Podcasts about Cyber

Alternate Data Streams: Adversary Defense Evasion and Detection Good Primer of alternate data streams and how they are abused, as well as how to detect and defend against ADS abuse. https://isc.sans.edu/diary/Alternate%20Data%20Streams%20%3F%20Adversary%20Defense%20Evasion%20and%20Detection%20%5BGuest%20Diary%5D/31990 Connectwise Breach Affects ScreenConnect Customers Connectwise s ScreenConnect solution was compromised, leading to attacks against a small number of customers. This is yet another example of how attackers are taking advantage of remote access solutions. https://www.connectwise.com/company/trust/advisories Mark Your Calendar: APT41 Innovative Tactics Google detected attacks leveraging Google s calendar solution as a command and control channel. https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics Webs of Deception: Using the SANS ICS Kill Chain to Flip the Advantage to the Defender Defending a small Industrial Control System (ICS) against sophisticated threats can seem futile. The resource disparity between small ICS defenders and sophisticated attackers poses a significant security challenge. https://www.sans.edu/cyber-research/webs-deception-using-sans-ics-kill-chain-flip-advantage-defender/

The Cyberlaw Podcast is back from hiatus – briefly!  I've used the hiatus well, skiing the Canadian Ski Marathon, trekking through Patagonia, and having a heart valve repaired (all good now!). So when I saw (and disagreed with ) Orin Kerr's new book, I figured it was time for episode 502 of the Cyberlaw Podcast.  Orin and I spend the episode digging into his book, The Digital Fourth Amendment: Privacy and Policing in Our Online World. The book is part theory, part casebook, part policy roadmap—and somehow still manages to be readable, even for non-lawyers. Orin's goal? To make sense of how the Fourth Amendment should apply in a world of smartphones, cloud storage, government-preserved Facebook accounts, and surveillance everywhere. The core notion of the book is “equilibrium adjustment”—the idea that courts have always tweaked Fourth Amendment rules to preserve a balance between law enforcement power and personal privacy, even as technology shifts the terrain. From Prohibition-era wiretaps to the modern smartphone, that balancing act has never stopped. Orin walks us through how this theory applies to search warrants for digital devices, plain view exceptions in the age of limitless data, and the surprisingly murky question of whether copying your files counts as a seizure. It's very persuasive, I say, if you ignore Congress's contribution to equilibrium. In some cases, the courts are simply discovering principles in the Fourth Amendment that Congress put in statute decades earlier. Worse, courts (and Orin) have too often privileged their idea of equilibrium over the equilibrium chosen by Congress, ignoring or implicitly declaring unconstitutional compromises between privacy and law enforcement that are every bit as defensible as the courts'. One example is preservation orders—those quiet government requests that tell internet providers to make a copy of your account just in case. Orin argues that's a Fourth Amendment search and needs a warrant, even if no one looks at the data yet. But preservation orders without a warrant are authorized by Congress; ignoring Congress's work should require more than a vague notion of equilibrium rebalancing, or so I argue. Orin is unpersuaded. We also revisit Carpenter v. United States, the 2018 Supreme Court decision on location tracking, and talk about what it does—and doesn't—mean for the third-party doctrine. Orin's take is refreshingly narrow: Carpenter didn't blow up the doctrine, but it did acknowledge that some records, even held by third parties, are just too revealing to ignore. I argue that Carpenter is the judiciary's Vietnam war – it has committed troops to an unwinnable effort to replace the third party rule with a doomed series of touchy-feely ad hoc rulings. That said, Orin's version of the decision, which deserves to be called the Kerr-penter doctrine, is more limited and more defensible than most of the legal (and judicial) interpretations over the last several years. Finally, we talk border searches, network surveillance, and whether the Supreme Court has any idea where to go next. (Spoiler: probably not.)

Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack Jennifer Wilson took a weird string found in a recent honeypot sample and worked with ChatGPT to figure out what it is all about. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Exploring%20a%20Use%20Case%20of%20Artificial%20Intelligence%20Assistance%20with%20Understanding%20an%20Attack/31980 Ransomware Deployed via SimpleHelp Vulnerabilities Ransomware actors are using vulnerabilities in SimpleHelp to gain access to victim s networks via MSPs. The exploited vulnerabilities were patched in January. https://news.sophos.com/en-us/2025/05/27/dragonforce-actors-target-simplehelp-vulnerabilities-to-attack-msp-customers/ OS Command Injection in Everetz Equipment Broadcast equipment manufactured by Everetz is susceptible to an OS command injection vulnerability. Everetz has not responded to researchers reporting the vulnerability so far and there is no patch available. https://www.onekey.com/resource/security-advisory-remote-code-execution-on-evertz-svdn-cve-2025-4009

Listen now: subscribe and join 1,000s of IT Leaders changing the face of IT. ON THIS EPISODE: ➤ The critical elements of incident response planning➤ Strategic approaches to cyber insurance and vendor alignment➤  Methods for maintaining business operations during cyber events➤  Techniques for communicating with executive leadership➤  Essential partnerships and resources during cyber incidents

This week we discussed elections in Poland and Romania, Cyber brothel in Berlin, Bee's and more #poland #awakening #spain About my Co-Host:Arnold Beekes Innovator, certified coach & trainer and generalist. First 20 years in technology and organizational leadership, then 20 years in psychology and personal leadership (all are crucial for innovation).============What we Discussed: 00:00 What we are discussing in this weeks show 01:25 Mobile Network in Spain Crashed02:50 Israel Vs Palestine03:50 Bees in Serious Decline05:40 The Polish Presidential Elections09:00 The Dead are Voting in Romania13:45 Ai Replacing Coding Engineers15:10 Berlins 1st Cyber Brothel19:50 Google introduces Gemini23:00 Pro's & Cons of Ai24:30 What is Ai for? - answered by Chat GPT26:45 World Bee Day29:00 Do not be afraid of the Bees30:25 I will Listen32:50 Florida bans Flurodide in the Water34:00 The dangers of Cat Scans35:45 Tropical Rain Forest Lost38:35 Garlic in Your Nose40:10 BBC whistle-blower about protecting Israel41:45 MAID is Legalised Genocide47:00 You are not a Failure47:50 High Impact Countries on the Environment52:50 Uk woman's heart taken in Turkey without husbands knowledge55:35 Is Harvard corrupt?====================How to Contact Arnold Beekes: https://braingym.fitness/ https://www.linkedin.com/in/arnoldbeekes/===============Donations ⁠⁠ https://www.podpage.com/speaking-podcast/support/ ⁠⁠------------------All about Roy / Brain Gym & Virtual Assistants athttps://roycoughlan.com/------------------

SSH authorized_keys File One of the most common techniques used by many bots is to add rogue keys to the authorized_keys file, implementing an SSH backdoor. Managing these files and detecting unauthorized changes is not hard and should be done if you operate Unix systems. https://isc.sans.edu/diary/Securing%20Your%20SSH%20authorized_keys%20File/31986 REMOTE COMMAND EXECUTION ON SMARTBEDDED METEOBRIDGE (CVE-2025-4008) Weatherstation software Meteobridge suffers from an easily exploitable unauthenticated remote code execution vulnerability https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008 https://forum.meteohub.de/viewtopic.php?t=18687 Manageengine ADAuditPlus SQL Injection Zoho patched two SQL Injection vulnerabilities in its ManageEngine ADAuditPlus product https://www.manageengine.com/products/active-directory-audit/cve-2025-41407.html https://www.manageengine.com/products/active-directory-audit/cve-2025-36527.html Dero Miner Infects Containers through Docker API Kaspersky found yet another botnet infecting docker containers to spread crypto coin miners. The initial access happens via exposed docker APIs. https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/

If you like what you hear, please subscribe, leave us a review and tell a friend!

SVG Steganography Steganography is not only limited to pixel-based images but can be used to embed messages into vector-based formats like SVG. https://isc.sans.edu/diary/SVG%20Steganography/31978 Fortinet Vulnerability Details CVE-2025-32756 Horizon3.ai shows how it was able to find the vulnerability in Fortinet s products, and how to possibly exploit this issue. The vulnerability is already being exploited in the wild and was patched May 13th https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/ Remote Prompt Injection in GitLab Duo Leads to Source Code Theft An attacker may leave instructions (prompts) for GitLab Duo embedded in the source code. This could be used to exfiltrate source code and secrets or to inject malicious code into an application. https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo

This podcast is brought to you by Outcomes Rocket, your exclusive healthcare marketing agency. Learn how to accelerate your growth by going to outcomesrocket.com Organizations must recognize that AI risk management is a shared responsibility across the entire organization, not solely confined to cybersecurity, legal, or compliance teams.  In this episode, Michael Crowthers, Managing Director of Life Sciences Digital Quality & Compliance, and Chris Knackstedt, Managing Director of Cyber and Strategic Risk Practice at Deloitte & Touche, discuss the major challenges to AI adoption, highlighting governance, ethics, and compliance as top concerns. They emphasize the importance of integrating AI governance into existing risk management frameworks and navigating regulatory uncertainty, talent gaps, and ethical usage policies. The conversation also explores risks posed by AI agents, such as runaway behavior, misaligned learning, and context untraceability, stressing the need for human oversight and robust behavioral evaluations. Looking ahead, Michael anticipates a rise in governance tech to manage evolving AI risks, while Chris encourages organizations to build on their cybersecurity foundation and maintain momentum in AI strategy. Tune in and learn how to navigate the complex landscape of AI risk management and secure adoption! Resources:  Connect and follow Mike Crowthers on LinkedIn. Connect and follow Chris Knackstedt on LinkedIn. Learn more about Deloitte on their LinkedIn and website. Subscribe to The Current, Deloitte Cyber's quick-read series. Read our life sciences and health care industry insights. Visit the Deloitte AI Institute™ website. Explore The State of Generative AI in the enterprise 2024 year-end report. 

If you like what you hear, please subscribe, leave us a review and tell a friend!

While our team is observing Memorial Day in the United States, please enjoy this episode from the N2K CyberWire network partner, Microsoft Security. You can hear new episodes of Ann Johnson's Afternoon Cyber Tea podcast every other Tuesday. Dr. Hugh Thompson, Executive Chairman of RSA Conference and Managing Partner at Crosspoint Capital joins Ann on this week's episode of Afternoon Cyber Tea. They discuss what goes into planning the world's largest cybersecurity conference—from theme selection to llama-related surprises on the expo floor—and how the RSA community continues to evolve. Hugh also shares how his background in applied math led him from academia to cybersecurity, his thoughts on the human element in security, and what keeps him optimistic about the future of the industry.    Resources:   View Hugh Thompson on LinkedIn    View Ann Johnson on LinkedIn          Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Research presented at this year's RSA Conference highlighted a significant and accelerating trend: a growing number of applications are effectively mitigating prevalent security flaws. In this episode, host Amanda Glassner is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss. To learn more about today's stories, visit https://cybercrimewire.com • For more on cybersecurity, visit us at https://cybersecurityventures.com.

If you like what you hear, please subscribe, leave us a review and tell a friend!

This week, we are joined by Deepen Desai, Zscaler's Chief Security Officer and EVP of Cyber and AI Engineering, taking a dive deep into Mustang Panda's latest campaign. Zscaler ThreatLabz uncovered new tools used by Mustang Panda, including the backdoors TONEINS, TONESHELL, PUBLOAD, and the proxy tool StarLoader, all delivered via phishing. They also discovered two custom keyloggers, PAKLOG and CorKLOG, and an EDR evasion tool, SplatCloak, highlighting the group's focus on surveillance, persistence, and stealth in cyberespionage operations.4o. The research can be found here: Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Deepen Desai, Zscaler's Chief Security Officer and EVP of Cyber and AI Engineering, taking a dive deep into Mustang Panda's latest campaign. Zscaler ThreatLabz uncovered new tools used by Mustang Panda, including the backdoors TONEINS, TONESHELL, PUBLOAD, and the proxy tool StarLoader, all delivered via phishing. They also discovered two custom keyloggers, PAKLOG and CorKLOG, and an EDR evasion tool, SplatCloak, highlighting the group's focus on surveillance, persistence, and stealth in cyberespionage operations.4o. The research can be found here: Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 Learn more about your ad choices. Visit megaphone.fm/adchoices

Resilient Secure Backup Connectivity for SMB/Home Users Establishing resilient access to a home network via a second ISP may lead to unintended backdoors. Secure the access and make sure you have the visibility needed to detect abuse. https://isc.sans.edu/diary/Resilient%20Secure%20Backup%20Connectivity%20for%20SMB%20Home%20Users/31972 BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory An attacker with the ability to create service accounts may be able to manipulate these accounts to mark them as migrated accounts, inheriting all privileges the original account had access to. https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory Flaw in samlify That Opens Door to SAML Single Sign-On Bypass CVE-2025-47949 The samlify Node.js library does not verify SAML assertions correctly. It will consider the entire assertion valid, not just the original one. An attacker may use this to obtain additional privileges or authenticate as a different user https://www.endorlabs.com/learn/cve-2025-47949-reveals-flaw-in-samlify-that-opens-door-to-saml-single-sign-on-bypass

In this episode of the Power Vertical Podcast, Justin Sherman joins host Brian Whitmore to unpack the complex ecosystem behind Russia's offensive cyber operations. From government agencies like the GRU and SVR to loosely affiliated cybercriminals and patriotic hackers, Sherman explores how these entities operate—often independently, yet in alignment with state interests.

In this episode, I sit down with longtime industry leader and visionary Phil Venables to discuss the evolution of cybersecurity leadership, including Phil's own journey from CISO to Venture Capitalist. We chatted about: A recent interview Phil gave about CISOs transforming into business-critical digital risk leaders and some of the key themes and areas CISOs need to focus on the most when making that transition Some of the key attributes CISOs need to be the most effective in terms of technical, soft skills, financial acumen, and more, leaning on Phil's 30 years of experience in the field and as a multiple-time CISO Phil's transition to Venture Capital with Ballistic Ventures and what drew him to this space from being a security practitioner Some of the product areas and categories Phil is most excited about from an investment perspectiveThe double-edged sword is AI, which is used for security and needs security. Phil's past five years blogging and sharing his practical, hard-earned wisdom at www.philvenables.com, and how that has helped him organize his thinking and contribute to the community.Some specific tactics and strategies Phil finds the most valuable when it comes to maintaining deep domain expertise, but also broader strategic skillsets, and the importance of being in the right environment around the right people to learn and grow

In this episode of The Jerich Show, Erich Kron and Javvad Malik dive headfirst into the week's most curious, cringeworthy, and critical cybersecurity stories. First up: a global honeypot powered by over 5,300 compromised Cisco devices—courtesy of the ViciousTrap botnet. Then, it's schadenfreude central as the developers of DanaBot malware accidentally infect themselves. Karma, meet keyboard. We'll also unpack Europol's massive takedown of ransomware infrastructure, which led to the seizure of 300 servers and €3.5 million in crypto. Not to be outdone, two ATM heist suspects made their arrest even easier... by taking selfies mid-crime. And finally, the UK's NCSC shows us how to securely retire old tech—because tossing servers in the skip just isn't secure policy. Join Erich and Javvad for sharp takes, security snark, and the cybersecurity fails you'll want to learn from (or at least laugh at).

If you like what you hear, please subscribe, leave us a review and tell a friend!

New Variant of Crypto Confidence Scam Scammers are offering login credentials for what appears to be high value crypto coin accounts. However, the goal is to trick users into paying for expensive VIP memberships to withdraw the money. https://isc.sans.edu/diary/New%20Variant%20of%20Crypto%20Confidence%20Scam/31968 Malicious Chrome Extensions Malicious Chrome extensions mimick popular services like VPNs to trick users into installing them. Once installed, the extensions will exfiltrate browser secrets https://dti.domaintools.com/dual-function-malware-chrome-extensions/ Malicious VS Code Extensions Malicious Visual Studio Code extensions target crypto developers to trick them into installing them to exfiltrate developer secrets. https://securitylabs.datadoghq.com/articles/mut-9332-malicious-solidity-vscode-extensions/#indicators-of-compromise

Researchers Scanning the Internet A newish RFC, RFC 9511, suggests researchers identify themselves by adding strings to the traffic they send, or by operating web servers on machines from which the scan originates. We do offer lists of researchers and just added three new groups today https://isc.sans.edu/diary/Researchers%20Scanning%20the%20Internet/31964 Cloudy with a change of Hijacking: Forgotten DNS Records Organizations do not always remove unused CNAME records. An attacker may take advantage of this if an attacker is able to take possession of the now unused public cloud resource the name pointed to. https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/ Message signature verification can be spoofed CVE-2025-47934 A vulnerability in openpgp.js may be used to spoof message signatures. openpgp.js is a popular library in systems implementing end-to-end encrypted browser applications. https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8

Sean Farrington has the latest on the fallout from cyber attacks targeting the food chain. Plus, we'll find out why some workers don't want to go back into the office full-time.

In this episode, I discuss the Model Context Protocol (MCP) with the OWASP GenAI Co-Lead for Agentic Application Security, Vineeth Sai Narajala. We will discuss MCP's potential and pitfalls, its role in the emerging Agentic AI ecosystem, and how security practitioners should consider secure MCP enablement.We discussed: MCP 101, what it is and why it mattersThe role of MCP as a double-edged sword, offering opportunities but additional risks and considerations from a security perspectiveVineeth's work on the "Vulnerable MCP" project is a repository of MCP risks, vulnerabilities, and corresponding mitigations.How MCP is also offering tremendous opportunities on the security-enabling side, extending security capabilities into AI-native platforms such as Claude and Cursor, and security vendors releasing their own MCP serversWhere we see MCP heading from a research and implementation perspectiveAdditional Resources:Anthropic - Introducing the Model Context Protocol (MCP)Enhanced Tool Definition Interface (ETDI): A Security Fortification for the Model Context ProtocolEnterprise-Grade Security for the Model Context Protocol (MCP): Frameworks and Mitigation StrategiesVulnerable MCP Project

Keith Mularski is a former FBI Special Agent. For nearly 14 years, he worked in the Cyber Division, where he served as a Supervisory Special Agent and later became the Unit Chief of Global Operations and Targeting. Throughout his career, he led investigations into some of the most significant cybercrimes and cybercriminal networks around the world. In this episode, Mularski joins host Chris Morgan to discuss the story of his first cyber investigation, which included the takedown of the underground credit card forum DarkMarket and hacker Max Butler. • For more on cybersecurity, visit us at https://cybersecurityventures.com

US DOJ opens investigation into Coinbase's recent cyberattack Dutch government passes law to criminalize cyber-espionage Ransomware attack on food distributor spells more pain for UK supermarkets Huge thanks to our sponsor, Conveyor What if your sales team could answer security questions themselves—without blowing up your Slack or email every 10 minutes? With Conveyor, they can. Conveyor is the trust center and security questionnaire automation tool your infosec friends love to use. Whether through Slack or the Conveyor app, sales and presales teams can easily get AI-generated answers to any customer security question, with your pre-set rules and reviews in place. Free up your team and keep deals moving at www.conveyor.com

If you like what you hear, please subscribe, leave us a review and tell a friend!

What if the biggest threat to your cyber claims portfolio isn't ransomware—but a spreadsheet buried in someone's inbox?In this episode, host Anthony Hess chats with John Spiehs, Head of Claims at Converge, about what's shifting in the cyber claims space—and what insurance professionals should have on their radar.John breaks down how Converge is leading efforts to simplify Business Interruption (BI) claims with a cleaner, more intuitive, top-down approach. He also digs into the growing exposure around data privacy, where even small incidents can trigger costly class actions. Finally, he explains what's getting lost as the market softens, why vendor relationships matter more than price tags, and the kind of talent today's claims teams really need.You'll learn:1. Why BI claims are evolving, and how Converge is simplifying the process2. Why data privacy and class actions are emerging as cyber's new frontier3. Why soft market dynamics threaten underwriting discipline4. How poor email habits can explode breach costs overnight5. What defines a strong vendor partnership, beyond cut-rate solutions___________Get in touch with John Spiehs on LinkedIn: https://www.linkedin.com/in/john-s-b981337/___________About the host Anthony Hess:Anthony is passionate about cyber insurance. He is the CEO of Asceris, which supports clients to respond to cyber incidents quickly and effectively. Originally from the US, Anthony now lives in Europe with his wife and two children.Get in touch with Anthony on LinkedIn: https://www.linkedin.com/in/anthonyhess/ or email: ahess@asceris.com.___________Thanks to our friends at SAWOO for producing this episode with us! 

RAT Dropped By Two Layers of AutoIT Code Xavier explains how AutoIT was used to install a remote admin tool (RAT) and how to analyse such a tool https://isc.sans.edu/diary/RAT%20Dropped%20By%20Two%20Layers%20of%20AutoIT%20Code/31960 RVTools compromise confirmed Robware.net, the site behind the popular tool RVTools now confirmed that it was compromised. The site is currently offline. https://www.robware.net/readMore Trojaned Version of Keepass used to install info stealer and Cobalt Strike beacon A backdoored version of KeePass was used to trick victims into installing Cobalt Strike and other malware. In this case, Keepass itself was not compromised and the malicious version was advertised via search engine optimization tricks https://labs.withsecure.com/publications/keepass-trojanised-in-advanced-malware-campaign Procolored UV Printer Software Compromised The official software offered by the makers of the Procolored UV printer has been compromised, and versions with malware were distributed for about half a year. https://www.hackster.io/news/the-maker-s-toolbox-procolored-v11-pro-dto-uv-printer-review-680d491e17e3 https://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads

¡En este episodio de Beyond the Force Gabriel, Rafa y El Watcher conversan sobre su experiencia viendo el "Series Finale" de "Andor" (2022) que contó con el décimo, undécimo y duodécimo episodio de la segunda y última temporada titulado "Make It Stop", "Who Else Knows?" y "Jedha, Cyber, Erso"!¡Se la diferencia en la vida de los niños de la Fundación de Niños de Puerto Rico! Aporta con tu donativo aquí: https://www.extra-life.org/participant/Cultura-Secuencial-2025¡Subscríbete a nuestro canal de YouTube! Visita: https://www.youtube.com/culturasecuencial¡Síguenos y Suscríbete a nuestro canal de Twitch! Visita: https://www.twitch.tv/culturasecuencial¡Síguenos en Instagram! Visita: https://www.instagram.com/culturasecuencial¡Síguenos en Facebook! Visita: https://www.facebook.com/CulturaSecuencial

The Government says people and businesses should not pay cyber ransoms, but a report by law firm Simpson Grierson says they are becoming a reality.

If you like what you hear, please subscribe, leave us a review and tell a friend!

xorsearch.py: Python Functions Didier s xorsearch tool now supports python functions to filter output https://isc.sans.edu/diary/xorsearch.py%3A%20Python%20Functions/31858 Pwn2Own Berlin 2025 Last weeks Pwn2Own contest in Berlin allowed researchers to demonstrate a number of new exploits with a large focus on privilege escalation and virtual machine escape. https://www.zerodayinitiative.com/blog/2025/5/17/pwn2own-berlin-2025-day-three-results Senior US Officials Impersonated in Malicious Messaging Campaign The FBI warns of senior US officials being impersonated in text and voice messages. https://www.ic3.gov/PSA/2025/PSA250515 Scattered Spider: TTP Evolution in 2025 Pushscurity provided an update on how Scattered Spider evolved. One thing they noted was that Scattered Spider takes advantage of legit dynamic domain name systems to make detection more difficult https://pushsecurity.com/blog/scattered-spider-ttp-evolution-in-2025/

Cyber attacks against public safety agencies are rising, with 324 confirmed globally in 2024, including 25 complete system shutdowns. The Public Safety Threat Alliance, established by Motorola Solutions, is a cyber threat Information Sharing and Analysis Organization (ISAO) recognized by CISA that provides actionable intelligence to public safety agencies across the globe to improve their resilience and defense capabilities. Membership in the PSTA is open to all public safety agencies, and there is no cost to join for public sector organizations. In this episode of the Policing Matters podcast, part of a special report from Motorola Solutions Summit 2025, host Jim Dudley speaks with William DeCoste, STARS Program Manager and Telecommunications Engineer Manager with the Virginia State Police Communications Division and Jay Kaine, the Director of Threat Intelligence at Motorola Solutions. They tackle the direct effect cyber attacks can have on public safety agencies and the collaborative efforts underway to combat them. About our sponsor This episode of the Policing Matters podcast is sponsored by Motorola Solutions.

Speaking from London's Old Bailey, we're joined by The London Standard's courts correspondent, Tristan Kirk, with the latest on the major hack of the UK's justice system by cyber criminals.And in part two, we learn about the new Guinness micro brewery which will be coming to London's Covent Garden. Hosted on Acast. See acast.com/privacy for more information.

Karen is a genuine global leader in the cyber-legal space. She manages the relationship between Google Mandiant and its law firm and insurance partners. She has had a remarkable cyber career…think FireEye, Safeguard Cyber, Mandiant and now Google Mandiant! Karen and I caught up at the IAPP Global Conference in Washington D.C. and then again at the RSAC Conference in San Francisco. We recorded this session as some 50,000 cyber experts took over downtown San Francisco. If you want to know more about the interaction between law firms and cyber forensic firms, this podcast is for you. Karen shares her views on the current threat landscape, the role of the cyber-forensic expert, the remarkable rise of the Google Mandiant cyber team and successful engagement with law firms / legal teams. A proud Buffalonian and fierce advocate for women in cyber. This is cross-examining Karen Kukoda. Here we go…

In this episode, I sit with long-time vulnerability management and data science experts Jay Jacobs and Michael Roytman, who recently co-founded Empirical Security.We dive into the state of vulnerability management, including:How it is difficult to quantify and evaluate the effectiveness of vulnerability prioritization and scoring schemes, such as CVSS, EPSS, KEV, and proprietary vendor prioritization frameworks, and what can be done betterSystemic challenges include setbacks in the NIST National Vulnerability Database (NVD) program, the MITRE CVE funding fiasco, and the need for a more resilient vulnerability database and reporting ecosystem.Domain-specific considerations when it comes to vulnerability identifiers and vulnerability management, in areas such as AppSec, Cloud, and Configuration Management, and using data to make more effective decisionsThe overuse of the term “single pane of glass” and some alternativesEmpirical's innovative approach to “localized” models when it comes to vulnerability management, which takes unique organizational and environmental considerations into play, such as mitigating controls, threats, tooling, and more, and how they are experimenting with this new approach for the industry

In this episode, Frodan and Dishsoap catch up on their big week, Dishsoap joins 100 Thieves, and Frodan becomes head coach of Team Vitality for the EWC 4v4. They share reactions to the news and what it means for them, then dive into Patch 14.4's system changes and shifting meta. The episode wraps with a Crash Course on Rapidfire Renekton: why it works, how to pilot it, and what makes this long crocodile situational comp a top contender right now.Find all the comps talked about in this episode and more meta topics on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://tftacademy.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Follow the daily updated comps tier list here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://tftacademy.com/tierlist/comps

NATO hosts the world's largest cyber defense exercise. The DOJ charges a dozen people in a racketeering conspiracy involving the theft of over $230 million in cryptocurrency. Japan has enacted a new Active Cyberdefense Law. Lawmakers push to reauthorize the Cybersecurity Information Sharing Act. Two critical Ivanti Endpoint Manager Mobile vulnerabilities are under active exploitation. Hackers use a new fileless technique to deploy Remcos RAT. The NSA's Director of Cybersecurity hangs up their hat. Our guest is Christopher Cleary, VP of ManTech's Global Cyber Practice, discussing the cyber battlespace of the future. Coinbase flips the script on an extortion attempt.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us on our Industry Voices segment, Christopher Cleary, VP of ManTech's Global Cyber Practice, talks about the battlespace of the future. If you would like to hear the full-length interview between Christopher and Dave, listen here. Learn more about ManTech's cybersecurity work here.  Selected Reading NATO's Locked Shields Reflects Cyber Defense Growth  (SecurityWeek) US charges 12 more suspects linked to $230 million crypto theft (Bleeping Computer) Japan enacts new Active Cyberdefense Law allowing for offensive cyber operations (The Record) Lawmakers push for reauthorization of cyber information sharing bill as deadline looms (The Record) Ban sales of gear from China's TP-Link, Republican lawmakers tell Trump administration (The Record) Scammers are deepfaking voices of senior US government officials, warns FBI (The Register) Multiple Ivanti Endpoint Mobile Manager Vulnerabilities Allows Remote Code Execution (Cyber Security News) Updated Remcos RAT deployed in fileless intrusion (SC Media) NSA cyber director Luber to retire at month's end (The Record) Coinbase offers $20 million bounty after extortion attempt with stolen data (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Web Scanning SonicWall for CVE-2021-20016 - Update Scans for SonicWall increased by an order of magnitude over the last couple of weeks. Many of the attacks appear to originate from Global Host , a low-cost virtual hosting provider. https://isc.sans.edu/diary/Web%20Scanning%20SonicWall%20for%20CVE-2021-20016%20-%20Update/31952 Google Update Patches Exploited Chrome Flaw Google released an update for Chrome. The update fixes two specific flaws reported by external researchers, CVE-2025-4664 and CVE-2025-4609. The first flaw is already being exploited in the wild. https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html https://x.com/slonser_/status/1919439373986107814 RVTools Bumblebee Malware Attack Zerodaylabs published its analysis of the RV-Tools Backdoor attack. It suggests that this may not be solely a search engine optimization campaign directing victims to the malicious installer, but that the RVTools distribution site was compromised. https://zerodaylabs.net/rvtools-bumblebee-malware/ Operation RoundPress ESET Security wrote up a report summarizing recent XSS attacks against open-source webmail systems https://www.welivesecurity.com/en/eset-research/operation-roundpress/

En nuestro episodio 348 Gabriel y El Watcher conversan sobre su experiencia viendo el "Official Trailer" de "Superman" (2025) y el quinto episodio de la segunda temporada de "The Last of Us" (2023) titulado "Feel Her Love" y brindan su "First Reaction" de el décimo, undécimo y duodécimo episodio de "Andor" (2022) titulados "Make It Stop", "Who Else Knows?" y "Jedha, Cyber, Erso" en el segmento "Wachin' con Wacho!" y hablan sobre todo lo relacionado a la primera temporada de "El Eternauta" (2025).¡Se la diferencia en la vida de los niños de la Fundación de Niños de Puerto Rico! Aporta con tu donativo aquí: https://www.extra-life.org/participant/Cultura-Secuencial-2025¡Subscríbete a nuestro canal de YouTube! Visita: https://www.youtube.com/culturasecuencial¡Síguenos y Suscríbete a nuestro canal de Twitch! Visita: https://www.twitch.tv/culturasecuencial¡Síguenos en Instagram! Visita: https://www.instagram.com/culturasecuencial¡Síguenos en Facebook! Visita: https://www.facebook.com/CulturaSecuencial

Another day, another phishing campaign abusing google.com open redirects Google s links from it s maps page to hotel listings do suffer from an open redirect vulnerability that is actively exploited to direct users to phishing pages. https://isc.sans.edu/diary/Another%20day%2C%20another%20phishing%20campaign%20abusing%20google.com%20open%20redirects/31950 Adobe Patches Adobe patched 12 different applications. Of particular interest is the update to ColdFusion, which fixes several arbitrary code execution and arbitrary file read problems. https://helpx.adobe.com/security/security-bulletin.html Samsung Patches magicInfo 9 Again Samsung released a new patch for the already exploited magicInfo 9 CMS vulnerability. While the description is identical to the patch released last August, a new CVE number is used. https://security.samsungtv.com/securityUpdates#SVP-MAY-2025 Ivanti Patches Critical Ivanti Neurons Flaw Ivanti released a patch for Ivanti Neurons for ITSM (on-prem only) fixing a critical authentication bypass vulnerability. Ivanti also points to its guidance to secure the underlying IIS server to make exploitation of flaws like this more difficult

This powerful and unsettling deep dive exposes two alarming threats facing the United States. First, it details China's escalating cyber warfare campaign, including confirmed intrusions into U.S. water systems, nuclear facilities, and the electrical grid—threats the Biden administration has allegedly downplayed despite tacit admissions from Beijing. It examines the implications of rogue communication devices hidden in Chinese power inverters and the chilling vulnerability of American infrastructure. The second half uncovers a humanitarian scandal: systemic child trafficking at the U.S. southern border. Whistleblowers and investigative journalists allege the Biden administration knowingly dismantled safeguards like DNA testing, allowing criminal networks to exploit thousands of unaccompanied migrant children. From missing children to fraudulent addresses and blocked reforms, this segment lays bare a national disgrace hidden in plain sight. Featuring commentary from Laura Ingraham, Senator Josh Hawley, RFK Jr., Brianna Morello, and others, this episode pulls no punches in confronting the truth behind America's security blind spots and moral failures.

Microsoft Patch Tuesday Microsoft patched 70-78 vulnerabilities (depending on how you count them). Five of these vulnerabilities are already being exploited. In particular, a remote code execution vulnerability in the scripting engine should be taken seriously. It requires the Microsoft Edge browser to run in Internet Explorer mode. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20May%202025/31946 Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428) Ivanti patched an authentication bypass vulnerability and a remote code execution vulnerability. The authentication bypass can exploit the remote code execution vulnerability without authenticating first. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US Fortinet Patches Exploited Vulnerability in API (CVE-2025-32756) Fortinet patched an already exploited stack-based buffer overflow vulnerability in the API of multiple Fortinet products. The vulnerability is exploited via crafted HTTP requests. https://fortiguard.fortinet.com/psirt/FG-IR-25-254

Now in its third year, the Russo-Ukraine War has upended the post-Cold War security landscape, exposing deep fractures in the global balance of power. As western unity frays and U.S. diplomacy shifts under President Trump, the war has become a flashpoint for competing visions of the international order. This week, the European Union gave Russia an ultimatum: accept a proposed ceasefire or face expanded sanctions—just days ahead of a potential round of direct peace talks in Istanbul on Thursday. The stakes are high, and the choices made this week could reshape not only the trajectory of the war but the future of global security.How should we understand the prospects for a sustainable peace in Ukraine amidst evolving geopolitical dynamics and continued battlefield uncertainty? To help make sense of these developments, Just Security Senior Fellow and Director of the Oxford Programme for Cyber and Tech Policy, Brianna Rosen, sat down with Sir Lawrence Freedman, Emeritus Professor of War Studies at King's College London and Professor Janina Dill, Dame Louise Richardson Chair in Global Security at Oxford University's Blavatnik School of Government. This conversation was part of the Calleva-Airey Neave Global Security Seminar Series at the University of Oxford. Show Notes: Just Security's Russia-Ukraine War Archive Ambassador Daniel Fried's "How to Land the Emerging Peace Deal on Peace for Ukraine"Music: “Broken” by David Bullard from Uppbeat: https://uppbeat.io/t/david-bullard/broken (License code: OSC7K3LCPSGXISVI)

Apple Updates Everything Apple patched all of its operating systems. This update ports a patch for a recently exploited vulnerability to older versions of iOS and macOS. https://isc.sans.edu/diary/31942 It Is 2025, And We Are Still Dealing With Default IoT Passwords And Stupid 2013 Router Vulnerabilities Versions of the Mirai botnet are attacking devices made by Unipi Technology. These devices are using a specific username and password combination. In addition, this version of the Mirai botnet will also attempt exploits against an old Netgear vulnerability. https://isc.sans.edu/diary/It%20Is%202025%2C%20And%20We%20Are%20Still%20Dealing%20With%20Default%20IoT%20Passwords%20And%20Stupid%202013%20Router%20Vulnerabilities/31940 Output Messenger Vulnerability The internal messenger application Output Messenger is currently used in sophisticated attacks. Attackers are exploiting a path traversal vulnerability that has not been fixed. https://www.outputmessenger.com/cve-2025-27920/ Commvault Correction Commvault s patch indeed fixes the recent vulnerability. The Pioneer Release Will Dormann used to experiment will only offer patches after it has been registered, which leads to an error when assessing the patch s efficacy. https://www.darkreading.com/application-security/commvault-patch-works-as-intended

Steganography Challenge Didier revealed the solution to last weekend s cryptography challenge. The image used the same encoding scheme as Didier described before, but the columns and rows were transposed. https://isc.sans.edu/forums/diary/Steganography%20Challenge%3A%20My%20Solution/31912/ FBI Warns of End-of-life routers The FBI is tracking larger botnets taking advantage of unpatched routers. Many of these routers are end-of-life, and no patches are available for the exploited vulnerabilities. The attackers are turning the devices into proxies, which are resold for various criminal activities. https://www.ic3.gov/PSA/2025/PSA250507 ASUS Driverhub Vulnerability ASUS Driverhub software does not properly check the origin of HTTP requests, allowing a CSRF attack from any website leading to arbitrary code execution. https://mrbruh.com/asusdriverhub/ RV-Tools SEO Poisoning Varonis Threat Labs observed SEO poisoning being used to trick system administrators into installing a malicious version of RV Tools. The malicious version includes a remote access tool leading to the theft of credentials https://www.varonis.com/blog/seo-poisoning#initial-access-and-persistence

Cybersecurity is no longer confined to the digital world or just a technical challenge, it's a global imperative. The NightDragon Innovation Summit convened a group of industry leaders to discuss how public and private entities can work together to address emerging threats and harness the power of AI, cybersecurity, and innovation to strengthen national defense. In this special edition podcast, we capture a glimpse into the knowledge and expertise shared at the NightDragon Innovation Summit. We are joined by NightDragon Founder and CEO Dave DeWalt, DataBee CEO Nicole Bucala, Liberty Mutual Insurance EVP and CISO Katie Jenkins, Sophos CEO Joe Levy, and Dataminr VP of Sales Engineering Michael Mastrole. Learn more about your ad choices. Visit megaphone.fm/adchoices