Podcasts about cybersecurity

It's Tuesday night at the studio and we've got plenty of things to react to in the news, including word on a 2026 lawsuit that may force the truth about TWA 800 into the public record.. After we are done with all of that and comments from the audience, we're checking in with James and Skip of https://patriot-protect.com/ with some Cyber Security news, plus some opinions on huge investments being made into AI Cities. Unleash Your Brain w/ Keto Brainz Nootropic Promo code FRANKLY: https://tinyurl.com/2cess6y7 Sponsor The Show and Get VIP Perks: https://www.quitefrankly.tv/sponsor One-Time Tip: http://www.paypal.me/QuiteFranklyLive Read July Newsletter: https://tinyurl.com/y4yvuxff Elevation Blend Coffee & Official QF Mugs: https://www.coffeerevolution.shop/category/quite-frankly Official QF Apparel: https://tinyurl.com/f3kbkr4s Send Holiday cards, Letters, and other small gifts, to the Quite Frankly P.O. Box! Quite Frankly 222 Purchase Street, #105 Rye, NY, 10580 Send Crypto: BTC: 1EafWUDPHY6y6HQNBjZ4kLWzQJFnE5k9PK Leave a Voice Mail: https://www.speakpipe.com/QuiteFrankly Quite Frankly Socials: Twitter/X: @QuiteFranklyTV Instagram: @QuiteFranklyOfficial Discord Chat: https://discord.gg/KCdh92Fn GUILDED Chat: https://tinyurl.com/kzrk6nxa Official Forum: https://tinyurl.com/k89p88s8 Telegram: https://t.me/quitefranklytv Truth: https://tinyurl.com/5n8x9s6f GETTR: https://tinyurl.com/2fprkyn4 MINDS: https://tinyurl.com/4p84d3cx Gab: https://tinyurl.com/mr42m2au Streaming Live On: QuiteFrankly.tv (Powered by Foxhole) Youtube: https://tinyurl.com/yc2cn395 BitChute: https://tinyurl.com/46dfca5c Rumble: https://tinyurl.com/yeytwwyz Kick: https://kick.com/quitefranklytv Audio On Demand: Spotify: https://spoti.fi/301gcES iTunes: http://apple.co/2dMURMq Amazon: https://amzn.to/3afgEXZ SoundCloud: https://tinyurl.com/yc44m474

Keylogger Data Stored in an ADS Xavier came across a keystroke logger that stores data in alternate data streams. The data includes keystroke logs as well as clipboard data https://isc.sans.edu/diary/Keylogger%20Data%20Stored%20in%20an%20ADS/32108 Malvertising Homebrew An attacker has been attempting to trick users into installing a malicious version of Homebrew. The fake software is advertised via paid Google ads and directs users to the attacker s GitHub repo. https://medium.com/deriv-tech/brewing-trouble-dissecting-a-macos-malware-campaign-90c2c24de5dc CVE-2025-5333: Remote Code Execution in Broadcom Altiris IRM LRQA have discovered a critical unauthenticated remote code execution (RCE) vulnerability in the Broadcom Symantec Altiris Inventory Rule Management (IRM) component of Symantec Endpoint Management. https://www.lrqa.com/en/cyber-labs/remote-code-execution-in-broadcom-altiris-irm/ Code highlighting with Cursor AI for $500,000 A syntax highlighting extension for Cursor AI was used to compromise a developer s workstation and steal $500,000 in cryptocurrency. https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/

Considering how often we utilize technology, we don't spend as nearly as much time as we should protecting ourselves against the inherent vulnerabilities and bad actors who would exploit the very tools designed to improve our lives. The fact of the matter is, cybersecurity has become a huge issue (only to become more relevant as technology advances). My guest today, Dr. Eric Cole, has spent decades learning, understanding, and teaching people how to protect themselves and their loved ones from cyber-threats. Today, we talk about the apps that are more dangerous than others, how best to keep your children safe from online predators, what he calls, cyber-hygiene, why passwords are dead and what to do about it, and why social media will never fully protect children. SHOW HIGHLIGHTS 00:00 - Introduction   00:21 - Welcoming Dr. Eric Cole   00:26 - Importance of Cybersecurity for Families   01:24 - Dangers of Sharing Personal Information Online   02:47 - Targeting Vulnerable Individuals   04:26 - Impact of Technology on Parenting   05:45 - Prevalence of Child Exploitation   08:12 - Monitoring Kids' Online Interactions   10:00 - Social Media Security Measures   12:16 - Identifying Suspicious Accounts   15:00 - Limiting Kids' Access to Smartphones   19:09 - Balancing Technology Use   22:32 - Monitoring Social Media Comments   26:00 - Risks of Location Tracking in Photos   30:06 - Moving Beyond Passwords   32:31 - Avoiding Malicious Links   35:13 - Value of Online Protection Services   37:51 - Cell Phones and Privacy Concerns   43:03 - Importance of Software Updates   45:20 - Benefits of Using VPNs   46:43 - Upgrading Technology Safely   49:20 - AI as a Tool, Not a Replacement   52:43 - Practical Cybersecurity Tips   54:24 - Closing Remarks   Battle Planners: Pick yours up today! Order Ryan's new book, The Masculinity Manifesto. For more information on the Iron Council brotherhood. Want maximum health, wealth, relationships, and abundance in your life? Sign up for our free course, 30 Days to Battle Ready

DShield Honeypot Log Volume Increase Within the last few months, there has been a dramatic increase in honeypot log volumes and how often these high volumes are seen. This has not just been from Jesse s residential honeypot, which has historically seen higher log volumes, but from all of the honeypots that Jesse runs. https://isc.sans.edu/diary/DShield+Honeypot+Log+Volume+Increase/32100 Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware. Koi Security s investigation of a single verified color picker exposed a coordinated campaign of 18 malicious extensions that infected a massive 2.3 million users across Chrome and Edge. https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5 RDP Forensics Comprehensive overview of Windows RDP Forensics https://medium.com/@mathias.fuchs/chasing-ghosts-over-rdp-lateral-movement-in-tiny-bitmaps-328d2babd8ec

There’s lots of juicy stories in our monthly security news roundup. The Scattered Spider hacking group makes effective use of social engineering to target MSPs, Microsoft pushes for better Windows resiliency by rethinking kernel access policies for third-party endpoint security software, and the US Justice Department files indictments against alleged operators of laptop farms that... Read more »

Cybersecurity Insights for Business Leaders: Expert Advice from Derek Kernus of Aethon SecurityIn today's rapidly evolving digital world, cybersecurity is no longer just a concern for large enterprises—it's a critical part of every organization's strategy. In this recent episode of The Thoughtful Entrepreneur, host Josh Elledge sat down with Derek Kernus, CEO of Aethon Security, to discuss how business leaders can protect their organizations from the growing wave of cyber threats. The conversation dives deep into the importance of cybersecurity, compliance, and practical steps that leaders can take to stay ahead of the curve in an increasingly complex landscape.Understanding Cybersecurity and Compliance in Today's Business WorldDerek Kernus opens the conversation by highlighting the current cybersecurity threats faced by businesses today. Nation-state actors from China and Russia are increasingly targeting U.S. government networks and contractors, aiming to steal sensitive information or disrupt critical infrastructures like energy grids, water systems, and healthcare. As businesses digitize more of their operations, the number of potential attack points expands, making it essential for leaders to treat cybersecurity as a core business risk.Derek emphasizes the importance of compliance, particularly for government contractors who must meet cybersecurity standards like the Cybersecurity Maturity Model Certification (CMMC). Failure to comply with these requirements can result in lost contracts, legal penalties, and reputational damage. Even in the private sector, companies are increasingly expected to adopt rigorous cybersecurity measures. By understanding and implementing these frameworks, businesses can ensure that they are protected and ready to meet both governmental and industry-specific standards.The episode also addresses real-world cyber threats, including the Colonial Pipeline attack and attempts to disrupt municipal water systems, underscoring the need for proactive security measures. Derek offers actionable cybersecurity tips for business leaders to improve their organizational defenses and protect sensitive data.Actionable Cybersecurity Tips for Business LeadersDerek shares several practical, actionable cybersecurity steps that leaders can implement immediately to enhance their company's security posture. One of the most essential steps is implementing Multi-Factor Authentication (MFA) across all critical accounts. MFA significantly reduces the risk of unauthorized access, even if passwords are compromised. Derek advises prioritizing MFA for administrative and remote access accounts and training employees on how to use it.Another key recommendation is to conduct regular vulnerability scans. These scans help identify system weaknesses before they can be exploited. Derek stresses the importance of automating these scans, prioritizing high-risk vulnerabilities, and keeping records of the scans and remediation efforts for compliance purposes. Additionally, keeping software and systems up to date is crucial. Outdated software often serves as a gateway for cybercriminals, so applying patches and updates promptly can close those security gaps.Finally, Derek encourages business leaders to leverage federal cybersecurity frameworks like NIST and CMMC to better manage risks and ensure compliance. These frameworks offer structured, proven guidelines to assess and improve cybersecurity defenses, making them invaluable tools for organizations of all sizes. Derek advises that even non-government contractors benefit from adopting these best practices.About Derek KernusDerek Kernus is the CEO of Aethon Security, a cybersecurity consulting firm that helps organizations navigate complex compliance requirements and protect their data from cyber threats. Derek brings years of...

There’s lots of juicy stories in our monthly security news roundup. The Scattered Spider hacking group makes effective use of social engineering to target MSPs, Microsoft pushes for better Windows resiliency by rethinking kernel access policies for third-party endpoint security software, and the US Justice Department files indictments against alleged operators of laptop farms that... Read more »

5-Day Storytelling ChallengeWhether you're looking to boost sales, enhance marketing, or captivate audiences in meetings, this challenge is for you.To sign up, go HERE.SHOW NOTES:In this episode, Matt Zaun sits down with Dave Snell, founder of Snell Advisory Group, to unpack the critical (and often ignored) role of cybersecurity in business today. Dave explains why cybersecurity is not just a tech issue; it's a leadership issue. From Fortune 100 firms to small startups, he shares real stories of oversight, breaches, and deception that cost companies far more than they anticipated.In addition, they talk about:✅ Why most executives underestimate their company's cyber risk✅ The danger of using ChatGPT to “write a security policy” without a real strategy✅ How Dave's Navy cryptology background shaped his career… and much more!BIOS:Dave Snell is the founder and principal consultant of Snell Advisory Group, where he helps companies of all sizes protect their most valuable asset: information. With a 20-year background in cryptology and cybersecurity from the Navy, and experience supporting both Fortune 100 companies and startups, Dave brings a unique blend of strategic insight and operational expertise to the world of cyber defense.Matt Zaun is an award-winning speaker and storyteller who shows business leaders how to inspire action and drive results through the power of strategic storytelling. With a track record of catalyzing significant sales growth for over 300 organizations across industries—from financial services to health and wellness—Matt's approach has been proven to deliver measurable impact.

Cyber engineering is a broad and often misunderstood field, covering everything from cloud architecture to compliance. But one thing is clear: someone needs to take responsibility for the security of your business's digital infrastructure.In this episode, host Jara Rowe is joined by Michael Magyar, vCISO at Trava Security, to explore the intersection of cybersecurity, compliance, and engineering. Michael shares what smart architecture looks like in practice, where organizations often fall short, and how emerging trends like AI impact cyber engineering.Key takeaways:How smart cyber engineering impacts security and operationsThe influence of AI on cyber engineering tasksWhen to seek outside help for technical implementationEpisode highlights:(00:00) Today's topic: Cyber engineering(05:29) The push for more security and compliance(07:44) Being intentional with security architecture(10:33) Cybersecurity engineering in the real world(13:52) Cyber engineering trends and AI (19:37) Discerning when to hire outside expertsConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Michael Magyar's LinkedIn - @michael-magyar-cyqualConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

The tech landscape never stops evolving — and neither does Cisco's commitment to keeping IT professionals ahead of the curve. In this episode of Cisco Champion Radio, we dive deep into the latest updates to the Cisco Certification Portfolio, designed to better align with the skills, roles, and technologies shaping the future of networking. Join us as we unpack what's new across key domains — from DevNet's expanded focus on automation and programmability, to Cybersecurity certifications that reflect today's threat landscape, to innovations in Collaborationand Data Center tracks that mirror real-world infrastructure demands. Whether you're just starting out, looking to upskill, or guiding your team's learning journey, this conversation will give you insider insights into how these updates can support your career path and help you stay competitive in an ever-changing industry. No buzzwords. No fluff. Just real talk from Champions and Cisco experts who live this stuff every day. Resources Rev Up: https://learningnetwork.cisco.com/s/question/0D5Kd0000BSI6CwKQL/-learn-and-earn-up-to-45-continuing-education-ce-credits-with-the-latest-rev-up-to-recert-bonus-launching-today-?ccid=revup-bonus25&dtid=web&oid=champions-podcast DevNet Sandboxes: https://developer.cisco.com/site/sandbox/ Certification Roadmaps: https://learningnetwork.cisco.com/s/cisco-certification-roadmaps?ccid=revup-bonus25&dtid=web&oid=champions-podcast CML: https://developer.cisco.com/docs/modeling-labs/ Cisco guest Mubasher Nawaz, Cisco Certification Portfolio Manager for Learn, Cisco Cisco Champion hosts Liam Keegan, Advisor David Penaloza, Assoc. Director – LAN Network Architecture, Novartis Andreas Baekdahl, Senior DevNet Architect, Wingmen Solutions Elliot Dierksen, Distinguished Engineer, Greyson Technologies Inc. Moderator Danielle Carter, Customer Voices and Cisco Champion Program

Hear from host Paul Spain and tech journalist Ben Moore as they delve into New Zealand's evolving tech landscape, including the government's ban on crypto ATMs to fight money laundering, the national strategy for AI adoption, and NZ police internet governance. On the global front they explore the latest Robotic surgery success, EU's AI transparency regulations, Nvidia's market USD $4 trillion milestone, Cloudflare's AI blocker and more.A big thank you to our show partners One NZ, Spark, HP, 2degrees and Gorilla Technology.

Dean Stanberry, past chair of IFMA's Global Board of Directors, hosts a discussion with Jim Uhalt, Chief Revenue Officer for Quality Uptime Services, and Kyle Butler, President of RavenVolt, about data centers, uptime, and future-proofing strategies. They explore the importance of maintaining infrastructure, handling aging equipment, and proactive versus reactive maintenance models. They highlight the increasing importance of resilience, climate risk, and cybersecurity in data centers. Additionally, they discuss modernizing energy infrastructure using renewable resources, addressing the challenges of staffing qualified personnel, and the role of AI and automation in optimizing maintenance and meeting ESG goals. Sponsor:This episode is sponsored by ODP Business Solutions! Connect with Us:LinkedIn: https://www.linkedin.com/company/ifmaFacebook: https://www.facebook.com/InternationalFacilityManagementAssociation/Twitter: https://twitter.com/IFMAInstagram: https://www.instagram.com/ifma_hq/YouTube: https://youtube.com/ifmaglobalVisit us at https://ifma.org

Peter Marks, software developer and technology commentator from Access Informatics, joined Chris Taylor on Nightlife to discuss the latest news in technology. 

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services at https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training:https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% offRegister for Flare Academy's next training, CRYPTOS: Hunting Adversaries in the Crypto Underground on July 15th at https://simplycyber.io/flareSimply Cyber Academy - The Place for Cyber Careers: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.comFollow SC: https://simplycyber.io/socials

In this episode of The Catholic Talk Show, Ryan & Ryan discuss functions of The Holy See that may surprise you. 00:00 Introduction to the Vatican's Hidden Operations 02:18 Cybersecurity and Diplomatic Negotiations 05:18 The Vatican's Role in Global Peacekeeping 07:53 Scientific Endeavors: The Vatican Observatory 10:31 Security Measures: Protecting the Pope and the Vatican 13:31 The Vatican's Diplomatic Network 16:15 Crisis Management and Humanitarian Efforts 19:10 Cultural Heritage: Preservation and Restoration 21:50 The Vatican Secret Archives 24:46 Conclusion: The Vatican's Multifaceted Influence Learn more about your ad choices. Visit megaphone.fm/adchoices

Experimental Suspicious Domain Feed Our new experimental suspicious domain feed uses various criteria to identify domains that may be used for phishing or other malicious purposes. https://isc.sans.edu/diary/Experimental%20Suspicious%20Domain%20Feed/32102 Wing FTP Server RCE Vulnerability Exploited CVE-2025-47812 Huntress saw active exploitation of Wing FTP Server remote code execution (CVE-2025-47812) on a customer on July 1, 2025. Organizations running Wing FTP Server should update to the fixed version, version 7.4.4, as soon as possible. https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ FortiWeb Pre-Auth RCE (CVE-2025-25257) An exploit for the FortiWeb RCE Vulnerability is now available and is being used in the wild. https://pwner.gg/blog/2025-07-10-fortiweb-fabric-rce NVIDIA Vulnerable to Rowhammer NVIDIA has received new research related to the industry-wide DRAM issue known as Rowhammer . The research demonstrates a potential Rowhammer attack against an NVIDIA A6000 GPU with GDDR6 Memory. The purpose of this notice is to reinforce already known mitigations to Rowhammer attacks. https://nvidia.custhelp.com/app/answers/detail/a_id/5671/~/security-notice%3A-rowhammer---july-2025

Cloud security is undergoing a major transformation as threats become more complex and automated. Generative AI is helping teams cut through noise, automate tasks, and respond to risks faster. Sysdig, led by CEO Bill Welch, is at the forefront of this shift—empowering security teams with real-time insights and accelerating global growth. He goes Inside the ICE House to discuss company growth and the tools the his team is equipping CISOs with to fight growing threats.

Drawing on his previous work as the UK's cybersecurity chief, Professor Ciaran Martin explores differentiated standards and public-private partnerships in cybersecurity, and Microsoft's Tori Westerhoff examines the insights through an AI red-teaming lens.Show notes

In this episode, Craig Jeffery discusses the growing threat of deepfake-enabled fraud in treasury. From synthetic voice and video deception to the need for layered defenses and fast response plans, this conversation offers insights into how treasury professionals can prepare for and combat this evolving risk. Don't miss this urgent look at payment security in the age of AI. Want to dive deeper into the white paper Deepfakes & Payments Fraud: Is Treasury Prepared? Download it here: www.strategictreasurer.com/deepfakes

(0:00) Intro(1:14) About the podcast sponsor: The American College of Governance Counsel(2:00) Start of interview(2:36) Erik's origin story(4:14) Discussing Foreign Private Issuers (FPIs): His article "SEC Revisits Foreign Private Issuer Eligibility" (June 2025)(16:45) The Rise of AI and Its Implications. Discussion on "AI Washing"(19:30) Distinguishing statutory mandates between the SEC, FTC, and DOJ on regulatory oversight of AI(20:40) The evolving crypto regulatory landscape "It's a pretty big sea change" "[Now it's] all about bright line rules (vs flexible standards) and trying to provide a lot more certainty to the market."(23:24) Cybersecurity Threats and Board Responsibilities. Two requirements from SEC: 1) public companies must disclose material cybersecurity incidents within four business days after determining that that incident was material, and 2) disclosure in a company's annual report about its risk management strategy and governance around cybersecurity. "The real focus is on the material cybersecurity incident reporting."(29:43) Current Trends in IPOs, SPACs and M&A (Liquidy Exits)(32:32) SEC Priorities in 2025 and beyond. "The SEC leadership has underscored a back-to-basics approach. What this means is focusing more on clear fraud and fraud that is scienter-based." "They're [also] going to emphasize much more quantitative materiality rather than qualitative materiality." "[This] is another example of how this SEC is focused on bright line rules." (36:51) SEC Enforcement in Private Markets *Mention of the Startup Litigation Digest.(40:31) The Shift from Delaware to Nevada, Texas, and Impact of Delaware's SB21.(48:08) Books that have greatly influenced his life:Against the Gods: The Remarkable Story of Risk, by Peter L. Bernstein (1996)A Random Walk Down Wall St, by Burton Malkiel (1973)The Sound and the Fury, by William Faulkner (1929)(48:54) His mentors(50:16) Quotes that he thinks of often or lives his life by.(50:48) An unusual habit or an absurd thing that he loves.(51:13) The living person he most admires.Erik Gerding is a Capital Markets partner at Freshfields advising on securities regulation, financial markets and corporate governance. Until the end of 2024, Erik served as the SEC's Director of the Division of Corporation Finance. You can follow Evan on social media at:X: @evanepsteinLinkedIn: https://www.linkedin.com/in/epsteinevan/ Substack: https://evanepstein.substack.com/__To support this podcast you can join as a subscriber of the Boardroom Governance Newsletter at https://evanepstein.substack.com/__Music/Soundtrack (found via Free Music Archive): Seeing The Future by Dexter Britain is licensed under a Attribution-Noncommercial-Share Alike 3.0 United States License

In this episode, we sit down with Jim Manico, a longtime industry AppSec Leader, Educator, and Innovator, to discuss enhancing software security in the era of AI.This includes covering recent talks Jim has given about using AI as a force multiplier for software development, the importance of security-centric prompting, and the overall impact of AI on the field of AppSec.We discussed:A recent talk Jim gave where he discussed transforming secure software creation with AI, doing the work of teams of people on his own, and what used to take tens of thousands of hours through the use of agents and various frontier models and offerings.The importance of security-centric prompting and guidance for models to produce secure code and the impact on vulnerability velocity by doing so.The risks of the broader developer community leaning into these tools without adding security-centric prompts and guidance, but the opportunity for prompt libraries and enterprise controls to lead to systemic secure software development within the enterprise.The workforce implications of AI-driven development and the need to upskill to stay relevant (and employable).Where Jim sees opportunity beyond just AppSec when it comes to AI and Cybersecurity, in other areas such as GRC and SecOps as well.

This episode explores surprising cyber security lessons hidden within Mission: Impossible's latest blockbuster. We analyze how Hollywood's depiction of AI threats, immutable backups, and air-gapped storage actually reflects real-world data protection challenges.Curtis and Prasanna dissect the movie's central premise: an AI entity altering digital reality, making it impossible to distinguish truth from fiction. The solution? An underwater Doomsday Vault containing an immutable, offline backup of the original source code. We discuss how this fictional scenario mirrors actual cybersecurity best practices, from 3-2-1 backup strategies to cryptographic hash verification.Key topics include the spectrum of immutability, why truly offline storage matters for ransomware protection, and how insider threats can compromise even the most secure systems. We also cover practical applications like object storage, SHA-256 hashing, and the human vulnerabilities that often undermine technical security measures. Whether you're a backup professional or just curious about data protection, this episode proves that sometimes the best cyber security lessons come from the most unexpected places.

Cybersecurity giant, CrowdStrike (CRWD), got a downgrade from Morgan Stanley to equal weight. The firm sees a significant long-term story for the company but cites valuation concerns near-term. Jenny Horne talks about the firm's note and sky-high expectations for CrowdStrike's upcoming earnings. And it's not a trading week without headlines on Tesla (TSLA). Jenny mentions that Tesla shareholders will decide on whether the company supports an investment into xAI.======== Schwab Network ========Empowering every investor and trader, every market day. Subscribe to the Market Minute newsletter - https://schwabnetwork.com/subscribeDownload the iOS app - https://apps.apple.com/us/app/schwab-...Download the Amazon Fire Tv App - https://www.amazon.com/TD-Ameritrade-...Watch on Sling - https://watch.sling.com/1/asset/19192...Watch on Vizio - https://www.vizio.com/en/watchfreeplu...Watch on DistroTV - https://www.distro.tv/live/schwab-net...Follow us on X – / schwabnetwork Follow us on Facebook – / schwabnetwork Follow us on LinkedIn - / schwab-network About Schwab Network - https://schwabnetwork.com/about

Cybersecurity leader Nigel Boston joins the Stats On Stats podcast to share how threat intelligence, discipline, and authenticity transformed his career. From warehouse work to leading in cyber, his journey is a testament to intentional growth and giving back to the community.Guest ConnectLinkedIn: https://www.linkedin.com/in/nigelbboston Stats on Stats ResourcesCode & Culture: https://www.statsonstats.io/flipbooks   | https://www.codeculturecollective.io Merch: https://www.statsonstats.io/shop  LinkTree: https://linktr.ee/statsonstatspodcast  Stats on Stats Partners & AffiliatesHacker HaltedWebsite: https://hackerhalted.com/ Use Discount Code: "

Send us a textAksa Taylor shares her journey from electrical engineering to cybersecurity, highlighting how curiosity and focused passion can open unexpected career doors in the security industry.• Finding specific interests within cybersecurity rather than trying to "get into security" broadly• Building a personal brand through knowledge sharing and community contributions• Quantum computing's progression from theoretical to practical applications in security• The challenges posed by unrealistic job descriptions and automated filtering systems• How AI capabilities create both opportunities and new risks for security teams• Weighing the tradeoffs between established security vendors and innovative startups• The critical importance of customer support quality when evaluating security solutions• Community-building as a foundational element of the security professionAbstract Security recently published a free community resource book called "Applied Security Data Strategy" for those interested in security data operations.Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services at https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training:https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% offRegister for Flare Academy's next training, CRYPTOS: Hunting Adversaries in the Crypto Underground on July 15th at https://simplycyber.io/flareSimply Cyber Academy - The Place for Cyber Careers: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.comFollow SC: https://simplycyber.io/socials

What does it take to lead in a world where your adversaries are invisible? In this candid conversation, host Evan Wohl sits down with Dan Singer, founder and CEO of cybersecurity firm Reveald, to talk about the realities of building a company that fights on digital battlefields every day. But this isn't just a tech … Read More Read More

פרק לייב! אבל בדיעבד. לפני שבוע התארחנו ב@מת״מ ושמחנו לקחת חלק בחגיגות השנתיים לקהילה. בנוכחות קהל (בפעם הראשונה) התכבדנו לארח את ד״ר @סתיו אלבר ולשוחח על פרטיות, סודיות והצפנה. סתיו היא חוקרת צפנים ב@טכניון ומהנדסת תוכנה ב@גוגל. מעבר לכך היא גם סופרת ילדים וכתבה את הספרים ״סודות ההצפנה לילדים״, ״בינה מלאכותית לילדים״ וגם ״אלגוריתמים לילדים״. אז על מה דיברנו? - למה צריך אבטחת מידע? - מה ההבדל בין סודיות ופרטיות? - למה הצפנה מקושרת לסייבר? - מה הסיפור עם האניגמה? - מתי התחילו להצפין מידע? - איך שוברים הצפנה? - איך ולמה חוקרת צפנים מתחילה לכתוב ספר ילדים? אחרי שהאזנתם לפרק מוזמנים להצטרף לקבוצת המאזינים שלנו - שם אנחנו מאמתים שאתם לא רובוטים >>> https://chat.whatsapp.com/KwUu8pQsxx220qS7AXv04T תודה ל@הגר על ההזמנה וההזדמנות להקליט פרק בלייב במתחם המקסים בפרק מת״מ! נשמח לשמוע את דעתכם על הפרק בתגובות. פרק 75 - Data Security Hard Reset - הפודקאסט של קהילת Hardware Engineering Israel. פרק זה הוקלט במהלך מלחמת ״חרבות ברזל״. מוזמנים ליצור איתנו קשר במייל podcasthardreset@gmail.com האזנה נעימה. Lior Schermann Yuval Kogan

In this episode of the Cyber Uncut podcast, host Liam Garman is joined by Mike Franklin, Australian cyber security lead at Protecht, to discuss the current cyber security landscape, the importance of top-down cyber security culture, and the impact of AI on cyber security. Garman and Franklin begin with a discussion on the current cyber security landscape, such as the importance of risk management and the evolving techniques used by malicious actors. The pair also discuss the importance of differentiating IT risk, such as product availability and other operational issues, and cyber risk. Franklin then highlights the importance of understanding and prioritising an organisation's critical assets and the need for a strong top-down cyber security culture. Finally, Franklin discusses the impact of AI on cyber security and how the role of the technology is quickly evolving from both a defence and an offence perspective. Enjoy the episode, The Cyber Uncut team

Bob Burke, Chief Information Security Officer at Beyond Identity, challenges the effectiveness of traditional multi-factor authentication (MFA) in the evolving landscape of cybersecurity. He argues that legacy MFA solutions, which often rely on out-of-band authorization methods like push notifications or one-time passwords, are no longer sufficient against the rising tide of sophisticated cyber threats. With the advent of services like phishing-as-a-service, attackers can easily bypass these outdated security measures, necessitating a shift towards phishing-resistant authentication methods. Burke emphasizes the need for organizations to adopt solutions that not only enhance security but also consider device posture and trustworthiness.Burke also critiques the current state of FIDO2 and passkeys, acknowledging their potential while highlighting their limitations, particularly in terms of device posture and user experience. He suggests that small to mid-sized businesses (SMBs) should prioritize phishing-resistant solutions that integrate both browser protection and device authentication. Furthermore, he raises concerns about the pricing models of many Software as a Service (SaaS) providers, which often place essential security features behind higher-tier subscriptions, effectively discouraging customers from adopting more secure practices.The conversation shifts to the endpoint detection and response (EDR) market, where Burke notes that while EDR solutions are still necessary, they are evolving into more comprehensive offerings like extended detection and response (XDR). He points out that many of these solutions are priced for enterprise-level organizations, leaving SMBs and mid-market companies struggling to find affordable options. Burke encourages these organizations to seek out solutions that fit their budget while still providing essential security capabilities.Finally, Burke shares insights from his experience with the FedRAMP certification process, emphasizing the importance of building internal security competencies and integrating security into product design from the outset. He advocates for a clear internal compliance program, such as NIST, to guide organizations in their security efforts. As the cybersecurity landscape continues to evolve, Burke warns that the tempo and scope of attacks are increasing, driven by advancements in AI, and urges organizations to reassess their security architectures to stay ahead of emerging threats.  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Austin Allen, Sr. Director of Global Solutions Architecture at Airlock Security, joins the Nexus Podcast to discuss cybersecurity realities happening inside healthcare delivery organizations. Allen covers challenges and solutions around legacy software managing connected medical devices, and other cybersecurity risks potentially negatively impacting patient care. Allen also discusses the role of industry regulations and the role of compliance in guiding hospital cybersecurity programs.

Will EU cybersecurity laws result in new global standards? Should companies handle NIS2 compliance in concert with GDPR, AI Act, or Data Act requirements? Does it make sense to take data localization to its ultimate consequences? Nathalie Barrera serves as the Director for Privacy for the EMEA region at Palo Alto Networks, which is a leading provider of cybersecurity solutions. Her expertise involves the company's compliance with NIS2, the AI Act, the GDPR, and DORA. She also assists customers in navigating their own complex regulatory requirements. She has previously spent seven years at Cisco Systems working as commercial counsel and Privacy and Security Counsel.  She studied law and completed her LLM at the University of Navarra.  References: Nathalie Barrera on LinkedIn EU Network and Information Services Directive II EU Data Act EU Digital Operational Resilience Act (DORA)  

What does modern cybersecurity look like when you're leading a federally regulated financial institution serving Canadians from coast to coast? In this episode, recorded at Cisco Live last month, I sat down with Shawn Spurko, VP of Information and Cybersecurity at Innovation Federal Credit Union. Based in Swift Current, Saskatchewan, but now operating across the country, Shawn Spurko has played a key role in building a security posture that treats laptops as offices and supports a workforce no longer tethered to physical locations. Shawn Spurkoshares his journey from service desk and web design to becoming a cybersecurity leader, and offers a refreshingly grounded view of how to approach regulation, zero trust, and digital maturity. He explains how Innovation CU's move from a provincial to a federal charter transformed their compliance obligations and how solutions like Cisco Secure Access enabled them to scale security seamlessly for a hybrid workforce. We explore why transparent, user-friendly security is no longer optional and how mature implementations of SWG, ZTNA, DLP, and management tunnels are quietly solving problems before users even notice them. Shawn Spurkoalso opens up about the practical realities of working with tools that are constantly evolving, and how his team reviews every new feature not just for capability but for how it maps to regulatory controls like Canada's OSFI B-13. This episode is a masterclass in modern cyber strategy, but it's also a reminder that the goal isn't complexity, it's making things work, everywhere, all the time. So, as the cybersecurity landscape continues to shift and regulators tighten expectations, how are you designing systems that work for both users and auditors? And what lessons can we all learn from financial services as we navigate this new world of anywhere access?

In this episode of 'Cybersecurity: Today's Month in Review,' the panel of experts, including Laura Payne, David Shipley, and new guest Tammy Harper, delve into major cybersecurity stories from the past month. Discussions range from the recent arrest of a Montreal scam operator, Scattered Spider's targeted attacks on various sectors, and the impacts of AI on the cybersecurity landscape. The panel also highlights industry shifts, new threat tactics, and the importance of strategic communication during incidents. The episode concludes with reflections on AI's integration into enterprise systems, emphasizing preparation and ethical considerations. 00:00 Introduction to the Cybersecurity Month in Review 00:12 Meet the Panelists 00:26 Laura Payne's Introduction 01:04 David Shipley's Introduction 01:38 Tammy Harper's Introduction 04:09 First Story: Montreal Scam Arrest 10:52 David Shipley's Big Story: Scattered Spider 16:40 The Rise of Young Cybercriminals 32:36 Ingram Micro Ransomware Attack 33:27 Government Breaches and Fast Recovery 34:56 Ingram Micro Incident and Communication Failures 35:55 Importance of Communication in Incident Response 37:39 Ransomware Trends and Threat Actor Tactics 39:55 Shift from Encryption to Exfiltration 46:41 Government Actions and Market Impact 51:27 AI in Cybersecurity: Risks and Opportunities 58:53 Ethical AI and Future Considerations 01:08:12 Final Thoughts and Wrap-Up

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Inside IR and AI with Paul Caron | DailyCyber 267 ~ Watch Now ~In today's DailyCyber Podcast, I'm joined by Paul Caron, Head of Cyber Security, Americas at S-RM.Paul brings over 20 years of experience across military intelligence, counterterrorism, and cybersecurity leadership—including senior roles at PwC and as Managing Director of Incident Response at a global consulting firm. We dive deep into Incident Response realities and how AI is reshaping the security landscape.

SSH Tunneling in Action: direct-tcp requests Attackers are compromising ssh servers to abuse them as relays. The attacker will configure port forwarding direct-tcp connections to forward traffic to a victim. In this particular case, the Yandex mail server was the primary victim of these attacks. https://isc.sans.edu/diary/SSH%20Tunneling%20in%20Action%3A%20direct-tcp%20requests%20%5BGuest%20Diary%5D/32094 Fortiguard FortiWeb Unauthenticated SQL injection in GUI (CVE-2025-25257) An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. https://www.fortiguard.com/psirt/FG-IR-25-151 Ruckus Virtual SmartZone (vSZ) and Ruckus Network Director (RND) contain multiple vulnerabilities Ruckus products suffer from a number of critical vulnerabilities. There is no patch available, and users are advised to restrict access to the vulnerable admin interface. https://kb.cert.org/vuls/id/613753

In this episode of the Drop In CEO podcast Michelle Drolet, Founder and CEO of Towerwall, to discuss the complexities of cybersecurity and her journey as a leader in the tech industry. Michelle shares her personal and professional background, detailing her rise to CEO, overcoming significant challenges, and her strategies for building robust cyber defense programs for clients. The conversation highlights her resilience through personal adversities, the significance of trustworthy relationships, and the importance of giving back to the community through initiatives like the Towerwall Cyber Summit. Michelle emphasizes the need for organizations to be proactive and vigilant in their cybersecurity efforts, offering insights into how Towerwall partners with clients to secure their digital infrastructure. The episode concludes with inspiring words on leadership, resilience, and the importance of community impact. Episode Highlights: 02:15 Michelle's Journey in Cybersecurity 07:05 Challenges and Resilience in Leadership 14:40 The Importance of Cybersecurity 27:08 Family and Business: A Personal Insight Michelle Drolet is the Founder and CEO of Towerwall, a leading cybersecurity firm serving clients like BOSE, Smith & Wesson, Brown University, and UMass Memorial Health. Recognized as one of CTO Magazine’s "Top Women in Cybersecurity" and named to Forbes’ "50 Over 50," Michelle brings decades of experience helping organizations protect what matters most. With a client roster that spans industries and borders—including the Insurance Board of the Bahamas—Michelle is a sought-after thought leader and speaker. She’d be honored to join The Drop in CEO podcast to share actionable insights from the front lines of cybersecurity leadership and strategy. Connect with Michelle Drolet: LinkedIn: https://www.linkedin.com/in/michelle-drolet-a926b79/ Company Website: Towerwall.com For more information about my services or if you just want to connect and have a chat, reach out at: https://dropinceo.com/contact/See omnystudio.com/listener for privacy information.

In this episode of Cybersecurity Today, host Jim Love discusses major updates on the recent cyber attack on Marks and Spencer, revealing new details and arrests. The breach involved sophisticated social engineering that infiltrated the company's network through an IT service provider, leading to 150GB of stolen data. Love then covers a massive insider breach at a Brazilian bank where an IT worker facilitated the theft of $140 million by selling login credentials. Lastly, the episode highlights a McDonald's HR data breach caused by weak security practices in an AI screening app, exposing millions of job applicant records. Key insights on these incidents emphasize the importance of robust cybersecurity measures and internal controls. 00:00 Introduction and Headlines 00:20 Marks and Spencer Hack: New Developments 04:07 Brazilian Bank Breach: An Inside Job 06:40 McDonald's HR Data Breach: A Comedy of Errors 10:21 Conclusion and Upcoming Features

Send us a textPlease join us for our 250th episode, celebrating 5 and a half years of privacy, data protection, cyber law education and hot topics with hosts Paul Breitbarth, Ralph O'Brien, and Dr. K Royal. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Sanjay Poonen, CEO of Cohesity, explains the business of data protection and using that data for AI. “We are intersecting security and AI,” he says, with backers including some Mag 7 members. He talks about the importance of machine learning to the cybersecurity industry in stopping ransomware and other digital attacks, as well as recovery afterwards. He looks at various customer needs and data pools, such as the regulatory requirements that banks are under, or hospital medical records.======== Schwab Network ========Empowering every investor and trader, every market day. Subscribe to the Market Minute newsletter - https://schwabnetwork.com/subscribeDownload the iOS app - https://apps.apple.com/us/app/schwab-...Download the Amazon Fire Tv App - https://www.amazon.com/TD-Ameritrade-...Watch on Sling - https://watch.sling.com/1/asset/19192...Watch on Vizio - https://www.vizio.com/en/watchfreeplu...Watch on DistroTV - https://www.distro.tv/live/schwab-net...Follow us on X – / schwabnetwork Follow us on Facebook – / schwabnetwork Follow us on LinkedIn - / schwab-network About Schwab Network - https://schwabnetwork.com/about

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Ransomware Minute is a rundown of the latest ransomware attacks & news, brought to you Cybercrime Magazine, Page ONE for Cybersecurity. Listen to the podcast weekly and read it daily at https://ransomwareminute.com. For more on cybersecurity, visit us at https://cybercrimemagazine.com.

How can you approach your company's leadership to advocate for best security practices? Megan dives into a BIA (Business Impact Analysis) breakdown with triple guest features from FRSecure's Consulting Team. Mea Yang, Coral Morgan, and Kathryn Frickstad-Olson recall client trumphs and challenges they have witnessed with implementing BIAs.Whether you need a 101 course in BIA Practices, want a little guidance with a company conversation, or simply want to learn more about a BIA's purpose and value, this episode is for you!Access our free BIA Starter Kit by downloading today!FRSecure BIA Starter Kit--As always, let us know what you'd like to see next! Send your thoughts to unsecurity@frsecure.com. Follow for more!LinkedIn: FRSecure Instagram: FRSecureOfficial   Facebook: FRSecure BlueSky: FRSecureAbout FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

In this episode, we dive into the unique cybersecurity challenges faced by the financial services sector, from high-value targets and strict compliance requirements to the constant threat of phishing and ransomware. We'll break down common attack paths, what makes financial orgs so attractive to threat actors, and most importantly, what IT and security teams can do to stay ahead. Whether you're on the red team, blue team, or in leadership, this episode will help you strengthen your security posture in one of the most targeted industries on the planet.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

Setting up Your Own Certificate Authority for Development: Why and How. Some tips on setting up your own internal certificate authority using the smallstep CA. https://isc.sans.edu/diary/Setting%20up%20Your%20Own%20Certificate%20Authority%20for%20Development%3A%20Why%20and%20How./32092 Animation-Driven Tapjacking on Android Attackers can use a click-jacking like trick to trick victims into clicking on animated transparent dialogs opened from other applications. https://taptrap.click/usenix25_taptrap_paper.pdf Adobe Patches Adobe patched 13 different products yesterday. Most concerning are vulnerabilities in Coldfusion that include code execution and arbitrary file disclosure vulnerabilities. https://helpx.adobe.com/security/security-bulletin.html

Send us a textYou're not Amazon. You don't sell crypto. So why would hackers come for your tiny business website? That's exactly what they're hoping you'll think. In this episode, Mike and Blaine dig into the sneaky (and shockingly common) cyber threats that target small business sites—from stolen card testing to DDoS attacks to rogue plugins from 2012. You'll hear why even “boring” sites get hit, what it costs to clean up, and how to protect your business without hiring a full-time IT department. It's less about paranoia—and more about not getting punked by a bot in Belarus.Don't miss the latest insights and entertaining discussions on entrepreneurship, small business, and random BS. Subscribe, follow, and like Mike and Blaine's "Business, Beer, and BS" and catch every episode! Featured Beer: @altstadtbrewery @blindmanbrewingMike: Altstadt Brewery RadlerBlaine: Blindman Brewing “May Long” DIPAWatch on YouTube: https://youtu.be/C2EN43VBbFwThanks to our Beer Sponsors: • Rachel Barnett from Gentle Frog: youtube.com/@GentleFrog • Karen Hairston from 3S Smart Consulting: 3ssmartconsulting.com• Larry Weinstein, the Cash Flow Cowboy in Houston Texas!• Neighbor Pat• DevinListen to all our episodes at mikeandblaine.comcashflowmike.comdryrun.com#mikeandblaine #smallbusines #cashflow #finance #beer #entrepreneur #craftbeerSupport the showCatch more episodes, see our sponsors and get in touch at https://mikeandblaine.com/

Text us a pool question!In this episode of the Talking Pools podcast, hosts Steve and Wayne discuss various topics related to pool maintenance, including the importance of reliable staffing, the impact of ransomware attacks on the industry, and the significance of effective water testing. They emphasize the need for strong cybersecurity measures, especially in light of recent attacks, and the importance of clear communication with clients regarding pool maintenance expectations. The conversation also touches on the challenges posed by weather conditions and the necessity of understanding pool chemistry for effective maintenance.takeawaysSteve shares his recent wedding experience in Turks and Caicos.Reliable staffing is crucial for business continuity during personal events.Ransomware attacks can affect any business with technology.Cybersecurity is essential for protecting business operations.Weather significantly impacts pool maintenance and water quality.Proper water testing is vital for pool health and safety.Communication with clients about pool conditions is key.The cost of maintaining pools can vary significantly.Understanding pool chemistry is essential for effective maintenance.Evaluating client relationships is important for business sustainability.Sound Bites"Congratulations, Steve and Janet.""Ransomware affects anyone with tech going on.""Is it worth it for me to send a guy out there?"Chapters00:00Celebrating New Beginnings02:38The Importance of Reliable Staffing04:58Navigating Ransomware Attacks10:41The Significance of Proper Pool Maintenance23:52Understanding Water Chemistry30:47The Dangers of Cheap Testing Kits36:34Client Communication and Expectations42:15Evaluating Client Relationships Support the showThank you so much for listening! You can find us on social media: Facebook Instagram Tik Tok Email us: talkingpools@gmail.com

Another Israeli spyware vendor surfaces. Win11 to delete restore points more quickly. The EU accelerates its plans to abandon Microsoft Azure. The EU sets timelines for Post-Quantum crypto adoption. Russia to create a massive IMEI database. Canada and the UK create the "Common Good Cyber Fund". U.S. states crack down on Bitcoin ATMs amid growing scams. Congressional staffers cannot use WhatsApp on gov devices. LibXML2 and the problems with commercial use of OSS. A(nother) remote code execution vulnerability in WinRAR. Have-I-Been-Pwned gets a cool data visualization site. How is ransomware getting in? Windows to offer "safe" non-kernel endpoint security? Proactive age verification coming to porn sites. How? Canada (also) says "bye bye" to Hikvision. Germany will be banning DeekSeek. The whole EU may follow. Cloudflare throttled in Russia? What must the U.S. do to compete in global exploit acquisition? Show Notes - https://www.grc.com/sn/SN-1033-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/securitynow Melissa.com/twit 1password.com/securitynow hoxhunt.com/securitynow canary.tools/twit - use code: TWIT

Microsoft Patch Tuesday, July 2025 Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities was disclosed before being patched, and none of the vulnerabilities have so far been exploited. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%2C%20July%202025/32088 Opposum Attack If a TLS server is configured to allow switching from HTTP to HTTPS on a specific port, an attacker may be able to inject a request into the data stream. https://opossum-attack.com/ Ivanti Security Updates Ivanty fixed vulnerabilities in Ivanty Connect Secure, EPMM, and EPM. In particular the password decryption vulnerabliity may be interesting. https://www.ivanti.com/blog/july-security-update-2025