Podcasts about cybersecurity

Two-time Emmy and Three-time NAACP Image Award-winning, television Executive Producer Rushion McDonald interviewed Cassandra Lester. She is the founder of Grow Give Prosper, and discusses her nonprofit’s mission to provide financial education and career opportunities through partnerships like Grow with Google.

Two-time Emmy and Three-time NAACP Image Award-winning, television Executive Producer Rushion McDonald interviewed Cassandra Lester. She is the founder of Grow Give Prosper, and discusses her nonprofit’s mission to provide financial education and career opportunities through partnerships like Grow with Google.

Send us a textWelcome to another episode of the “Daily Drop,” where Jared breaks down the chaos disguised as a defense budget. We're talking about a $1 trillion spendathon featuring: cutting cybersecurity staff during peak cyber threat season, trying to mass-produce drones in 24 hours with foreign parts we don't make, and senior leaders treating AI like it's witchcraft.You'll also get the inside scoop on how our Space Force is flexing with rapid GPS launches (kind of), why cutting Air Force Academy faculty could kneecap future warfighters, and which senator is still obsessed with moving Space Command for no tactical reason.PLUS: 

Simple SSH Backdoor Xavier came across a simple SSH backdoor taking advantage of the ssh client preinstalled on recent Windows systems. The backdoor is implemented via an SSH configuration file that instructs the SSH client to connect to a remote system and forward a shell on a random port. This will make the shell accessible to anybody able to connect to the C2 host. https://isc.sans.edu/diary/Simple%20SSH%20Backdoor/32000 Google Chrome to Distrust CAs Google Chrome will remove the Chunghwa Telecom and Netlock certificate authorities from its list of trusted CAs. Any certificates issued after July 31st will not be trusted. Certificates issued before the deadline will be trusted until they expire. https://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html Microsoft Emergency Update to Fix Crashes Caused by May Patch Microsoft released an emergency update for a bug caused by one of the patches released in May. Due to the bug, systems may not restart after the patch is applied. This affects, first of all, virtual systems running in Azure and HyperV but apparently has also affected some physical systems. https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23h2#kb5058405-might-fail-to-install-with-recovery-error-0xc0000098-in-acpi-sys Qualcomm Adreno Graphics Processing Unit Patch (Exploited!) Qualcomm released an update for the driver for its Adreno GPU. The patched vulnerability is already being exploited against Android devices. https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Microsegmentation divides a network into boundaries or segments to provide fine-grained access control to resources within those segments. On today's Packet Protector we talk about network and security reasons for employing microsegmentation, different methods (agents, overlays, network controls, and so on), how microsegmentation fits into a zero trust strategy, and the product landscape. Episode Links:... Read more »

Two-time Emmy and Three-time NAACP Image Award-winning, television Executive Producer Rushion McDonald interviewed Cassandra Lester. She is the founder of Grow Give Prosper, and discusses her nonprofit’s mission to provide financial education and career opportunities through partnerships like Grow with Google.

AI is reshaping cybersecurity as we know it. From sophisticated AI-driven phishing attacks to the amplified risk of insider threats using tools like Copilot, the landscape is shifting at an unprecedented pace. How can security leaders and practitioners adapt?Join Ashish Rajan and Matthew Radolec (Varonis) as they explore the critical challenges and opportunities AI presents. Learn why 86% of attacks involve credential misuse and how AI agents are making it easier than ever for non-technical insiders to exfiltrate data.In this episode, you'll learn about:The "Blast Radius": How AI tools can dramatically increase data exposure.From "Breaking In" to "Logging In": The dominance of credential-based attacks.AI-Powered Social Engineering: The rise of "conversational bait".Copilot Use Cases & "Aha!" MomentsData Integrity in AI: The critical, overlooked pillar of AI security.The Enduring Importance of Access Management in an AI World.Transforming Security Operations: AI for incident response, playbooks, and forensics.Guest Socials - ⁠Matt's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(01:57) New Threat Landscape in Cloud & AI(08:08) Use cases for regulated industries(10:03) Impact of Agentic AI in the cybersecurity space(12:22) Blind spots of going into AI(18:06) Shared responsibility for LLM providers(20:56) Lifting up security programs for AI(27:82) How is incident response changing with AI?(29:30) Cybersecurity areas that will be most impacted by AI(34:43) The Fun SectionThank you to our episode sponsor Varonis

Microsegmentation divides a network into boundaries or segments to provide fine-grained access control to resources within those segments. On today's Packet Protector we talk about network and security reasons for employing microsegmentation, different methods (agents, overlays, network controls, and so on), how microsegmentation fits into a zero trust strategy, and the product landscape. Episode Links:... Read more »

Random but Memorable turns 150! 1️⃣5️⃣0️⃣ (It's official, we're old.)

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Maria Mora, Staff Application Security Engineer and active OWASP lifetime member, shares how her experience at the OWASP AppSec Global conference in Barcelona has reaffirmed the power of community in security. While many attendees chase back-to-back talks and technical training, Maria highlights something often overlooked—connection. Whether at the member lounge ping-pong table, during late-night beach meetups, or over keynote reflections, it's the relationships and shared purpose that make this event resonate.Maria emphasizes how her own journey into OWASP began with uncertainty but evolved into a meaningful path of participation. Through volunteering, serving on the events committee, and mentoring others, she has expanded not only her technical toolkit but also her ability to collaborate and communicate—skills she notes are essential in InfoSec but rarely prioritized. By stepping into the OWASP community, she's learned that you don't need decades of experience to contribute—just a willingness to start.Keynotes and sessions this year reinforced a similar message: security isn't just about hard skills. It's about bridging academia and industry, engaging first-time attendees, and creating welcoming spaces where no one feels like an outsider. Talks like Sarah Jané's encouraged attendees to find their own ways to give back, whether by submitting to the call for papers, helping with logistics, or simply sparking hallway conversations.Maria also points to how OWASP structures participation to make it accessible. Through demo rooms, project hubs, and informal lounge chats, attendees find ways to contribute to global initiatives like the OWASP Top 10 or volunteer-led trainings. Whether it's your first conference or your tenth, there's always room to jump in.For Maria, OWASP no longer feels like a secret club—it's a growing, open collective focused on helping people bring their best selves to security. That's the power of community: not just lifting up software, but lifting up each other.And for those thinking of taking the next step, Maria reminds us that the call for papers for OWASP DC is open through June 24th. As she puts it, “We all have something valuable to share—sometimes you just need the nudge to start.”GUEST: Maria Mora | Staff Application Security Engineer and OWASP events committee member | https://www.linkedin.com/in/riamaria/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Leading in cybersecurity is like diving into the unknown. You need more than just the "rules of the land" – you need a whole new set of skills to navigate this "underwater" world. In this episode, we'll dive into: why your lack of people skills is holding you back (and it's not just for the leaders!), the #1 trait of an effective leader, why negotiation makes up 90% of your role and how to master it, why a lack of change in human behaviour is costlier than technology, why the feeling of security matters just as much as fixing security vulnerabilities, and how to master these. Stop struggling and start leading! Learn the 5 unspoken laws that will set you apart in cybersecurity leadership.Looking to become an influential and effective security leader? Don't know where to start or how to go about it? Follow Monica Verma (LinkedIn) and Monica Talks Cyber (Youtube) for more content on cybersecurity, technology, leadership and innovation, and 10x your career. Subscribe to The Monica Talks Cyber newsletter at https://www.monicatalkscyber.com.

Send us a textNestled along the scenic Southern Oregon coast, Southern Coos Hospital faces a unique set of challenges that many healthcare organizations never encounter. With just 25 beds serving a rural population of about 15,000, this critical access hospital demonstrates remarkable innovation in stretching limited resources while maintaining robust cybersecurity practices.Scott, the hospital's CIO who transitioned from fundraising and marketing into healthcare IT, shares the compelling story of how a ransomware attack just before COVID-19 transformed their approach to cybersecurity. This pivotal moment prompted Southern Coos to increase their cybersecurity budget from a mere 2% to over 12% of their IT spending - a decision that positioned them ahead of many similar-sized facilities in protecting patient data.The conversation delves into practical strategies that resource-constrained healthcare organizations can implement immediately: outsourcing Security Operations Center functions to specialized vendors, prioritizing security awareness training for staff, and making strategic investments in asset management tools. Scott's candid assessment of HIPAA's limitations ("a nice entry point to compliance but in no way updated for the current threat environment") demonstrates the gap between regulatory requirements and actual security needs that healthcare organizations must bridge themselves.Perhaps most transformative for this rural hospital was implementing Epic's electronic health record system, which revolutionized how they transfer patient records during emergencies. What once took 30+ minutes now happens "with the click of a button" - a game-cThis is Encrypted Ambition—a podcast about the builders rewriting the rules. Join Petronella Technology Group as we decode the ideas, challenges, and momentum behind tomorrow's business, technology, and leadership breakthroughs. That's a wrap on this episode of Encrypted Ambition. Subscribe wherever you listen, and if today's guest inspired you—leave us a review or share the show with someone in your circle.To learn more about how we support innovators with AI, cybersecurity, and compliance, head to PetronellaTech.com, YouTube and LinkedInSupport the showNO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.Support the ShowPlease visit https://compliancearmor.com and https://petronellatech.com for the latest in Cybersecurity and Training and be sure to like, subscribe and visit all of our properties at: YouTube PetronellaTech YouTube Craig Petronella Podcasts Compliance Armor Blockchain Security LinkedIn Call 877-468-2721 or visit https://petronellatech.com

In this episode, we explore Google's powerful new AI tool, Veo 3, and how it's blurring the lines between reality and deception in video content. From deepfake scams to reputational attacks, we break down the real-world risks, and how cybercriminals could weaponize synthetic media against us all.Tune in for a thought-provoking look at truth, trust, and the future of online security.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

A PNG Image With an Embedded Gift Xavier shows how Python code attached to a PNG image can be used to implement a command and control channel or a complete remote admin kit. https://isc.sans.edu/diary/A+PNG+Image+With+an+Embedded+Gift/31998 Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis Horizon3 analyzed a recently patched flaw in Cisco Wireless Controllers. This arbitrary file upload flaw can easily be used to execute arbitrary code. https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/ Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE A change in PHP 8.1 can expose methods previously expected to be safe . vBulletin fixed a related flaw about a year ago without explicitly highlighting the security impact of the fix. A blog post now exposed the flaw and provided exploit examples. We have seen exploit attempts against honeypots starting May 25th, two days after the blog was published. https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastEd Williams, Vice President of EMEA Consulting and Professional Services (CPS) at TrustWave, shares his two decades of pentesting and red teaming experience with Cyber Work listeners. From building his first programs on a BBC Micro (an early PC underwritten by the BBC network in England to promote computer literacy) to co-authoring award-winning red team security tools, Ed discusses his favorite red team social engineering trick (hint: it involves fire extinguishers!), and the ways that pentesting and red team methodologies have (and have not) changed in 20 years. As a bonus, Ed explains how he created a red team tool that gained accolades from the community in 2013, and how building your own tools can help you create your personal calling card in the Cybersecurity industry! Whether you're breaking into cybersecurity or looking to level up your pentesting skills, Ed's practical advice and red team “war stories,” as well as his philosophy of continuous learning that he calls “Stacking Days,” bring practical and powerful techniques to your study of Cybersecurity.0:00 - Intro to today's episode2:17 - Meet Ed Williams and his BBC Micro origins5:16 - Evolution of pentesting since 200812:50 - Creating the RedSnarf tool in 201317:18 - Advice for aspiring pentesters in 202519:59 - Building community and finding collaborators 22:28 - Red teaming vs pentesting strategies24:19 - Red teaming, social engineering, and fire extinguishers27:07 - Early career obsession and focus29:41 - Essential skills: Python and command-line mastery31:30 - Best career advice: "Stacking Days"32:12 - About TrustWave and connecting with EdAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

As Chief Technology Officer at eSentire, Dustin Hillard brings a deeply rooted background in AI and machine learning—going back over 15 years—to the practical challenges of cybersecurity. In this episode, Hillard discusses how his team is using agentic AI not for the sake of hype, but to augment real human workflows and achieve measurable, high-impact outcomes for clients.The conversation begins with a critical point: AI should be an enabler, not a shiny object. Hillard contrasts the superficial marketing claims that dominate vendor messaging with the grounded, transparent approach his team takes—an approach that fuses technology with hands-on human expertise to deliver results.eSentire's focus is on containment and control. In over 99% of intrusion cases, their platform successfully stops threats at the first host. That is the benchmark by which Hillard wants AI judged—not by its novelty or buzz, but by whether it helps security teams stop attacks before damage spreads.Key to achieving this is the way automation is used to supercharge analysts. Instead of running just three or five high-value queries in a 15-minute response window, eSentire's AI framework runs 30. This allows the system to comb through a customer's historical data, generate hypotheses based on broader knowledge bases, and deliver structured, contextual findings. Analysts can then focus on judgment and decision-making, not searching logs or assembling fragments.Three pillars underpin this approach: direct telemetry gathering from tools like CrowdStrike and Microsoft, threat intelligence correlation, and contextual data from the customer environment. These layers combine to offer rich insights, fast. And importantly, the AI doesn't operate in a black box. Hillard stresses explainability and auditability—every recommendation must be traceable back to concrete evidence, not just LLM-generated summaries.He also touches on the eight assessment areas his team uses to evaluate AI readiness and safety: from autonomy and guardrails to data privacy, effectiveness metrics, and adversarial resilience. The point isn't to convince customers with buzzwords, but to earn trust by demonstrating measurable results and opening the door to real conversations.By encoding the investigative playbooks of seasoned analysts and executing them dynamically, agentic AI at eSentire isn't replacing humans—it's empowering them to respond faster and more accurately. That's the difference between checking a marketing box and actually making a difference when every second counts.Guest: Dustin Hillard | CTO, eSentire | https://www.linkedin.com/in/dustinhillard/RESOURCESSorry We're So Good: An Open Letter: https://itspm.ag/esentire-sorry4ekVisit the eSentire Website to learn more: https://itspm.ag/esentire-594149Learn more and catch more stories from eSentire on ITSPmagazine: https://www.itspmagazine.com/directory/esentireLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story______________________Keywords: dustin hillard, sean martin, marco ciappelli, cybersecurity, ai, machine learning, automation, investigation, containment, transparency, brand story, brand marketing, marketing podcast, brand story podcast

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sean Martin connects with event speaker, Wojciech Dworakowski, to unpack a critical and underexamined issue in today's financial systems: the vulnerability of mobile-only banking apps when it comes to transaction authorization.Wojciech points out that modern banking has embraced the mobile-first model—sometimes at the cost of fundamental security principles. Most banks now concentrate transaction initiation, security configuration, and transaction authorization into a single device: the user's smartphone. While this offers unmatched convenience, it also creates a single point of failure. If an attacker successfully pairs their phone with a victim's account, they can bypass multiple layers of security, often without needing traditional credentials.The discussion explores the limitations of relying solely on biometric options like Face ID or Touch ID. These conveniences may appear secure but often weaken the overall security posture when used without additional independent verification mechanisms. Wojciech outlines how common attack strategies have shifted from stealing credit card numbers to full account takeover—enabled by social engineering and weak device-pairing controls.He proposes a “raise the bar” strategy rather than relying on a single silver-bullet solution. Suggestions include enhanced device fingerprinting, detection of emulators or rooted environments, and shared interbank databases for device reputation and account pairing anomalies. While some of these are already in motion under new EU and UK regulations, they remain fragmented.Wojciech also introduces a bold idea: giving users a slider in the app to adjust their personal balance of convenience vs. security. This kind of usability-driven approach could empower users while still offering layered defense.For CISOs, developers, and FinTech leaders, the message is clear—evaluate your app security as if attackers already know the shortcuts. Watch the full conversation to hear Wojciech's real-world examples, including a cautionary tale from his own family. Catch the episode and learn how to design financial security that's not just strong—but usable.GUEST: Wojciech Dworakowski | OWASP Poland Chapter Board Member and Managing Partner at SecuRing | https://www.linkedin.com/in/wojciechdworakowski/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In this episode of Identity at the Center, Jeff Steadman and Jim McDonald are joined by Alejandro Leal, Senior Analyst at KuppingerCole, live from the EIC 2025 stage in Berlin, Germany.Alejandro delves into the critical distinctions between misinformation and disinformation, exploring their historical context and how they manifest in today's technological landscape, particularly within social media and legacy media. He discusses the intent behind disinformation, often aimed at creating chaos or confusion, versus misinformation, which can be an unintentional spread of false or inaccurate information.Chapters:00:00:00 Defining Misinformation vs. Disinformation & Historical Context00:02:00 Introduction at EIC 2025 & Guest Welcome00:06:14 The Role of Intent, Generative AI, and Countermeasures00:12:15 Impact of Mis/Disinformation on Business, Politics, and Philosophy00:16:02 How Mis/Disinformation Intersects with Identity Management00:18:07 Balancing Anonymity, Privacy, and Truthful Content Online00:23:09 Connecting to Digital Identity, Verification, and Potential Solutions (AI Labeling, VCs)00:26:45 AI Guardrails, Free Speech vs. Hate Speech, and Authenticity00:29:24 Worst-Case Scenarios and the Global Impact of Mis/Disinformation00:31:24 Actionable Advice: Responsibility and Critical Thinking00:35:38 Book Recommendation: "The Question Concerning Technology"00:39:31 Wrapping Up and Final ThoughtsConnect with Alejandro: https://www.linkedin.com/in/alejandro-leal-a127bb153/The Question Concerning Technology (essay): https://bpb-us-e2.wpmucdn.com/sites.uci.edu/dist/a/3282/files/2018/01/Heidegger_TheQuestionConcerningTechnology.pdfConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Alejandro Leal, KuppingerCole, EIC 2025, Misinformation, Disinformation, Identity and Access Management, IAM, Digital Identity, Cybersecurity, Tech Podcast, Technology Ethics, Generative AI, AI Ethics, Truth in Media, Social Media Responsibility, Privacy Rights, Verifiable Credentials, Critical Thinking Skills, Fake News, Online Safety, Political Disinformation, Business Reputation, Philosophical Tech Discussions, Martin Heidegger, The Question Concerning Technology.

Join G Mark Hardy at THOTCON in Chicago for an insightful podcast episode on building a successful cybersecurity career. Featuring guest Ryan Gooler, they discuss the non-linear paths to success, the value of mentorship, financial planning, and the importance of continuous learning and adapting. Learn how to navigate career transitions, embrace risks, and find joy in teaching and learning from others in the cybersecurity community. Transcripts: https://docs.google.com/document/d/1nsd61mkIWbmIL1qube0-cdqINsDujAVH    Chapters 00:00 Welcome to THOTCON: Meeting Amazing People 00:26 Introducing Ryan Gooler: A Journey into Cybersecurity 04:09 The Value of Mentorship in Cybersecurity 06:22 Career Management and Setting Goals 09:33 Financial Planning for Cybersecurity Professionals 16:40 Automating Finances and Smart Spending 21:25 Financial Sophistication and Mutual Funds 22:07 Automating Life Tasks 22:41 The Concept of a Finishing Stamp 24:17 Leadership and Delegation in the Navy 26:06 Building and Maintaining Culture 27:21 Surviving Toxic Environments 29:55 Taking Risks and Finding Joy 34:34 Advice for Cybersecurity Careers 39:01 The Importance of Teaching and Learning 40:29 Conclusion and Farewell

Send us a textIhab Shraim shares his expertise on domain security and why it represents the "missing chapter" in modern cybersecurity strategy. We explore how AI is accelerating cyber threats from years to weeks and why protecting your online presence is more critical than ever.• Domain security is often overlooked despite being critical to an organization's reputation and online presence• Over 93% of security professionals can't identify their company's domain registrar or DNS provider• Modern cyber criminals are sophisticated organizations who target "soft targets" rather than heavily defended perimeters• AI-powered tools like FraudGPT and WormGPT enable custom malware creation for as little as $200 on the dark web• Voice cloning and deepfake technologies are being used in increasingly convincing social engineering attacks• Zero Trust architecture and layered security approaches are essential for comprehensive protection• Blended attacks targeting multiple systems simultaneously represent the future of cyber warfare• Reputation management encompasses domain protection, brand abuse prevention, and counterfeit detection• Personal data protection requires vigilance about what you share online and implementing proper security at home• Companies must have actionable response plans, not just detection capabilitiesConnect with Ihab Shraim on LinkedIn or email him at ihab.shraim@cscglobal.com to learn more about domain security and protecting your online presence.Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast

Erweitere dein Wissen über digitale Privatsphäre mit „Cybersecurity ist Chefsache“.In dieser spannenden Episode spricht Nico Freitag mit Bronislava V. Panchenko, Gründerin von BVP Data Security, über ein brandaktuelles Thema: den gläsernen Menschen – und warum unsere Daten längst zur wertvollsten Währung geworden sind.Gemeinsam werfen sie einen tiefen Blick auf den unsichtbaren Datenhandel, die Macht der Algorithmen und die dramatischen Folgen mangelnder Aufklärung.

In deze boeiende aflevering van de WAVCi Podcast gaat cybersecurity expert Eddy Willems in gesprek met Miguel De Bruycker, de Managing Directeur-Generaal van het Centrum voor Cybersecurity België (CCB). Samen duiken ze dieper in de uitdagingen en evoluties van de Belgische cyberveiligheid, zowel op nationaal als internationaal niveau.Hoe beschermt België zich tegen steeds geavanceerdere cyberdreigingen? Welke rol speelt samenwerking tussen overheid, bedrijven en burgers in het versterken van onze digitale weerbaarheid? En hoe ziet de toekomst van cybersecurity eruit?Een eerlijk, inhoudelijk en soms verrassend gesprek tussen twee zwaargewichten uit de Belgische cybersecuritywereld.Thema's in deze aflevering:Hoe België zich positioneert in de internationale cyberwereldWelke dreigingen het CCB dagelijks monitortWaarom samenwerking tussen overheid, bedrijven en burgers cruciaal isHoe we de Belgische burger beter kunnen beschermen tegen cyberaanvallenEen terugblik én een blik vooruit op onze digitale toekomstEnkele opmerkelijke quotes uit het gesprek:"We moeten mensen niet bang maken, maar wel alert. Cybersecurity is geen kwestie van angst, maar van gezond verstand en weerbaarheid." — Miguel De Bruycker"Je hebt geen veiligheid zonder bewustzijn. Technologie alleen gaat het niet oplossen." — Eddy Willems"Het CCB is er niet alleen voor de overheid. Onze missie is om alle lagen van de samenleving digitaal weerbaar te maken." — Miguel De BruyckerDe vraag van 1 miljoen Aan het eind van de aflevering draait Miguel de rollen even om en stelt hij dé (niet op voorhand gekende) vraag aan Eddy Willems: "Wat zou jij doen als jij morgen de leiding had over het CCB?" Eddy's antwoord? Eerlijk, doordacht en misschien een tikkeltje onverwacht. Mis het niet!Mis deze aflevering niet als je interesse hebt in digitale veiligheid, beleid en praktijkervaringen uit eerste hand.

In this episode of TubbTalk, Richard Tubb speaks to Kevin O'Loughlin, the founder of Irish MSP Nostra. He started it in 2006 with the aim of making a positive impact and demonstrating Ireland's potential for global success. From a starting pioneering cloud email adoption service in 2007, Nostra has grown to deliver €50,000,000 in annual revenue and is growing at 30% year on year through strategic acquisitions and organic growth. And it's on its journey to become a market leading, full-service IT managed service of either business.Kevin tells Richard why he founded Nostra, their approach to cybersecurity and the tech stack they use, as well as why cannibalising the services they offer has led to growth. Richard asks Kevin about the companies they partner with and why it's important to nurture your vendor relationships. They also discuss why MSPs are so resistant to change in an industry where change happens constantly.Having gone through several mergers and acquisitions, Kevin explains Nostra's approach to them and red flags to be aware of. He also shares his tips on choosing the right tools for your MSP without feeling overwhelmed. Finally, Richard asks Kevin how he became an Entrepreneur of the Year finalist and what that meant for him and Nostra. Kevin shares how he keeps going when things are hard, and reveals his biggest inspirations.Mentioned in This EpisodeNostraMSP community: IT NationCybersecurity and backup: DattoCybersecurity software: AcronisIT management software: KaseyaCybersecurity partner: HuntressCybersecurity software: WebrootSOC as a Service: Enhanced (Formerly InSoc) MSP solutions: BarracudaPSA tool: AutotaskNetwork security: SonicWallCloud marketplace: Pax8Book: Rhonda Byrne: The SecretInvestor: Ray Dalio Author and speaker: Tony RobbinsInvestor: Warren Buffett

Lang weekend gehad of niet? Maakt niet uit, want het is alweer bijna voorbij. De beursweek gaat beginnen. Een week met een nieuw rentebesluit van de ECB. En een moment waar gamers al maanden, zelfs jaren op wachten: de Nintendo Switch 2 komt uit. Maar Jean-Paul van Oudheusden van Markets Are Everywhere en eToro let vooral op de cybersecurity-sector. Specifiek de cijfers van CrowdStrike. In Beurs in Zicht stomen we je klaar voor de beursweek die je tegemoet gaat. Want soms zie je door de beursbomen het beursbos niet meer. Dat is verleden tijd! Iedere week vertelt een vriend van de show waar jouw focus moet liggen.See omnystudio.com/listener for privacy information.

In this episode:How Estelle became involved in ransomware research between degreesThe scale and origin of the ContiLeaks datasetUsing machine learning and topic modelling to analyse criminal group communicationsWhat the internal chat data revealed about the organizational structure of ContiSurprising insights about roles, specializations, and tasking within a criminal enterpriseWhy making cybercrime research accessible through data visualization mattersAbout our guest:Estelle Ruellanhttps://www.linkedin.com/in/estelle-ruellan/Papers or resources mentioned in this episode:Ruellan, E., Paquet-Clouston, M., & Garcia, S. (2024).Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learning. Crime Science, 13, 16. https://doi.org/10.1186/s40163-024-00212-yFlare Data Explorer – Explore cybercrime datasets visually:https://flare.io/flare-data-explorer/Other:Wikipedia – Conti (ransomware): https://en.wikipedia.org/wiki/Conti_(ransomware)Wikipedia – Topic model: https://en.wikipedia.org/wiki/Topic_model

Alternate Data Streams: Adversary Defense Evasion and Detection Good Primer of alternate data streams and how they are abused, as well as how to detect and defend against ADS abuse. https://isc.sans.edu/diary/Alternate%20Data%20Streams%20%3F%20Adversary%20Defense%20Evasion%20and%20Detection%20%5BGuest%20Diary%5D/31990 Connectwise Breach Affects ScreenConnect Customers Connectwise s ScreenConnect solution was compromised, leading to attacks against a small number of customers. This is yet another example of how attackers are taking advantage of remote access solutions. https://www.connectwise.com/company/trust/advisories Mark Your Calendar: APT41 Innovative Tactics Google detected attacks leveraging Google s calendar solution as a command and control channel. https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics Webs of Deception: Using the SANS ICS Kill Chain to Flip the Advantage to the Defender Defending a small Industrial Control System (ICS) against sophisticated threats can seem futile. The resource disparity between small ICS defenders and sophisticated attackers poses a significant security challenge. https://www.sans.edu/cyber-research/webs-deception-using-sans-ics-kill-chain-flip-advantage-defender/

The Cyberlaw Podcast is back from hiatus – briefly!  I've used the hiatus well, skiing the Canadian Ski Marathon, trekking through Patagonia, and having a heart valve repaired (all good now!). So when I saw (and disagreed with ) Orin Kerr's new book, I figured it was time for episode 502 of the Cyberlaw Podcast.  Orin and I spend the episode digging into his book, The Digital Fourth Amendment: Privacy and Policing in Our Online World. The book is part theory, part casebook, part policy roadmap—and somehow still manages to be readable, even for non-lawyers. Orin's goal? To make sense of how the Fourth Amendment should apply in a world of smartphones, cloud storage, government-preserved Facebook accounts, and surveillance everywhere. The core notion of the book is “equilibrium adjustment”—the idea that courts have always tweaked Fourth Amendment rules to preserve a balance between law enforcement power and personal privacy, even as technology shifts the terrain. From Prohibition-era wiretaps to the modern smartphone, that balancing act has never stopped. Orin walks us through how this theory applies to search warrants for digital devices, plain view exceptions in the age of limitless data, and the surprisingly murky question of whether copying your files counts as a seizure. It's very persuasive, I say, if you ignore Congress's contribution to equilibrium. In some cases, the courts are simply discovering principles in the Fourth Amendment that Congress put in statute decades earlier. Worse, courts (and Orin) have too often privileged their idea of equilibrium over the equilibrium chosen by Congress, ignoring or implicitly declaring unconstitutional compromises between privacy and law enforcement that are every bit as defensible as the courts'. One example is preservation orders—those quiet government requests that tell internet providers to make a copy of your account just in case. Orin argues that's a Fourth Amendment search and needs a warrant, even if no one looks at the data yet. But preservation orders without a warrant are authorized by Congress; ignoring Congress's work should require more than a vague notion of equilibrium rebalancing, or so I argue. Orin is unpersuaded. We also revisit Carpenter v. United States, the 2018 Supreme Court decision on location tracking, and talk about what it does—and doesn't—mean for the third-party doctrine. Orin's take is refreshingly narrow: Carpenter didn't blow up the doctrine, but it did acknowledge that some records, even held by third parties, are just too revealing to ignore. I argue that Carpenter is the judiciary's Vietnam war – it has committed troops to an unwinnable effort to replace the third party rule with a doomed series of touchy-feely ad hoc rulings. That said, Orin's version of the decision, which deserves to be called the Kerr-penter doctrine, is more limited and more defensible than most of the legal (and judicial) interpretations over the last several years. Finally, we talk border searches, network surveillance, and whether the Supreme Court has any idea where to go next. (Spoiler: probably not.)

When it comes to data protection, the word “immutability” often feels like it belongs in the realm of enterprise giants with complex infrastructure and massive budgets. But during this RSAC Conference conversation, Sterling Wilson, Field CTO at Object First, makes a strong case that immutability should be, and can be, for everyone.Wilson brings a grounded perspective shaped by his experience on the floor at RSAC, where Object First made its debut as a sponsor. The energy, he notes, was contagious: not just among vendors, but also from practitioners expressing serious concerns about their ability to recover data post-incident. These conversations weren't hypothetical; they were real worries tied to rising insurance premiums, regulatory compliance, and operational survivability. And at the core of all this? Trust in the data backup process.Agentic AI, AI capable of making decisions independently, is one of the trends Wilson flags as both promising and risky. It offers potential for improving preparedness and accelerating recovery. But it also raises concerns around access and control of sensitive data, particularly if exploited by adversaries. For Sterling, the opportunity lies in combining proactive readiness with simplicity and control, especially for those who aren't traditional security practitioners.Object First is doing just that through OOTBI: Out of the Box Immutability. And yes, there's a mascot: OOTBI. More than just a marketing hook, OOTBI represents a shift toward making backup and recovery systems approachable, usable, and, importantly, accessible. According to Wilson, the product gets users from “box to backup” in 15 minutes... with encrypted, immutable storage that meets critical requirements for cyber insurance coverage.Cost, Wilson adds, is a key barrier that often prevents organizations from reaching data protection best practices. That's why Object First now offers consumption-based pricing models. Whether a business is cloud-first or scaling fast, it's a path to protection that doesn't require breaking the budget.Ultimately, Wilson emphasizes education and community as critical drivers of progress. From field labs where teams can configure their own Opi, to on-location conference conversations, the company is building awareness, and reducing fear, by making secure storage not just a feature, but a foundation.This episode is a reminder that effective cybersecurity isn't only about innovation; it's about inclusion, practicality, and trust... both in your tools and your team.Learn more about Object First: https://itspm.ag/object-first-2gjlNote: This story contains promotional content. Learn more.Guest: Sterling Wilson, Field CTO, Object First | https://www.linkedin.com/in/sterling-wilson/ResourcesLearn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-firstLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, sterling wilson, immutability, agentic, ai, backup, recovery, cybersecurity, insurance, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

From Cassette Tapes and Phrasebooks to AI Real-Time Translations — Machines Can Now Speak for Us, But We're Losing the Art of Understanding Each Other May 21, 2025A new transmission from Musing On Society and Technology Newsletter, by Marco CiappelliThere's this thing I've dreamed about since I was a kid.No, it wasn't flying cars. Or robot butlers (although I wouldn't mind one to fold the laundry). It was this: having a real conversation with someone — anyone — in their own language, and actually understanding each other.And now… here we are.Reference: Google brings live translation to Meet, starting with Spanish. https://www.engadget.com/apps/google-brings-live-translation-to-meet-starting-with-spanish-174549788.htmlGoogle just rolled out live AI-powered translation in Google Meet, starting with Spanish. I watched the demo video, and for a moment, I felt like I was 16 again, staring at the future with wide eyes and messy hair.It worked. It was seamless. Flawless. Magical.And then — drumroll, please — it sucked!Like… really, existentially, beautifully sucked.Let me explain.I'm a proud member of Gen X. I grew up with cassette tapes and Walkmans, boomboxes and mixtapes, floppy disks and Commodore 64s, reel-to-reel players and VHS decks, rotary phones and answering machines. I felt language — through static, rewinds, and hiss.Yes, I had to wait FOREVER to hit Play and Record, at the exact right moment, tape songs off the radio onto a Maxell, label it by hand, and rewind it with a pencil when the player chewed it up.I memorized long-distance dialing codes. I waited weeks for a letter to arrive from a pen pal abroad, reading every word like it was a treasure map.That wasn't just communication. That was connection.Then came the shift.I didn't miss the digital train — I jumped on early, with curiosity in one hand and a dial-up modem in the other.Early internet. Mac OS. My first email address felt like a passport to a new dimension. I spent hours navigating the World Wide Web like a digital backpacker — discovering strange forums, pixelated cities, and text-based adventures in a binary world that felt limitless.I said goodbye to analog tools, but never to analog thinking.So what is the connection with learning languages?Well, here's the thing: exploring the internet felt a lot like learning a new language. You weren't just reading text — you were decoding a culture. You learned how people joked. How they argued. How they shared, paused, or replied with silence. You picked up on the tone behind a blinking cursor, or the vibe of a forum thread.Similarly, when you learn a language, you're not just learning words — you're decoding an entire world. It's not about the words themselves — it's about the world they build. You're learning gestures. Food. Humor. Social cues. Sarcasm. The way someone raises an eyebrow, or says “sure” when they mean “no.”You're learning a culture's operating system, not just its interface. AI translation skips that. It gets you the data, but not the depth. It's like getting the punchline without ever hearing the setup.And yes, I use AI to clean up my writing. To bounce translations between English and Italian when I'm juggling stories. But I still read both versions. I still feel both versions. I'm picky — I fight with my AI counterpart to get it right. To make it feel the way I feel it. To make you feel it, too. Even now.I still think in analog, even when I'm living in digital.So when I watched that Google video, I realized:We're not just gaining a tool. We're at risk of losing something deeply human — the messy, awkward, beautiful process of actually trying to understand someone who moves through the world in a different language — one that can't be auto-translated.Because sometimes it's better to speak broken English with a Japanese friend and a Danish colleague — laughing through cultural confusion — than to have a perfectly translated conversation where nothing truly connects.This isn't just about language. It's about every tool we create that promises to “translate” life. Every app, every platform, every shortcut that promises understanding without effort.It's not the digital that scares me. I use it. I live in it. I am it, in many ways. It's the illusion of completion that scares me.The moment we think the transformation is done — the moment we say “we don't need to learn that anymore” — that's the moment we stop being human.We don't live in 0s and 1s. We live in the in-between. The gray. The glitch. The hybrid.So yeah, cheers to AI-powered translation, but maybe keep your Walkman nearby, your phrasebook in your bag — and your curiosity even closer.Go explore the world. Learn a few words in a new language. Mispronounce them. Get them wrong. Laugh about it. People will appreciate your effort far more than your fancy iPhone.Alla prossima,— Marco 

Guest Kade Morton Panelists Richard Littauer | Eriol Fox Show Notes In this Maintainers Month episode of Sustain, host Richard Littauer and co-host Eriol Fox talk with cybersecurity expert Kade Morton from Arachne Digital. The conversation dives into how Kade's unconventional path through criminology and international relations led him into cybersecurity and open source. They explore the unique challenges of sustaining open source security tools, particularly for human rights activists and under-resourced groups, the tension between proprietary and open solutions, and how geopolitical contexts and human motivations influence modern digital threat landscapes. Hit download now to hear more! [00:01:41] Kade explains his work is split between a day job working security operations and a startup he runs called Arachne Digital. [00:02:51] Kade tells us about his background, how he got into cybersecurity through self-teaching and open source, and how his criminology and international relations studies informed his interest in cyber threats. [00:05:17] Kade discusses the open source projects he maintains, specifically ‘Thread.' [00:06:50] We learn about the difficulty of getting others invested in better tools and Kade discusses challenges explaining open source values to corporate environments. [00:12:26] Richard asks whether closed-source software is more secure and Kade highlights how most real world exploits target proprietary software. [00:14:57] Eriol brings up security perceptions in non-tech orgs using digital tools. Kade shares how Arachne Digital offers free services to vetted human rights orgs and he they discuss challenges balancing funding and access in human rights cybersecurity. [00:19:17] Richard reflects on monetization models for sustaining open source cybersecurity. Kade explains his company avoids fear-based marketing and promotes awareness instead. [00:22:40] Kade outlines how their threat-informed defense model works. [00:25:42] Eriol asks what changes could help improve open source sustainability. Kade discusses feeling out of place in both government and open source spaces and emphasizes cross-pollination between sectors to reduce polarity. [00:28:29] Richard introduces the concept of “digital sovereignty.” Kade warns of the risks of splintering the internet through nationalism and advocates for a balanced middle ground between centralization and fragmentation. [00:31:41] Kade shares where you can find his work on the web. Quotes [00:13:44] “It's mostly proprietary software that's being hacked.” [00:29:40] “The internet is the world's largest shared resource.” Spotlight [00:32:56] Eriol's spotlight is a repository called: The Design We Open. [00:33:49] Richard's spotlight is 1Password and Robin Riley. [00:34:31 Kade's spotlight is a shoutout to Mitre for TRAM and Justin Seitz who wrote a blog post on a project called, Searx. Links SustainOSS (https://sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) richard@sustainoss.org (mailto:richard@sustainoss.org) SustainOSS Discourse (https://discourse.sustainoss.org/) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) SustainOSS Bluesky (https://bsky.app/profile/sustainoss.bsky.social) SustainOSS LinkedIn (https://www.linkedin.com/company/sustainoss/) Open Collective-SustainOSS (Contribute) (https://opencollective.com/sustainoss) Richard Littauer Socials (https://www.burntfen.com/2023-05-30/socials) Eriol Fox GitHub (https://erioldoesdesign.github.io/) Kade Morton LinkedIn (https://www.linkedin.com/in/kade-morton-34179283/) Arachne Digital (https://www.arachne.digital/) Arachne Digital LinkedIn (https://www.linkedin.com/company/arachne-digital/) Arachne Digital (Medium) (https://arachnedigital.medium.com/) Arachne Digital (YouTube) (https://www.youtube.com/@Arachne_Digital) Arachne Digital (Bluesky) (https://bsky.app/profile/arachnedigital.bsky.social) Arachne Digital (GitHub) (https://github.com/arachne-threat-intel/) Thread-GitHub (https://github.com/arachne-threat-intel/thread) The National Digital Forum (NDF) (https://www.ndf.org.nz/) The New Design Congress (https://newdesigncongress.org/en/) Open Technology Fund -Security Lab (https://www.opentech.fund/labs/security-lab/) The Design We Open (GitHub) (https://github.com/sprblm/The-Design-We-Open) 1Password (https://1password.com/) TRAM (https://github.com/mitre-attack/tram) Searx (https://github.com/searx/searx) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Kade Morton.

Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack Jennifer Wilson took a weird string found in a recent honeypot sample and worked with ChatGPT to figure out what it is all about. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Exploring%20a%20Use%20Case%20of%20Artificial%20Intelligence%20Assistance%20with%20Understanding%20an%20Attack/31980 Ransomware Deployed via SimpleHelp Vulnerabilities Ransomware actors are using vulnerabilities in SimpleHelp to gain access to victim s networks via MSPs. The exploited vulnerabilities were patched in January. https://news.sophos.com/en-us/2025/05/27/dragonforce-actors-target-simplehelp-vulnerabilities-to-attack-msp-customers/ OS Command Injection in Everetz Equipment Broadcast equipment manufactured by Everetz is susceptible to an OS command injection vulnerability. Everetz has not responded to researchers reporting the vulnerability so far and there is no patch available. https://www.onekey.com/resource/security-advisory-remote-code-execution-on-evertz-svdn-cve-2025-4009

In this special guest host episode, Mike Powers and Kirsten Ashbaugh from Manuka Financial talk cybersecurity best practices.Links in this episode:Manuka Financial's website - https://www.manukafinancial.com/Tenon Financial monthly e-newsletter - Retirement Planning InsightsFacebook group - Retirement Planning Education (formerly Taxes in Retirement)YouTube channel - Retirement Planning Education (formerly Retirement Planning Demystified)Retirement Planning Education website - www.RetirementPlanningEducation.com To send Andy questions to be addressed on future Q&A episodes, email andy@andypanko.com

The introduction of the Cyber Resilience Act (CRA) marks a major shift for the software industry: for the first time, manufacturers are being held accountable for the cybersecurity of their products. Olle E. Johansson, a long-time open source developer and contributor to the Asterisk PBX project, explains how this new regulation reshapes the role of software creators and introduces the need for transparency across the entire supply chain.In this episode, Johansson breaks down the complexity of today's software supply ecosystems—where manufacturers rely heavily on open source components, and end users struggle to identify vulnerabilities buried deep in third-party dependencies. With the CRA in place, the burden now falls on manufacturers to not only track but also report on the components in their products. That includes actively communicating which vulnerabilities affect users—and which do not.To make this manageable, Johansson introduces the Transparency Exchange API (TEA), a project rooted in the OWASP CycloneDX standard. What started as a simple Software Bill of Materials (SBOM) delivery mechanism has evolved into a broader platform for sharing vulnerability information, attestations, documentation, and even cryptographic data necessary for the post-quantum transition. Standardizing this API through Ecma International is a major step toward a scalable, automated supply chain security infrastructure.The episode also highlights the importance of automation and shared data formats in enabling companies to react quickly to threats like Log4j. Johansson notes that, historically, security teams spent countless hours manually assessing whether they were affected by a specific vulnerability. The Transparency Exchange API aims to change that by automating the entire feedback loop from developer to manufacturer to end user.Although still in beta, the project is gaining traction with organizations like the Apache Foundation integrating it into their release processes. Johansson emphasizes that community feedback is essential and invites listeners to engage through GitHub to help shape the project's future.For Johansson, OWASP stands for global knowledge and collaboration in application security. As Europe's regulatory influence grows, initiatives like this are essential to build a stronger, more accountable software ecosystem.GUEST: Olle E Johansson | Co-Founder, SBOM Europe | https://www.linkedin.com/in/ollejohansson/HOST:Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESCycloneDX/transparency-exchange-api on GitHub: https://github.com/CycloneDX/transparency-exchange-apiVIDEO: The Cyber Resilience Act: How the EU is Reshaping Digital Product Security | With Sarah Fluchs: https://youtu.be/c30eG5kzqnYLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In this episode of the Revenue Builders Podcast, hosts John McMahon and John Kaplan are joined by Chris Scanlan, Chief Revenue Officer at HUMAN. With over two decades of experience in cybersecurity and a history of transformative leadership, Chris shares his insights on key topics such as sales effectiveness, recruiting, enablement, and the importance of a robust revenue operations function. Emphasizing the significance of a well-defined ideal candidate profile and the indispensable role of revenue operations in analyzing data to inform business decisions, Chris provides practical advice and real-world examples that any business leader can benefit from. Tune in for an in-depth discussion that covers the fundamentals of building high-performing teams and driving organizational change.ADDITIONAL RESOURCESLearn more about Chris Scanlan:https://www.linkedin.com/in/cscanlan/Read Force Management's Guide to Embedding AI In Your B2B Sales Organization: https://hubs.li/Q03ldrzD0Download the CRO Strategy Checklist: https://hubs.li/Q03f8LmX0Enjoying the podcast? Sign up to receive new episodes straight to your inbox: https://hubs.li/Q02R10xN0HERE ARE SOME KEY SECTIONS TO CHECK OUT[00:02:39] The Importance of Recruiting in Sales[00:05:31] Building an Ideal Candidate Profile[00:09:46] The Role of Enablement in Sales Success[00:14:47] Adapting to Market Changes and Challenges[00:24:17] The Value of Continuous Training and Development[00:29:08] Commitment to Sales Excellence[00:35:37] Doubling Sales Productivity[00:36:07] The Importance of Average Productivity per Rep[00:38:57] Training and Onboarding for Success[00:42:13] The Role of Sales Leaders in Instilling Discipline[00:45:42] The Critical Role of Frontline Sales Managers[00:50:09] Revenue Operations and Data-Driven Decisions[00:56:43] The Ideal Profile for Rev OpsHIGHLIGHT QUOTES"Bad news can't wait because bad news travels really slow uphill.""Recruiting for sure and retainment of those people has always been one of the levers to success wherever I've been.""The best rev ops leaders can take the data and make informed decisions that align with the company's vision and strategy.""This isn't something that I'm doing to you for the next three days. This is something I'm doing for you.""In our business, we have most of them have 50-50 plans...for that base salary, you get paid for waking up in the morning and doing all this stuff."

Send us a textIn this episode, Matt interviews Bel Lepe, CEO and co-founder of Cerby, discussing the challenges and opportunities in identity security. They explore the significance of disconnected applications, the impact of shadow IT, and the importance of automation and AI in enhancing security practices. Bel shares insights from his previous experience at Ooyala and the lessons learned in building Cerby, including the recent Series B funding and future plans for the company.TakeawaysDisconnected applications pose significant risks in identity management.Shadow IT is becoming a major part of the IT landscape, not just a side issue.The startup journey involves learning from past experiences and adapting strategies.The human element remains a critical factor in cybersecurity incidents.

What the status of Encrypted Client Hello (ECH)? What radio technology would be best for remote inverter shutdown? Some DNS providers already block newly listed domains. Knowing when not to click a link can take true understanding. Why can losing a small portion of a power grid bring the rest down? Where are we in the "AI Hype Cycle" and is this the first? Speaking of hype: An AI system resorted to blackmail? Why are we so quick to imbue AI with awareness? ChatGPT's latest o3 model ignored the order to shutdown. Copilot may not be making Windows core code any better. Venice.AI is an unfiltered and unrestrained LLM Show Notes - https://www.grc.com/sn/SN-1027-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit threatlocker.com for Security Now canary.tools/twit - use code: TWIT hoxhunt.com/securitynow 1password.com/securitynow

SSH authorized_keys File One of the most common techniques used by many bots is to add rogue keys to the authorized_keys file, implementing an SSH backdoor. Managing these files and detecting unauthorized changes is not hard and should be done if you operate Unix systems. https://isc.sans.edu/diary/Securing%20Your%20SSH%20authorized_keys%20File/31986 REMOTE COMMAND EXECUTION ON SMARTBEDDED METEOBRIDGE (CVE-2025-4008) Weatherstation software Meteobridge suffers from an easily exploitable unauthenticated remote code execution vulnerability https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008 https://forum.meteohub.de/viewtopic.php?t=18687 Manageengine ADAuditPlus SQL Injection Zoho patched two SQL Injection vulnerabilities in its ManageEngine ADAuditPlus product https://www.manageengine.com/products/active-directory-audit/cve-2025-41407.html https://www.manageengine.com/products/active-directory-audit/cve-2025-36527.html Dero Miner Infects Containers through Docker API Kaspersky found yet another botnet infecting docker containers to spread crypto coin miners. The initial access happens via exposed docker APIs. https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/

What the status of Encrypted Client Hello (ECH)? What radio technology would be best for remote inverter shutdown? Some DNS providers already block newly listed domains. Knowing when not to click a link can take true understanding. Why can losing a small portion of a power grid bring the rest down? Where are we in the "AI Hype Cycle" and is this the first? Speaking of hype: An AI system resorted to blackmail? Why are we so quick to imbue AI with awareness? ChatGPT's latest o3 model ignored the order to shutdown. Copilot may not be making Windows core code any better. Venice.AI is an unfiltered and unrestrained LLM Show Notes - https://www.grc.com/sn/SN-1027-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit threatlocker.com for Security Now canary.tools/twit - use code: TWIT hoxhunt.com/securitynow 1password.com/securitynow

What the status of Encrypted Client Hello (ECH)? What radio technology would be best for remote inverter shutdown? Some DNS providers already block newly listed domains. Knowing when not to click a link can take true understanding. Why can losing a small portion of a power grid bring the rest down? Where are we in the "AI Hype Cycle" and is this the first? Speaking of hype: An AI system resorted to blackmail? Why are we so quick to imbue AI with awareness? ChatGPT's latest o3 model ignored the order to shutdown. Copilot may not be making Windows core code any better. Venice.AI is an unfiltered and unrestrained LLM Show Notes - https://www.grc.com/sn/SN-1027-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit threatlocker.com for Security Now canary.tools/twit - use code: TWIT hoxhunt.com/securitynow 1password.com/securitynow

What the status of Encrypted Client Hello (ECH)? What radio technology would be best for remote inverter shutdown? Some DNS providers already block newly listed domains. Knowing when not to click a link can take true understanding. Why can losing a small portion of a power grid bring the rest down? Where are we in the "AI Hype Cycle" and is this the first? Speaking of hype: An AI system resorted to blackmail? Why are we so quick to imbue AI with awareness? ChatGPT's latest o3 model ignored the order to shutdown. Copilot may not be making Windows core code any better. Venice.AI is an unfiltered and unrestrained LLM Show Notes - https://www.grc.com/sn/SN-1027-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit threatlocker.com for Security Now canary.tools/twit - use code: TWIT hoxhunt.com/securitynow 1password.com/securitynow

What the status of Encrypted Client Hello (ECH)? What radio technology would be best for remote inverter shutdown? Some DNS providers already block newly listed domains. Knowing when not to click a link can take true understanding. Why can losing a small portion of a power grid bring the rest down? Where are we in the "AI Hype Cycle" and is this the first? Speaking of hype: An AI system resorted to blackmail? Why are we so quick to imbue AI with awareness? ChatGPT's latest o3 model ignored the order to shutdown. Copilot may not be making Windows core code any better. Venice.AI is an unfiltered and unrestrained LLM Show Notes - https://www.grc.com/sn/SN-1027-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit threatlocker.com for Security Now canary.tools/twit - use code: TWIT hoxhunt.com/securitynow 1password.com/securitynow

The Roundtable Panel: a daily open discussion of issues in the news and beyond. Today's panelists are Joseph Palamountain Jr. Chair in Government at Skidmore College Beau Breslin, Dean of the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany Robert Griffin, and Grants analyst based in Albany Emily Honen.

What the status of Encrypted Client Hello (ECH)? What radio technology would be best for remote inverter shutdown? Some DNS providers already block newly listed domains. Knowing when not to click a link can take true understanding. Why can losing a small portion of a power grid bring the rest down? Where are we in the "AI Hype Cycle" and is this the first? Speaking of hype: An AI system resorted to blackmail? Why are we so quick to imbue AI with awareness? ChatGPT's latest o3 model ignored the order to shutdown. Copilot may not be making Windows core code any better. Venice.AI is an unfiltered and unrestrained LLM Show Notes - https://www.grc.com/sn/SN-1027-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit threatlocker.com for Security Now canary.tools/twit - use code: TWIT hoxhunt.com/securitynow 1password.com/securitynow

  In this episode of Cybersecurity Today, host Jim Love explores the intricacies behind phishing emails that cleverly spoof Microsoft addresses, making many fall for scams despite appearing legitimate. Love emphasizes the need for a stringent 'zero trust' approach to counter these advanced tactics. Additionally, the episode delves into the activities of the hacking group Hazy Hawk, which exploits misconfigured DNS records to hijack trusted domains and propagate malware. Organizations are warned about the importance of regular DNS audits to prevent such attacks. The episode also covers the alarming wave of departures at the Cybersecurity and Infrastructure Security Agency (CISA), raising concerns over the agency's effectiveness amid increasing cyber threats. In another segment, Love discusses a sophisticated fraud operation out of Hanoi, where perpetrators manipulated X's Creator Revenue Sharing Program to siphon funds through fraudulent engagement metrics. The need for built-in fraud prevention mechanisms in digital reward systems is stressed. The episode concludes with a call for listener feedback and support. 00:00 Introduction and Overview 00:27 Phishing Scams: Authentic-Looking Emails 02:58 DNS Misconfigurations and Hazy Hawk 05:36 CISA Leadership Exodus 08:16 X's Creator Revenue Sharing Fraud 10:56 Conclusion and Contact Information

In this special live edition of The Buzz, Pete Tseronis interviews key industry leaders on the critical role of contact centers in delivering services, especially through digital and omni-channel strategies. Key speakers, including Martha Dorris of Dorris Consulting International; Amanda Chavez from Qualtrics; Mia Jordan from Salesforce; Marcellus Walker, Jr. from the Office of Unified Communications; Gundeep Ahluwalia from NuAxis Innovations; MaryAnn Monroe from Maximus; Tanya Slater Lowe from the U.S. Department of Labor; Crystal Philcox from Philcox Consulting, share insights on improving customer experience using technologies like AI, sentiment analysis, and automation. The summit emphasized empathy, data-driven decision-making, and the pivotal role of contact centers as the entry point to agencies. Practical lessons, success stories, and future projections for contact centers are also discussed, providing actionable strategies for government and industry leaders.  Subscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on LinkedIn or visit http://www.actiac.org.Learn more about membership at https://www.actiac.org/join.Donate to ACT-IAC at https://actiac.org/donate. Intro/Outro Music: See a Brighter Day/Gloria TellsCourtesy of Epidemic Sound(Episodes 1-159: Intro/Outro Music: Focal Point/Young CommunityCourtesy of Epidemic Sound)

SVG Steganography Steganography is not only limited to pixel-based images but can be used to embed messages into vector-based formats like SVG. https://isc.sans.edu/diary/SVG%20Steganography/31978 Fortinet Vulnerability Details CVE-2025-32756 Horizon3.ai shows how it was able to find the vulnerability in Fortinet s products, and how to possibly exploit this issue. The vulnerability is already being exploited in the wild and was patched May 13th https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/ Remote Prompt Injection in GitLab Duo Leads to Source Code Theft An attacker may leave instructions (prompts) for GitLab Duo embedded in the source code. This could be used to exfiltrate source code and secrets or to inject malicious code into an application. https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo

Aviatrix is a cloud network security company that helps you secure connectivity to and among public and private clouds. On today’s Packet Protector, sponsored by Aviatrix, we get details on how Aviatrix works, and dive into a new feature called the Secure Network Supervisor Agent. This tool uses AI to help you monitor and troubleshoot... Read more »

In this special live episode from the 2025 Advisory Board Summit, Ardent Health Services President & CEO Marty Bonick and Chief Digital and Transformation Officer Anika Gardenhire recount the harrowing story of a ransomware attack that brought their 30-hospital system to a standstill on Thanksgiving Day 2023. Cyberattacks on healthcare systems are becoming more frequent, more sophisticated, and more devastating. Just 60 days into her role, Anika led the charge to contain the breach, extract the threat, and recover operations in a record-setting 12 days. From ransom messages appearing on medical devices to disconnecting their entire system from the internet, this episode explores what it takes to lead through crisis, act decisively, and build true cyber resilience. This candid conversation underscores why leaders must embrace transparency even when sharing worst-case scenarios. Because learning from difficult moments is how health leaders build stronger, more resilient systems. Links: Ardent Health Cybersecurity in healthcare Paint a picture of a cyber-resilient organization Cybersecurity in healthcare demands resiliency, not reactivity Advisory Board Summits Radio Advisory's Tech and AI playlist A transcript of this episode as well as more information and resources can be found on RadioAdvisory.advisory.com.

In this special live episode from the 2025 Advisory Board Summit, Ardent Health Services President & CEO Marty Bonick and Chief Digital and Transformation Officer Anika Gardenhire recount the harrowing story of a ransomware attack that brought their 30-hospital system to a standstill on Thanksgiving Day 2023. Cyberattacks on healthcare systems are becoming more frequent, more sophisticated, and more devastating. Just 60 days into her role, Anika led the charge to contain the breach, extract the threat, and recover operations in a record-setting 12 days. From ransom messages appearing on medical devices to disconnecting their entire system from the internet, this episode explores what it takes to lead through crisis, act decisively, and build true cyber resilience. This candid conversation underscores why leaders must embrace transparency even when sharing worst-case scenarios. Because learning from difficult moments is how health leaders build stronger, more resilient systems. Links: Ardent Health Cybersecurity in healthcare Paint a picture of a cyber-resilient organization Cybersecurity in healthcare demands resiliency, not reactivity Advisory Board Summits Radio Advisory's Tech and AI playlist A transcript of this episode as well as more information and resources can be found on RadioAdvisory.advisory.com.