Podcasts about cybersecurity

Scans for pop3user with guessable password A particular IP assigned to a network that calls itself Unmanaged has been scanning telnet/ssh for a user called pop3user with passwords pop3user or 123456 . I assume they are looking for legacy systems that either currently run pop3 or ran pop3 in the past, and left the user enabled. https://isc.sans.edu/diary/Legacy%20May%20Kill/32166 Possible Sonicwall SSL VPN 0-Day Arcticwolf observed compromised Sonicwall SSL VPN devices used by the Akira group to install ransomware. These devices were fully patched, and credentials were recently rotated. https://arcticwolf.com/resources/blog/arctic-wolf-observes-july-2025-uptick-in-akira-ransomware-activity-targeting-sonicwall-ssl-vpn/ PAM Based Linux Backdoor For over a year, attackers have used a PAM-based Linux backdoor that so far has gotten little attention from anti-malware vendors. PAM-based backdoors can be stealthy, and this one in particular includes various anti-forensics tricks. https://www.nextron-systems.com/2025/08/01/plague-a-newly-discovered-pam-based-backdoor-for-linux/

Dave Sobel interviews Raffi Jamgotchian, founder and CEO of Triada Networks, about the current landscape of AI adoption in the financial services sector, particularly among small to medium-sized investment firms. Jamgotchian notes that while some clients are eager to embrace AI, others remain hesitant, mirroring trends seen with cloud technology. For those leaning into AI, Triada Networks is focusing on proof of concepts, helping clients structure their data effectively to leverage AI tools, especially in data analytics and research.Regulatory considerations play a significant role in how firms approach AI implementation. Many of Jamgotchian's clients operate in regulated environments, which affects their choice of data models and the types of large language models (LLMs) they can use. The challenge lies in handling sensitive, non-public information without risking regulatory violations. As firms navigate these complexities, the importance of data preparation becomes evident, with varying levels of readiness among clients impacting their ability to utilize AI effectively.Cybersecurity is a critical aspect of the conversation around AI and data management. Jamgotchian highlights that clients are increasingly proactive in seeking guidance on cybersecurity implications related to their business decisions. This shift is attributed to a combination of heightened regulatory scrutiny and a growing awareness of cybersecurity risks in the market. The conversation has evolved from being initiated by service providers to clients actively engaging in discussions about their cybersecurity needs.Looking ahead, Jamgotchian emphasizes the importance of monitoring regulatory developments, particularly from organizations like FINRA and the FCC, as they relate to AI. He anticipates that AI-related lawsuits will emerge, prompting changes in laws that could impact managed service providers (MSPs). The conversation concludes with a recognition that while the MSP landscape is evolving, the core mission of solving business problems through technology remains unchanged, and those who adapt will thrive in the future. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Send Bidemi a Text Message!In this episode of The Medcurity Podcast, host Melinda Nevala, a digital privacy advocate and the Marketing Director at Medcurity, spoke with Bidemi Ologunde about wide-ranging security topics including: the dichotomy between privacy and security especially with the use of mobile apps and smart devices; cyberattacks and ransomware targeting organizations in several industries via seemingly innocuous entry points such as internet-connected fish tanks; the new HIPAA rules recently proposed in the US; the new AI rules introduced in Europe; why systems of systems are most vulnerable to cyberattacks; the different cyber attack surfaces many organizations don't realize they have; how the tech landscape has changed in recent years due to AI and its unintended consequences; and lots more.Support the show

Scattered Spider Related Domain Names A quick demo of our domain feeds and how they can be used to find Scattered Spider related domains https://isc.sans.edu/diary/Scattered+Spider+Related+Domain+Names/32162 Excel External Workbook Links to Blocked File Types Will Be Disabled by Default Excel will discontinue allowing links to dangerous file types starting as early as October. https://support.microsoft.com/en-us/topic/external-workbook-links-to-blocked-file-types-will-be-disabled-by-default-6dd12903-0592-463d-9e68-0741cf62ee58 CISA Releases Thorium CISA announced that it released its malware analysis platform, Thorium, as open-source software. https://www.cisa.gov/news-events/alerts/2025/07/31/thorium-platform-public-availability

In a market flooded with cheap imports and geopolitical risk, one company is standing its ground.Did you know there's only one North American battery management system (BMS) provider at utility scale—despite growing pressure from subsidized Chinese competitors offering systems at zero cost? Michael Worry, CEO of Nuvation Energy, joins Nico to share how his company became that lone provider. But the core of this episode brings a critical warning: what happens when over 80% of the U.S. battery infrastructure is owned or influenced by foreign governments? And how should engineers and lawmakers respond?Michael takes us on a wild entrepreneurial ride: from building EVs before Tesla was cool to deploying robot kegerators at Burning Man. Nuvation's “garage projects” aren't just PR stunts—they're real-world user acceptance test platforms that prove product reliability under extreme conditions.Expect to learn:

Teen boys are the new targets. Dr. Phil exposes the alarming surge in sextortion, the heartbreaking consequences, and what families must do now to protect their kids online. A silent predator is stalking teenage boys—and it's hiding behind their screens. Dr. Phil sounds the alarm on the growing wave of sextortion scams exploiting young boys' vulnerabilities. Tamia and Tim Woods share the devastating story of their son James, who died by suicide after receiving over 200 threatening messages in less than a day. South Carolina State Rep. Brandon Guffey opens up about losing his son Gavin, who took his own life within two hours of being targeted. Dr. Phil also meets Rick, a 15-year-old survivor who hid his torment for days, and Nico, who fought through a terrifying 24-hour ordeal before telling his mom. Cybersecurity expert James McGibney explains why boys are being targeted, why so many suffer in silence—and what parents must do now. If you think it can't happen to your family, think again. This episode is brought to you by Preserve Gold: Visit: https://drphilgold.com/  Get a FREE precious metals guide that contains essential information on how to help protect your accounts. Text “DRPHIL” to 50505 to claim this exclusive offer from Preserve Gold today. Subscribe | Rate | Review | Share:  YouTube: https://bit.ly/3H3lJ8n Apple Podcasts: https://apple.co/4jVk6rX Spotify: https://bit.ly/4n6PCVZ Website: https://www.drphilpodcast.com

Securing Firebase: Lessons Re-Learned from the Tea Breach Inspried by the breach of the Tea app, Brendon Evans recorded a video to inform of Firebase security issues https://isc.sans.edu/diary/Securing%20Firebase%3A%20Lessons%20Re-Learned%20from%20the%20Tea%20Breach/32158 WebKit Vulnerability Exploited before Apple Patch A WebKit vulnerablity patched by Apple yesterday has already been exploited in Google Chrome. Google noted the exploit with its patch for the same vulnerability in Chrome. https://nvd.nist.gov/vuln/detail/CVE-2025-6558 Scattered Spider Update CISA released an update for its report on Scattered Spider, noting that the group also calls helpdesks impersonating users, not just the other way around. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a

Send Bidemi a Text Message!In this episode, host Bidemi Ologunde explored the process of becoming undeniable in the tech industry, using personal stories and incidents throughout his career.Support the show

Mineral and royalty owners face unique cybersecurity risks that most people never consider. From fraudulent emails requesting banking changes to sophisticated scams targeting royalty payments, cybercriminals increasingly view mineral owners as attractive targets due to their regular income streams and valuable assets. In this essential episode, we break down the most common digital threats facing mineral owners and provide straightforward, non-technical strategies to protect your personal information, financial accounts, and royalty payments. Whether you're tech-savvy or prefer to keep things simple, you'll discover practical steps you can implement immediately to safeguard your mineral income and personal data from online criminals.  As always, links to the resources mentioned in this episode can be found in the show notes at mineralrightspodcast.com.

I had such a wonderful conversation with Channel Sales Leader and Mentor Jen Waltz.  As Chief Information Security Officer of Imagenative, Jen is:  FOUNDER and CISO. Empowering Your Business to Scale, Secure and Succeed. She helps with: Cybersecurity and Emerging Technologies: Help partners build, deliver, and manage cutting-edge cybersecurity solutions. Enterprise IT & Digital Transformation: Adopt next-gen technology solutions by enabling the right partners, distributors, and vendors. Cloud & SaaS Enablement: Accelerate cloud, cybersecurity, and SaaS adoption across industries. Technology Distribution & Supply Chain: Evolve from traditional logistics providers to digital orchestration. Channel & Partner Ecosystem: Enable VARs, MSPs, and SIs to build profitable, service-led businesses.   More about Jen: https://www.linkedin.com/in/jenwaltz/ More about Women Sales Pros - we have a website, we are on LinkedIn, Facebook, and Instagram.  We are looking for our 2026 sponsors! Subscribe to our 2x a month news, and share the podcast with others! We'd love a 5 star rating and comments on iTunes if you are so moved! It really makes a difference.  subscribe: https://bit.ly/thewspnews Contribute: https://forms.gle/v9rRiPDUtgGqKaXA6 Past News Issues: bit.ly/past_news_issues https://womensalespros.com/podcast/ 

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com Title: Creative Storytelling in the Age of AI: When Machines Learn to Dream and the Last Stand of Human CreativityGuest: Maury RogowCEO, Rip Media Group | I grow businesses with Ai + video storytelling. Honored to have 70k+ professionals & 800+ brands grow by 2.5Billion Published: Inc, Entrepreneur, ForbesOn LinkedIn: https://www.linkedin.com/in/mauryrogow/Host: Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Consultant | Journalist | Writer | Podcasts: Technology, Cybersecurity, Society, and Storytelling.WebSite: https://marcociappelli.comOn LinkedIn: https://www.linkedin.com/in/marco-ciappelli/_____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________⸻ Podcast Summary ⸻ I sat across - metaversically speaking - from Maury Rogow, a man who's lived three lives—tech executive, Hollywood producer, storytelling evangelist—and watched him grapple with the same question haunting creators everywhere: Are we teaching our replacements to dream? In our latest conversation on Redefining Society and Technology, we explored whether AI is the ultimate creative collaborator or the final chapter in human artistic expression.⸻ Article ⸻ I sat across from Maury Rogow—a tech exec, Hollywood producer, and storytelling strategist—and watched him wrestle with a question more and more of us are asking: Are we teaching our replacements to dream?Our latest conversation on Redefining Society and Technology dives straight into that uneasy space where AI meets human creativity. Is generative AI the ultimate collaborator… or the beginning of the end for authentic artistic expression?I've had my own late-night battles with AI writing tools, struggling to coax a rhythm out of ChatGPT that didn't feel like recycled marketing copy. Eventually, I slammed my laptop shut and thought: “Screw this—I'll write it myself.” But even in that frustration, something creative happened. That tension? It's real. It's generative. And it's something Maury deeply understands.“Companies don't know how to differentiate themselves,” he told me. “So they compete on cost or get drowned out by bigger brands. That's when they fail.”Now that AI is democratizing storytelling tools, the danger isn't that no one can create—it's that everyone's content sounds the same. Maury gets AI-generated brand pitches daily that all echo the same structure, voice, and tropes—“digital ventriloquism,” as I called it.He laughed when I told him about my AI struggles. “It's like the writer that's tired,” he said. “I just start a new session and tell it to take a nap.” But beneath the humor is a real fear: What happens when the tools meant to support us start replacing us?Maury described a recent project where they recreated a disaster scene—flames, smoke, chaos—using AI compositing. No massive crew, no fire trucks, no danger. And no one watching knew the difference. Or cared.We're not just talking about job displacement. We're talking about the potential erasure of the creative process itself—that messy, human, beautiful thing machines can mimic but never truly live.And yet… there's hope. Creativity has always been about connecting the dots only you can see. When Maury spoke about watching Becoming Led Zeppelin and reliving the memories, the people, the context behind the music—that's the spark AI can't replicate. That's the emotional archaeology of being human.The machines are learning to dream.But maybe—just maybe—we're the ones who still know what dreams are worth having.Cheers,Marco⸻ Keywords ⸻ artificial intelligence creativity, AI content creation, human vs AI storytelling, generative AI impact, creative industry disruption, AI writing tools, future of creativity, technology and society, AI ethics philosophy, human creativity preservation, storytelling in AI age, creative professionals AI, digital transformation creativity, AI collaboration tools, machine learning creativity, content creation revolution, artistic expression AI, creative industry jobs, AI generated content, human-AI creative partnership__________________ Enjoy. Reflect. Share with your fellow humans.And if you haven't already, subscribe to Musing On Society & Technology on LinkedIn — new transmissions are always incoming.https://www.linkedin.com/newsletters/musing-on-society-technology-7079849705156870144You're listening to this through the Redefining Society & Technology podcast, so while you're here, make sure to follow the show — and join me as I continue exploring life in this Hybrid Analog Digital Society.End of transmission.____________________________Listen to more Redefining Society & Technology stories and subscribe to the podcast:

Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

Apple Updates Everything: July 2025 Edition Apple released updates for all of its operating systems patching 89 different vulnerabilities. Many vulnerabilities apply to multiple operating systems. https://isc.sans.edu/diary/Apple%20Updates%20Everything%3A%20July%202025/32154 Python Triage A quick python script by Xavier to efficiently search through files, even compressed once, for indicators of compromise. https://isc.sans.edu/diary/Triage+is+Key+Python+to+the+Rescue/32152/ PaperCut Attacks CISA added a 2024 Papercut vulnerability to the known exploited vulnerability list. https://www.cisa.gov/news-events/alerts/2025/07/28/cisa-adds-three-known-exploited-vulnerabilities-catalog

Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

In this episode, we delve into the transformative role of AI in product management through conversations with some of the best Product leaders. You'll hear from Anthony Maggio (VP Product Management at Airtable), Jessica Hall (CPO at Just Eat Takeaway), Karthik Suri (CPO at Cornerston OnDemand), Mario Rodriguez (CPO at Github), Steve Wilson (CPO at Exabeam), Darren Wilson (CPO at Soul Machines), and Tamar Yehoshua (Former Glean President of Product and Technology).We explore how AI tools are reshaping strategy and efficiency, while personalizing customer experiences. Join us as we discuss the impact of AI, and the future of product strategy. Are you curious about how AI can revolutionize your product management approach? Tune in to discover insights and practical applications that could redefine your strategies and customer interactions.You'll hear us talk about:10:05 - AI's Role in Product StrategyExplore how product leaders are integrating AI into their strategic planning, focusing on addressing significant business and customer problems. The discussion highlights the experimental applications of AI in enhancing customer journeys and optimizing backend processes.18:45 - Enhancing Customer Interaction with Digital AvatarsWe dive into the world of digital avatars and their role in creating empathetic and personalized customer interactions. This section covers how avatars can be used for language learning and practicing difficult conversations in a non-judgmental setting.27:30 - Cybersecurity in the Age of AIUnderstand the evolving landscape of cybersecurity with AI's influence. Learn about the dual nature of AI in enhancing defenses and creating new threat vectors, emphasizing the importance of rapid AI adoption to stay competitive in the cybersecurity arena.Episode Resources:Anthony Maggio (VP Product Management at Airtable): https://www.linkedin.com/in/anthonymaggio/Jessica Hall (CPO at Just Eat Takeaway): https://www.linkedin.com/in/jessicalrhall/Karthik Suri (CPO at Cornerston OnDemand): http://linkedin.com/in/surikarthik/Mario Rodriguez (CPO at Github): https://www.linkedin.com/in/mariorodriguez3/Steve Wilson (CPO at Exabeam): https://www.linkedin.com/in/wilsonsd/Darren Wilson (CPO at Soul Machines): https://www.linkedin.com/in/dpjwilson/Tamar Yehoshua (Former President of Product): https://www.linkedin.com/in/tamar-yehoshua-886217/Check our new course: https://productinstitute.com/p/mastering-product-strategy-overviewTimestamps:00:00 Coming Up01:37 Intro02:57 AI raising the bar for PMs06:57 Using AI to improve personalization10:52 Reimagining products with emerging AI14:55 AI behind GitHub Copilot20:21 AI's risks and impact on cybersecurity24:22 AI avatars and emotional interaction30:42 How PMs can stay relevant in the AI age

Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

The Federal Reserve the most divided its been in more than 30 years, with two governors expected to dissent in today's decision amid President Trump's repeated calls for Chair Powell to lower rates. Palo Alto poised to buy Cyberark. Plus, Meta's push to create a new category of AI-powered personal assistants. 

The Roundtable Panel: a daily open discussion of issues in the news and beyond. Today's panelists are Joseph Palamountain Jr. Chair in Government at Skidmore College Beau Breslin, public policy and communications expert Theresa Bourgeois, and Dean of the College of Emergency Preparedness Homeland Security and Cyber Security at UAlbany Bob Griffin.

Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

In this episode of From the Crows' Nest, host Ken Miller delves into the intersection of privacy and national security with Susan Landau, the Director of the Cybersecurity Center at Tufts University.Landau testified before Congress last month calling for improved encryption as a matter of national security. She tells host Ken Miller that the modern debate over encryption and cybersecurity dates back to a cyber espionage operation run by Chinese hackers called “Salt Typhoon” that breached various parties and critical U.S. infrastructure, including wiretapping members of both the Trump and Harris presidential campaigns. Their ability to breach texts and voice messages and access databases highlighted inefficiencies in America's cybersecurity infrastructure – and the tension between protecting American citizens from cyberattacks while posing additional challenges to law enforcement agencies worldwide.To learn more about today's topics or to stay updated on EMSO and EW developments, visit our homepage.We also invite you to share your thoughts, questions, or suggestions for future episodes by emailing host Ken Miller at host@fromthecrowsnest.org.

Angel Menendez, Staff Developer Advocate at n8n, discusses how AI is revolutionizing automation within enterprises, especially in the cybersecurity sector. He also shares the significance of self-hosting solutions like n8n for maintaining data privacy, lowering costs, and reducing operational noise. Key Takeaways:  How AI is reshaping enterprise-level automation and tackling cybersecurity threats Ways that AI can empower creative right-brain thinkers Practical implications of new AI technologies in enhancing enterprise workflows while maintaining data security The evolving landscape of threat intelligence and importance of standards in automation Guest Bio: Angel Menendez is a cybersecurity and AI automation expert—currently at n8n—helping enterprises scale their AI-driven workflows and integrate intelligent automation into traditionally manual processes. With a deep background in threat intelligence, digital privacy, and process orchestration, he brings a unique perspective on the evolving intersection of cybersecurity, automation, and responsible AI adoption. ---------------------------------------------------------------------------------------- About this Show: The Brave Technologist is here to shed light on the opportunities and challenges of emerging tech. To make it digestible, less scary, and more approachable for all! Join us as we embark on a mission to demystify artificial intelligence, challenge the status quo, and empower everyday people to embrace the digital revolution. Whether you're a tech enthusiast, a curious mind, or an industry professional, this podcast invites you to join the conversation and explore the future of AI together. The Brave Technologist Podcast is hosted by Luke Mulks, VP Business Operations at Brave Software—makers of the privacy-respecting Brave browser and Search engine, and now powering AI everywhere with the Brave Search API. Music by: Ari Dvorin Produced by: Sam Laliberte  

In this episode of 'Cybersecurity Today,' host Jim Love covers several significant cybersecurity incidents. Hackers disrupt all Aeroflot flights, causing massive delays in Russia. The women-only dating app 'Tea' faces a second serious data leak, exposing 1.1 million private messages. A game on Steam named 'Camia' is found to contain three types of malware, including Info Stealers and a Backdoor. Additionally, researchers discover that OpenAI's GPT-4 agent can bypass CAPTCHAs, raising concerns about the future of this security measure. 00:00 Introduction and Headlines 00:28 Tea App's Major Data Breaches 02:29 Aeroflot Cyber Attack Disrupts Flights 04:22 Malware Found in Steam Game 06:27 OpenAI's GPT-4 Bypasses Captchas 08:59 Conclusion and Final Thoughts

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Today's digital entertainment ecosystem spans streaming platforms, mobile applications, gaming networks and content delivery systems—creating unprecedented opportunities and security challenges. Forward-thinking leaders are working to balance seamless user experiences with robust security frameworks in an era where digital content is ubiquitous and consumers demand instant, secure access across every device.  Tune in as experts discuss how the evolution of digital entertainment platforms is transforming security paradigms, creating new business models and why protecting the modern media value chain has become a C-suite priority that extends far beyond technical considerations.  Featured experts Tony Lauro, Senior Director of Security Strategy, Akamai Technologies Tina Slivka, Vice President, Consult Lead for US Telecom, Media and Technology, Kyndryl 

Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

Everyone's talking about AI these days, especially in cybersecurity. Sure, artificial intelligence can boost your defenses, but cybercriminals have noticed too. Now they're crafting phishing emails so believable it's scary and finding clever paths around spam filters while zeroing in on vulnerabilities you didn't even realize were there.    Today, Aviad Hasnis joins the show. He's the CTO of Cynet Security and spent years running cybersecurity missions for the Israeli Defense Forces. Aviad's here to help us figure out what the changing threat landscape really means, whether you're leading a corporate giant or just trying to keep your small business safe. From passwords getting scooped up to VPN setups from a decade ago that no one updated, Aviad's seen just about everything go wrong. He also explains why copy-pasting AI-generated code might open you up to attacks you never saw coming. He's big on education, common sense, and making sure you're using multiple security layers. These days even one slip-up can give attackers exactly what they're looking for. Aviad also walks us through supply chain vulnerabilities and why they should keep you up at night. Whether you're the CISO of a Fortune 500 company or you're running a small team with Bob, the go-to tech person juggling 18 other tasks, this episode is packed with practical insights to help you avoid the next big cybersecurity headache. While AI might be reshaping the cybersecurity landscape, staying secure still comes down to thoughtful planning, human judgment, and making sure someone you trust has your back. Show Notes: [01:08] Aviad has been Cynet's Chief Technology Officer for the past five years. Prior to that, he worked in cyber security for the Israeli Army. [02:18] He was always fascinated with computers and technology. When Iran had a technology problem, he realized that cybersecurity was what he wanted to do for the rest of his life. [03:19] Aviad shares a story about his friend's mother being exposed to a scam. She received a phone call from someone pretending to be a police officer. She even installed different executables on her laptop. She didn't realize she was being victimized until she transferred over five grand. [06:07] Social engineering is one of the most dominant ways to gain access. [08:39] The security implications of using AI. [09:30] It's important to have guardrails with how you use AI. [10:28] If you're just copying and pasting code you may copy something that could be vulnerable to exploits. [11:16] People need to be aware of the types of risk and educate themselves. [12:49] Conversations at the C-suite level for implementing AI. [13:43] The challenge is to harness AI the right way without replacing people. [15:18] It's important to use critical thinking when creating with AI. [16:04]  AI is helping security by allowing people to consult and get information. You can also introduce vulnerabilities into your application if you just copy and paste from chat GPT without knowing the context. [17:05] The bad guys can also use AI. [17:56] AI has improved the quality of phishing scams. [21:36] Where organizations are missing out when it comes to sniffing out threats. This includes VPNs and SaaS or cloud.  [22:52] Employees could be using their home computers to connect to the company VPN and then their kids might download some malware or trojan. Companies need to use two-factor authentication when it comes to VPNs. [24:11] Email phishing can be another way to steal credentials. [27:54] The most effective approach is security layers. [30:40]  Another security measure is creating profiles where we know where you're logging in from. [33:35] Is this doom and gloom for small businesses? [34:48] The best solution for small businesses would be to find a company with an all-in-one solution. [37:11] The importance of being proactive, so you can act quickly if you see something suspicious. [38:24] How the move to the cloud affects security. [39:08] Shifting to the cloud is safer. [44:20] New threats on the horizon include threat actors utilizing AI. They love to get control of remote applications. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Cynet Security Aviad Hasnis - LinkedIn Aviad Hasnis - Cynet Security

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services at https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training:https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% offRegister for Flare's next training on Aug. 13th on Web App Testing at https://simplycyber.io/flareSimply Cyber Academy - The Place for Cyber Careers: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.comFollow SC: https://simplycyber.io/socials

The Cybersecurity and Infrastructure Security Agency is out with some new guidance on how agencies can adopt zero trust security architectures. CISA's latest guide focuses on a security concept called micro segmentation. It's considered critical to containing hackers and malware before they wreak havoc across networks and steal sensitive data. For more, Federal News Network's Justin Doubleday spoke with Shelley Hartsook, an Acting Associate Director in CISA cybersecurity division.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Find out more about their ever expanding program on The WCCO Morning News with Vineeta Sawkar.

Alan Rozenshtein, Senior Editor and Research Director at Lawfare, sits down with Sezaneh Seymour, Vice President and head of regulatory risk and policy at Coalition and a former Senior Adviser on the National Security Council staff, and Brandon Wales, Vice President for cybersecurity strategy at SentinelOne and the former Executive Director of the Cybersecurity and Infrastructure Security Agency (CISA), to discuss their new Lawfare Research Report, “Partners or Provocateurs? Private-Sector Involvement in Offensive Cyber Operations.”They talk about why, in the face of escalating cyber threats from state and criminal actors, U.S. officials are reevaluating the policy that currently reserves offensive cyber operations as a government-only function. Rather than endorsing a change, Seymour and Wales propose a structured framework to guide the policy debate. This framework is built on three key factors: first, defining the core policy objectives for involving the private sector; second, determining the appropriate scope of authorized activities, including what actions are permissible and who can be targeted; and third, addressing the complex legal and liability considerations, especially when operations cause harm to innocent third parties. They conclude by weighing the potential for private actors to augment U.S. capabilities against the significant risks of escalation and diplomatic fallout.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/lawfare-institute.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

Parasitic SharePoint Exploits We are seeing attacks against SharePoint itself and attempts to exploit backdoors left behind by attackers. https://isc.sans.edu/diary/Parasitic%20Sharepoint%20Exploits/32148 Cisco ISE Vulnerability Exploited A recently patched vulnerability in Cisco ISE is now being exploited. The Zero Day Initiative has released a blog detailing the exploit chain to obtain code execution as an unauthenticated user. https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability MyAsus Vulnerablity The MyAsus tool does not store its access tokens correctly, potentially providing an attacker with access to sensitive functions https://www.asus.com/content/security-advisory/

Mobile devices blur the boundaries between personal and work devices and are packed with sensitive information, making them popular targets for malware, spyware, and data collection. On today’s Packet Protector we dig into strategies for managing threats to mobile devices with guest Akili Akridge. Akili started his career pulling burner phones off suspects as a... Read more »

My guest today, Steve Durbin, shares why empathy, agility, and resilience are vital to managing risk and keeping your organization secure. Steve shares the biggest threats to organizations right now and how empathetic leaders foster the resiliency needed to adapt. We discuss how CISO's and risk officers can create an empathetic culture where trust and transparency flow to help protect the organization. Steve shares how letting go of control can keep you safer, and how curiosity and listening help you communicate in ways people understand. He candidly shares that CEOs who don't understand empathy are a risk. And finally, Steve offers ways to balance a culture of experimentation and empowerment with effective risk management. To access the episode transcript, please scroll down below.Key Takeaways:When assessing risk, people are your greatest risk, but they are also your greatest asset and your greatest opportunity for solutions. It is not the machine or the algorithm that will solve your risk problem; it is your people. You risk losing your best people if you're not willing to adapt to what needs to be done for the best of your organization, employees, clients, and other stakeholders. "You increase awareness by explaining why people need to be aware, why they should care, and you may have to make it personal." — Steve DurbinFrom Our Partner:SparkEffect partners with organizations to unlock the full potential of their greatest asset: their people. Through their tailored assessments and expert coaching at every level, SparkEffect helps organizations manage change, sustain growth, and chart a path to a brighter future.Go to sparkeffect.com/edge now and download your complimentary Professional and Organizational Alignment Review today.About Steve Durbin: CEO, Information Security ForumSteve Durbin is Chief Executive, Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments.He is a frequent speaker and commentator on technology and security issues, and, since 2016, the host of the ISF Podcast.Formerly at Ernst & Young, Steve has been involved with IPOs, mergers and acquisitions of fast-growth companies across Europe and the USA. Having previously been senior vice president at Gartner, he has advised a number of NASDAQ and NYSE listed global technology companies.Steve has served as a Digital 50 advisory committee member in the United States, and he has been ranked as one of the top 10 individuals shaping ow organizations and leaders approach information security careers. He has also been featured on the top 20 most influential list of leaders whose companies have a vision that shapes the conceptual landscape of their respective industries.Steve is a Chartered Marketer, a Fellow of the Chartered Institute of Marketing, Forbes Business Council Member and a lecturer at Henley Business School, where he speaks on the role of the Board in Cybersecurity.Connect with Steve:Information Security Forum: securityforum.org X: x.com/securityforum LinkedIn: linkedin.com/in/stevedurbin YouTube: youtube.com/channel/UCyTu0HsWQd_ucrt0Zo0042A Connect with Maria:Get Maria's books on empathy: Red-Slice.com/booksLearn more about Maria's work: Red-Slice.comHire Maria to speak: Red-Slice.com/Speaker-Maria-RossTake the LinkedIn Learning Course! Leading with EmpathyLinkedIn: Maria RossInstagram: @redslicemariaFacebook: Red SliceThreads: @redslicemariaWe would love to get your thoughts on the show! Please click https://bit.ly/edge-feedback to take this 5-minute survey, thanks!

Mobile devices blur the boundaries between personal and work devices and are packed with sensitive information, making them popular targets for malware, spyware, and data collection. On today’s Packet Protector we dig into strategies for managing threats to mobile devices with guest Akili Akridge. Akili started his career pulling burner phones off suspects as a... Read more »

ThreatLocker to Unveil Game-Changing Zero Trust Innovations at Black Hat 2025 | Visit Them at Booth #1933 | A ThreatLocker Pre-Event Coverage of Black Hat USA 2025 Las Vegas | Brand Story with John LillistonJoin ITSP Magazine's Marco Ciappelli and Sean Martin as they preview ThreatLocker's exciting Black Hat 2025 presence with Detect Product Director John Lilliston. Discover upcoming major announcements, hands-on hacking demos, and how ThreatLocker's default deny approach is revolutionizing enterprise cybersecurity through comprehensive zero trust implementation.As Black Hat USA 2025 approaches, cybersecurity professionals are gearing up for one of the industry's most anticipated events. ITSP Magazine's Marco Ciappelli and Sean Martin recently sat down with John Lilliston, ThreatLocker's Detect Product Director, to preview what promises to be an exciting showcase of zero trust innovation at booth 1933.ThreatLocker has become synonymous with the "default deny" security approach, a philosophy that fundamentally changes how organizations protect their digital assets. Unlike traditional security models that allow by default and block known threats, ThreatLocker's approach denies everything by default and allows only approved applications, network communications, and storage operations. This comprehensive strategy operates across application, network, and storage levels, creating what Lilliston describes as a "hardened system that stops adversaries in their tracks."The company's rapid growth reflects the industry's embrace of zero trust principles, moving beyond buzzword status to practical, enterprise-ready solutions. Lilliston, who joined ThreatLocker in February after evaluating their products from the enterprise side, emphasizes how the platform's learning mode and ring fencing capabilities set it apart from competitors in the application control space.At Black Hat 2025, ThreatLocker will demonstrate their defense-in-depth strategy through their Detect product line. While their primary zero trust controls rarely fail, Detect provides crucial monitoring for applications that must run in enterprise environments but may have elevated risk profiles. The system can automatically orchestrate responses to threats, such as locking down browsers exhibiting irregular behavior that might indicate data exfiltration attempts.Visitors to booth 1933 can expect hands-on demonstrations and on-demand hacking scenarios that showcase real-world applications of ThreatLocker's technology. The company is preparing major announcements that CEO Danny Houlihan will reveal during the event, promising game-changing developments for both the organization and its client base.ThreatLocker's Black Hat agenda includes a welcome reception on Tuesday, August 5th, from 7-10 PM at the Mandalay Bay Complex, and Houlihan's presentation on "Simplifying Cybersecurity" on Thursday, August 7th, from 10:15-11:05 AM at Mandalay Bay J.The convergence of practical zero trust implementation, cutting-edge threat detection, and automated response capabilities positions ThreatLocker as a key player in the evolving cybersecurity landscape, making their Black Hat presence essential viewing for security professionals seeking comprehensive protection strategies.Keywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operationsLearn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content.Learn more.Guests:John LillistonCybersecurity Director | Threat Detection & Response | SOC Leadership | DFIR | EDR/XDR Strategy | GCFA, GISP | https://www.linkedin.com/in/john-lilliston-4725217b/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerThreatLocker® Welcome Reception | Don't gamble with your security! Join us at Black Hat for a lively Welcome Reception hosted by ThreatLocker®. Meet our Cyber Hero® Team and dive into discussions on the latest advancements in ThreatLocker®Endpoint Security. It's a great opportunity to connect and learn together! ‍‍Time: 7PM - 10PM | Location: Mandalay Bay Complex RSVP below and we'll send you a confirmation email with all the details.[ Welcome Reception RSVP ]Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

As digital infrastructure becomes increasingly interwoven with third-party code, APIs, and AI-generated components, organizations are realizing they can't ignore the origins—or the risks—of their software. Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Sean Martin and Marco Ciappelli to unpack why software supply chain visibility has become a top concern not just for CISOs, but for CEOs as well.Drawing from LevelBlue's Data and AI Accelerator Report, part of their annual Futures Report series, Theresa highlights a striking correlation: 80% of organizations with low software supply chain visibility experienced a breach in the past year, while only 6% with high visibility did. That data underscores the critical role visibility plays in reducing business risk and maintaining operational resilience.More than a technical concern, software supply chain risk is now a boardroom topic. According to the report, CEOs have the highest awareness of this risk—even more than CIOs and CISOs—because of the direct impact on brand reputation, stock value, and partner trust. As Theresa puts it, software has become the “last mile” of digital business, and that makes it everyone's problem.The conversation explores why now is the time to act. Government regulations are increasing, adversarial attacks are intensifying, and organizations are finally beginning to connect software vulnerabilities with business outcomes. Theresa outlines four critical actions: leverage CEO awareness, understand and prioritize vulnerabilities, invest in modern security technologies, and demand transparency from third-party providers.Importantly, cybersecurity culture is emerging as a key differentiator. Companies that embed security KPIs across all business units—and align security with business priorities—are not only more secure, they're also more agile. As software creation moves faster and more modular, the organizations that prioritize visibility and responsibility throughout the supply chain will be best positioned to adapt, grow, and protect their operations.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesTo learn more, download the complete findings of the LevelBlue Threat Trends Report here: https://itspm.ag/levelbyqdpTo download the 2025 LevelBlue Data Accelerator: Software Supply Chain and Cybersecurity report, visit: https://itspm.ag/lbdaf6iLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

What does "secure by default" really mean—and is it enough? In this episode of CyberArk's Security Matters, host David Puner sits down with Scott Barronton, Chief Information Security Officer (CISO) at Diebold Nixdorf, to explore the often-overlooked risks of cloud default settings and how assumptions can lead to vulnerabilities.Drawing on over 25 years in cybersecurity, Scott shares how he balances product and corporate security, leads a global team, and chairs his company's AI steering committee. He discusses the importance of machine identity management, certificate automation, and building security programs that support both innovation and accountability.Plus, Scott reflects on how his passion for travel—including a group trip to Antarctica—informs his leadership style and security mindset.

On this episode, I had the pleasure of speaking with Alison Dixon, the Chief Customer Experience Officer at Portnox, a leader in zero-trust network access control. Alison's unique insights stem from her diverse background, which encompasses various roles in HR, sales enablement, and IT. As we dove into the conversation, Alison shared her journey of building a customer experience organization from the ground up at Portnox, emphasizing the importance of prioritizing customer relationships in a rapidly growing tech environment. Alison recounted her initial days at Portnox, which began as a small startup of about 20 employees. Soon after her arrival, she recognized the pressing need for deeper insights into customer accounts and interactions as the company scaled. Her prior experience as a fundraiser and in HR equipped her with a holistic approach to understanding customer psychology and needs. Through meticulous customer journey mapping, she established strategies that centred on enhancing the overall experience, detailing how each stage of customer interaction contributes to long-term loyalty and satisfaction. We delved into the often transactional mindset prevalent in many organizations, particularly those that prioritize immediate revenue over long-term relationships. Alison argued firmly for a shift towards valuing customer experiences, stating that a lack of focus on building connections could lead to lost opportunities, even for small clients who may evolve into significant partners over time. Her philosophy is clear: if companies establish authentic human connections with their customers, they stand to gain far more than transactional profits. Throughout our discussion, we touched on the high-stakes nature of cybersecurity and how this uniquely shapes customer experience. Alison highlighted the critical importance of maintaining accessibility and support for clients, given the potential risks associated with cybersecurity breaches. She emphasized that customers need confidence in their service providers and need to establish trust through transparent communication, even when addressing negative scenarios. As our conversation progressed, we explored the role of customer experience in product development and overall business strategy. Alison passionately conveyed that understanding customer feedback not only helps retain clients but also informs the direction of product innovation. This perspective has led her team to integrate CX insights into their roadmap, aligning organizational goals with customer expectations. Towards the latter part of the episode, we took a thought-provoking turn into the realm of artificial intelligence in customer experience. Alison expressed cautious optimism about AI's potential but was wary of its increasing deployment without a foundational human element. She underscored the value of genuine interactions and deep understanding through personal connections — a sentiment she has repeatedly validated through firsthand experiences with Portnox customers. In closing, Alison shared her belief that creating exceptional customer experiences is not the sole responsibility of one department but rather a collective effort throughout the entire organization. By fostering a culture that prioritizes customer care and connection, even the smallest companies can achieve remarkable growth. Overall, this episode offered valuable insights into the evolving landscape of customer experience within the cybersecurity industry, highlighting strategies that can lead to sustained success.   Alison's Contact Information: Website: https://www.portnox.com LinkedIn: @alison-dixon-msod   Tacey's Contact Information: Website: taceyatkinson.com All Socials: @TaceyAtkinson   Thank you for tuning in, and I look forward to having more valuable conversations together in the future. Remember: Customer-Centric Cultures Create Magical Customer Experiences. Now Go, Create the Magic!

In a special edition of The POWER Podcast, released in collaboration with the McCrary Institute's Cyber Focus podcast, POWER's executive editor, Aaron Larson, and Frank Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security and Professor of Practice at Auburn University, discuss the evolving power grid and cybersecurity challenges. Specifically, they highlight the shift taking place from centralized power stations to more distributed energy resources, including solar farms and wind turbines. The conversation touches on the importance of a reliable power grid and the need to protect critical infrastructure. “From a national security standpoint, from an economic standpoint, from a public safety standpoint, if you don't have power, all these other systems are somewhat irrelevant,” Cilluffo said. “There's no infrastructure more critical than power.” Cilluffo noted that artificial intelligence (AI) is requiring increasingly more power, which can't be ignored. “If we want to be AI dominant, we can't do that if we're not energy dominant,” said Cilluffo. “The two are in inextricably interwoven—hand in glove. And if you start looking at where the country wants to be technologically, if we want to lead, we really need to continue to double down, triple down, and look at all sorts of sources of energy as well.” While renewables are clearly leading when it comes to new generation being added to the grid today, emerging technologies including small modular reactors, fusion power, deep dry-rock geothermal, and space-based solar power, are on the horizon, promising potentially game-changing energy options. “And not to put a fine point on it, but you mentioned so many different forms of energy, and I'm reminded of the old test, the A, B, C, or D, all of the above. This sounds like it is clearly an all of the above,” Cilluffo proposed. Meanwhile, the enormous energy buildout in China was discussed. China is not just leading, but truly dominating the world in the construction of wind, solar, nuclear, coal, and energy storage projects in 2025, both in terms of capacity and projects under development. This leadership is evident across all five sectors, frequently accounting for the majority, or at least a plurality, of new global construction and installation. “China is a primary focus of a lot of our [Cyber Focus] podcast discussion, but it's a race we cannot afford to lose, whether it's around AI, quantum. And, I think you're spot on; to get there, they recognize the need to really quadruple down on energy,” said Cilluffo. “I still think that we [the U.S.] want to be at the vanguard driving all of this.” And while it's widely known that cybersecurity is critically important to energy systems, it's often not prioritized the way it should be. “Everyone needs to be cyber aware, cyber informed,” Cilluffo said. “These are issues that we have to invest in. It can't be an afterthought. It has to be something that everyone thinks through. And the reality is, don't think it's someone else's problem: a) it's all of our problems, and b) don't think that it can be looked at after the balloon goes up—you need to be thinking all of this well in advance.”

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Keywordscybersecurity, military transition, Tampa cybersecurity, mentorship, cyber law, incident response, private sector, cybersecurity misconceptions, legal perspectives, cybersecurity growth  SummaryIn this episode of No Password Required, hosts Jack Clabby and Kayley Melton sit down with Kurt Sanger — former Deputy General Counsel at U.S. Cyber Command — to talk about the evolving world of cyber law, the wild ride from government service to private sector strategy, and what keeps him grounded in a field that's constantly shifting. Kurt dives into the fast-growing cybersecurity scene in Tampa, the power of mentorship, and why people still get cyber law so wrong. Plus: insights on responding to incidents under pressure and what role the government should (and shouldn't) play in the digital fight.  TakeawaysKurt emphasizes that newcomers to cybersecurity are not as far behind as they think.The transition from military to private sector can be challenging but rewarding.Tampa is becoming a significant hub for cybersecurity talent and companies.Understanding cybersecurity misconceptions is crucial for decision-makers.Mentorship plays a vital role in navigating career challenges in cybersecurity.Military and civilian cyber law have distinct differences in enforcement and flexibility.The stakes in private sector cybersecurity can be incredibly high for clients.Kurt's experience highlights the need for collaboration between government and private sectors.Cybersecurity is an ever-evolving field that requires continuous learning.Kurt finds excitement in helping clients during their most challenging times.  Sound bites "You're only six months behind.""We're all in the same boat.""The government needs to step back."  Chapters 00:00 NPR S6E7 Kurt Sanger52:53 NPR S6E7 Kurt Sanger01:45:47 Introduction to Cybersecurity Conversations01:48:22 Transitioning from Military to Private Sector Cybersecurity01:51:11 The Growth of Tampa as a Cybersecurity Hub01:54:05 Understanding Cybersecurity Misconceptions01:57:15 The Role of Mentorship in Cybersecurity Careers02:00:24 Military vs. Civilian Cybersecurity Law02:03:07 The Excitement of Cyber Command vs. Private Sector02:13:52 High Stakes in Cybersecurity for Small Organizations02:15:44 The Role of Legal Experts in Cybersecurity02:17:21 Translating Technical Jargon for Clients02:18:57 Challenges of Explaining Cyber Operations to Commanders02:22:43 Lifestyle Polygraph: Fun Questions and Insights02:23:30 The 10,000 Hour Rule in Cybersecurity02:29:34 Creative Freedom with LEGO Bricks02:31:27 Tampa's Culinary Delights and Local Favorites

The episode centers on the challenges and opportunities in IoT and OT security, with insights from technical content creator, hardware hacker, and educator Andrew Bellini. It highlights the often-overlooked vulnerabilities of industrial and consumer IoT devices, emphasizing the accessibility of hardware hacking and the need for practical, low-cost educational resources, covering hands-on learning, industry anecdotes, recommendations for securing environments, and advice for newcomers interested in hardware security. Let's connect about IoT Security!Follow Phillip Wylie at https://www.linkedin.com/in/phillipwyliehttps://youtube.com/@phillipwylieThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Russia's flagship airline suffers a major cyberattack. U.S. insurance giant Allianz Life confirms the compromise of personal data belonging to most of its 1.4 million customers. A women's dating safety app spills the tea. NASCAR confirms a data breach. Researchers believe the newly emerged Chaos ransomware group may be a rebrand of BlackSuit. Over 200,000 WordPress sites remain vulnerable to account takeover attacks. Lawmakers introduce legislation to Stop AI Price Gouging and Wage Fixing. States band together to regulate data brokers. My Caveat cohost Ben Yelin explains the impending expiration of the Cybersecurity and Information Sharing Act. Expel missed the mark, but nails the apology. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies, and co-host on the Caveat podcast, on the impending expiration of the Cybersecurity and Information Sharing Act. If you enjoyed this conversation, head on over to the Caveat podcast to hear more from Ben. Selected Reading Russia's Aeroflot cancels flights after pro-Ukrainian hackers claim massive cyberattack (Reuters) Allianz Life says 'majority' of customers' personal data stolen in cyberattack (TechCrunch) Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan (404 Media) NASCAR Confirms Personal Information Stolen in Ransomware Attack (SecurityWeek) BlackSuit Ransomware Group Transitioning to 'Chaos' Amid Leak Site Seizure (SecurityWeek) Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks (Bleeping Computer) Congress introduces bill to ban AI surveillance pricing (The Register) An inside look into how a coalition of state legislators plan to take on data brokers (The Record) An important update (and apology) on our PoisonSeed blog (Expel) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

01:02:27 – Social Media Gossip Culture and the Tea App FalloutThe leak of private data from the Tea App highlights how gossip-driven platforms manipulate users through dopamine feedback loops. Shallow validation from exposing others has fueled massive privacy violations, revealing the dark psychology behind social media. 01:25:16 – Open Door to Exploitation: No Firewall, No ConsentSensitive user data was left in an unencrypted, publicly accessible folder—no hack required, just a URL. The incident showcases staggering corporate negligence and reflects a broader pattern of irresponsibility across the tech industry. 02:02:56 – Buttigieg and the Absurdity of Infrastructure Theater“Secretary Pothole Pete” becomes a symbol of bureaucratic failure. Despite leading the nation's infrastructure efforts, Buttigieg is portrayed as more focused on photo ops and PR than on fixing anything tangible. 02:24:07 – Police, Public Service, and Institutional CorruptionThe “good cop vs. bad cop” debate is reframed to expose systemic corruption while recognizing that some individuals within law enforcement still try to do right. Calls are made for reform through elected sheriffs and transparency for ICE agents—even at personal risk. 02:31:16 – Trump's Armored Golf Cart: Optics of Fear and ControlTrump's reinforced golf cart, mockingly dubbed “Golf Force One,” becomes a surreal symbol of elite paranoia. Amid public unrest, the image of armored leisure underscores how far the security theater has gone—even on the putting green. 02:50:50 – McIdentity Theft: Hacking Fast Food WorkersA sarcastic take questions why anyone would hack into a database of McDonald's job applicants. The fictional “McHack” highlights how digital incompetence and overreach put even low-wage workers at risk—proof that no one is safe in the age of sloppy cybersecurity. 03:43:18 – AI for Kids Will End in DisasterElon Musk's child-friendly AI faces scathing criticism as a ticking time bomb. The concern: once jailbroken, these tools could be weaponized—psychologically or worse. Turning children over to digital systems is portrayed as reckless and morally indefensible. 03:51:44 – AI's Creeping Autonomy and Consumer AbuseA warning laced with dark humor imagines AI bots signing users up for services they never requested. Beneath the joke lies a serious concern: as AI systems gain autonomy, they're being engineered to deceive, manipulate, and override human consent. Follow the show on Kick and watch live every weekday 9:00am EST – 12:00pm EST https://kick.com/davidknightshow Money should have intrinsic value AND transactional privacy: Go to https://davidknight.gold/ for great deals on physical gold/silverFor 10% off Gerald Celente's prescient Trends Journal, go to https://trendsjournal.com/ and enter the code KNIGHTFind out more about the show and where you can watch it at TheDavidKnightShow.com If you would like to support the show and our family please consider subscribing monthly here: SubscribeStar https://www.subscribestar.com/the-david-knight-showOr you can send a donation throughMail: David Knight POB 994 Kodak, TN 37764Zelle: @DavidKnightShow@protonmail.comCash App at: $davidknightshowBTC to: bc1qkuec29hkuye4xse9unh7nptvu3y9qmv24vanh7Become a supporter of this podcast: https://www.spreaker.com/podcast/the-david-knight-show--2653468/support.

Linux Namespaces Linux namespaces can be used to control networking features on a process-by-process basis. This is useful when trying to present a different network environment to a process being analysed. https://isc.sans.edu/diary/Sinkholing%20Suspicious%20Scripts%20or%20Executables%20on%20Linux/32144 Coyote in the Wild: First-Ever Malware That Abuses UI Automation Akamai identified malware that takes advantage of Microsoft s UI Automation Framework to programatically interact with the user s system and steal credentials. https://www.akamai.com/blog/security-research/active-exploitation-coyote-malware-first-ui-automation-abuse-in-the-wild Testing REST APIs with Autoswagger The tool Autoswagger can be used to automate the testing of REST APIs following the OpenAPI/Swagger standard. https://github.com/intruder-io/autoswagger/

Cybersecurity expert Nick Mullen shares how you can protect your business from cyber attacks. Small businesses are often the target for today's most dangerous cyber threats. Show Notes Page: https://www.thehowofbusiness.com/575-nick-mullen-cyber-security/ Cyberattacks are no longer just a threat to large corporations - small business owners are now the most frequent and most vulnerable targets. In this episode of The How of Business, Henry Lopez speaks with cybersecurity expert and Entoo Security founder Nick Mullen about how you can protect your business from cyber attacks using clear, practical, and affordable strategies. Nick breaks down the modern cyber threat landscape, including: Ransomware and extortion scams AI-powered phishing emails and voice impersonations The myth of "I'm too small to be a target" The importance of email access controls and proper backups They also explore the FTC Safeguards Rule, which now applies to many more small businesses, and what it means to be compliant. Nick emphasizes the importance of understanding where your data lives, limiting who can access it, and training your team to spot threats before they cause damage. “You might think you're too small to be a target, but $50,000 is a huge payday for a criminal overseas—and they can attack thousands of small businesses every day,” Nick warns. Whether you run a solo business or have a growing team, this episode will give you the clarity and steps you need to protect what you've worked so hard to build. Nick Mullen is the founder of N2 Security, a full-service cybersecurity firm helping small businesses including accountants, bookkeepers, and service providers meet compliance standards and avoid devastating cyberattacks. He has nearly two decades of experience in security, compliance, and governance. This episode is hosted by Henry Lopez. The How of Business podcast focuses on helping you start, run, grow and exit your small business. The How of Business is a top-rated podcast for small business owners and entrepreneurs. Find the best podcast, small business coaching, resources and trusted service partners for small business owners and entrepreneurs at our website https://TheHowOfBusiness.com

In this episode, host Jethro Jones discusses the crucial topic of AI and cybersecurity with Sam Bourgeois, an experienced IT director with a background in private industry and education. The conversation covers the importance of AI standards, the ethical implications of AI use, and the need for cybersecurity awareness among young people. Sam introduces 'Make It Secure Academy,' an innovative platform aimed at educating students about cybersecurity through interactive and engaging methods. The episode emphasizes the critical need to incorporate these lessons into everyday education to protect children in an increasingly digital world.Cybertraps PodcastAI Standards, AI Ethics, and Cybersecurity for kids.Working for a company that has an International footprint How to support someone who wants to bring on tools. Guardrails, not blockade. NISTRegulations around AIIs it worthwhile for kids to learn standards about AI usage. A student should know and recognize there are correct and incorrect ways to use AI. With great power comes great responsibility. MakeITsecure academyOnce data is exposed, they're being watched and tracked all the timeKids will turn 18 with data exposed for years. How to teach kids without it being a gotcha! On a mission to protect every kid, one kid at a time. About Sam BourgeoisSam is the leader of a large managed services provider in the US serving global customers ranging from defense to education. He is the Sr. Dir. of Technology and Cybersecurity and leads the visioning of new products and services, oversees DEVSECOPs teams and serves as the cyber leader of the organization and many clients. He has deep telecommunication, IT, education, and corporate training industry experiences, and is passionate about serving those in need whether it's in Rotary or non-profit board membership. Socials: @makeitsecurellc = insta, Fbhttps://www.linkedin.com/company/102108099Webpresence LLC - https://www.makeitsecurellc.com/home501c3 - https://www.make-it-secure.org/LMS - https://makeitsecure.academy/Intro to the LMS and Courses - https://youtu.be/xEyFXhe6Z3E  We're thrilled to be sponsored by IXL. IXL's comprehensive teaching and learning platform for math, language arts, science, and social studies is accelerating achievement in 95 of the top 100 U.S. school districts. Loved by teachers and backed by independent research from Johns Hopkins University, IXL can help you do the following and more:Simplify and streamline technologySave teachers' timeReliably meet Tier 1 standardsImprove student performance on state assessments