down delivery - Why most CISOs fail to connect security to revenue (and how to fix it) - How Apiiro's Autofix AI Agent helps organizations auto-fix and auto-govern code risks at scale This isn't just another AI hype talk. It's a deep dive into the future of secure software delivery — with practical steps for CISOs, CTOs, and security leaders to become true business enablers. Watch till the end to hear how Apiiro is helping Fortune 500s bridge the gap between code, risk, and revenue. Apiiro AutoFix Agent. Built for Enterprise Security: https://youtu.be/f-_zrnqzYsc Deep Dive Demo: https://youtu.be/WnFmMiXiUuM This segment is sponsored by Apiiro. Be one of the first to see their new AppSec Agent in action at https://securityweekly.com/apiirobh. Is Your AI Usage a Ticking Time Bomb? In this exclusive Black Hat 2025 interview, Matt Alderman sits down with GitLab CISO Josh Lemos to unpack one of the most pressing questions in tech today: Are executives blindly racing into AI adoption without understanding the risks? Filmed live at the CyberRisk TV Studio in Las Vegas, this eye-opening conversation dives deep into: - How AI is being rapidly adopted across enterprises — with or without security buy-in - Why AI governance is no longer optional — and how to actually implement it - The truth about agentic AI, automation, and building trust in non-human identities - The role of frameworks like ISO 42001 in building AI transparency and assurance - Real-world examples of how teams are using LLMs in development, documentation & compliance Whether you're a CISO, developer, or business exec — this discussion will reshape how you think about AI governance, security, and adoption strategy in your org. Don't wait until it's too late to understand the risks. The Economics of Software Innovation: $750B+ Opportunity at a Crossroads Report: http://about.gitlab.com/software-innovation-report/ For more information about GitLab and their report, please visit: https://securityweekly.com/gitlabbh Live from Black Hat 2025 in Las Vegas, Jackie McGuire sits down with Chris Boehm, Field CTO at Zero Networks, for a high-impact conversation on microsegmentation, shadow IT, and why AI still struggles to stop lateral movement. With 15+ years of cybersecurity experience—from Microsoft to SentinelOne—Chris breaks down complex concepts like you're a precocious 8th grader (his words!) and shares real talk on why AI alone won't save your infrastructure. Learn how Zero Networks is finally making microsegmentation frictionless, how summarization is the current AI win, and what red flags to look for when evaluating AI-infused security tools. If you're a CISO, dev, or just trying to stay ahead of cloud threats—this one's for you. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerobh to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-346