Podcasts about cyber threats

Attack on a computer system

  • 752PODCASTS
  • 1,594EPISODES
  • 30mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jun 19, 2025LATEST
cyber threats

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about cyber threats

Show all podcasts related to cyber threats

Latest podcast episodes about cyber threats

Today in Health IT
2 Minute Drill: Iran Cyber Threats, Microsoft Scams, and the 1300% Deepfake Surge with Drex DeFord

Today in Health IT

Play Episode Listen Later Jun 19, 2025 3:14 Transcription Available


Drex breaks down three critical cybersecurity developments healthcare organizations need to monitor. First, escalating geopolitical tensions suggest increased cyber attacks from Iran and allied nations targeting U.S. critical infrastructure, including healthcare systems. Second, Vanderbilt University Medical Center reports sophisticated Microsoft Teams impersonation attacks where scammers pose as supervisors to request urgent actions like software installation or payments. Finally, deepfake fraud attempts skyrocketed 1300% in 2024, with new "spoofing as a service" platforms making AI-powered voice and video scams more accessible to cybercriminals. Healthcare IT leaders should prepare defenses against these evolving threats and educate staff on verification protocols for suspicious requests.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Microsoft Threat Intelligence Podcast
A Peek Inside Microsoft's Global Fight Against Cyber Threats

Microsoft Threat Intelligence Podcast

Play Episode Listen Later Jun 11, 2025 46:21


Recorded live at RSAC 2025, this special episode of the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo, brings together Jeremy Dallman from the Microsoft Threat Intelligence and Steven Masada from Microsoft's Digital Crimes Unit.   The panel explores the psychology and techniques behind nation-state and criminal cyber actors, how Microsoft innovatively uses legal and technical disruption to dismantle threats like Cobalt Strike and Storm-2139, and the growing trend of adversaries leveraging AI. From North Korean fake job interviews to China's critical infrastructure infiltration, this episode highlights how Microsoft is staying ahead of the curve—and sometimes even rewriting the playbook.  In this episode you'll learn:       How targeting attacker techniques is more effective than chasing specific actors  The surprising ways threat actors use AI—for productivity, not just deepfakes  Why North Korean threat actors are building full-blown video games to drop malware  Some questions we ask:      What's the role of Microsoft's Digital Crimes Unit and how is it unique in the industry?  Why should cybersecurity professionals read legal indictments?  What impact did Microsoft's legal actions have on tools like Cobalt Strike and Quakbot?  Resources:   View Jeremy Dallman on LinkedIn   View Steven Masada on LinkedIn   View Sherrod DeGrippo on LinkedIn   Bold action against fraud: Disrupting Storm-1152    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Connected FM
Cyber Threats Aren't Just IT's Problem Anymore

Connected FM

Play Episode Listen Later Jun 10, 2025 13:22


In today's episode Lucian Niemeyer, CEO of Building Cybersecurity, joins Stacey Shepard, the President of Shepard Global Strategies to explore how IFMA's new partnership with BCS is helping facility managers better understand and manage cyber risks. Together they discuss Lcuian's background at the United States Department of Defense to developing a 16-step cybersecurity framework that is available for free for facility managers. They highlight how training, collaboration, and proactive strategies are reshaping cyber safety in the built environment to drive safer, smarter facility management practices.This episode is sponsored by ABM! Learn more about ABM here.  Connect with Us:LinkedIn: https://www.linkedin.com/company/ifmaFacebook: https://www.facebook.com/InternationalFacilityManagementAssociation/Twitter: https://twitter.com/IFMAInstagram: https://www.instagram.com/ifma_hq/YouTube: https://youtube.com/ifmaglobalVisit us at https://ifma.org

Cyber Security Today
Cybersecurity Month in Review: Uncovering Digital and Physical Threats

Cyber Security Today

Play Episode Listen Later Jun 7, 2025 48:37 Transcription Available


  In this episode of the 'Cybersecurity Today: The Month in Review' show, host Jim welcomes regular guests Laura Payne and David Shipley, along with newcomer Anton Levaja. The trio dives deep into various cybersecurity stories, analyzing trends, threats, and recent incidents. Topics include the intriguing Mystery Leaker exposing cyber criminals, the rise and sophistication of LockBit ransomware, the devastating ransomware attack on Coinbase and their bold counter-response, and the physical dangers faced by cryptocurrency entrepreneurs. The episode also highlights the innovation in law enforcement tactics and the pressing need for better cybersecurity awareness and education. They wrap up on a hopeful note, showcasing a young scout's inspiring project on cyber fraud prevention that gained support from the local police. 00:00 Introduction and Panelist Welcome 00:38 Show Format and Story Introduction 01:28 The Mystery Leaker Story 03:35 Law Enforcement and Cyber Crime 10:51 Coinbase Ransomware Incident 18:04 Physical Threats in the Crypto World 24:56 Operation Shamrock and Organized Crime 25:19 Breaking News: Kidnapping Mastermind Arrested 26:18 Quishing: The Clever Side of Cybercrime 27:11 QR Code Scams and Consumer Protection 31:08 Generational Differences in Cyber Threats 32:05 The Evolution of Cyber Attacks 38:40 Physical Crime in the Digital Age 41:10 Law Enforcement and Cybersecurity 43:55 Government Surveillance and Privacy Concerns 46:08 Feel-Good Story: Young Cybersecurity Advocate

The CyberWire
AVCheck goes dark in Operation Endgame.

The CyberWire

Play Episode Listen Later Jun 2, 2025 29:16


An international law enforcement operation dismantles AVCheck. Trump's 2026 budget looks to cut over one thousand positions from CISA. Cyber Command's defensive wing gains sub-unified command status. A critical vBulletin vulnerability is actively exploited. Acreed takes over Russian markets as credential theft kingpin. Qualcomm patches three actively exploited zero-days in its Adreno GPU drivers. Researchers unveil details of a Cisco IOS XE Zero-Day. Microsoft warns a memory corruption flaw in the legacy JScript engine is under active exploitation. A closer look at the stealthy Lactrodectus loader. On today's Afternoon Cyber Tea, Ann Johnson speaks with Hugh Thompson, RSAC program committee chair. Decoding AI hallucinations with physics. Complete our annual audience survey before August 31. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have our Afternoon Cyber Tea segment with Ann Johnson. On today's episode, Ann speaks with Hugh Thompson, RSAC program committee chair, as they discuss what goes into building the RSA Conference. Selected Reading Police takes down AVCheck site used by cybercriminals to scan malware (Bleeping Computer) DHS budget request would cut CISA staff by 1,000 positions (Federal News Network) Cybercom's defensive arm elevated to sub-unified command (DefenseScoop) vBulletin Vulnerability Exploited in the Wild (SecurityWeek) Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown (Infosecurity Magazine) Qualcomm fixes three Adreno GPU zero-days exploited in attacks (Bleeping Computer) Exploit details for max severity Cisco IOS XE flaw now public (Bleeping Computer) Microsoft Scripting Engine flaw exploited in wild, Proof-of-Concept published (Beyond Machines) Latrodectus Malware Analysis: A Deep Dive into the Black Widow of Cyber Threats in 2025 (WardenShield) The Root of AI Hallucinations: Physics Theory Digs Into the 'Attention' Flaw  (SecurityWeek) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Data Breach Today Podcast
Genetic Data: Emerging Cyberthreats and Privacy Concerns

Data Breach Today Podcast

Play Episode Listen Later May 30, 2025


Info Risk Today Podcast
Genetic Data: Emerging Cyberthreats and Privacy Concerns

Info Risk Today Podcast

Play Episode Listen Later May 30, 2025


Trust Issues
EP 8 - Zero Trust, Zero Chill: Securing Machine Identity

Trust Issues

Play Episode Listen Later May 28, 2025 45:08


In this episode of Security Matters, host David Puner welcomes Kevin Bocek, CyberArk SVP of Innovation, for an insightful discussion on the critical role of machine identity in modern cybersecurity. As digital environments become increasingly complex, securing machine identities has never been more crucial.According to the CyberArk 2025 Identity Security Landscape, machine identities now outnumber human identities by more than 80 to 1. As organizations scale cloud workloads and automation, these identities are becoming a critical part of the cybersecurity frontline. From TLS certificate outages to API key exposures, failures in machine identity management can lead to outages, breaches, and cascading system failures. In this episode of Security Matters, Kevin Bocek explains why this moment is pivotal for getting machine identity right—and how Zero Trust principles, automation, and visibility are essential to building cyber resilience.We also explore the future of identity security—from AI kill switches and agentic AI to quantum threats—and how identity can serve as both a safeguard and a kill switch in the age of autonomous systems.Whether you're a cybersecurity professional or simply interested in the latest security trends, this episode offers valuable insights into the importance of machine identity in safeguarding our digital world. Don't forget to subscribe, leave a review, and follow Security Matters for more expert discussions on the latest in cybersecurity.

@BEERISAC: CPS/ICS Security Podcast Playlist
Real-World Cyber Threats in Healthcare: Balancing Tech, Training, and Human Safety

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later May 28, 2025 29:59


Podcast: IoT Security Podcast (LS 24 · TOP 10% what is this?)Episode: Real-World Cyber Threats in Healthcare: Balancing Tech, Training, and Human SafetyPub date: 2025-05-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCybersecurity in healthcare is facing heightened challenges as regulations shift, IoT devices proliferate, and ransomware attacks become increasingly devastating. Josh Spencer, Founder, and CIO at FortaTech Security and with over fifteen years in the field including time as CISO/CTO at UT Southwestern, explores why HIPAA changes are necessary, the high stakes of securing medical devices, and how both technology and culture play roles in protecting patient data and safety. The conversation breaks down risks, practical mitigation strategies, and the ongoing evolution of both threats and defensive tools -- including AI --  and covers the evolving HIPAA landscape and the move from “addressable” to required controls, ransomware's impact on hospitals and patient safety, challenges and best practices in securing connected medical (IoT/OT) devices, the importance of real-world risk assessment and penetration testing in healthcare, and human factors, including security awareness training and leveraging AI both for defense and as a threat. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

IoT Security Podcast
Real-World Cyber Threats in Healthcare: Balancing Tech, Training, and Human Safety

IoT Security Podcast

Play Episode Listen Later May 27, 2025 29:59


Cybersecurity in healthcare is facing heightened challenges as regulations shift, IoT devices proliferate, and ransomware attacks become increasingly devastating. Josh Spencer, Founder, and CIO at FortaTech Security and with over fifteen years in the field including time as CISO/CTO at UT Southwestern, explores why HIPAA changes are necessary, the high stakes of securing medical devices, and how both technology and culture play roles in protecting patient data and safety. The conversation breaks down risks, practical mitigation strategies, and the ongoing evolution of both threats and defensive tools -- including AI --  and covers the evolving HIPAA landscape and the move from “addressable” to required controls, ransomware's impact on hospitals and patient safety, challenges and best practices in securing connected medical (IoT/OT) devices, the importance of real-world risk assessment and penetration testing in healthcare, and human factors, including security awareness training and leveraging AI both for defense and as a threat. Let's connect about IoT Security!Follow Phillip Wylie at https://www.linkedin.com/in/phillipwyliehttps://youtube.com/@phillipwylieThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Storm⚡️Watch by GreyNoise Intelligence
ASUS Router Botnet Attack: AI Uncovers Hidden Backdoor

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later May 27, 2025 64:03


Forecast = Mostly cloudy with a chance of rogue SSH access—keep your patches up to avoid a phishy forecast! Welcome to Storm⚡️Watch, where we unpack the latest in cybersecurity threats, research, and the tools that keep the digital world safe. In this episode, we invite GreyNoise Security Architect and researcher Matthew Remacle (a.k.a., Remy) to kick things off with a deep dive into a fascinating and highly sophisticated botnet campaign targeting ASUS routers—a story that starts with a little help from machine learning and ends with some hard lessons for defenders everywhere. GreyNoise researchers spotted this campaign using SIFT, their AI-powered network traffic analyzer, which sifted through more than 23 billion network entries and managed to flag just 30 suspicious payloads targeting ASUS routers. What made this botnet stand out was its surgical precision and stealth—far from the usual noisy, attention-grabbing attacks. The attackers knew exactly what they were doing, focusing on disabling TrendMicro security features embedded in the routers, essentially breaking in by first turning off the alarm. The attack chain reads like a masterclass in persistence: brute force and clever authentication bypasses got them in the door, a null byte injection tricked the router's authentication system, and a command injection vulnerability allowed them to manipulate logging features in a way that opened up even more attack paths. The real kicker? The final backdoor was installed using legitimate ASUS features, meaning it could survive firmware updates and stay hidden from traditional detection methods. This campaign affected thousands of routers globally, with over 4,800 compromised devices detected and counting. Even after ASUS released a patch—adding character validation rather than fixing the underlying flaw—researchers found that the fundamental vulnerability remained, and attackers could potentially work around the patch. This story highlights the ongoing challenges in IoT security: complexity breeds vulnerability, persistence is a nightmare to detect and remove when attackers use legitimate features, and patches often address symptoms rather than root causes. It's a reminder that traditional signature-based detection is no longer enough—behavioral analysis and AI-driven anomaly detection are now essential for spotting these advanced threats. We also touch on the bigger picture: the evolving cat-and-mouse game between attackers and defenders, the importance of defense in depth, and why understanding normal network behavior is more critical than ever. Plus, we look at the human element—attackers who are patient, technically sophisticated, and deeply aware of how to evade detection. For organizations, the takeaways are clear: defense in depth, behavioral monitoring, asset management, and patch management are all non-negotiable. And for everyone else, it's a reminder that the devices we trust to protect us are themselves complex and potentially vulnerable computers. Later in the episode, we take a closer look at vulnerability scoring systems—CVSS, EPSS, and SSVC—and why reading between the scores is so important for risk management. We also highlight the value of fresh, actionable data from sources like Censys and VulnCheck, and round things out with a nod to the ongoing conversation happening on the GreyNoise blog. Thanks for tuning in to Storm⚡️Watch. Stay vigilant, keep learning, and remember: in cybersecurity, the difference between safe and compromised can be as subtle as a single null byte. Storm Watch Homepage >> Learn more about GreyNoise >>  

Cyber Security Today
Unraveling Cyber Threats: Ransomware, Kidnapping, and Record-Breaking DDoS Attacks

Cyber Security Today

Play Episode Listen Later May 26, 2025 9:47


In this episode of Cybersecurity Today, host David Shipley dives into several alarming cyber incidents. The show starts with Nova Scotia Power's confirmation of a ransomware attack that forced the shutdown of customer-facing systems and led to data being published on the dark web. The company decided not to pay the ransom, adhering to law enforcement guidance and sanctions laws. A shocking case in New York follows, involving a crypto investor charged with kidnapping and torturing a man to obtain his Bitcoin wallet password. The next segment highlights a record-setting DDoS botnet, Aisuru, which performed a test attack that peaked at 6.3 terabits per second, posing a disproportionate threat to online retailers. The final story covers Microsoft's controversial AI feature, Recall, which takes screenshots every three seconds and raises significant privacy concerns. The episode underscores the growing need for robust cybersecurity measures and effective legislation. 00:00 Introduction and Headlines 00:30 Nova Scotia Power Ransomware Attack 02:57 Ransomware Trends and Statistics 03:51 Operation End Game: A Global Win Against Ransomware 04:25 Crypto Investor's Shocking Crime 05:57 Record-Breaking DDoS Botnet 07:36 Microsoft's Controversial AI Feature Recall 09:10 Conclusion and Sign-Off

NucleCast
General (Ret) Glen VanHerck: Cyber Threats and Homeland Defense Strategies

NucleCast

Play Episode Listen Later May 20, 2025 34:26


General VanHerck, former commander of U.S. Northern Command, shares his insights on deterrence, homeland defense, and the evolving threats facing the United States. He emphasizes the importance of cyber awareness, missile defense, and the need for a layered approach to national security. He also stresses the significance of relationships with allies and partners, the future of space defense, and the necessity for long-range strike capabilities and his wishes for a more agile defense acquisition process and the importance of investing in foundational infrastructure. Glen VanHerck is a visionary senior leader leveraging more than 36 years of service culminating as commander of both the North American Aerospace Defense Command and United States Northern Command. He brings a wealth of experience in strategy and policy development, and joint planning and operations. Glen is the Principal at Glen VanHerck Advisors, LLC. He is a Senior Fellow at the National Defense University and Johns Hopkins University Applied Physics Lab. He serves as an advisor to multiple companies spanning various industry sectors and is a board member of First State Community Bank in his hometown.Glen served for nearly 37 years on active duty in the United States Air Force, in multiple assignments spanning fighter, bomber, and training operations including serving as a United States Air Force Weapons School Instructor in the F-15C and the B-2A. He commanded two squadrons, an operations group, and two operational wings. He also commanded the United States Air Force Warfare Center at Nellis AFB, Nevada.Socials:Follow on Twitter at @NucleCastFollow on LinkedIn: https://linkedin.com/company/nuclecastpodcastSubscribe RSS Feed: https://rss.com/podcasts/nuclecast-podcast/Rate: https://podcasts.apple.com/us/podcast/nuclecast/id1644921278Email comments and topic/guest suggestions to NucleCast@anwadeter.org

The Jerich Show Podcast
From Rogue Radios to Hijacked Chips: Cyber Threats Go Global!

The Jerich Show Podcast

Play Episode Listen Later May 16, 2025 25:34


In this episode of The Jerich Show, join your favorite cybersecurity duo, Erich Kron and Javvad Malik, as they dive into some truly wild cybercrime stories making headlines around the globe. Hackers who've been terrorizing UK retailers have hopped the pond to target US companies, while Japan's bold plan to double its cybersecurity workforce might mean saying sayonara to tough certifications. Meanwhile, the EU arms defenders with a shiny new vulnerability database, and the discovery of rogue communication devices lurking in Chinese-made solar inverters sparks fresh paranoia. Plus, could your CPU itself soon be held hostage by ransomware? Tune in for laughs, insights, and a healthy dose of cyber skepticism! Stories from the show: Hackers behind UK retail attacks now targeting US companies https://www.bleepingcomputer.com/news/security/google-scattered-spider-switches-targets-to-us-retail-chains/ Japan aims to double cybersecurity specialists by 2030, relax certification requirements https://asianews.network/japan-aims-to-double-cybersecurity-specialists-by-2030-relax-certification-requirements/ EU launches vulnerability database to tackle cybersecurity threats https://therecord.media/eu-launches-vulnerability-database CPU microcode hack could infect processors with ransomware directly https://www.techradar.com/pro/security/cpu-microcode-hack-could-infect-processors-with-ransomware-directly ‘Rogue' communication devices found on Chinese-made solar power inverters https://www.utilitydive.com/news/rogue-communication-devices-found-on-chinese-made-solar-power-inverters/748242/

The Tara Show
Cyber Threats, Power Grid Vulnerability, and Child Trafficking A Nation in Crisis

The Tara Show

Play Episode Listen Later May 15, 2025 17:10


This explosive segment uncovers the mounting national security risks posed by Chinese cyber intrusions into America's critical infrastructure—including water treatment plants, nuclear facilities, and the power grid—allegedly as retaliation for U.S. support of Taiwan. It also delves into the Biden administration's response, or lack thereof, and the disturbing discovery of rogue communication devices embedded in Chinese-manufactured power inverters. The second half shifts focus to allegations of systemic child trafficking under the Biden administration, spotlighting whistleblower accounts and accusations that deliberate policy rollbacks have enabled traffickers to exploit migrant children. Featuring commentary from Laura Ingraham, Sen. Josh Hawley, Brianna Morello, and RFK Jr., this is a sobering look at issues too critical to ignore.

Security Squawk
Only 4% Are Ready for AI Cyber Threats—Are You One of Them?

Security Squawk

Play Episode Listen Later May 13, 2025 46:15


Cyber threats are evolving—and fast. In this episode of Security Squawk, we investigate Alabama's mysterious “cybersecurity event,” expose the growing threat of callback phishing from the Silent Ransom Group, and reveal why Lee Enterprises had to spend $2 million to recover from a ransomware attack. Plus, we dive into a Cisco study showing that just 4% of companies are prepared to face AI-powered cyber threats. Tune in as Bryan, Randy, and Andre break down what this means for your business and how to stay ahead of the game. Topics Discussed: Alabama's state-level cyber “event” SilentRansomGroup & Luna Moth callback phishing BEC remains strong despite drop in cyber claims Lee Enterprises' $2M ransomware recovery Cisco's shocking AI-era threat readiness stat Future of AI-powered ransomware M&S and Co-op attack updates

Cyber Security Today
Cyber Threats Target HR, AI Tools, and Critical Infrastructure: A Comprehensive Update

Cyber Security Today

Play Episode Listen Later May 12, 2025 8:07 Transcription Available


In this episode of Cybersecurity Today, host David Shipley covers a range of cyber threats including the Venom Spider malware targeting HR professionals, the emergence of the Noodlofile info stealer disguised as an AI video generator, and misinformation campaigns amid the India-Pakistan conflict. Additionally, the episode discusses warnings from U.S. agencies about cyberattacks on the oil and gas sector, and highlights a recent interview with whistleblower Daniel Brules about security lapses at the National Labor Relations Board. 00:00 Introduction and Overview 00:33 Venom Spider Targets HR Professionals 02:12 Fake AI Video Generators and Noodlofile Malware 03:41 Misinformation Amid India-Pakistan Conflict 05:40 US Oil and Gas Infrastructure Under Threat 07:22 Conclusion and Final Thoughts

CanCon Podcast
Half of the internet is bots and they're feeding you lies

CanCon Podcast

Play Episode Listen Later May 12, 2025 44:47


“Bad actors are weaponizing AI faster than governments and enterprises are using AI to combat it.” New data shows that more than half of all internet traffic comes from bots, and a third of those bots have malicious intent. Koat.ai co-founder Connor Ross joins to discuss the impact of the disinformation and defamation campaigns these bots run, how governments and enterprises are unprepared for this AI-driven explosion, and why the social networks are doing nothing to stop it. The BetaKit Podcast is presented by OVHcloud, the global cloud provider trusted by innovators worldwide. OVHcloud offers transparent, sovereign cloud solutions designed to help you build on your own terms—without vendor lock-in or hidden fees. With over 80 services available, you can build and scale your infrastructure confidently, knowing your data is hosted in Canada and supported by 44 data centres globally. Visit ovhcloud.com to get started with trusted cloud built for scale. Related links: 2025 bad bot report Cyber Threats to Canada's Democratic Process: 2025 Update

Communism Exposed:East and West
CISA Director Highlights US Efforts to Protect Against Chinese Cyber Threats

Communism Exposed:East and West

Play Episode Listen Later May 9, 2025 2:47


Voice-Over-Text: Pandemic Quotables
CISA Director Highlights US Efforts to Protect Against Chinese Cyber Threats

Voice-Over-Text: Pandemic Quotables

Play Episode Listen Later May 9, 2025 2:47


GovCast
TechNet 2025: CMMC Needs to Adapt to Evolving Cyber Threats

GovCast

Play Episode Listen Later May 8, 2025 13:29


According to officials, the Defense Department's Cybersecurity Maturity Model Certification (CMMC) program is a national secutity imperative to protect intellectual property and maintain an American competitive advantage in defense technology. At AFCEA TechNet 2025 in Baltimore, Katie Arrington, performing the duties of the DOD CIO, says CMMC needs to adapt dynamically to evolving cyber threats. With evolving tech like AI and quantum, acquisition rules need to adjust to evolving technologies while maintaining security standards. Arrington says that the Defense Department needs to continue to streamline cyber requirements through required standards, guidance and executive orders. She also discusses the need for a cultural shift towards continuous cybersecurity, the new Software Fast Track Initiative and baking cybersecurity into all DOD functions.

TechSurge: The Deep Tech Podcast
Leading Through Chaos: John Chambers on Tariffs, Cyber Threats, & the AI Supercycle

TechSurge: The Deep Tech Podcast

Play Episode Listen Later May 8, 2025 39:37


Competition, growth, tariffs, hacks, AI – what does it take to be an effective leader today? John Chambers, former CEO and Executive Chairman of Cisco and founder of JC2 Ventures, joins TechSurge host Sriram Viswanathan to share valuable wisdom on leading and growing businesses through times of significant change. As a leader who has transitioned from the c-suite to venture capital and now mentoring founders in emerging technology sectors, John has seen it all. He shares lessons from his time leading one of the world's most influential networking companies at Cisco (the most valuable company in the world at the time), revealing what he learned while growing it from a challenger networking company into a $50 billion tech powerhouse, sharing how Cisco achieved and maintained its market leadership, particularly his bold M&A strategies. John offers hard‑won insights on navigating major technology shifts in AI, cloud, security, and more. Today's founders and executives will find practical frameworks, real‑world war stories, and counterintuitive advice to help survive and thrive in an era of continual disruption. If you enjoy this episode, please subscribe and leave us a review on your favorite podcast platform. Sign up for our newsletter at techsurgepodcast.com for exclusive insights and updates on upcoming TechSurge Live Summits.Links:Explore John Chambers' family office and venture firm at JC2 VenturesRead John Chambers' book “Connecting the Dots” on AmazonDiscover the organization John chaired for eight years US-India Strategic Partnership ForumLearn about the company John and Sriram have invested in together at ParkourSCFind out about the deep fake detection company Pin DropLearn about the cybersecurity company Rubrik

ICT Pulse Podcast
ICTP 350: 2025 Expert Insight update on cyber threats and security in the Caribbean, with Obika Gellineau of Fujitsu Caribbean

ICT Pulse Podcast

Play Episode Listen Later May 7, 2025 66:50


In the second instalment in our Expert Insights series on cyber threats and security for 2025, we are joined once again by Obika Gellineau, of Fujitsu Caribbean. During this conversation, Obika shares his thoughts on, among other things:   *  the changes in the threat landscape that have occurred since our last conversation in 2024;   *   the cybersecurity job market and the expertise that is being demanded;   *   the link between digital sovereignty and cybersecurity; and   *   three things organisations should be doing in 2025 to improve their network/IT security.   The episode, show notes and links to some of the things mentioned during the episode can be found on the ICT Pulse Podcast Page (www.ict-pulse.com/category/podcast/)       Enjoyed the episode?  Do rate the show and leave us a review!       Also, connect with us on: Facebook – https://www.facebook.com/ICTPulse/   Instagram –  https://www.instagram.com/ictpulse/   Twitter –  https://twitter.com/ICTPulse   LinkedIn –  https://www.linkedin.com/company/3745954/admin/   Join our mailing list: http://eepurl.com/qnUtj    Music credit: The Last Word (Oui Ma Chérie), by Andy Narrell Podcast editing support:  Mayra Bonilla Lopez ----------------

Storm⚡️Watch by GreyNoise Intelligence
Biggest Cybersecurity Threats EXPOSED: Zero-Day Attacks, Chinese Hackers & Enterprise Breaches

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later May 6, 2025 52:42


Forecast = Cloudy with a chance of zero-days-watch for Spellbinder storms and scattered Git leaks! ‍ On this episode of Storm⚡️Watch, the crew dives into the fast-moving world of vulnerability tracking and threat intelligence, spotlighting how defenders are moving beyond the traditional CVE system to keep pace with real-world attacks. The show kicks off with a look at the latest listener poll, always a source of lively debate, before jumping into some of the most pressing cybersecurity stories of the week. A major focus of this episode is the recent revelation that a China-aligned APT group, dubbed TheWizards, is using a tool called Spellbinder to abuse IPv6 SLAAC for adversary-in-the-middle attacks. This technique lets attackers move laterally through networks by hijacking software update mechanisms-specifically targeting popular Chinese applications like Sogou Pinyin and Tencent QQ-to deliver malicious payloads such as the modular WizardNet backdoor. The crew unpacks how this approach leverages IPv6's stateless address autoconfiguration to intercept and redirect legitimate traffic, underscoring the evolving sophistication of lateral movement techniques in targeted campaigns. The episode then turns to Google's 2024 zero-day exploitation analysis, which reports a drop in the total number of zero-days exploited compared to last year but highlights a worrying shift: attackers are increasingly targeting enterprise products and infrastructure. Microsoft, Ivanti, Palo Alto Networks, and Cisco are among the most targeted vendors, with nearly half of all zero-day exploits now aimed at enterprise systems and network appliances. The discussion covers how attackers are chaining vulnerabilities for more impactful breaches and why defenders need to be vigilant as threat actors pivot to harder-to-monitor enterprise environments. Censys is in the spotlight for its recent research and tooling, including a new Ports & Protocols Dashboard that gives organizations granular visibility into their attack surface across all ports and protocols. This helps teams quickly spot risky exposures and misconfigurations, making it easier to prioritize remediation efforts and automate alerting for high-risk assets. The crew also highlights Censys's collaborative work on botnet hunting and their ongoing push to retire stale threat indicators, all of which are reshaping proactive defense strategies. runZero's latest insights emphasize the importance of prioritizing risks at the asset stack level, not just by CVE. The crew explains how misconfigurations, outdated software, and weak network segmentation can create stacked risks that traditional scanners might miss, urging listeners to adopt a more holistic approach to asset management and vulnerability prioritization. Rounding out the episode, GreyNoise shares new research on a dramatic spike in scanning for Ivanti Connect Secure VPNs and a surge in crawling activity targeting Git configuration files. These trends highlight the persistent risk of codebase exposure and the critical need to secure developer infrastructure, as exposed Git configs can lead to the leak of sensitive credentials and even entire codebases. As always, the show wraps up with some final thoughts and goodbyes, leaving listeners with actionable insights and a reminder to stay vigilant in the face of rapidly evolving cyber threats. If you have questions or want to hear more about any of these topics, let us know-what's on your mind this week? Storm Watch Homepage >> Learn more about GreyNoise >>  

Trust Issues
EP 6 - Incident Response POV: 2025 Emerging Threats

Trust Issues

Play Episode Listen Later Apr 30, 2025 36:41


In this episode of Security Matters, host David Puner, dives into the world of evolving cyberthreats with Bryan Murphy, Senior Director of CyberArk's Incident Response Team. Imagine a scenario where an attacker uses AI-generated deepfakes to impersonate your company's VP of finance, gaining unauthorized access to your environment. Bryan Murphy shares insights on how these sophisticated attacks are turning identity into the attack surface and why your first line of defense might be as simple as a video call. Learn about the latest trends in social engineering, credential tiering and the importance of visual verification in incident response. Don't miss this eye-opening discussion on how to protect your organization from the ever-evolving threat landscape.

Fluent Fiction - Swedish
Spring Showdown: Triumph Over Cyber Threats in Stockholm Startup

Fluent Fiction - Swedish

Play Episode Listen Later Apr 29, 2025 15:06


Fluent Fiction - Swedish: Spring Showdown: Triumph Over Cyber Threats in Stockholm Startup Find the full episode transcript, vocabulary words, and more:fluentfiction.com/sv/episode/2025-04-29-22-34-02-sv Story Transcript:Sv: Det var en livlig vårdag på startup-inkubatorn i Stockholm.En: It was a lively spring day at the startup incubator in Stockholm.Sv: Solen sken genom de stora fönstren och fyllde lokalen med ljus.En: The sun shone through the large windows, filling the space with light.Sv: Man kunde nästan känna doften av blommande körsbärsträd från den närliggande parken, där folk började förbereda sig för Valborgsmässoafton.En: You could almost smell the blooming cherry trees from the nearby park, where people were starting to prepare for Valborgsmässoafton.Sv: Inne i inkubatorn satt Emil framför sin laptop.En: Inside the incubator, Emil sat in front of his laptop.Sv: Han såg på sin skärm med bekymrad min.En: He looked at his screen with a worried expression.Sv: "Kanske denna gång," mumlade han för sig själv.En: "Maybe this time," he muttered to himself.Sv: Hans produktlansering närmade sig snabbt och han visste att investerarna skulle vara där.En: His product launch was approaching quickly, and he knew the investors would be there.Sv: Han behövde detta att gå smidigt.En: He needed everything to go smoothly.Sv: Bredvid i samma kontorslandskap arbetade Karin, inkubatorns säkerhetsexpert.En: Nearby, in the same office landscape, Karin, the incubator's security expert, was working.Sv: Hon hade lagt märke till de oregelbundna dataintrången.En: She had noticed the irregular data breaches.Sv: "Emil," sa hon och gick fram till hans skrivbord.En: "Emil," she said, approaching his desk.Sv: "Din startup har flera säkerhetsproblem.En: "Your startup has several security issues.Sv: Vi måste lösa det."En: We need to solve them."Sv: Emil suckade.En: Emil sighed.Sv: Han ville inte ha hjälp.En: He didn't want help.Sv: Men situationen blev värre.En: But the situation was worsening.Sv: Andra startups hade börjat få problem, och det skapades en känsla av stress och misstro.En: Other startups had started to experience problems, creating a sense of stress and mistrust.Sv: "Okej, vad kan vi göra?"En: "Okay, what can we do?"Sv: frågade han till slut.En: he finally asked.Sv: Karin visade Emil hur de kunde förstärka skyddet.En: Karin showed Emil how they could strengthen the protection.Sv: Men mitt i allt fann hon något underligt.En: But in the middle of everything, she found something strange.Sv: En dold enhet bland sladdarna under bordet.En: A hidden device among the cords under the desk.Sv: "Den här orsakar attackerna," sa hon skyggt men bestämt.En: "This is causing the attacks," she said shyly but firmly.Sv: Emil och Karin visste att de hade begränsad tid.En: Emil and Karin knew they had limited time.Sv: Valborgsnatten närmade sig och alla väntade sig att produkterna skulle visas.En: Valborg night was approaching, and everyone expected the products to be showcased.Sv: De arbetade snabbt för att stänga ner enheten innan den kunde göra mer skada.En: They worked quickly to shut down the device before it could cause more damage.Sv: Svetten pärlade på deras pannor.En: Sweat beaded on their foreheads.Sv: Till slut, precis när elden från Valborg firandet började tändas utanför, lyckades de.En: Finally, just as the fires from the Valborg celebration were being lit outside, they succeeded.Sv: "Vi klarade det!"En: "We did it!"Sv: ropade Emil glatt och kände en stor lättnad skölja över sig.En: Emil shouted joyfully, feeling a huge relief wash over him.Sv: Nästa dag gick hans produktlansering som planerat.En: The next day, his product launch went as planned.Sv: Investorerna var imponerade.En: The investors were impressed.Sv: Emil vände sig till Karin och sa, "Tack, jag kunde inte ha gjort det utan dig."En: Emil turned to Karin and said, "Thank you, I couldn't have done it without you."Sv: Karin log.En: Karin smiled.Sv: Inkubatorn erkände nu hennes värdefulla arbete.En: The incubator now recognized her valuable work.Sv: Hon kände sig både uppskattad och säker i sin roll.En: She felt both appreciated and secure in her role.Sv: Emil hade lärt sig en ovärderlig lärdom om samarbete och Karin om sin egen styrka.En: Emil had learned an invaluable lesson about collaboration and Karin about her own strength.Sv: Inkubatorn återhämtade sig snabbt från attackerna och livet där fortsatte, fyllt av nya möjligheter och vårens skaparglädje.En: The incubator quickly recovered from the attacks, and life there continued, filled with new opportunities and the creative joy of spring. Vocabulary Words:lively: livligincubator: inkubatorblooming: blommandeworried: bekymradexpression: minapproaching: närmade sigirregular: oregelbundnabreaches: dataintrångensecurity: säkerhetissues: problemstrengthen: förstärkaprotection: skyddetdevice: enhetcords: sladdarnasituation: situationworsening: blev värrecollaboration: samarbetevaluable: värdefullaappreciated: uppskattadunexpected: oväntadjoy: glädjeprepared: förbereda siglaunch: lanseringinvestors: investeraresmoothly: smidigtmistrust: misstroshy: skyggtfirmly: bestämtlimited: begränsadrelief: lättnad

Innovation in Government
Steps agencies can take to stay ahead of ever-sophisticated cyber threats

Innovation in Government

Play Episode Listen Later Apr 28, 2025 28:00


Michael Riemer, the senior vice president of the network security group and field CISO at Ivanti, said ‘secure by design' is more important than ever.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Daily Signal News
Quantum Warfare: How Titanium Secure Protects You From Chinese Cyber Threats

Daily Signal News

Play Episode Listen Later Apr 27, 2025 32:37


Dive deep into the world of cybersecurity with Dr. John Reese, founder and CEO, and Michael Avari, CIO of Titanium Secure. Learn why quantum-resistant encryption has become crucial in an era of Chinese cyber threats and big tech data harvesting. Key Topics: 1) The birth of Titanium Secure: Discover how Reese's unique path from dentistry to cybersecurity led to his founding a secure communications platform 2) Why Parler's deplatforming in 2020 signaled a need for independent secure communications 3) The Chinese threat: Recent telecom infiltrations and infrastructure targeting 4) Quantum computing explained: Why current encryption is vulnerable and how Titanium Secure is resistant 5) Beyond Big Tech: Why free services like WhatsApp and Telegram come with hidden costs 6) Real-world uses: From real estate transactions to sensitive government communications Titanium Secure is available across all major platforms including Windows, Mac, Android, iOS, and Linux, and can be accessed through its website or downloaded from Apple and Google Play app stores. Pricing starts at $6/month for individuals, with enterprise and temporary subscription options. Guest Bios: Dr. John Reese: Former dentist turned tech entrepreneur who founded Titanium Secure after identifying critical gaps in conservative communication security Michael Avari: Former CISO with deep tech background, now CIO of Titanium Secure, bringing expertise in quantum-resistant encryption Resources: Visit https://www.TitaniumSecure.io for more information Download from the Apple or Google Play app stores The Daily Signal cannot continue to tell stories, like this one, without the support of our viewers: https://secured.dailysignal.com/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Jamf After Dark
Jamf After Dark - Current Landscape of Security and Privacy for K-12

Jamf After Dark

Play Episode Listen Later Apr 25, 2025 56:51


Co-hosts Kat Garbis and Sean Rabbitt are joined by Suraj Mohandas (Vice President of Product Strategy), Emily McRoberts-Froese (Sr. Education Leadership Executive), and John Wetter (Director of Technology & Information Services Hopkins Public Schools) to discuss the current landscape for admins supporting K-12 .    Meet John Wetter, an IT Professional, Jamf customer, and public speaker out of Minneapolis, joins the Jamf team to discuss the current changes and evolution of supporting K-12, including security, privacy, budget, AI initiatives and more.    The team leans on Wetter's experience to understand how they are navigating cyber and physical threats in K-12 schools, best practices in identity, if AI has a place in education, and advice to other IT professionals in the K-12 space. 

@BEERISAC: CPS/ICS Security Podcast Playlist
Cyber Threats, China, and the Global Wake-Up Call

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Apr 25, 2025 27:04


Podcast: Industrial Cybersecurity InsiderEpisode: Cyber Threats, China, and the Global Wake-Up CallPub date: 2025-04-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino and Craig address the recent acknowledgment by China of their role in U.S. infrastructure hacks. They explore the urgent cybersecurity challenges facing industrial environments. With rising geopolitical tensions, tariffs, the push to bring more manufacturing back to the U.S. and increasing attacks on critical infrastructure, the stakes have never been higher. From end-of-life PLCs still running core operations, to the disconnect between IT and OT leadership, this conversation identifies the systemic gaps leaving industrial operations exposed. They outline the pressing need for visibility, actionable incident response plans, and a cultural shift toward collaboration across the stack, from plant floor to the boardroom. Whether you're a CISO or an operations lead, this episode offers real-world insights, battle-tested perspectives, and one clear takeaway: in cybersecurity, doing nothing is no longer an option.Chapters:00:00:00 - Kicking Off: Why IT-OT Unity Isn't Optional Anymore00:01:17 - Cyber Threats, China, and the Global Wake-Up Call00:02:16 - CISA's New Role: From Background Player to OT Ally00:05:32 - Still Separate, Still Vulnerable: Why IT & OT Must Sync Up00:09:48 - Blind Spots Kill: Why Visibility Is the Real MVP00:10:43 - Remote Access Realities and the Myth of the Air Gap00:20:29 - Crisis Mode: Are You Ready for the Worst?00:23:50 - Dino & Craig's Parting Shot: Do Something - NowLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Business of Tech
Zendesk Shifts to Outcome-Based Pricing; CISA Faces Resignations Amid Budget Cuts and Cyber Threats

Business of Tech

Play Episode Listen Later Apr 23, 2025 15:31


Zendesk has made a significant shift in its pricing model by moving away from traditional seat licenses to an outcome-based pricing structure. This change, articulated by CEO Tom Eggemeier, means that customers will only pay when an AI agent successfully resolves a business problem. This approach aligns with a broader industry trend towards consumption-based pricing, where costs are directly linked to the value delivered rather than the number of licenses or usage. As organizations increasingly adopt AI technologies, this model could reshape the software landscape, pushing providers to rethink their value propositions and focus on delivering tangible business outcomes.The Cybersecurity and Infrastructure Security Agency (CISA) is facing challenges as two high-ranking officials resign amid budget cuts that threaten to reduce its workforce by nearly 40%. The agency's Secure by Design initiative, aimed at enhancing software security, may be impacted by these changes, raising concerns about the future of national cybersecurity efforts. Additionally, CISA has halted the use of certain threat-hunting tools, which could further hinder its ability to address cyber threats effectively. The situation highlights the critical need for managed service providers (MSPs) to adapt their business models to incorporate security measures that align with evolving regulatory and customer demands.Kaseya and other companies are introducing AI-driven tools designed to enhance IT management and cybersecurity for managed service providers. Kaseya's Spring 2025 release includes features that automate workflows and improve user experience, while Cork Protection has launched a tool to help MSPs quickly assess cyber insurance policies. These innovations reflect a growing trend in the industry to leverage AI for operational efficiency and improved service delivery. As MSPs adopt these technologies, they can better position themselves to meet client needs and navigate the complexities of cybersecurity.OpenAI has partnered with The Washington Post to enable ChatGPT to summarize and link to the newspaper's reporting, marking a significant development in the relationship between AI and journalism. This collaboration aims to enhance the quality of information provided to users while raising questions about copyright and the reliability of AI-generated content. Despite OpenAI's advancements in research capabilities, concerns remain about the accuracy of AI in complex tasks. The partnership underscores the ongoing tension between the demand for high-quality information and the challenges of integrating AI into content creation and dissemination. Four things to know today 00:00 Zendesk Drops Per-User Pricing—Now It's Pay When AI Gets the Job Done03:56 Cyber Shakeup: CISA Faces Staff Exodus and Tool Loss While Pentagon Tightens Software Security Standards06:52 From Cyber Orchestration to Frontline AI: New Releases Highlight MSP-Centric Innovation Across the Ecosystem10:35 As OpenAI Partners with Major Newsrooms, Benchmark Reveals Deep Research Still Struggles with Accuracy  Supported by: https://timezest.com/mspradio/ https://www.huntress.com/mspradio/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Kate Dalley Radio
042225 2nd HR Key Addition To 1st HR and Cyber Threats Who Is Really Behind Them WOW

Kate Dalley Radio

Play Episode Listen Later Apr 22, 2025 37:40


042225 2nd HR Key Addition To 1st HR and Cyber Threats Who Is Really Behind Them WOW by Kate Dalley

Storm⚡️Watch by GreyNoise Intelligence
CVE Chaos: The Fragmented Future of Vulnerability Tracking, Bad Bots & Real-Time Threat Intel

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Apr 22, 2025 56:41


Forecast = Prepare for scattered CVEs, rising bot storms, and real-time threat lightning. Keep your digital umbrellas handy! ‍ On this episode of Storm⚡️Watch, we're breaking down the latest shifts in the vulnerability tracking landscape, starting with the ongoing turbulence in the CVE program. As the MITRE-run CVE system faces funding uncertainty and a potential transition to nonprofit status, the global security community is rapidly adapting. New standards and databases are emerging to fill the gaps—Europe's ENISA is rolling out the EU Vulnerability Database to ensure regional control, while China continues to operate its own state-mandated systems. Meanwhile, the CVE ecosystem's chronic delays and the NVD's new “Deferred” status for tens of thousands of older vulnerabilities are pushing teams to look elsewhere for timely, enriched vulnerability data. Open-source projects like OSV.dev and commercial players such as VulnCheck and Snyk are stepping up, offering real-time enrichment, exploit intelligence, and predictive scoring to help organizations prioritize what matters most. The result is a fragmented but innovative patchwork of regional, decentralized, open-source, and commercial solutions, with hybrid approaches quickly becoming the norm for defenders worldwide. We're also diving into Imperva's 2024 Bad Bot Report, which reveals that nearly a third of all internet traffic last year came from malicious bots. These bots are getting more sophisticated—using residential proxies, mimicking human behavior, and bypassing traditional defenses. The report highlights a surge in account takeover attacks and shows that industries like entertainment and retail are especially hard hit, with bot traffic now outpacing human visitors in some sectors. The rise of simple bots, fueled by easy-to-use AI tools, is reshaping the threat landscape, while advanced and evasive bots continue to challenge even the best detection systems. On the threat intelligence front, GreyNoise has just launched its Global Observation Grid—now the largest deception sensor network in the world, with thousands of sensors in over 80 countries. This expansion enables real-time, verifiable intelligence on internet scanning and exploitation, helping defenders cut through the noise and focus on the threats that matter. GreyNoise's latest research shows attackers are exploiting vulnerabilities within hours of disclosure, with a significant portion of attacks targeting legacy flaws from years past. Their data-driven insights are empowering security teams to prioritize patching and response based on what's actually being exploited in the wild, not just theoretical risk. We're also spotlighting Censys and its tools for tracking botnets and advanced threats, including collaborative projects with GreyNoise and CursorAI. Their automated infrastructure mapping and pivoting capabilities are helping researchers quickly identify related malicious hosts and uncover the infrastructure behind large-scale attacks. Finally, VulnCheck continues to bridge the gap during the CVE program's uncertainty, offering autonomous enrichment, real-time exploit tracking, and comprehensive coverage—including for CVEs that NVD has deprioritized. Their Known Exploited Vulnerabilities catalog and enhanced NVD++ service are giving defenders a broader, faster view of the threat landscape, often surfacing critical exploitation activity weeks before it's reflected in official government feeds. As the vulnerability management ecosystem splinters and evolves, organizations are being forced to rethink their strategies—embracing a mix of regional, open-source, and commercial intelligence to maintain visibility and stay ahead of attackers. The days of relying on a single source of truth for vulnerability data are over, and the future is all about agility, automation, and real-time insight. Storm Watch Homepage >> Learn more about GreyNoise >>  

ITSPmagazine | Technology. Cybersecurity. Society
From Phishing to Full Compromise in Under an Hour: Automation Is Fueling the Next Wave of Cyber Threats | A LevelBlue Brand Story with Kenneth Ng

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Apr 18, 2025 36:02


LevelBlue's latest Threat Trends Report pulls no punches: phishing, malware, and ransomware attacks are not just continuing—they're accelerating. In this episode of ITSPmagazine's Brand Story podcast, hosts Sean Martin and Marco Ciappelli are joined by Kenneth Ng, a threat hunter and lead incident responder on LevelBlue's Managed Detection and Response (MDR) team, to unpack the findings and recommendations from the report.Phishing as a Service and the Surge in Email CompromisesOne of the most alarming trends highlighted by Kenneth is the widespread availability of Phishing-as-a-Service (PhaaS) kits, including names like RaccoonO365, Mamba 2FA, and Greatness. These kits allow attackers with little to no technical skill to launch sophisticated campaigns that bypass multi-factor authentication (MFA) by hijacking session tokens. With phishing attacks now leading to full enterprise compromises, often through seemingly innocuous Microsoft 365 access, the threat is more serious than ever.Malware Is Smarter, Simpler—and It's Spreading FastMalware, particularly fake browser updates and credential stealers like Lumma Stealer, is also seeing a rise in usage. Kenneth points out the troubling trend of malware campaigns that rely on basic user interactions—like copying and pasting text—leading to full compromise through PowerShell or command prompt access. Basic group policy configurations (like blocking script execution for non-admin users) are still underutilized defenses.Ransomware: Faster and More Automated Than EverThe speed of ransomware attacks has increased dramatically. Kenneth shares real-world examples where attackers go from initial access to full domain control in under an hour—sometimes in as little as ten minutes—thanks to automation, remote access tools, and credential harvesting. This rapid escalation leaves defenders with very little room to respond unless robust detection and prevention measures are in place ahead of time.Why This Report MattersRather than presenting raw data, LevelBlue focuses on actionable insights. Each major finding comes with recommendations that can be implemented regardless of company size or maturity level. The report is a resource not just for LevelBlue customers, but for any organization looking to strengthen its defenses.Be sure to check out the full conversation and grab the first edition of the Threat Trends Report ahead of LevelBlue's next release this August—and stay tuned for their updated Futures Report launching at RSA Conference on April 28.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Kenneth Ng, threat hunter and lead incident responder on LevelBlue's Managed Detection and Response (MDR) team | On LinkedIn: https://www.linkedin.com/in/ngkencyber/ResourcesDownload the LevelBlue Threat Trends Report | Edition One: https://itspm.ag/levelbyqdpLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The Fearless Mindset
Episode 244 - Mental Toughness in a Changing World: How to Stay Ahead of the Curve

The Fearless Mindset

Play Episode Listen Later Apr 15, 2025 38:33


In this episode, Mark Ledlow and Chuck Andrews discuss various topics including the economic growth in Texas, cultural differences across states, and the significance of diversifying business portfolios. The conversation touches on Chuck's experiences in law enforcement and the security industry, the evolving work ethic in younger generations, and the importance of mental toughness. They also discuss the challenges of organizing large events like Texas Night during hurricane season, the increase in school shootings versus domestic terrorism, and strategies for staying informed and proactive in an ever-changing business landscape. Tune in to gain insights from industry leaders and to understand what it takes to remain fearless amid adversity.Learn about all this and more in this episode of The Fearless Mindset Podcast.KEY TAKEAWAYSEconomic Growth in Texas: Discussion on the migration of financial and tech companies to Texas, contributing to its growing economy.Cultural Differences: Exploration of cultural contrasts between Texas and other states like California and New York.Relocating and Adapting: Emphasis on the importance of embracing new cultures and adapting to different environmentsWork Ethic: Reflection on the changing work ethic among younger generations compared to older ones.Diverse Experiences: Value of having diverse experiences, from law enforcement to business, in shaping a well-rounded career.School Safety and Behavior: Importance of focusing on the behavioral aspects of students to prevent school shootings, rather than just increasing security hardware.AI and Information Verification: Necessity of verifying sources in the age of AI to avoid being misled.QUOTES"Texas does remain the friendliest state in the United States.""Business is simple. Humans are simple. You just gotta take your time getting to know people.""Focus on the kids in terms of that. Invest in counseling and literally having the kids involve themselves.""With AI, you're gonna be fooled in a very big way. Big decisions are gonna be made and you'll have no idea what's going on.""Treat life in a more meaningful way; build trust and all that good stuff comes. Just gotta be patient. Play the long game."Get to know more about Charles "CHUCK" Andrews through the link below. https://www.linkedin.com/in/charlesandrewscpp/To hear more episodes of The Fearless Mindset podcast, you can go to  https://the-fearless-mindset.simplecast.com/ or listen to major podcasting platforms such as Apple, Google Podcasts, Spotify, etc. You can also subscribe to the Fearless Mindset YouTube Channel to watch episodes on video.

Dell Technologies Power2Protect Podcast
Episode 109: Building an Unbreakable Cyber Resilience Posture

Dell Technologies Power2Protect Podcast

Play Episode Listen Later Apr 15, 2025 40:34


Explore actionable strategies for building a robust cyber resilience posture in this insightful episode. From strengthening defenses to improving recovery agility and anticipating future cybersecurity trends, this conversation delivers practical insights to help you stay a step ahead in protecting your digital landscape.

Storm⚡️Watch by GreyNoise Intelligence
Cyber Threat Horizon: InfosecSherpa Interview, Ukraine Drone Malware, & VulnCon Recap

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Apr 15, 2025 65:37


Forecast = Scattered exploits, Mirai storms brewing, and rogue drones dropping malware over Russia. Keep your firewalls up—a vulnerability front is rolling in fast! ‍ On this episode of Storm⚡️Watch, we're bringing you a packed episode that covers the latest in cyber threat intelligence, industry news, and a few stories you won't want to miss. We kick things off with our usual round of introductions and a quick look at the cyber weather, setting the stage for what's happening across the threat landscape. In our first segment, Tod shares his wrap-up from VulnCon 2025, highlighting the key takeaways and emerging trends from this year's conference. From new vulnerability research to the latest in exploit techniques, Tod breaks down what security professionals need to know and what's likely to shape the industry in the coming months. Next up, we sit down with Tracy Z. Maleeff, better known as InfosecSherpa, for an interview that traces her journey from librarian to cybersecurity professional. Tracy shares insights on career pivots, the importance of information literacy in security, and her ongoing work to make the field more accessible. Her story is a must-listen for anyone considering a move into cyber or looking for inspiration from someone who's successfully navigated the transition. We then turn our attention to a headline-grabbing story out of Ukraine, where reports indicate that drones sent into Russian territory are not just for surveillance or kinetic impact—they're also carrying malware designed to infect military systems if captured. This blend of physical and cyber warfare is a stark reminder of how modern conflicts are increasingly fought on multiple fronts, with digital payloads now as critical as traditional munitions. If we need to fill a little extra time, we'll explore some of the more bizarre aspects of hybrid warfare, including reports of weaponized consumer goods—think exploding sex toys and cosmetics—being used as part of psychological and disruption campaigns targeting the West. It's a strange new world where almost anything can be turned into a tool of conflict. We also spotlight recent research from Censys on the Salt Typhoon attacks, which underscore the need for advanced defenses as attackers continue to exploit edge devices and cloud infrastructure. Their findings highlight the importance of proactive monitoring and rapid response to emerging threats. On the GreyNoise front, we've observed a threefold surge in exploitation attempts targeting TVT DVRs, likely linked to Mirai botnet activity. This uptick is a clear signal that attackers are constantly scanning for vulnerable devices to conscript into their botnets, and it's a reminder for defenders to stay vigilant and patch exposed systems. As always, we wrap up with a round of goodbyes and a reminder to subscribe for more insights, interviews, and real-time threat intelligence. Thanks for tuning in to Storm⚡️Watch—where we keep you ahead of the cyber storms. Storm Watch Homepage >> Learn more about GreyNoise >>  

No Password Required
No Password Required Podcast Episode 58 — Trevor Hilligoss

No Password Required

Play Episode Listen Later Apr 14, 2025 42:32


summaryIn this episode of No Password Required, host Jack Clabby and guest Trevor Hillegas discuss various aspects of cybersecurity, including the transition from military service to the private sector, the importance of leadership in tech, and the misconceptions surrounding cyber threats. Trevor shares insights from his career, emphasizing the need for a proactive approach to cybersecurity and the value of empowering teams to innovate and learn from failures. In this engaging conversation, the speakers delve into memorable experiences in cybersecurity, including impactful interactions and the importance of sharing knowledge. They explore personal preferences through a fun lifestyle polygraph segment, discussing walk-up songs, breakfast favorites, and nerd culture. The conversation also touches on the lighter side of cybersecurity with prank calls and the dynamics of building an escape room team. The episode concludes with contact information and an invitation to connect further.takeawaysTrevor emphasizes the importance of metaphors in understanding cybersecurity.The public often fears sophisticated threats while ignoring more common dangers.Leadership in cybersecurity should focus on empowering teams rather than micromanaging.A proactive approach in cybersecurity can prevent victimization before it occurs.Technical leaders should understand core concepts to effectively guide their teams.Misconceptions about cyber criminals often stem from Hollywood portrayals.The military experience can significantly shape leadership styles in tech.Daily life in cybersecurity involves constant learning and adaptation.Sophistication in cyber threats does not always correlate with success.Cybersecurity is about both fighting threats and fortifying defenses. Memorable interactions can lead to impactful collaborations in cybersecurity.Sharing knowledge can help mitigate cyber threats effectively.Personal preferences can reveal a lot about an individual's character.Walk-up songs can reflect one's personality and professional identity.Breakfast choices can be a blend of cultural influences and personal tastes.Building a team for an escape room requires diverse skills and personalities.Nerd culture can foster connections and shared interests among individuals.Prank calls can be a humorous way to engage with public figures.Culinary competitions highlight the absurdity of turning survival into entertainment.Networking in cybersecurity can lead to unexpected opportunities.titlesCybersecurity Connections: Memorable MomentsThe Lifestyle Polygraph: Fun and InsightsWalk-Up Songs: A Reflection of IdentityBreakfast Favorites: A Culinary JourneySound Bites"Tell them what needs to get done.""Empower your people to fail.""We can stop that identity theft.""I was in Europe giving a talk.""I sent him everything that we had.""I would get Jack Sparrow.""I love Star Wars.""I would call Gordon Ramsey."Chapters00:00 Introduction to Cybersecurity Insights02:54 Career Path and Unexpected Experiences05:55 Transitioning from Military to Cybersecurity09:07 Daily Life at Spy Cloud12:12 Leadership Philosophy and Management Style14:53 The Nature of Cyber Threats17:50 Technical Skills in Leadership20:52 Misconceptions About Cyber Criminals25:32 Memorable Cybersecurity Interactions28:12 Lifestyle Polygraph Introduction28:35 Walk-Up Songs and Personal Preferences32:07 Breakfast Favorites and Culinary Influences34:40 Building the Ultimate Escape Room Team37:36 Nerd Culture and Personal Interests39:02 Prank Calls and Culinary Competitions41:20 Closing Thoughts and Contact Information

The Tara Show
"Cyber Threats and Silent Deals: The Shocking Truth Behind China's Grip on U.S. Infrastructure"

The Tara Show

Play Episode Listen Later Apr 11, 2025 6:34


In a stunning revelation reported by The Wall Street Journal, Chinese officials allegedly admitted in a secret meeting to years of cyberattacks on critical U.S. infrastructure — from ports and airports to nuclear facilities. Tied to tensions over Taiwan, the confession paints a chilling picture of strategic digital warfare. As Trump ramps up tariffs and boots out compromised officials, new questions emerge: Is the Biden administration turning a blind eye? And just how deep does China's influence in Washington really go?

Storm⚡️Watch by GreyNoise Intelligence
2025 Cyber Breakdown: CrushFTP Chaos, NVD Crisis & North Korean Threats

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Apr 8, 2025 62:12


Forecast: Patchy with a 32% backlog surge, CVE squalls causing auth bypass showers, and Lazarus fronts looming—keep your threat umbrellas handy!"

Risk Management Show
Leadership Tips for Managing Cyber Threats in Business with John D. Marvin

Risk Management Show

Play Episode Listen Later Apr 7, 2025 26:35


In this episode, we discussed leadership tips for managing cyber threats in business with John D. Marvin, the President and CEO of Texas State Optical. With over two decades of experience growing TSO into a top 10 retail optical organization in the U.S. John shared invaluable insights on risk management, cybersecurity, and building a successful franchise network. He delved into the importance of customer-centric leadership, robust cybersecurity protocols, and the risks of operational vulnerabilities like website integrations and data breaches. If you're a Chief Risk Officer, business leader, or interested in sustainability and cybersecurity, this episode is packed with actionable strategies to protect your business assets. John also emphasized the role of ongoing training, compliance with federal privacy laws, and the need for proactive measures to prevent ransomware threats. If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Podcast Guest Inquiry." Stay tuned for more expert discussions on risk management and cybersecurity.

The Fearless Mindset
Episode 242 - Security, AI & Private Equity—Chuck Andrews' Take on the Future of the Industry

The Fearless Mindset

Play Episode Listen Later Apr 1, 2025 36:20


In this episode, Mark Ledlow and Chuck Andrews, a renowned figure in the security industry known for his extensive global network and profound insights. Chuck shares his journey of building qualitative relationships, his strategies for managing a substantial LinkedIn following, and his future endeavors including a book tour across Europe. The discussion also delves into the challenges and opportunities in the security business, emphasizing the importance of trust and consistent relationship maintenance. Moreover, Chuck touches on issues like the impact of AI on business, geopolitical concerns, and the future of private equity in the industry. The episode is a rich blend of professional advice, personal anecdotes, and strategic insights pivotal for anyone looking to thrive in the security and business landscape.Learn about all this and more in this episode of The Fearless Mindset Podcast.KEY TAKEAWAYSAdversity Management: Insights into how business leaders handle challenges and adversity.Business Optimism: There's a noticeable sense of optimism in the business community, particularly in Texas.Quality vs. Quantity in Networking: The importance of building quality relationships rather than focusing on the number of connections.Trust and Relationships: Trust is the cornerstone of effective business relationships and must be maintained through consistency and integrity.Importance of Adaptability: The need to adapt business strategies in response to changing environments and tech advancements.Upcoming Events: Details on Chuck's book tour and the impactful events he is organizing, including a cruise focused on networking.QUOTES"You ain't seen nothing yet. The next four years is gonna be a Yee-haw version to the 10th power, you watch!""Maintenance of relationships...that's where the work begins.""It's better not to own boats, planes, and trains, but it's better to have friends who have boats, planes, and trains.""Get shit done. Everybody likes to get shit done.""Trust is earned in this business. People are watching you, they're vetting you, even when they're not talking to you.""AI is going to be the biggest investment space.""You will not be able to discern the difference between fact and fiction, right and wrong...that's how dangerous artificial intelligence can be."Get to know more about Charles "CHUCK" Andrews through the link below.https://www.linkedin.com/in/charlesandrewscpp/To hear more episodes of The Fearless Mindset podcast, you can go to https://the-fearless-mindset.simplecast.com/ or listen to major podcasting platforms such as Apple, Google Podcasts, Spotify, etc. You can also subscribe to the Fearless Mindset YouTube Channel to watch episodes on video.

Sales vs. Marketing
Lessons - Fixing Human Error in Cybersecurity | Theresa Payton - Former White House CIO

Sales vs. Marketing

Play Episode Listen Later Mar 30, 2025 11:29


➡️ Like The Podcast? Leave A Rating: https://ratethispodcast.com/successstory  In this "Lessons" episode, Theresa Payton, former White House CIO, shares how predictable human behavior creates vulnerabilities in cybersecurity and why conventional defenses often fall short. Learn why routine security measures are exploited by sophisticated social engineering and how designing innovative, personalized protocols can disrupt attackers and strengthen digital defenses. ➡️ Show Linkshttps://successstorypodcast.com  YouTube: https://youtu.be/bH8DwhGUg0cApple: https://podcasts.apple.com/us/podcast/theresa-payton-cybersecurity-expert-author-former-white/id1484783544Spotify: https://open.spotify.com/episode/5DLZKqN89CTRVXW2Hi3Pq5➡️ Watch the Podcast on YouTubehttps://www.youtube.com/c/scottdclary 

My Climate Journey
Securing the Energy Grid from Cyber Threats with Xage Security

My Climate Journey

Play Episode Listen Later Mar 27, 2025 38:31


Roman Arutyunov is the Co-founder and SVP of Products at Xage Security, a Series B startup focused on protecting critical infrastructure—including energy systems—from cyber threats. Xage is backed by investors like Chevron Technology Ventures, Aramco, Piva Capital, Valor Equity Partners, and Overture.Cybersecurity is a growing concern as our energy systems become more distributed, electrified, and digitally connected. We spoke with Roman about the vulnerabilities in today's infrastructure, the motivations behind cyberattacks, and how the rise of AI is changing the cybersecurity landscape.In this episode, we cover: [2:11] Introduction to Xage Security[3:12] Cybersecurity 101: Ransomware, nation-state threats, and attacker motivations[7:10] Operational tech (OT) vs. information tech (IT)[13:29] Xage's Zero Trust security approach[15:45] Customer segments and differing security challenges[20:47] Navigating regulations vs. fast deployment timelines[23:40] How AI is shaping both threats and defenses[28:00] When multifactor authentication becomes a vulnerability[31:59] Real-world cyberattacks on energy systems[34:10] Xage's funding history and growth trajectoryEpisode recorded on Feb 20, 2025 (Published on Mar 26, 2025) Enjoyed this episode? Please leave us a review! Share feedback or suggest future topics and guests at info@mcj.vc.Connect with MCJ:Cody Simms on LinkedInVisit mcj.vcSubscribe to the MCJ Newsletter*Editing and post-production work for this episode was provided by The Podcast Consultant

Financial Freedom for Physicians with Dr. Christopher H. Loo, MD-PhD

Cybersecurity for businesses is more critical than ever, with cyber threats evolving daily. In this episode, we sit down with Dylan Evans, a leading expert in cybersecurity, to break down what businesses need to know about securing their operations from internet crime, fraud, and data breaches. Whether you're a small business owner, a CEO, or an IT professional, this episode provides practical solutions to strengthen your security defenses.