Podcasts about Cyber

British and Romanian authorities make arrests in a major tax fraud scheme. The Interlock ransomware gang has a new RAT. A new vulnerability in Google Gemini for Workspace allows attackers to hide malicious instructions inside emails. Suspected Chinese hackers breach a major DC law firm.  Multiple firmware vulnerabilities affect products from Taiwanese manufacturer Gigabyte Technology. Nvidia warns against Rowhammer attacks across its product line. Louis Vuitton joins the list of breached UK retailers. Indian authorities dismantle a cyber fraud gang. CISA pumps the brakes on a critical vulnerability in American train systems. Our guest is Cynthia Kaiser, SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, with insights on Scattered Spider. Hackers ransack Elmo's World.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Cynthia Kaiser, SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, discussing "Scattered Spider and Other Criminal Compromise of Outsourcing Providers Increases Victim Attacks." You can check out more from Halcyon here. Selected Reading Romanian police arrest 13 scammers targeting UK's tax authority (The Record) Interlock Ransomware Unleashes New RAT in Widespread Campaign (Infosecurity Magazine) Google Gemini flaw hijacks email summaries for phishing (Bleeping Computer) Chinese hackers suspected in breach of powerful DC law firm (CNN Politics) Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment (Security Week) Nvidia warns of Rowhammer attacks on GPUs (The Register) Louis Vuitton UK Latest Retailer Hit by Data Breach (Infosecurity Magazine) Indian Police Raid Tech Support Scam Call Center (Infosecurity Magazine) Security vulnerability on U.S. trains that let anyone activate the brakes on the rear car was known for 13 years — operators refused to fix the issue until now (Tom's Hardware) End-of-Train and Head-of-Train Remote Linking Protocol (CISA) Hacker Makes Antisemitic Posts on Elmo's X Account (The New York Times) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Experimental Suspicious Domain Feed Our new experimental suspicious domain feed uses various criteria to identify domains that may be used for phishing or other malicious purposes. https://isc.sans.edu/diary/Experimental%20Suspicious%20Domain%20Feed/32102 Wing FTP Server RCE Vulnerability Exploited CVE-2025-47812 Huntress saw active exploitation of Wing FTP Server remote code execution (CVE-2025-47812) on a customer on July 1, 2025. Organizations running Wing FTP Server should update to the fixed version, version 7.4.4, as soon as possible. https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ FortiWeb Pre-Auth RCE (CVE-2025-25257) An exploit for the FortiWeb RCE Vulnerability is now available and is being used in the wild. https://pwner.gg/blog/2025-07-10-fortiweb-fabric-rce NVIDIA Vulnerable to Rowhammer NVIDIA has received new research related to the industry-wide DRAM issue known as Rowhammer . The research demonstrates a potential Rowhammer attack against an NVIDIA A6000 GPU with GDDR6 Memory. The purpose of this notice is to reinforce already known mitigations to Rowhammer attacks. https://nvidia.custhelp.com/app/answers/detail/a_id/5671/~/security-notice%3A-rowhammer---july-2025

Laurent had the pleasure and privilege of sitting down with Markus Rauroma, CEO of Fortum, during the Eurelectric “Power Play” conference in Brussels this June.  Fortum, the Finnish energy company also active in Sweden and Poland, finds itself right on the front line when it comes to tensions with Russia—not exactly your average utility boardroom drama.   The conversation kicks off with Markus's recent election as President of Eurelectric, taking over from none other than Leo “the Great” Birnbaum, CEO of E.ON.We talk about the challenges Markus has faced so far, including how Fortum managed to steer through the stormy waters of the Ukraine war, and what's ahead for the industry. Spoiler: it's not all doom and gloom—there's strategy, resilience, and some surprisingly good teamwork. Markus rolls out Eurelectric's Manifesto centred on customers, security of supply and digitisation (AI).  Markus introduces his vice-presidential duo: Georgios Stassis (CEO of PPC) and Catherine MacGregor (CEO of Engie). According to him, it's a well-balanced trio—think energy world's version of the Avengers, but with spreadsheets and grid stability. He also gives kudos to Kristian Ruby, Secretary General of Eurelectric, and the Brussels team for their stellar behind-the-scenes work.The chat then shifts to the Baltics, one of the rare places in Europe where electricity demand is actually growing. Fortum's been ahead of the game there too: Markus reveals they now have over 1.3 GW of capacity lined up and ready to power new datacenters—because TikTok videos don't host themselves.  Of course, we couldn't ignore the constant cyber-attacks and sabotage attempts coming from Russia. Markus shares how Fortum has learned to deal with them—let's just say they don't flinch easily anymore.  And finally, a public mea culpa: Laurent repeatedly referred to Finland as part of Scandinavia. A common slip-up. For the record: Finland is next to Scandinavia, but it's not in it. The Finns are Nordic, not Scandinavian—but much like their neighbours to the west, they handled the mix-up with trademark cool. No sauna ban issued.  We thank Kristian Ruby and all the Eurelectric team for organising this recording and putting together such a great summit.

In this episode of the Other Side of the Firewall podcast, hosts Ryan Williams Sr. and Shannon Tynes discuss various cybersecurity topics, including a vulnerability in ServiceNow that allowed unauthorized data access, the implications of North American APTs attacking China using Exchange Zero Day exploits, and a significant security flaw in McDonald's AI recruiting platform. They also share personal updates and reflections on media consumption, emphasizing the importance of feedback for the podcast and Ryan's recently published book. Articles: New ServiceNow flaw lets attackers enumerate restricted data https://www.bleepingcomputer.com/news/security/new-servicenow-flaw-lets-attackers-enumerate-restricted-data/amp/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExQWRYQWV1ak5pd1lZdHJtegEeelyIlK2Ek9gCYDYtP80irWWtUhS3cA8gY_25kHfhgHP-_ntEK-dqk8Ot_GI_aem_xJzS7lMJMTkWDOS6Wcj4SQ North American APT Uses Exchange Zero-Day to Attack China https://www.darkreading.com/cyberattacks-data-breaches/north-american-apt-exchange-zero-day-attacks-china?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExQWRYQWV1ak5pd1lZdHJtegEer8-gvyCsk7NEjyuZ1a1N2eGHIyLh6cCANkM5oD9x-jPlHuntjonpKiZ0Hcg_aem_25vP0x19KnGVwKBr8POhPg McDonald's AI recruiting platform had a really embarrassing security flaw - and it left millions of users open to attack https://www.techradar.com/pro/security/mcdonalds-ai-recruiting-platform-had-a-really-embarrassing-security-flaw-which-left-millions-of-users-open-to-attack?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExQWRYQWV1ak5pd1lZdHJtegEer8-gvyCsk7NEjyuZ1a1N2eGHIyLh6cCANkM5oD9x-jPlHuntjonpKiZ0Hcg_aem_25vP0x19KnGVwKBr8POhPg Please LISTEN

פרק לייב! אבל בדיעבד. לפני שבוע התארחנו ב@מת״מ ושמחנו לקחת חלק בחגיגות השנתיים לקהילה. בנוכחות קהל (בפעם הראשונה) התכבדנו לארח את ד״ר @סתיו אלבר ולשוחח על פרטיות, סודיות והצפנה. סתיו היא חוקרת צפנים ב@טכניון ומהנדסת תוכנה ב@גוגל. מעבר לכך היא גם סופרת ילדים וכתבה את הספרים ״סודות ההצפנה לילדים״, ״בינה מלאכותית לילדים״ וגם ״אלגוריתמים לילדים״. אז על מה דיברנו? - למה צריך אבטחת מידע? - מה ההבדל בין סודיות ופרטיות? - למה הצפנה מקושרת לסייבר? - מה הסיפור עם האניגמה? - מתי התחילו להצפין מידע? - איך שוברים הצפנה? - איך ולמה חוקרת צפנים מתחילה לכתוב ספר ילדים? אחרי שהאזנתם לפרק מוזמנים להצטרף לקבוצת המאזינים שלנו - שם אנחנו מאמתים שאתם לא רובוטים >>> https://chat.whatsapp.com/KwUu8pQsxx220qS7AXv04T תודה ל@הגר על ההזמנה וההזדמנות להקליט פרק בלייב במתחם המקסים בפרק מת״מ! נשמח לשמוע את דעתכם על הפרק בתגובות. פרק 75 - Data Security Hard Reset - הפודקאסט של קהילת Hardware Engineering Israel. פרק זה הוקלט במהלך מלחמת ״חרבות ברזל״. מוזמנים ליצור איתנו קשר במייל podcasthardreset@gmail.com האזנה נעימה. Lior Schermann Yuval Kogan

In this episode of the Cyber Uncut podcast, host Liam Garman is joined by Mike Franklin, Australian cyber security lead at Protecht, to discuss the current cyber security landscape, the importance of top-down cyber security culture, and the impact of AI on cyber security. Garman and Franklin begin with a discussion on the current cyber security landscape, such as the importance of risk management and the evolving techniques used by malicious actors. The pair also discuss the importance of differentiating IT risk, such as product availability and other operational issues, and cyber risk. Franklin then highlights the importance of understanding and prioritising an organisation's critical assets and the need for a strong top-down cyber security culture. Finally, Franklin discusses the impact of AI on cyber security and how the role of the technology is quickly evolving from both a defence and an offence perspective. Enjoy the episode, The Cyber Uncut team

Erweitere dein Wissen über digitale Sicherheit mit „Cybersecurity ist Chefsache“.In dieser Folge begrüßt Nico Freitag die Informationssicherheitsspezialistin Katia Winkler, die in ihrer Rolle als Senior Information Security Specialist bei einer großen Versicherung täglich mit den Herausforderungen rund um Lieferkettensicherheit, regulatorischen Anforderungen und realistischen Sicherheitsansätzen konfrontiert ist.Gemeinsam sprechen sie über:Die Realität der Lieferkette: Warum gerade Start-ups und Nischenanbieter oft nicht allen Anforderungen gerecht werden – und wie Unternehmen dennoch sicher mit ihnen zusammenarbeiten können.DORA, NIS2 und der Cyber Resilience Act (CRA): Was unterscheidet diese Vorgaben? Was ist verpflichtend, was nur Papiertiger? Und warum redet niemand über den CRA, obwohl er so viele betreffen wird?Zero Trust, S-BOMs und Penetrationstests: Was davon ist sinnvoll, was wird überbewertet – und was übersehen Unternehmen regelmäßig?Die Illusion von vollständiger Kontrolle: Warum Audits, Ratings und Excel-Checklisten oft nicht halten, was sie versprechen.Vertrauen als Sicherheitsfaktor: Wie echte Zusammenarbeit mit Lieferanten gelingen kann – und warum Security mehr Mensch als Metrik ist.Ein ehrliches Gespräch über Prozesse, Verantwortung und darüber, wie man Regulatorik nicht nur überlebt, sondern sinnvoll nutzt.____________________________________________

In this episode of the Cyber Uncut podcast, host Liam Garman is joined by Mike Franklin, Australian cyber security lead at Protecht, to discuss the current cyber security landscape, the importance of top-down cyber security culture, and the impact of AI on cyber security. Garman and Franklin begin with a discussion on the current cyber security landscape, such as the importance of risk management and the evolving techniques used by malicious actors. The pair also discuss the importance of differentiating IT risk, such as product availability and other operational issues, and cyber risk. Franklin then highlights the importance of understanding and prioritising an organisation's critical assets and the need for a strong top-down cyber security culture. Finally, Franklin discusses the impact of AI on cyber security and how the role of the technology is quickly evolving from both a defence and an offence perspective. Enjoy the episode, The Cyber Uncut team

What does modern cybersecurity look like when you're leading a federally regulated financial institution serving Canadians from coast to coast? In this episode, recorded at Cisco Live last month, I sat down with Shawn Spurko, VP of Information and Cybersecurity at Innovation Federal Credit Union. Based in Swift Current, Saskatchewan, but now operating across the country, Shawn Spurko has played a key role in building a security posture that treats laptops as offices and supports a workforce no longer tethered to physical locations. Shawn Spurkoshares his journey from service desk and web design to becoming a cybersecurity leader, and offers a refreshingly grounded view of how to approach regulation, zero trust, and digital maturity. He explains how Innovation CU's move from a provincial to a federal charter transformed their compliance obligations and how solutions like Cisco Secure Access enabled them to scale security seamlessly for a hybrid workforce. We explore why transparent, user-friendly security is no longer optional and how mature implementations of SWG, ZTNA, DLP, and management tunnels are quietly solving problems before users even notice them. Shawn Spurkoalso opens up about the practical realities of working with tools that are constantly evolving, and how his team reviews every new feature not just for capability but for how it maps to regulatory controls like Canada's OSFI B-13. This episode is a masterclass in modern cyber strategy, but it's also a reminder that the goal isn't complexity, it's making things work, everywhere, all the time. So, as the cybersecurity landscape continues to shift and regulators tighten expectations, how are you designing systems that work for both users and auditors? And what lessons can we all learn from financial services as we navigate this new world of anywhere access?

SSH Tunneling in Action: direct-tcp requests Attackers are compromising ssh servers to abuse them as relays. The attacker will configure port forwarding direct-tcp connections to forward traffic to a victim. In this particular case, the Yandex mail server was the primary victim of these attacks. https://isc.sans.edu/diary/SSH%20Tunneling%20in%20Action%3A%20direct-tcp%20requests%20%5BGuest%20Diary%5D/32094 Fortiguard FortiWeb Unauthenticated SQL injection in GUI (CVE-2025-25257) An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. https://www.fortiguard.com/psirt/FG-IR-25-151 Ruckus Virtual SmartZone (vSZ) and Ruckus Network Director (RND) contain multiple vulnerabilities Ruckus products suffer from a number of critical vulnerabilities. There is no patch available, and users are advised to restrict access to the vulnerable admin interface. https://kb.cert.org/vuls/id/613753

Send us a textPlease join us for our 250th episode, celebrating 5 and a half years of privacy, data protection, cyber law education and hot topics with hosts Paul Breitbarth, Ralph O'Brien, and Dr. K Royal. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

How can you approach your company's leadership to advocate for best security practices? Megan dives into a BIA (Business Impact Analysis) breakdown with triple guest features from FRSecure's Consulting Team. Mea Yang, Coral Morgan, and Kathryn Frickstad-Olson recall client trumphs and challenges they have witnessed with implementing BIAs.Whether you need a 101 course in BIA Practices, want a little guidance with a company conversation, or simply want to learn more about a BIA's purpose and value, this episode is for you!Access our free BIA Starter Kit by downloading today!FRSecure BIA Starter Kit--As always, let us know what you'd like to see next! Send your thoughts to unsecurity@frsecure.com. Follow for more!LinkedIn: FRSecure Instagram: FRSecureOfficial   Facebook: FRSecure BlueSky: FRSecureAbout FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Many small businesses are online now, but so are cyber criminals trying to take advantage. On today's show, how one bar owner fell victim to a Facebook scam and if big tech could do more to protect small business owners from increasing cyber attacks. Read Stephan's original piece. Related: The secret world of those scammy text messages After being scammed, one woman tries to get her money back For sponsor-free episodes of The Indicator from Planet Money, subscribe to Planet Money+ via Apple Podcasts or at plus.npr.org. Fact-checking by Sierra Juarez. Music by Drop Electric. Find us: TikTok, Instagram, Facebook, Newsletter. Learn more about sponsor message choices: podcastchoices.com/adchoicesNPR Privacy Policy

Setting up Your Own Certificate Authority for Development: Why and How. Some tips on setting up your own internal certificate authority using the smallstep CA. https://isc.sans.edu/diary/Setting%20up%20Your%20Own%20Certificate%20Authority%20for%20Development%3A%20Why%20and%20How./32092 Animation-Driven Tapjacking on Android Attackers can use a click-jacking like trick to trick victims into clicking on animated transparent dialogs opened from other applications. https://taptrap.click/usenix25_taptrap_paper.pdf Adobe Patches Adobe patched 13 different products yesterday. Most concerning are vulnerabilities in Coldfusion that include code execution and arbitrary file disclosure vulnerabilities. https://helpx.adobe.com/security/security-bulletin.html

President Donald Trump voiced sharp criticism of Russian President Vladimir Putin this week saying that the Russian leader's words are "meaningless." Shipments of arms to Ukraine had been halted by the Pentagon but then resumed by orders of the White House. Meanwhile, Senator Lindsey Graham has suggested tough sanctions be placed on Russia and even the countries that buy energy from Moscow. Fox's John Saucier speaks to (Ret.) Rear Admiral Mark Montgomery, senior director of the Center on Cyber and Technology Innovation for the Foundation for the Defense of Democracies, who says the United States needs to take a three pronged approach of sanctions and an uptick in defensive and offensive weapons deliveries to Ukraine to put real pressure on Putin to end this war. Click Here⁠⁠⁠⁠ To Follow 'The FOX News Rundown: Evening Edition' Learn more about your ad choices. Visit podcastchoices.com/adchoices

Why does security awareness training so often fail? In this episode of Unspoken Security, host AJ Nash welcomes Living Security CEO Ashley M. Rose to discuss this common issue. They explore how compliance-driven, "check-the-box" training creates a false sense of security. This old model relies on vanity metrics and rituals instead of reducing actual human risk.Ashley presents a better way forward through human risk management. This modern strategy moves beyond simple phishing tests and integrates data from your existing security tools. It provides a full view of employee behavior to identify and address risks proactively. The goal is to make security training engaging and effective, not just another task to ignore.The conversation also covers the nuanced relationship between human risk management and insider threat programs. AJ and Ashley discuss how to empower employees and transform them from a potential liability into an organization's greatest security asset, creating a stronger, more resilient workforce.Send us a textSupport the show

GreenOps is a cultural transformation that empowers developers to turn emissions data into meaningful action, bridging the communication gap with ESG teams and exposing the critical truth that cloud cost and carbon cost are not the same, which fundamentally reshapes how we approach sustainable IT.This week, Dave, Esmee and Rob talk to James Hall, Head of GreenOps at Green Pixie, to unpack the real state of GreenOps today—and why we've only just scratched the surface.  TLDR 01:57 Rob is confused about AGI 06:11 Cloud conversation with James Hall 22:10 Esmee as media archeologist, found GreenOps is 50 years old 30:46 Having some drinks in the summer Guest James Hall: https://www.linkedin.com/in/james-f-hall/ Hosts Dave Chapman: https://www.linkedin.com/in/chapmandr/ Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Production Marcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/ Dave Chapman: https://www.linkedin.com/in/chapmandr/ Sound Ben Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/ Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

President Donald Trump voiced sharp criticism of Russian President Vladimir Putin this week saying that the Russian leader's words are "meaningless." Shipments of arms to Ukraine had been halted by the Pentagon but then resumed by orders of the White House. Meanwhile, Senator Lindsey Graham has suggested tough sanctions be placed on Russia and even the countries that buy energy from Moscow. Fox's John Saucier speaks to (Ret.) Rear Admiral Mark Montgomery, senior director of the Center on Cyber and Technology Innovation for the Foundation for the Defense of Democracies, who says the United States needs to take a three pronged approach of sanctions and an uptick in defensive and offensive weapons deliveries to Ukraine to put real pressure on Putin to end this war. Click Here⁠⁠⁠⁠ To Follow 'The FOX News Rundown: Evening Edition' Learn more about your ad choices. Visit podcastchoices.com/adchoices

If you like what you hear, please subscribe, leave us a review and tell a friend!

President Donald Trump voiced sharp criticism of Russian President Vladimir Putin this week saying that the Russian leader's words are "meaningless." Shipments of arms to Ukraine had been halted by the Pentagon but then resumed by orders of the White House. Meanwhile, Senator Lindsey Graham has suggested tough sanctions be placed on Russia and even the countries that buy energy from Moscow. Fox's John Saucier speaks to (Ret.) Rear Admiral Mark Montgomery, senior director of the Center on Cyber and Technology Innovation for the Foundation for the Defense of Democracies, who says the United States needs to take a three pronged approach of sanctions and an uptick in defensive and offensive weapons deliveries to Ukraine to put real pressure on Putin to end this war. Click Here⁠⁠⁠⁠ To Follow 'The FOX News Rundown: Evening Edition' Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sara Sellos est ingénieure militaire, cheffe de département à la Direction Générale des Armées et ex-coordinatrice sectorielle défense à l'ANSSI. C'est pourtant en tant que maman qu'elle a décidé d'enseigner le hacking aux enfants avec son livre "J'apprends à hacker" — pour protéger, pas pour casser.La cybercriminalité génère plus de 1% du PIB mondial et vos enfants sont en première ligne. Quand les cyberattaques paralysent des lycées et que les jeux vidéo deviennent des vecteurs d'intrusion, Sara Sellos révèle une vérité qui dérange : apprendre à hacker est devenu un devoir citoyen. Comment enseigner le hacking sans créer de futurs cybercriminels ? Sarah dévoile sa méthode qui fait du hacking éthique un jeu d'enfant, littéralement. Elle explique pourquoi "le bon hacker est curieux" et révèle comment les femmes, 80% des éducateurs en France, détiennent la clé d'une révolution éducative qu'elles ignorent.

Microsoft Patch Tuesday, July 2025 Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities was disclosed before being patched, and none of the vulnerabilities have so far been exploited. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%2C%20July%202025/32088 Opposum Attack If a TLS server is configured to allow switching from HTTP to HTTPS on a specific port, an attacker may be able to inject a request into the data stream. https://opossum-attack.com/ Ivanti Security Updates Ivanty fixed vulnerabilities in Ivanty Connect Secure, EPMM, and EPM. In particular the password decryption vulnerabliity may be interesting. https://www.ivanti.com/blog/july-security-update-2025

Send us a textIn this candid and energizing conversation, Joey Pinz sits down with Ryan Ettridge, co-founder and CEO of CyberCert, for a deep dive into martial arts, cybersecurity, and the power of self-awareness. Recorded live at Pax8 Beyond 2025, the episode kicks off with a discussion on Ryan's lifelong relationship with martial arts, including earning multiple black belts, a serious neck injury, and how jiu-jitsu taught him humility, confidence, and long-term mindset.The conversation transitions to business as Ryan shares his vision for CyberCert and the global launch of the SMB 1001 certification standard. Tailored specifically for small and medium-sized businesses, this standard is designed to be MSP-led, making the managed service provider an essential part of the certification process. Cyber insurers recognize it, reducing friction and increasing trust for SMB clients.Ryan also opens up about his personal journey through burnout, executive coaching, and the realization that every leader must confront their internal fears. He's now building an AI executive coaching app to help others do the same.Whether you're an MSP, a cybersecurity pro, or someone chasing alignment in life and business — this episode is packed with strategy, storytelling, and substance. 

Send us a textIn this soul-rich episode recorded live at Pax8 Beyond 2025, Joey Pinz welcomes Darrin Swan — a cybersecurity strategist, vinyl collector, and espresso aficionado — to explore the habits and mindsets that drive both personal clarity and professional performance.Darrin opens up about his nightly ritual of selecting vinyl records to guide his mindset the next morning, the art of mastering an Italian espresso machine, and how these moments of intentionality ripple into his leadership at Total Helps. He shares how setting the tone for the day—creatively and energetically—has shaped his approach to solving problems and leading high-performing teams.On the business side, the conversation gets tactical as Darrin lays out the MSP challenges he's tackling: client security, talent retention, and the need to move from reactive to proactive cybersecurity strategies. He also highlights how mid-market acceptance of MSPs is growing—and how partner trust, cultural transparency, and gamification are key to success in this next phase of growth.It's a unique blend of music, mindset, and cybersecurity that delivers both strategic insight and personal inspiration. 

Welcome to Mastering Cyber with Host Alissa (Dr Jay) Abdullah, PhD, SVP & Deputy CSO at Mastercard, and former White House technology executive. Listen to this weekly one-minute podcast to help you maneuver cybersecurity industry tips, terms, and topics. Buckle up, your 60 seconds of cyber starts now! Sponsored by Mastercard: https://mastercard.us/en-us.html

In this episode of Reimagining Cyber, Rob Aragao (Chief Security Strategist, OpenText) speaks with Ed Gaudet, CEO and founder of Censinet, about the high-stakes intersection of cybersecurity and healthcare. With hospitals increasingly reliant on connected medical devices and legacy systems, the risks extend beyond data breaches—they directly impact patient safety.Ed shares insights into the unique cybersecurity challenges healthcare organizations face, including outdated systems, siloed risk management, and the complexity of biomed environments. He emphasizes how aligning cybersecurity and clinical engineering under a unified risk framework can improve compliance and operational efficiency. The conversation also explores the evolving role of medical device manufacturers, the importance of unique identifiers, and how actionable risk intelligence is key to improving outcomes.A highlight of the discussion is the eye-opening research Ed and Censinet conducted with the Ponemon Institute, revealing a 20% increase in mortality rates tied to ransomware attacks—transforming cybersecurity from a technical concern into a patient safety crisis.Key Takeaways:Strategies for managing legacy medical devices securelyThe danger of siloed risk management in healthcareHow ransomware disrupts care delivery and impacts patient safetyThe need for a single source of truth for cyber risk across organizationsWhy AI must be approached with caution in clinical settingsThis episode is a must-listen for healthcare leaders, cybersecurity professionals, and anyone interested in the future of safe, resilient healthcare systems.Reports referenced in this episode:Censinet/Ponemon InstituteCISA - Provide Medical Care is in Critical Condition: Analysis and Stakeholder Decision Support to Minimize Further Harm Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

Luke Walker joins us to talk about his "Cyber Runner" build, pre-runners in general, fabrication, and about his drift build. Support those that support us! High Performance Academy: https://hpcdmy.co/Minnoxide Use code "MINNOX" for 55% off ANY course Use Code "MINVIP" for $300 of the MINVIP Package Tuned By Shawn: https://www.tunedbyshawn.com Code "Minnoxide" for 5% off! MORE BIGGER Turbo T-Shirts:  https://www.minnoxide.com/products/more-bigger-t-shirt

If you like what you hear, please subscribe, leave us a review and tell a friend!

At the Tallinn Cyber Diplomacy Summer School this year, an idea resonated across sessions: our digital world is entwined into the fabric of society, influencing our security, values, and future prosperity. In this podcast episode, we sat down for a conversation on technology, diplomacy and values with Johanna Weaver, Executive Director of the Tech Policy Design Institute, Australia. She offers a perspective that breaks away from technicism and focuses on what matters down the line – how can we embed fairness, trust, and resilience into the technologies we create? "Diplomacy in the digital age is no longer optional," Weaver says, making clear that our choices today will define the digital world of the future. The introduction of values into digital systems starts at the design stage and must be reinforced through policy, education, and diplomacy. What we decide today will shape the face and substance of technology tomorrow. Tune in!

What s My File Name Malware may use the GetModuleFileName API to detect if it was renamed to a name typical for analysis, like sample.exe or malware.exe https://isc.sans.edu/diary/What%27s%20My%20%28File%29Name%3F/32084 Atomic macOS infostealer adds backdoor for persistent attacks Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems. https://moonlock.com/amos-backdoor-persistent-access HOUKEN SEEKING A PATH BY LIVING ON THE EDGE WITH ZERO-DAYS At the beginning of September 2024, an attacker repeatedly exploited vulnerabilities CVE-2024- 8190, CVE-2024-8963, and CVE-2024-9380 vulnerabilities to remotely execute arbitrary code on vulnerable Ivanti Cloud Service Appliance devices. https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-CTI-009.pdf SEO Scams Targeting Putty, WinSCP, and AI Tools Paid Google ads are advertising trojaned versions of popuplar tools like ssh and winscp https://arcticwolf.com/resources/blog-uk/malvertising-campaign-delivers-oyster-broomstick-backdoor-via-seo-poisoning-and-trojanized-tools/

Mark Gorak, the Defense Department's Cyber Academic Engagement Office's (CAEO) director and principal director for Resources and Analysis, shares how his office is shaping the future of cyber talent during the 2025 HammerCON conference in Laurel, Maryland. Launched in 2024, CAEO has partnered with over 480 academic institutions nationwide to identify and develop the next generation of cyber professionals. The office is working to streamline academic partnerships, create equitable opportunities for smaller schools and better align education with national security needs. Gorak also discusses the Pentagon's shift toward skills-based hiring, beginning with a pilot program for cybersecurity roles, with plans to expand the approach across the future defense workforce.

Today's guest has one of the broadest international reinsurance roles of anyone I have interviewed on the podcast. That's because Louise Rose has oversight over everything that TransRe does outside of the Americas. Louise has been on the show before as part of the annual Monte Carlo special Episode, but it's wonderful to have the time for a comprehensive examination of the state of the reinsurance world. And that is exactly what you get. We cover everything from the trajectory of the market to Trans Re's strategy as it looks to gain a stronger foothold in Continental Europe and the Asia Pacific region. Ai, Cyber, MGAs and the state of the Casualty market all get a thorough work-over. Louise is in her 29th year at Trans Re and is always direct in her communications style. It's refreshing and makes for a highly informative and valuable encounter. NOTES: Here's a link to the excellent US Public D&O report that we mention in our conversation: https://www.transre.com/u-s-public-do-2025-insurance-market-update/ We thank our naming sponsor AdvantageGo: https://www.advantagego.com

In this episode I talk about my pickups on the Air Jordam 5 Grape and Air Max 90 Patta in the Cyber colorway, plus which SB Dunks and Air Jordan 1s I have on the way.  Also, what new stuff I'm looking forward to and what I found on sale but haven't grabbed yet. Thanks as always for listening AFS Squad! Shoutout to the Patrons: Kingsley G, Tristan S, Brian D, Joshua N, John You can support this podcast, get your name listed above and get early access to episodes (paid tier) at: Patreon.com/ActualFanOfSneakers

Cybersecurity preparedness and response can seem technical, confusing, and daunting for local government officials, but pretending the threat isn't real won't save you. The TML Risk Pool's Cyber Squad (consisting of Cyber Risk Services Manager Ryan Burns and Senior Cybersecurity advisor Mike Bell) is here to help. Whether your entity runs off one computer or 1,000, the Squad's Fifteen-Minute Cyber Health Checkup for Local Leaders is a very simple assessment you can use as a guide to taking action, immediately. Every step you take to being more secure is a step in the right direction. Listen in to hear Scott interview Mike about how to get started, today.Further Information:15-Minute Cyber Health Checkup TestTML Risk Pool's Cyber Liability Home PageTML Risk Pool Cyber Squad YouTube Channel

If you like what you hear, please subscribe, leave us a review and tell a friend!

buy bitcoin

Don't be a dummy just bitcoin https://erickim.com/cyber-monk

Our guest in this compelling episode is Elaine Uskowski—speaker, author, and online coach—who turned her personal crisis into a global mission to raise awareness about video gaming addiction. When her own son fell into the grip of gaming dependency, Elaine took action, transforming pain into purpose. She shares insights from her books, Seeing Through the Cracks and Cyber Sober: A Caregiver's Guide to Video Gaming Addiction, offering practical advice for caregivers, warning signs to look out for, and strategies for navigating this growing digital health concern.

Winnona Bernsen, nonresident fellow at the Atlantic Council's Cyber Statecraft Initiative and founder of DistrictCon, joins Lawfare Contributing Editor Justin Sherman to discuss her recently released report "Crash (Exploit) and Burn: Securing the Offensive Cyber Supply Chain to Counter China in Cyberspace." They discuss the offensive cyber industry, the private sector and individual players, and the government procurement pipelines in the United States and China. They also discuss the strengths and weaknesses of each country's offensive cyber procurement ecosystem, what it takes to sell an exploit, Winnona's findings on the markups that middlemen add to exploit sales, and what it all means for the future of competition and cybersecurity.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/lawfare-institute.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

Interesting ssh/telnet usernames Some interesting usernames observed in our honeypots https://isc.sans.edu/diary/A%20few%20interesting%20and%20notable%20ssh%20telnet%20usernames/32080 More sudo trouble The host option in Sudo can be exploited to execute commands on unauthorized hosts. https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host CitrixBleed2 PoC Posted (CVE-2025-5777) WatchTwer published additional details about the recently patched CitrixBleed vulnerability, including a PoC exploit. https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/ Instagram Using Six Day Certificates Instagram changes their TLS certificates daily and they use certificates that are just about to expire in a week. https://hereket.com/posts/instagram-single-day-certificates/

Welcome to this week's episode of the PEBCAK Podcast!  We've got three amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   ISP and datacenter hosting provider get compromised by Salt Typhoon https://www.nextgov.com/cybersecurity/2025/06/us-agencies-assessed-chinese-telecom-hackers-likely-hit-data-center-and-residential-internet-providers/405920/   Cyber attack causes patient death https://news.sky.com/story/patient-death-linked-to-cyber-attack-on-nhs-hospital-trust-says-13388485  https://www.bloomberg.com/news/articles/2025-01-14/nhs-ransomware-hack-caused-patient-harm-in-uk-data-shows  https://www.independent.co.uk/news/uk/home-news/london-nhs-gp-surgeries-blood-health-service-journal-b2772287.html      Australian student arrested for hacking https://www.police.nsw.gov.au/news/news_article?sq_content_src=%2BdXJsPWh0dHBzJTNBJTJGJTJGZWJpenByZC5wb2xpY2UubnN3Lmdvdi5hdSUyRm1lZGlhJTJGMTE5MjYyLmh0bWwmYWxsPTE%3D    Happy birthday America! https://www.whitehouse.gov/briefings-statements/2025/07/presidential-message-on-the-249th-anniversary-of-the-adoption-of-the-declaration-of-independence/   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Ben - https://www.linkedin.com/in/benjamincorll/

July 7, 2025: Mick Coady, CTO at Armis, joins Drex for the news. This episode examines a sobering milestone: the first confirmed patient death directly attributed to a ransomware attack on London's blood distribution system. The conversation explores how a single cyber incident creates cascading effects across entire healthcare networks, flooding neighboring hospitals with redirected patients and overwhelming emergency departments. With 28 healthcare security incidents reported in June alone—many involving third-party vendors—the discussion questions whether the industry fully understands how interconnected systems create compounding vulnerabilities. From agricultural equipment with satellite connectivity to medical devices running outdated firmware, every connected endpoint represents a potential entry point for attackers. Key Points: 01:43 Ransomware Attack Leads to Patient Death 06:10 Rural Healthcare During Cyber Attacks 09:11 Third-Party Risks in Cybersecurity 10:29 Cybersecurity in Agriculture and Implications News Articles:  Ransomware attack contributed to patient's death, says Britain's NHS HHS Breach Portal College students hacked into tractors. Manufacturers wanted them to do it X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

According to Bleeping Computer, hackers associated with "Scattered Spider" tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors. In this episode, host Amanda Glassner is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss. To learn more about today's stories, visit https://cybercrimewire.com • For more on cybersecurity, visit us at https://cybersecurityventures.com.

In this episode, I explore the difference between the military mindset and the more stealth approach of minimization in cybersecurity. I share the results from the Ghost in the Source Capture the Flag (CTF) challenge, revealing how the winners cracked the AES encryption using dictionary attacks, keyword harvesting and the cipher tool hidden in robots.txt. I discuss why the “assume breach” mentality just leaves the doors wide open, using examples from Kevin Mitnick's 1981 Pacific Bell infiltration to modern ransomware groups like Scattered Spider who breached MGM and Marks & Spencer through social engineering.I also cover practical tactics for using public Wi-Fi, data curation techniques, the invisible surveillance net including Stingray devices, and provide a deep dive into GrapheneOS covering user profiles, app sandboxing, network controls, sensor permissions, and the proper use of sandboxed Google Play services.In this week's episode:Ghost in the Source Capture the Flag challenge resultsThe military mindset problem in cybersecurityStrategic use of public Wi-Fi for account creation and privacy techniquesData curation tactics, and “Minimizing What Can Be Known”Invisible surveillance net and Stingray devicesGrapheneOS discussion on user profiles, app sandboxing, network controls, sensors permissions, sandboxed Google Play services, and security architectureMatrix Community RoomsMatrix Community Space - https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links:https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links:Noam Chomsky on Internet Privacyhttps://www.youtube.com/watch?v=QIWsTMcBrjQNoam Chomsky on Advertising - https://www.youtube.com/watch?v=PfIwUlY44CMTryHackMe Platform - https://tryhackme.comHack the Box - https://hackthebox.comWired Article on DNC Stingray Surveillance - https://www.wired.com/story/2024-dnc-cell-site-simulator-phone-surveillance/IntelTechniques Data Removal Guide - https://inteltechniques.com/workbook.htmlOptery Data Broker Removal - https://optery.comGraphene OS - https://grapheneos.org“We're dragons. We're not supposed to live by other people's rules.”- Hajime Ryudo ★ Support this podcast on Patreon ★

While the N2K CyberWire team is observing Independence Day in the US, we thought you'd enjoy this episode of Threat Vector from our podcast network. Listen in and bust those cyber myths. In this episode of Threat Vector, David Moulton talks with Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. Lisa shares insights from this year's “Oh Behave!” report and dives into why cybersecurity habits remain unchanged—even when we know better. From password reuse to misunderstood AI risks, Lisa explains how emotion, storytelling, and system design all play a role in protecting users. Learn why secure-by-design is the future, how storytelling can reshape behavior, and why facts alone won't change minds. This episode is a must-listen for CISOs, security leaders, and anyone working to reduce human risk at scale. Resources: Kubikle: A comedy webseries about cybercriminals. Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2024 Join the conversation on our social media channels: Website:⁠⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠⁠ Threat Research:⁠⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠ Facebook:⁠⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠⁠ LinkedIn:⁠⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠⁠ YouTube:⁠⁠⁠ ⁠⁠⁠⁠⁠⁠@paloaltonetworks⁠⁠⁠ Twitter:⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠ ⁠http://paloaltonetworks.com⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices