The protection of computer systems from theft or damage
POPULARITY
Categories
China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security
China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security
China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security
China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security
China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security
The Roundtable Panel: a daily open discussion of issues in the news and beyond. Today's panelists are Dean of the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany Robert Griffin, Diplomat in residence at Bard College Ambassador Frederic Hof, and CEO of The Business Council of New York State Heather Mulligan.
China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security
⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com Title: Bridging Worlds: How Technology Connects — or Divides — Our Communities Guest: Lawrence EtaGlobal Digital AI Thought Leader | #1 International Best Selling Author | Keynote Speaker | TEDx Speaker | Multi-Sector Executive | Community & Smart Cities Advocate | Pioneering AI for Societal AdvancementWebSite: https://lawrenceeta.comOn LinkedIn: https://www.linkedin.com/in/lawrence-eta-9b11139/ Host: Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Consultant | Journalist | Writer | Podcasts: Technology, Cybersecurity, Society, and Storytelling.WebSite: https://marcociappelli.comOn LinkedIn: https://www.linkedin.com/in/marco-ciappelli/_____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak: https://itspm.ag/itspbcweb_____________________________⸻ Podcast Summary ⸻ In this episode of Redefining Society and Technology, I sit down with Lawrence Eta — global technology leader, former CTO of the City of Toronto, and author of Bridging Worlds. We explore how technology, done right, can serve society, reduce inequality, and connect communities. From public broadband projects to building smart — sorry, connected — cities, Lawrence shares lessons from Toronto to Riyadh, and why tech is only as good as the values guiding it. ⸻ Article ⸻ As much as I love shiny gadgets, blinking lights, and funny noises from AI — we both know technology isn't just about cool toys. It's about people. It's about society. It's about building a better, more connected world. That's exactly what we explore in my latest conversation on Redefining Society and Technology, where I had the pleasure of speaking with Lawrence Eta. If you don't know Lawrence yet — let me tell you, this guy has lived the tech-for-good mission. Former Chief Technology Officer for the City of Toronto, current Head of Digital and Analytics for one of Saudi Arabia's Vision 2030 mega projects, global tech consultant, public servant, author… basically, someone who's been around the block when it comes to tech, society, and the messy, complicated intersection where they collide. We talked about everything from bridging the digital divide in one of North America's most diverse cities to building entirely new digital infrastructure from scratch in Riyadh. But what stuck with me most is his belief — and mine — that technology is neutral. It's how we use it that makes the difference. Lawrence shared his experience launching Toronto's Municipal Broadband Network — a project that brought affordable, high-speed internet to underserved communities. For him, success wasn't measured by quarterly profits (a refreshing concept, right?) but by whether kids could attend virtual classes, families could access healthcare online, or small businesses could thrive from home. We also got into the “smart city” conversation — and how even the language we use matters. In Toronto, they scrapped the “smart city” buzzword and reframed the work as building a “connected community.” It's not about making the city smart — it's about connecting people, making sure no one gets left behind, and yes, making technology human. Lawrence also shared his Five S principles for digital development: Stability, Scalability, Solutions (integration), Security, and Sustainability. Simple, clear, and — let's be honest — badly needed in a world where tech changes faster than most cities can adapt. We wrapped the conversation with the big picture — how technology can be the great equalizer if we use it to bridge divides, not widen them. But that takes intentional leadership, community engagement, and a shared vision. It also takes reminding ourselves that beneath all the algorithms and fiber optic cables, we're still human. And — as Lawrence put it beautifully — no matter where we come from, most of us want the same basic things: safety, opportunity, connection, and a better future for our families. That's why I keep having these conversations — because the future isn't just happening to us. We're building it, together. If you missed the episode, I highly recommend listening — especially if you care about technology serving people, not the other way around. Links to connect with Lawrence and to the full episode are below — stay tuned for more, and let's keep redefining society, together. ⸻ Keywords ⸻ Connected Communities, Smart Cities, Digital Divide, Public Broadband, Technology and Society, Digital Infrastructure, Technology for Good, Community Engagement, Urban Innovation, Digital Inclusion, Public-Private Partnerships, Tech LeadershipEnjoy. Reflect. Share with your fellow humans.And if you haven't already, subscribe to Musing On Society & Technology on LinkedIn — new transmissions are always incoming.You're listening to this through the Redefining Society & Technology podcast, so while you're here, make sure to follow the show — and join us as we continue exploring life in this Hybrid Analog Digital Society.End of transmission.____________________________Listen to more Redefining Society & Technology stories and subscribe to the podcast:
Cybersecurity warnings about possible Iranian retaliation have surged. A potential act of sabotage disrupts the NATO Summit in The Hague. Canadian cybersecurity officials discover Salt Typhoon breached a major telecom provider. The U.S. House bans WhatsApp from all government devices. APT28 uses Signal chats in phishing campaigns targeting Ukrainian government entities. A China-linked APT has built a covert network of over 1,000 compromised devices for long-term espionage. FileFix is a new variant of the well-known ClickFix method. SparkKitty targets Android and iOS users for image theft. Scammers steal $4 million from Coinbase users by posing as support staff. On today's Threat Vector, host David Moulton sits down with Tyler Shields, Principal Analyst at ESG, to discuss the fine line between thought leadership and echo chambers in the industry. War Thunder gamers just can't resist state secrets. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, host David Moulton sits down with Tyler Shields, Principal Analyst at ESG, entrepreneur, and cybersecurity marketing expert, to discuss the fine line between thought leadership and echo chambers in the industry. You can hear David and Tyler's full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app. Selected Reading Warnings Ratchet Over Iranian Cyberattack (BankInfoSecurity) NATO Summit in The Hague hit by potential sabotage as rail cables set on fire (The Record) Canada says Salt Typhoon hacked telecom firm via Cisco flaw (BleepingComputer) Scoop: WhatsApp banned on House staffers' devices (Axios) APT28 hackers use Signal chats to launch new malware attacks on Ukraine (Bleeping Computer) Chinese APT Hacking Routers to Build Espionage Infrastructure (SecurityWeek) FileFix - A ClickFix Alternative (mr.d0x) Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play (SecurityWeek) Hackers Impersonate Coinbase User Support To Scam Victims of $4,000,000 Before Blowing Most of Money on Gambling: ZachXBT (The Daily Hodl) Reset the clock! War Thunder fan posts restricted Harrier data to game forum (Cyber Daily) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Scans for Ichano AtHome IP Cameras A couple days ago, a few sources started scanning for the username super_yg and the password 123. This is associated with Ichano IP Camera software. https://isc.sans.edu/diary/Scans%20for%20Ichano%20AtHome%20IP%20Cameras/32062 Critical Netscaler Security Update CVE-2025-5777 CVE 2025-5777 is a critical severity vulnerability impacting NetScaler Gateway, i.e. if NetScaler has been configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. https://www.netscaler.com/blog/news/critical-security-updates-for-netscaler-netscaler-gateway-and-netscaler-console/ WinRar Vulnerability CVE-2025-6218 WinRar may be tricked into extracting files into attacker-determined locations, possibly leading to remote code execution https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9
After the U.S. strikes on Iran's nuclear facilities over the weekend, on Monday Iran began their retaliation. Several Iranian missiles were launched at the U.S. Air Force base in Qatar, which were ultimately intercepted. This week, American lawmakers are seeking further information about these strikes, with some even questioning why this mission occurred without congressional approval. Senator Deb Fischer (R-NE) joins the Rundown to explain the strategic implications of President Trump's decision, the potential for regime change in Iran, and the ongoing debate over Congress's role in authorizing military action. Iran's retaliation against the United States goes beyond military force. There is also the threat of cyberwarfare, including the potential for infiltrating social media. Cybersecurity expert and American AI Logistics CEO John Cofrancesco discusses the risk of Iranian hackers targeting American businesses and infrastructure, how America is prepared to respond, and why he believes Russia and China have a vested interest in using misinformation online to divide the U.S. and exploit its conflict with Iran. Plus, commentary from FOX News Legal Analyst Gregg Jarrett. Photo Credit: AP Learn more about your ad choices. Visit podcastchoices.com/adchoices
Today’s Packet Protector digs into risks and threats you might encounter in a Kubernetes environment, what to do about them, and why sometimes a paved path (or boring technology) is the smartest option. My guest is Natalie Somersall, Principal Solutions Engineer for the Public Sector at Chainguard. We talk about risks including identity and access... Read more »
Every part of life that comes in contact with the Internet is tracked, packed and sold to a a seemingly infinite network of data brokers. Caitlin Sarian AKA Cybersecurity Girl joined us this week to discuss why scrubbing your information is trickier than it sounds and what you can do about it.
Today’s Packet Protector digs into risks and threats you might encounter in a Kubernetes environment, what to do about them, and why sometimes a paved path (or boring technology) is the smartest option. My guest is Natalie Somersall, Principal Solutions Engineer for the Public Sector at Chainguard. We talk about risks including identity and access... Read more »
เปิดพอดแคสต์เอพิโสดนี้ใน YouTube เพื่อประสบการณ์การรับชมที่ดีที่สุด เมื่อโลกก้าวสู่ยุคไร้เงินสด ธุรกิจบัตรชำระเงินจะปรับตัวอย่างไร? Mastercard ในฐานะผู้นำด้านเทคโนโลยีการชำระเงิน มีแนวทางรับมืออย่างไร? อะไรคือหัวใจของการชำระเงินดิจิทัลที่ไร้รอยต่อ? ทำไมคุณ Winnie Wong ผู้บริหารของ Mastercard จึงกล่าวว่า ความสำเร็จอยู่ที่การ "บาลานซ์ระหว่างความซับซ้อนหลังบ้านกับความเรียบง่ายหน้าบ้าน"? ติดตามคำตอบได้ใน The Secret Sauce อีพีนี้
In this powerful and thought-provoking episode, we sit down with three powerhouse women in cybersecurity—Emma, Aparna, and Sumi—who bring distinctly different journeys from pharmacy, law, technical sales, and engineering into one common mission: reshaping the cybersecurity industry from within. Together, they dive deep into what makes cybersecurity exciting, how resilience and authenticity fuel success, and why community—not conformity—is key to lasting impact.With candid conversations about navigating gender bias, building real allyship, and mentoring the next generation of women in tech, this episode pulls back the curtain on what it really takes to thrive in a male-dominated space. From managing cross-functional teams to balancing business needs with technical demands, these leaders share practical advice, hard-won lessons, and a powerful vision for a more inclusive, empowered future in cyber.Other topics we talked about:What drew each guest to cybersecurity from nontraditional backgrounds The role of mentorship and sponsorship in career growth Confronting misconceptions and biases in the workplace Why visibility and feedback are crucial for career advancement Balancing empathy and authority in leadership Retention strategies for women in tech The power of storytelling in inspiring the next generation How to build trust across business and security teams Whether you're deep in the industry or just cyber-curious, you'll leave inspired to challenge the status quo—and uplift others along the way.Stay Connected with our host, Raghu on LinkedInFor more information about Illumio, check out our website at illumio.com
Myke Lyons, CISO at Cribl, discusses cybersecurity in retail, especially in relation to the recent string of attacks against the sector.
Kory Daniels, Chief Information Security Officer at Trustwave, highlights the unique cybersecurity challenges facing the healthcare industry, particularly in this environment of funding constraints and the increasing sophistication of cyberattacks. Healthcare data is highly valuable to cybercriminals, who can use it for ransomware attacks, identity and insurance fraud, and other nefarious purposes. AI can be part of both the attack and the solution, helping to build in more cyber resilience and awareness about vulnerabilities. Kory explains, "Healthcare is a prime target for cyberattacks for a very fundamental reason. When human lives are at risk due to a criminal objective—which is to make money—they view organizations where human lives are at risk as a greater potential and opportunity. Facilitation of ransomware payments: Ransomware is one of the largest tactics that criminals use to achieve financial gain, but it's not the only tactic they use to achieve financial gain. So, they're looking to exploit the fear and uncertainty, putting patient lives at risk and adding complexity to patient care through their nefarious actions. But also, healthcare data is very attractive for cybercriminals, and just criminal activity in general. And why that is, is that criminals are looking at healthcare data even more so—it's more valuable than driver's license data." "Look at the opportunity of what you can do with healthcare records, and what can you do with PII, Personally Identifiable Information. Threat actors are tapping into this data in several different ways to achieve the additional financial gain above and beyond targeting a healthcare organization with a ransomware attack." "But they're also committing fraud, and fraud toward healthcare insurers, and looking at submitting false claims, fraud against the prescription drug industry in terms of soliciting and looking to obtain prescription drugs through nefarious means, but utilizing data and identity data that comes from hospital and healthcare records. There are a variety of different ways that we've just scratched the surface on, which make the healthcare industry such a desirable target for those seeking to achieve financial gain in the criminal industry." #Trustwave #Cybersecurity #CyberAttacks #HealthcareSecurity #HealthcareIT #CISOInsights trustwave.com Download the transcript here
Kory Daniels, Chief Information Security Officer at Trustwave, highlights the unique cybersecurity challenges facing the healthcare industry, particularly in this environment of funding constraints and the increasing sophistication of cyberattacks. Healthcare data is highly valuable to cybercriminals, who can use it for ransomware attacks, identity and insurance fraud, and other nefarious purposes. AI can be part of both the attack and the solution, helping to build in more cyber resilience and awareness about vulnerabilities. Kory explains, "Healthcare is a prime target for cyberattacks for a very fundamental reason. When human lives are at risk due to a criminal objective—which is to make money—they view organizations where human lives are at risk as a greater potential and opportunity. Facilitation of ransomware payments: Ransomware is one of the largest tactics that criminals use to achieve financial gain, but it's not the only tactic they use to achieve financial gain. So, they're looking to exploit the fear and uncertainty, putting patient lives at risk and adding complexity to patient care through their nefarious actions. But also, healthcare data is very attractive for cybercriminals, and just criminal activity in general. And why that is, is that criminals are looking at healthcare data even more so—it's more valuable than driver's license data." "Look at the opportunity of what you can do with healthcare records, and what can you do with PII, Personally Identifiable Information. Threat actors are tapping into this data in several different ways to achieve the additional financial gain above and beyond targeting a healthcare organization with a ransomware attack." "But they're also committing fraud, and fraud toward healthcare insurers, and looking at submitting false claims, fraud against the prescription drug industry in terms of soliciting and looking to obtain prescription drugs through nefarious means, but utilizing data and identity data that comes from hospital and healthcare records. There are a variety of different ways that we've just scratched the surface on, which make the healthcare industry such a desirable target for those seeking to achieve financial gain in the criminal industry." #Trustwave #Cybersecurity #CyberAttacks #HealthcareSecurity #HealthcareIT #CISOInsights trustwave.com Listen to the podcast here
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
ADS & Python Tools Didier explains how to use his tools cut-bytes.py and filescanner to extract information from alternate data streams. https://isc.sans.edu/diary/ADS%20%26%20Python%20Tools/32058 Enhanced security defaults for Windows 365 Cloud PCs Microsoft announced more secure default configurations for its Windows 365 Cloud PC offerings. https://techcommunity.microsoft.com/blog/windows-itpro-blog/enhanced-security-defaults-for-windows-365-cloud-pcs/4424914 CVE-2025-34508: Another File Sharing Application, Another Path Traversal Horizon3 reveals details of a recently patched directory traversal vulnerability in zend.to. https://horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/ Unexpected security footguns in Go's parsers Go parsers for JSON and XML are not always compatible and can parse data in unexpected ways. This blog by Trails of Bits goes over the various security implications of this behaviour. https://blog.trailofbits.com/2025/06/17/unexpected-security-footguns-in-gos-parsers/
Jason describes why, as the most significant state supporter of terrorism, Iran is a threat to the United States and absolutely cannot get a hold of a nuclear weapon. He also delves into the current state of the President's "big, beautiful bill" in the Senate as the July 4th deadline nears. CEO and Founder of the National Center for Open and Unsolved Cases and Senior Fellow with the Center for Digital Government, Morgan Wright, joins to discuss the growing importance of cybersecurity and artificial intelligence in modern warfare. He also explains the risks of artificial intelligence, particularly for using deepfakes and autonomous weapon systems. Bring on the stupid: A Michigan woman makes a peanut butter and jelly sandwich during her virtual court session, and the judge is unhappy. Learn more about your ad choices. Visit podcastchoices.com/adchoices
In this episode of Supply Chain Now, hosts Scott Luton and Tevon Taylor sit down with Will Quinn, supply chain consultant at CAMM Consulting and better known as The Distribution Guy® to unpack the evolving world of warehousing and distribution. With a rich background spanning military logistics, Coca-Cola operations, and enterprise tech systems, Will offers a grounded yet forward-looking view of how distribution excellence is built from the floor up.Together, they explore why the biggest risk in distribution is doing nothing, how to use AI to document standard operating procedures, and what the dirtiest ceiling fan in the building might say about a warehouse's performance. Will also shares why digital transformation should support—not drive—your business strategy and why automation won't replace people, but poorly managed change might.The discussion also touches on tariff-induced uncertainty, rising labor costs, cybersecurity vulnerabilities, and the rising importance of nearshoring. Will and Tevon share leadership insights that emphasize culture, consistency, and communication—and leave us with a simple but powerful reminder: success starts with taking care of your people.Jump into the conversation:(00:00) Intro (03:23) Will Quinn, The Distribution Guy® (04:39) Stories and personal backgrounds (13:33) Diving into distribution and warehousing (16:55) Tariffs and global supply chains (20:01) Operational mistakes in warehouse strategy (25:31) Cybersecurity in the supply chain (25:59) Best practices for preventing hacks (26:49) Recognizing phishing attempts (27:15) Operational resilience and cybersecurity (29:16) Assessing warehouse efficiency (30:32) Key factors in warehouse management (31:53) The importance of culture in warehousing (35:37) Risks in technology adoption (42:01) Preparing for the future of warehousing (45:02) How to connect with Will and Tevon Resources:Learn more about The Distribution Guy®: https://www.thedistributionguy.com Connect with Will: https://www.linkedin.com/in/thedistributionguy Connect with Scott: https://www.linkedin.com/in/scottwindonluton/ Connect with Tevon: https://www.linkedin.com/in/tevontaylor/ Learn more about Supply Chain Now: https://supplychainnow.com Watch and listen to more Supply Chain Now episodes here: https://supplychainnow.com/program/supply-chain-now Subscribe to Supply Chain Now on your favorite platform: https://supplychainnow.com/join Work with us! Download Supply Chain Now's NEW Media Kit: https://bit.ly/3XH6OVkWEBINAR- In Chaos We Create: Bridging the Critical Raw Materials Gap Through Strategic Convergence: https://bit.ly/459BzIQWEBINAR- Transforming Operations: Flowers...
InfoComm 2025 is one of the biggest trade shows for the AV industry. It's so big, we couldn't fit everything into just one episode! In part 2 of our conversations at the show in the Midwich recording studio, we talk to Steve Greenblatt from Control Concepts (and host of A State of Control), Joe Way from UCLA and Neil Fluester about all thing InfoComm. The vibe of the show, what they saw that amazed them, and the future of our industry moving forward.The video version of this podcast can be found here.Host: Tim AlbrightGuests:Steve Greenblatt – Control ConceptsJoe Way – UCLANeil Fluester – Neil on LinkedInRoundtable Topics:AVNation – Our Coverage of InfoComm 2025See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Please enjoy this encore of Career Notes. Jadee Hanson, CIO and CISO at Code 42, started her technology journey thanks to the help of a teacher in high school. She began college studying computer science and ended with a degree in computer information systems as it had more of the business side. Working in the private sector for companies such as Deloitte, Target and Code 42, Jadee gained experience and specialized in insider risk. She notes "utopia for me and my team is to get to a spot where the team is just firing on all cylinders and being really proactive about what's coming and what's changing." Jadee mentions she tries hard to do things that might scare her every day. For those interested in the field, especially young women, Jadee recommends they get involved and then stay curious. We thank Jadee for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Small and mid-sized businesses are increasingly curious about how to leverage artificial intelligence (AI) to enhance their operations. As they explore the potential of AI, they are asking critical questions about implementation, automation, and customer engagement. Experts Hunter Jensen and Barbara Paluszkiewicz discuss the challenges these businesses face, particularly regarding data readiness and cybersecurity. They emphasize the importance of understanding specific use cases and ensuring that companies have the necessary infrastructure and security measures in place before deploying AI solutions.Hunter highlights that many organizations, especially those that have been around for a while, struggle with data quality and governance. He notes that businesses often have "skeletons in their data closets," which can hinder effective AI deployment. Barb adds that for companies to safely utilize AI, they must have robust cybersecurity measures, including data loss prevention and user training. This foundational work is crucial to protect sensitive information and ensure compliance with regulations.The conversation also touches on the rising costs and complexities associated with private AI infrastructure. Hunter explains that while public large language models (LLMs) can be effective for certain tasks, businesses dealing with confidential information may benefit from self-hosted models. He points out that, in some cases, hosting AI solutions locally can be more cost-effective than relying on third-party services, especially as usage scales up.Finally, the discussion shifts to the evolving landscape of investment in the managed service provider (MSP) sector. Barb notes that many small MSPs are undervaluing their businesses, often expecting high multiples that may not be realistic. Hunter observes a trend where venture capitalists are less willing to invest in pre-revenue companies, pushing entrepreneurs to demonstrate customer traction before seeking funding. Both experts agree that the MSP community is adapting to these changes, with new models of community-driven investment emerging to support smaller businesses. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com
This episode is sponsored by https://WE-PN.com Become your own VPN provider.To get 50% off enter promo code: kingraam50support@we-pn.com-------------------------This episode is sponsored by BetterHelp. Give online therapy a try at https://betterhelp.com/MASTYORASTY and get on your way to being your best self.-------------------------In this episode Mark Pashmforoush joins Raam to talk about internet disruptions in Iran, the fight for digital freedom and access to free internet. -------------------------To learn more about psychedelic therapy go to my brother Mehran's page at: https://www.mindbodyintegration.ca/ or to https://www.somaretreats.org for his next retreat.***Masty o Rasty is not responsible for, or condone, the views and opinions expressed by our guests ******مستی و راستی هیچگونه مسولیتی در برابر نظرها و عقاید مهمانهای برنامه ندارد.***--------Support the showhttps://paypal.me/raamemamiVenmo + Revolut: @KingRaam Hosted on Acast. See acast.com/privacy for more information.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
How Long Until the Phishing Starts? About Two Weeks After setting up a Google Workspace and adding a new user, it took only two weeks for the new employee to receive somewhat targeted phishing emails. https://isc.sans.edu/diary/How%20Long%20Until%20the%20Phishing%20Starts%3F%20About%20Two%20Weeks/32052 Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone numbers Scammers are placing Google ads that point to legitimate companies sites, but are injecting malicious text into the page advertising fake tech support numbers https://www.malwarebytes.com/blog/news/2025/06/scammers-hijack-websites-of-bank-of-america-netflix-microsoft-and-more-to-insert-fake-phone-number What s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia Targeted attacks are tricking victims into creating app-specific passwords to Google resources. https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia
In this episode of 'Cybersecurity Today,' host Jim Love discusses several alarming cybersecurity developments. A recent Washington Post breach raises critical questions about Microsoft 365's enterprise security as foreign government hackers compromised the email accounts of journalists. Additionally, a critical Linux flaw allows attackers to gain root access, making millions of systems vulnerable. Upgraded Godfather malware now creates virtual banking apps on infected Android devices to steal credentials in real-time. Moreover, a record-breaking data breach has exposed 16 billion logins, including Apple accounts, underscoring the fundamental flaws of password-based security. Finally, the episode addresses the systemic vulnerabilities of SMS-based two-factor authentication, advocating for a transition to app-based or hardware key solutions. 00:00 Introduction and Major Headlines 00:24 Microsoft 365 Security Breach 03:19 Critical Linux Vulnerabilities 05:59 Godfather Malware Evolution 08:18 Massive Data Breach Exposed 11:30 The Fall of SMS Two-Factor Authentication 13:21 Conclusion and Final Thoughts
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training:https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Register for Jason Haddix's Operationalizing Cybercrime Data training on June 23rd https://simplycyber.io/flareSimply Cyber Academy - The Place for Cyber Careers: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.comFollow SC: https://simplycyber.io/socials
Host David Mauro interviews Jeremy Samide, CEO of Blackwired, about why hackers target you. We expose the latest dark web secrets, and the latest social engineering risks. Find more about Blackwired here: https://www.blackwired.com/Send us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-4466
Please enjoy this encore of Caveat. Camille Stewart Gloster, Former Deputy National Cyber Director at the White House, is sharing a retrospective of her public service career. Ben discusses a new lawsuit in Illinois challenging automatic license plate readers. Dave's got the story of an AI hotline between the US and China. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Links to the stories: Illinois' use of cameras that read license plates amounts to 'dragnet surveillance,' lawsuit alleges The U.S. and China Need an AI Incidents Hotline Caveat Briefing A companion weekly newsletter is available CyberWire Pro members on the CyberWire's website. If you are a member, make sure you subscribe to receive our weekly wrap-up of privacy, policy, and research news, focused on incidents, techniques, tips, compliance, rights, trends, threats, policy, and influence ops delivered to you inbox each Thursday. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
Title: “These Aren't Soft Skills — They're Human Skills”A Post–Infosecurity Europe 2025 Conversation with Rob Black and Anthony D'AltonGuestsRob BlackUK Cyber Citizen of the Year 2024 | International Keynote Speaker | Master of Ceremonies | Cyber Leaders Challenge | Professor | Community Builder | Facilitator | Cyber Security | Cyber Deceptionhttps://www.linkedin.com/in/rob-black-30440819/Anthony D'AltonProduct marketing | brand | reputation for cybersecurity growthhttps://www.linkedin.com/in/anthonydalton/HostsSean Martin, Co-Founder at ITSPmagazineWebsite: https://www.seanmartin.comMarco Ciappelli, Co-Founder, CMO, and Creative Director at ITSPmagazineWebsite: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ Yes, Infosecurity Europe 2025 may be over, but the most important conversations are just getting started — and they're far from over. In this post-event follow-up, Marco Ciappelli reconnects from Florence with Rob Black and brings in Anthony D'Alton for a deep-dive into something we all talk about but rarely define clearly: so-called soft skills — or, as we prefer to call them… human skills.From storytelling to structured exercises, team communication to burnout prevention, this episode explores how communication, collaboration, and trust aren't just “nice to have” in cybersecurity — they're critical, measurable capabilities. Rob and Anthony share their experience designing real-world training environments where people — not just tools — are the difference-makers in effective incident response and security leadership.Whether you're a CISO, a SOC leader, or just tired of seeing tech get all the credit while humans carry the weight, this is a practical, honest conversation about building better teams — and redefining what really matters in cybersecurity today.If you still think “soft skills” are soft… you haven't been paying attention.⸻Keywords: Cybersecurity, Infosecurity Europe 2025, Soft Skills, Human Skills, Cyber Resilience, Cyber Training, Security Leadership, Incident Response, Teamwork, Storytelling in Cyber, Marco Ciappelli, Rob Black, Anthony Dalton, On Location, ITSPmagazine, Communication Skills, Cyber Crisis Simulation, RangeForce, Trust in Teams, Post Event Podcast, Security Culture___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
The new cybersecurity pioneers aren't chasing alerts, they're building with AI. But what happens when tools meant to assist begin making decisions for us? And what skills do we lose when machines fill the gaps we used to grow into? In this episode, Chris Cochran, CEO and Founder of Commandant, returns to Hacker Valley Studio with an insider view on building in the AI boom. He shares why he's betting on incident response over the “AI SOC,” what it means to use AI with integrity, and how this moment mirrors the early industrial revolutions: chaotic, risky, but ripe with once-in-a-career opportunity. Impactful Moments: 00:00 – Introduction 02:11 – Launch of Commandant AI 03:06 – Early-stage LLM opportunities 05:26 – Built first AI co-pilot in 4 hours 06:00 – AI bot tops HackerOne leaderboard 07:44 – AI used for and against orgs 10:14 – Focus on incident response, not AI SOC 12:34 – Reducing cost of prolonged incidents 14:01 – Cybersecurity changing every 2 months 16:58 – AI causing rapid skill loss 21:59 – AI-assisted job interviews detected 24:49 – AI lacks business context for blocking 27:30 – Daily AI use pays long-term dividends Links: Connect with our guest, Chris Cochran: https://www.linkedin.com/in/chrishvm/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
In this episode, host Jethro Jones interviews Thomas Boles, founder of I Love My Tech Team, about the unique challenges Catholic schools face with technology and cybersecurity. They discuss common traps schools fall into online and effective strategies to safeguard against these dangers.Personal stuff on school deviceOnline shopping - discountsPrincipal has to be the expert at everything. Using password managers, and not using passwords. Principals get more cold email from people. Let's put in some traps to keep people from doing Screenshot, don't forward the email.How to protect yourself? Multi-factor authenticationFirewall and network - put in worthwhile routers and network protection devices. Connect with Thomas at ilovemytechteam.comAbout Thomas BolesThomas Boles is the founder of I Love My Tech Team, a company dedicated to solving tech problems for Catholic schools across the U.S.With a background as a teacher, administrator, and tech director, Thomas understands the unique challenges Catholic schools face. Under his leadership, the Tech Team sets up, repairs, and manages networks, accounts and devices nationwide—while also offering professional development and program design to help schools transition from “nothing works” to being a “shining example of innovation.” Thomas and the Tech Team are passionate about making technology work seamlessly so teachers and administrators can focus on what they do best: educating students. We're thrilled to be sponsored by IXL. IXL's comprehensive teaching and learning platform for math, language arts, science, and social studies is accelerating achievement in 95 of the top 100 U.S. school districts. Loved by teachers and backed by independent research from Johns Hopkins University, IXL can help you do the following and more:Simplify and streamline technologySave teachers' timeReliably meet Tier 1 standardsImprove student performance on state assessments
In this episode of The Buzz, we broadcast live from the 2025 Emerging Tech and Innovation Conference, featuring exclusive interviews with industry leaders like Destinie Harris from Maximus, Jeff Mercurio from OnPoint Consulting, and Ratima Katari from ICF. Destinie discusses Maximus' Total Experience Management (TXM) solution and her journey in tech, while Jeff shares insights on OnPoint's contributions to cybersecurity and cloud infrastructure. Ratima talks about her extensive experience in federal health and her upcoming role on the ACT-IAC board. The episode highlights the synergy between government and industry, the importance of technology in solving complex challenges, and fostering connections at conferences like this. Subscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on LinkedIn or visit http://www.actiac.org.Learn more about membership at https://www.actiac.org/join.Donate to ACT-IAC at https://actiac.org/donate. Intro/Outro Music: See a Brighter Day/Gloria TellsCourtesy of Epidemic Sound(Episodes 1-159: Intro/Outro Music: Focal Point/Young CommunityCourtesy of Epidemic Sound)
What does it take to go from defending national secrets to defending MSPs? In this episode of Now That's IT: Stories of MSP Success, Robert Johnston—former Pentagon cyber operator, DNC breach responder, and co-founder of Adlumin—shares his journey from military red teams to building one of today's fastest-growing cybersecurity platforms.We unpack how Robert transitioned from CrowdStrike to launching Adlumin, a company that reimagines MDR and XDR for modern MSPs, why simplicity and automation matter more than ever, and how AI is reshaping both threats and responses in real time.Whether you run a 10-person MSP or lead global operations, Robert's mission to transform cybersecurity offers real lessons in scaling services, serving clients, and staying ahead of attackers.Let us help you unlock your business's full potential.N-able Business Transformation is Expert led and Peer informed.These valuable executive programs are tailored to provide effective guidance and a faster path to a scalable and successful business.Book a Call with Chris Massey now to learn what Business Transformation can do for you! 'Now that's it: Stories of MSP Success,' dives into the journeys of some of the trailblazers in our industry to find out how they used their passion for technology to help turn Managed Services into the thriving sector it is today. Every episode is packed with the valuable insights, practical strategies, and inspiring anecdotes that lead our guests to the transformative moment when they knew….. Now, that's it.This podcast provides educational information about issues that may be relevant to information technology service providers. Nothing in the podcast should be construed as any recommendation or endorsement by N-able, or as legal or any other advice. The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent. Views and opinions expressed by N-able employees are those of the employees and do not necessarily reflect the view of N-able or its officers and directors. The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N-able related to any deliverables or timeframe. All content is based on information available at the time of recording, and N-able has no obligation to update any forward-looking statements.
Send us a textSchedule an Rx AssessmentSubscribe to Master The MarginCyberattacks targeting healthcare are rising, with pharmacies increasingly in the crosshairs. From ransomware to phishing scams, the threats are real...and constant.But how can independent pharmacies defend themselves against a digital siege?In this episode of The Bottom Line Pharmacy Podcast we have 3 people of the Sykes & Company team, Scotty Sykes, CPA, CFP®, Chris Sykes, IT Director, and Austin Murray, Marketing Director explore the evolving cybersecurity landscape with a practical lens. This episode covers:The NIST 2.0 Cyber Security FrameworkWhat to ask your script system vendor about securityHow to build a breach response plan that actually worksSocial engineering 101: What is it and how to protect your pharmacyBest practices for employee training, access control, and device auditsMore About Our Guest:Chris Sykes is the Director of IT at Sykes & Company, P.A., where he has been a key part of the team since 2006. With nearly 25 years in the IT industry, Chris combines deep technical expertise with a passion for helping both the firm and its clients become more efficient, secure, and technology-driven. Chris holds a Bachelor of Science in Business Administration with a concentration in Management Information Systems and a Master of Science in Technology Systems, both from East Carolina University. Outside of work, Chris enjoys running marathons, fishing and hunting with his boys, and spending quality time with his family at the beach.Learn more about Chris:Chris Sykes LinkedInCheck out all our social media:FacebookTwitterLinkedInScotty Sykes – CPA, CFP LinkedInScotty Sykes – CPA, CFP TwitterMore resources on this topic:Podcast - AI, Audits, & Advocacy: The Pharmacy Survival Guide with Trenton TheideBlog - Technology, Security and Your PharmacyBlog - Protect You and Your Pharmacy: The Growing Threat of RansomwareBlog - Backing Up Your Business DataBlog - Spot a Hacked Email or Bad WebsiteBlog - Protect Your Pharmacy Data from Hackers
In today's episode, we discuss cybersecurity with Grant McCracken, a seasoned expert with over 13 years of experience in ethical hacking and executive-level cybersecurity roles. As the founder of Dark Horse Security, Grant shares his journey into the field, practical advice for aspiring ethical hackers, and actionable tips for organizations navigating the challenges of security in the AI era. From hands-on learning resources like Hack the Box and bug bounty programs to the real risks and rewards of using AI-generated code, Grant demystifies the realities of modern security threats. He also offers a peek into the social engineering tactics at events like DEFCON, explains why having a vulnerability disclosure program is crucial, and reveals how even small companies can build stronger defenses. Whether you're just dipping your toes into cybersecurity, managing DevOps security at your company, or curious about how AI is reshaping the security landscape, this episode is packed with insights you won't want to miss. Tune in to hear why effective communication may be the most powerful security skill of all—and get tips you can put to work right away in your DevOps journey. Try out Insight Hub free for 14 days now: https://testguild.me/insighthub. No credit card required.
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
David Waldman WILL RETURN from the Virgin Islands tomorrow! Meanwhile, let's take on an evergreen topic, the complete and utter corruption of Donald K. Trump and how that has infected every facet of American government. Ex-prosecutors are raising alarms over Ed Martin, who everyone, including Ed Martin, will tell you is anti-law/pro-Trump. White House aide Lynne Patton was suspended for violation of the Hatch Act. Strange, because who in the Trump administration hasn't violated the Hatch Act, and more vigorously? It's pretty much a job requirement. DOGEy lawyer Jeremy Lewin is a violent racist, also no doubt a feature, not a bug, leading to his promotion to lead the wreckage of USAID. The Department of Homeland Security wants to keep the number of people fired from the Cybersecurity and Infrastructure Security Agency a secret.
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
The Roundtable Panel: a daily open discussion of issues in the news and beyond. Today's panelists are public policy and communications expert Theresa Bourgeois, Dean of the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany Robert Griffin, Semi-retired, Editor at large/columnist/editorial writer, Times Union Jay Jochnowitz, and Senior Fellow, Bard Center for Civic Engagement Jim Ketterer.
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
In part two of our Cybersecurity installment of our Workplace Strategies Watercooler 2025 podcast series, Ben Perry (shareholder, Nashville) and Justin Tarka (partner, London) discuss the steps to take after resolving and containing a ransomware incident. Justin and Ben, who is co-chair of the firm's Cybersecurity and Privacy Practice Group, highlight several key areas, including preparing the response team, implementing training for relevant employees and regular reviews of cybersecurity measures; developing a comprehensive incident response plan and assembling a dedicated response team; identifying opportunities for long-term infrastructure improvements; and assessing other areas of external risk management, such as data mapping and retention processes, vendor due diligence, and notification obligations.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Extracting Data From JPEGs Didier shows how to efficiently extract data from JPEGs using his tool jpegdump.py https://isc.sans.edu/diary/A%20JPEG%20With%20A%20Payload/32048 Windows Recall Export in Europe In its latest insider build for Windows 11, Microsoft is testing an export feature for data stored by Recall. The feature is limited to European users and requires that you note an encryption key that will be displayed only once as Recall is enabled. https://blogs.windows.com/windows-insider/2025/06/13/announcing-windows-11-insider-preview-build-26120-4441-beta-channel/ Anubis Ransomware Now Wipes Data The Anubis ransomware, usually known for standard double extortion, is now also wiping data preventing any recovery even if you pay the ransom. https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html Mitel Vulnerabilities CVE-2025-47188 Mitel this week patched a critical path traversal vulnerability (sadly, no CVE), and Infoguard Labs published a PoC exploit for an older file upload vulnerability. https://labs.infoguard.ch/posts/cve-2025-47188_mitel_phone_unauthenticated_rce/ https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0007
Secrets trickle out through misconfigurations, poor tooling, and rushed Git commits. Today's guest, John Howard, joins us on Packet Protector to walk through practical secrets management with Vault and TruffleHog to help make sure you don’t expose your privates. John discusses work he’s done to build an automated process in his organization for developers and... Read more »