Podcasts about cybercriminals

Cybercriminals steal the bank password of tens of thousands of Australians.

Cybercriminals steal the bank password of tens of thousands of Australians.

Cybercriminals are using AI to weaponize human psychology—and your company could be next. In this power-packed Get Yourself Optimized episode, cybersecurity expert Leia Shilobod shares how to transform your organization's culture into your strongest defense. Leia breaks down:

Cybercriminals stole more than $16 billion last year, Iran tries to hack an EU official, the Lazarus Groups pulls off a successful watering hole and zero-day attack, and WhatsApp adds new chat privacy features. Show notes

What if the biggest threat to your privacy wasn't some hacker in a hoodie—but a spy trained to infiltrate your life? Former FBI operative Eric O'Neill, the man who took down spy Robert Hanssen, explains how digital spies target us, offering along the way real-world tips to protect ourselves in a world where everyone's a potential target. Learn more about your ad choices. Visit megaphone.fm/adchoices

What's the best thing small businesses can do to improve their security posture?

Shoot us a Text.Episode #1025: We cover Nissan's plan to hold vehicle prices through early June and increase U.S. production in response to tariffs. Plus we examine Tesla's strategic repositioning of the Cybertruck and how cybercriminals are creating a realistic-looking phishing campaign using Google's own tools.Show Notes with links:Nissan is staying steady on pricing through June 2 and looking to its underused U.S. factories to soften the blow of auto tariffs. The strategy focuses on affordability and domestic production leverage.Nissan has a 3-month supply of tariff-free vehicles and won't raise prices yet.The company plans to boost output at Smyrna, TN and Canton, MS plants, all of which operated at half their capacity in 2024.Rogue production will jump by 54% over the next year, adding 60,000 units, while price cuts of $1K on 2025 Rogue and Pathfinder aim to drive demand.Nissan is incentivizing retailers with its April and May dealer volume bonus program, which pays extra cash to stores that meet sales targets.“We count all the cars [toward the sales target], but we only pay on the U.S.-made cars because we want to give [them a] tailwind,” said Nissan Americas Chair Christian MeunierTesla is quietly shifting the Cybertruck's identity from status symbol to workhorse after early hype faded, trucks stockpiled, and political ties turned divisive. The new approach aims to resonate with a more traditional truck-buying audience.Cybertruck deliveries remain under 50,000; demand has sharply declined with sales dropping 50% in Q1.Tesla updated the product page with rugged, utilitarian imagery, aligning with Ford's F-150 ads.Sales teams report it's harder to sell the truck to actual truck buyers; its novelty isn't enough."They need to advertise durability. It needs to be used and abused, and all of the capabilities that make it a work truck need to be on full display," said Edmunds' Ivan Drury.Cybercriminals are exploiting Google's own “Sites” app to run a phishing campaign that convincingly mimics law enforcement subpoenas and bypasses email authentication safeguards.Emails appear from “no-reply@google.com” and claim law enforcement access to your account.Attackers use Google Sites to create convincing portals that evade DKIM checks.DomainKeys Identified Mail (DKIM) authentication is passed since the emails originate from Google's own infrastructure.Google has acknowledged the issue and is deploying mitigations while encouraging 2FA and passkeys.Join Paul J Daly and Kyle Mountsier every morning for the Automotive State of the Union podcast as they connect the dots across car dealerships, retail trends, emerging tech like AI, and cultural shifts—bringing clarity, speed, and people-first insight to automotive leaders navigating a rapidly changing industry.Get the Daily Push Back email at https://www.asotu.com/ JOIN the conversation on LinkedIn at: https://www.linkedin.com/company/asotu/

IBM has released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. The 2025 report tracks new and existing trends and attack patterns - pulling from incident response engagements, dark web and other threat intelligence sources. Some key findings in the 2025 report include: Critical infrastructure organizations accounted for 70% of all attacks that IBM X-Force responded to last year, with more than one quarter of these attacks caused by vulnerability exploitation. More cybercriminals opted to steal data (18%) than encrypt it (11%) as advanced detection technologies and increased law enforcement efforts pressure cybercriminals to adopt faster exit paths. Nearly one in three incidents observed in 2024 resulted in credential theft, as attackers invest in multiple pathways to quickly access, exfiltrate and monetize login information. "Cybercriminals are most often breaking in without breaking anything - capitalizing on identity gaps overflowing from complex hybrid cloud environments that offer attackers multiple access points" said Mark Hughes, Global Managing Partner of Cybersecurity Services at IBM. "Businesses need to shift away from an ad-hoc prevention mindset and focus on proactive measures such as modernizing authentication management, plugging multi-factor authentication holes and conducting real-time threat hunting to uncover hidden threats before they expose sensitive data." Patching Challenges Expose Critical Infrastructure Sectors to Sophisticated Threats Reliance on legacy technology and slow patching cycles prove to be an enduring challenge for critical infrastructure organizations as cybercriminals exploited vulnerabilities in more than one-quarter of incidents that IBM X-Force responded to in this sector last year. In reviewing the common vulnerabilities and exposures (CVEs) most mentioned on dark web forums, IBM X-Force found that four out of the top ten have been linked to sophisticated threat actor groups, including nation-state adversaries, escalating the risk of disruption, espionage and financial extortion. Exploit codes for these CVEs were openly traded on numerous forums - fueling a growing market for attacks against power grids, health networks and industrial systems. This sharing of information between financially motivated and nation-state adversaries highlights the increasing need for dark web monitoring to help inform patch management strategies and detect potential threats before they are exploited. Automated Credential Theft Sparks Chain Reaction In 2024, IBM X-Force observed an uptick in phishing emails delivering infostealers and early data for 2025 reveals an even greater increase of 180% compared to 2023. This upward trend fueling follow-on account takeovers may be attributed to attackers leveraging AI to create phishing emails at scale. Credential phishing and infostealers have made identity attacks cheap, scalable and highly profitable for threat actors. Infostealers enable the quick exfiltration of data, reducing their time on target and leaving little forensic residue behind. In 2024, the top five infostealers alone had more than eight million advertisements on the dark web and each listing can contain hundreds of credentials. Threat actors are also selling adversary-in-the-middle (AITM) phishing kits and custom AITM attack services on the dark web to circumvent multi-factor authentication (MFA). The rampant availability of compromised credentials and MFA bypass methods indicates a high-demand economy for unauthorized access that shows no signs of slowing down. Ransomware Operators Shift to Lower-Risk Models While ransomware made up the largest share of malwa...

Jon DiMaggio is the Chief Security Strategist at Analyst1 with over 15 years of experience tracking cyber threats. Specializing in enterprise ransomware and nation-state attacks, Jon is best known for infiltrating the LockBit ransomware gang during a two-year undercover operation. His research, including Ransomware Diaries and The Art of Cyberwarfare, has aided law enforcement and been featured by CBS 60 Minutes, The New York Times, and Wired. A frequent speaker at RSA, he has twice received the SANS Difference Makers Award for his groundbreaking work.00:00 Introduction02:34 You don't need an expensive university11:00 In order to be successful in cyber, you need to…17:38 What are the bad guys doing?23:13 What does the government do to help?26:24 Consequences for bad actors41:35 The Art of Cyber Warfare44:05 Jon's new book--------------------------------------------------------------To learn more about Jon visit https://www.linkedin.com/in/jondimaggio/https://www.amazon.com/Art-Cyberwarfare-Investigators-Ransomware-Cybercrime-ebook/dp/B09BKLRH8P?ref_=ast_author_dpTo learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com

Jon DiMaggio is the Chief Security Strategist at Analyst1 with over 15 years of experience tracking cyber threats. Specializing in enterprise ransomware and nation-state attacks, Jon is best known for infiltrating the LockBit ransomware gang during a two-year undercover operation. His research, including Ransomware Diaries and The Art of Cyberwarfare, has aided law enforcement and been featured by CBS 60 Minutes, The New York Times, and Wired. A frequent speaker at RSA, he has twice received the SANS Difference Makers Award for his groundbreaking work.00:00 Introduction02:34 You don't need an expensive university11:00 In order to be successful in cyber, you need to…17:38 What are the bad guys doing?23:13 What does the government do to help?26:24 Consequences for bad actors41:35 The Art of Cyber Warfare44:05 Jon's new book

summaryIn this episode of No Password Required, host Jack Clabby and guest Trevor Hillegas discuss various aspects of cybersecurity, including the transition from military service to the private sector, the importance of leadership in tech, and the misconceptions surrounding cyber threats. Trevor shares insights from his career, emphasizing the need for a proactive approach to cybersecurity and the value of empowering teams to innovate and learn from failures. In this engaging conversation, the speakers delve into memorable experiences in cybersecurity, including impactful interactions and the importance of sharing knowledge. They explore personal preferences through a fun lifestyle polygraph segment, discussing walk-up songs, breakfast favorites, and nerd culture. The conversation also touches on the lighter side of cybersecurity with prank calls and the dynamics of building an escape room team. The episode concludes with contact information and an invitation to connect further.takeawaysTrevor emphasizes the importance of metaphors in understanding cybersecurity.The public often fears sophisticated threats while ignoring more common dangers.Leadership in cybersecurity should focus on empowering teams rather than micromanaging.A proactive approach in cybersecurity can prevent victimization before it occurs.Technical leaders should understand core concepts to effectively guide their teams.Misconceptions about cyber criminals often stem from Hollywood portrayals.The military experience can significantly shape leadership styles in tech.Daily life in cybersecurity involves constant learning and adaptation.Sophistication in cyber threats does not always correlate with success.Cybersecurity is about both fighting threats and fortifying defenses. Memorable interactions can lead to impactful collaborations in cybersecurity.Sharing knowledge can help mitigate cyber threats effectively.Personal preferences can reveal a lot about an individual's character.Walk-up songs can reflect one's personality and professional identity.Breakfast choices can be a blend of cultural influences and personal tastes.Building a team for an escape room requires diverse skills and personalities.Nerd culture can foster connections and shared interests among individuals.Prank calls can be a humorous way to engage with public figures.Culinary competitions highlight the absurdity of turning survival into entertainment.Networking in cybersecurity can lead to unexpected opportunities.titlesCybersecurity Connections: Memorable MomentsThe Lifestyle Polygraph: Fun and InsightsWalk-Up Songs: A Reflection of IdentityBreakfast Favorites: A Culinary JourneySound Bites"Tell them what needs to get done.""Empower your people to fail.""We can stop that identity theft.""I was in Europe giving a talk.""I sent him everything that we had.""I would get Jack Sparrow.""I love Star Wars.""I would call Gordon Ramsey."Chapters00:00 Introduction to Cybersecurity Insights02:54 Career Path and Unexpected Experiences05:55 Transitioning from Military to Cybersecurity09:07 Daily Life at Spy Cloud12:12 Leadership Philosophy and Management Style14:53 The Nature of Cyber Threats17:50 Technical Skills in Leadership20:52 Misconceptions About Cyber Criminals25:32 Memorable Cybersecurity Interactions28:12 Lifestyle Polygraph Introduction28:35 Walk-Up Songs and Personal Preferences32:07 Breakfast Favorites and Culinary Influences34:40 Building the Ultimate Escape Room Team37:36 Nerd Culture and Personal Interests39:02 Prank Calls and Culinary Competitions41:20 Closing Thoughts and Contact Information

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Oracle quietly cops to being hacked, but immediately pivots into pretending it didn't matter NSA and CyberCom leaders fired for not being MAGA enough US Treasury had some dusty corners it hadn't found China in yet, looked, found China in them …which is a great time to discuss slashing CISA's staffing Ransomware crews and bullet proof hosting providers are getting rekt, and we love it And Microsoft patches yet another logging 0-day being used in the wild. This episode is sponsored by Yubico, makers of Yubikey hardware authentication tokens. Yubico's Vice President of Solutions Architecture and Alliances Derek Hanson joins to discuss how the consumer-centric passkey ecosystem has become a real challenge for enterprises. One that Yubico is actually ideally positioned to solve. This episode is also available on Youtube. Show notes Oracle privately confirms Cloud breach to customers Oracle have finally issued a written notification to customers about their cybersecurity incident. Head of NSA and US Cyber Command reportedly fired | Cybersecurity Dive Trump fires numerous National Security Council staff - The Washington Post Trump administration under scrutiny as it puts major round of CISA cuts on the table | Cybersecurity Dive Hackers Spied on US Bank Regulators' Emails for Over a Year - Bloomberg This is how Jeffrey Goldberg got added to the Signal chat Cybercriminals are trying to loot Australian pension accounts in new campaign | The Record from Recorded Future News $500,000 stolen in Australian super fund data breach | Superannuation | The Guardian Australian regulator pulls licenses of 95 companies in effort to crack down on investment scams | The Record from Recorded Future News Everest ransomware group's darknet site offline following defacement | The Record from Recorded Future News On March 28, 2025, a threat actor leaked internal data from Medialand, a major bulletproof hosting (BPH) provider long linked to Yalishanda (LARVA-34). There's a ransomware group named DragonForce going around hacking its rivals. After Mamona and BlackLock, the group has now hacked RansomHub The DragonForce ransomware group hacked two rivals this month CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News Kill Security Campaign Targets CrushFTP Servers National Vulnerability Database | NIST Microsoft patches zero-day actively exploited in string of ransomware attacks | CyberScoop Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)

QR codes are being weaponised by scammers — so maybe think twice before scanning that parking meter. And in a blunder so dumb it makes autocorrect look smart, the White House explains how it leaked war plans on Signal because an iPhone mistook a journalist for a government insider.Plus! Don't miss our featured interview with Josh Donelson of Material, about detection and response in today's AI-driven world.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic.Here Are the Attack Plans That Trump's Advisers Shared on Signal - The Atlantic.How the Atlantic's Jeffrey Goldberg got added to the White House Signal group chat - The Guardian.From convenience to compromise: The rising threat of quishing scams - Fast Company.Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware - Hacker News.QR Code Statistics 2024: Trends & Use Cases - QR Code.Honey Garlic Scallop Kabobs - Heinz.With QR Code Redemption Set to Surge to 5.3 Billion in 2025, Cybercriminals will Increase Their Quishing Attacks - Wealth & Finance International.Chess Masters: The End Game - BBC iPlayer.Cribbage Classic - iOS app store.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Material - Email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!1Password Extended Access Management – Secure every sign-in for every app on every device.SUPPORT THE SHOW:Tell...

UK court blocks government's attempt to keep Apple encryption case secret. Port of Seattle says last year's breach affected 90,000 people. Verizon Call Filter App flaw exposes millions' call records. Hackers hit Australian pension funds. A global threat hiding in plain sight. Cybercriminals are yelling CAPTCH-ya! Meta retires U.S. fact-checking program. Our guest today is Rob Boyce from Accenture and he's discussing Advanced Persistent Teenagers (APTeens). And Google's AI Goes Under the Sea. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Rob Boyce, Global Lead for Cyber Resilience at Accenture, joins to discuss Advanced Persistent Teenagers (APTeens). Advanced Persistent Teenagers (APTeens) have rapidly become a significant enterprise risk by demonstrating capabilities once limited to organized ransomware groups, the threat from juvenile, homegrown threat-actors has risen steadily.  Selected Reading UK Effort to Keep Apple Encryption Fight Secret Blocked in Court (Bloomberg) Port of Seattle says ransomware breach impacts 90,000 people (BleepingComputer) Call Records of Millions Exposed by Verizon App Vulnerability (SecurityWeek) Cybercriminals are trying to loot Australian pension accounts in new campaign (The Record) NEPTUNE RAT Attacking Windows Users to Exfiltrate Passwords from 270+ Apps (Cyber Security News) Threat Actors Using Fake CAPTCHAs and CloudFlare Turnstile to Deliver LegionLoader (Cyber Security News)  Meta ends its fact-checking program in the US later today, replaces it with Community Notes (Techspot) Suspected Scattered Spider Hacker Pleads Guilty (SecurityWeek) This Alphabet Spin-off Brings “Fishal Recognition” to Aquaculture (IEEE Spectrum)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoying the content? Let us know your feedback!This week, we re going to explore what Fast Flux is, a sophisticated technique used by cybercriminals to evade detection and maintain their malicious activities. We'll break it down for those new to cybersecurity, delve into some technical details, and use analogies to make it all clear. So without further ado, grab your coffee, or keep your eyes on the road if you are driving, sit back, and let's get started!"HellCat Ransomware- https://therecord.media: Schneider Electric Hackers Accessed Internal Project Tracking Platform- https://www.infosecurity-magazine.com: Hellcat Ransomware Humiliation- https://attack.mitre.org: Dynamic Resolution: Fast Flux DNS- https://www.cisa.gov: Fasst Flux, A National Security ThreatBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Welcome to the 9News podcast. A snapshot of the latest stories from the 9News team including: superannuation targeted by cyber criminals, gangland figure released from jail and Kangaroos coach frustrated over player defections. The biggest news stories in less than 10 minutes delivered three times a day, with reports from the 9News team across Australia and overseas. Subscribe now to make it part of your daily news diet.See omnystudio.com/listener for privacy information.

1. What are some recent major cryptocurrency hacks, and how were they carried out?High-profile crypto breaches include Bybit (~$1.5B), Ronin Network ($625M), and Poly Network ($611M). Attackers exploited vulnerabilities via social engineering (notably in the Bybit case), smart contract flaws, phishing, and targeted blockchain bridges. State-backed groups are increasingly active in this space.2. How is malware evolving to bypass traditional antivirus tools, and what languages are favored by attackers?Cybercriminals are turning to languages like Rust and Go to create or recompile malware, exploiting blind spots in antivirus tools that rely on static signature detection. These languages also offer cross-platform capabilities and security features that can be weaponized.3. What happened to computer scientist Xiaofeng Wang, and why is it significant?The FBI raided Wang's home—he's a well-known Indiana University expert in cryptography and privacy. Since the raid, he's gone missing, with his online presence scrubbed. The secrecy surrounding his disappearance, combined with his sensitive field of work and Chinese background, raises serious questions.4. Why is AI firm Anthropic sweeping its offices for hidden devices?To combat rising concerns about espionage and IP theft, Anthropic is conducting physical security sweeps. This move reflects heightened tensions in the competitive AI landscape and the growing risk of surveillance and corporate spying in the industry.5. What API security change is Cloudflare making, and why does it matter?Cloudflare is enforcing HTTPS-only access for its API domain by shutting down HTTP ports entirely. This ensures encrypted communication, protecting API tokens and user data, and sets a strong precedent for better internet-wide encryption standards.6. How did Madison Square Garden use surveillance tech to ban a fan, and what does it imply?MSG banned a fan for life after facial recognition identified him as the creator of a CEO-critical T-shirt. This incident underscores the growing use of surveillance in private venues and its implications for free expression and long-term personal tracking.7. What data exposure was found in several dating apps?Researchers found ~1.5M unprotected, sensitive photos—some explicit—exposed by five dating apps from M.A.D Mobile. Images included private messages and content believed to be deleted. This highlights the dangers of poor data hygiene and storage practices.8. What security failure occurred at the UK's GCHQ involving an intern?A GCHQ intern copied top-secret data from a secure system to his personal phone, then transferred it to a home hard drive. This breach reveals critical weaknesses in internal controls, particularly around device security and data exfiltration prevent

Tune in to this bonus episode where Steve is speaking with Prof. Federico Varese, a professor of criminology and head of the sociology department at Nuffield College at Oxford University. Prof. Varese talks with Steve about the history of organised crime in Russia and around the world, the mafia's movement into cybercrime, and what the future may hold for these criminal organisations. Related Resources from ISF: ISF Podcast, Alexander Seger — How Global Law Enforcement Fight Cybercrime ISF Podcast, Inside the Mind of Today's Cybercriminals, Brett Johnson Part 1 ISF Podcast, The Life of a Cybercriminal, Brett Johnson Part 2 ISF Podcast - The Democratisation of Cybercrime Misha Glenny: The Evolution of Cybercrime with Misha Glenny, author of McMafia Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

The Dark Web Economy: Hacks for $10?Would you pay $10 for access to a corporate system? Because someone on the dark web already has. In this episode of Threat Talks, host Lieuwe Jan Koning talks to cybersecurity researcher Michele Campobasso about the business of cybercrime. From ransomware services to stolen credentials, the dark web is thriving. 

Tune in to this bonus episode where Steve is speaking with Prof. Federico Varese, a professor of criminology and head of the sociology department at Nuffield College at Oxford University. Prof. Varese talks with Steve about the history of organised crime in Russia and around the world, the mafia's movement into cybercrime, and what the future may hold for these criminal organisations. Related Resources from ISF: ISF Podcast, Alexander Seger — How Global Law Enforcement Fight Cybercrime ISF Podcast, Inside the Mind of Today's Cybercriminals, Brett Johnson Part 1 ISF Podcast, The Life of a Cybercriminal, Brett Johnson Part 2 ISF Podcast - The Democratisation of Cybercrime Misha Glenny: The Evolution of Cybercrime with Misha Glenny, author of McMafia Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

More than 300 cyber criminals arrested in Africa 23andMe bankruptcy puts millions of DNA records at risk Ukraine's state railway partially down after attack Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

In this cyber episode of the Insight Podcast, Lead Analyst Kailyn Johnson and Associate Analyst Denise Schipani, two experts from our Cyber desk, sit down to explore the increasing collaboration between state-sponsored cyber actors and cyber criminals, highlighting the implications for cybersecurity, business risks and attribution challenges. Denise explains the commercialisation of cybercriminal tools and how state actors leverage these resources to enhance their operations. The conversation also delves into the long-term effects of adopting cybercriminal tactics and the future trends in cyber cooperation.   If you enjoyed this special cyber episode, let us know by liking, subscribing or leaving a review! You can also contact us with any questions or feedback: info@sibylline.co.uk  Follow us on Instagram: https://www.instagram.com/sibyllineltd/?hl=en Follow us on LinkedIn: https://www.linkedin.com/company/sibylline-ltd/ Follow us on YouTube: https://www.youtube.com/@sibyllineTV For more information visit our website: www.sibylline.co.uk E-mail us at: info@sibylline.co.uk

In Episode S7E6 of the Brilliance Security Magazine Podcast, host Steven Bowcut sits down with Dmitri Vellikok, VP of Embedded Security at F-Secure, to discuss F-Secure's newly launched Scam Kill Chain Framework and explore critical insights into how cybercriminals select and exploit their targets.The Inspiration Behind Scam Kill ChainDmitri shares his 20+ year journey in cybersecurity, from his early fascination with web-based hacking to his extensive experience with F-Secure, highlighting what motivates him to continue tackling cyber threats. He explains the inspiration behind the Scam Kill Chain Framework, a groundbreaking approach designed to close gaps in existing cybersecurity strategies, providing better protection for both businesses and consumers.Exploring the Scam Kill Chain FrameworkThe discussion delves deep into each stage of the Scam Kill Chain, from initial reconnaissance and infrastructure setup to lateral movement and eventual monetization. Dmitri emphasizes that timely intervention, especially during initial contact attempts by scammers, is critical for effective defense.Dispelling Misconceptions About Cyber ScamsListeners gain valuable insights into common misconceptions around scams, understanding the psychology of cybercriminals, and why attacks, although widespread, aren't typically personal but rather opportunistic and scaled. Dmitri also addresses emerging cybersecurity threats associated with connected IoT devices and AI-based systems, emphasizing the need for updated software and proactive threat detection.AI's Role in Threat DetectionThe role of artificial intelligence and machine learning in identifying and preventing cyber threats within the Scam Kill Chain Framework is explored, providing practical guidance for security professionals interested in integrating this approach into their practices.Future Cybersecurity Challenges and PreparationFinally, Dmitri shares forward-looking perspectives on evolving threats and how F-Secure is proactively preparing to stay ahead of increasingly sophisticated cybercriminals. Don't miss this episode packed with actionable insights to enhance your cybersecurity strategies.

Cybercriminals may be lurking in your HVAC system or elevator controls, looking to exploit vulnerabilities in your building systems. Here's what you can do about it.

An Apache Tomcat vulnerability is under active exploitation. CISA rehires workers ousted by DOGE. Lawmakers look to protect rural water systems from cyber threats. Western Alliance Bank notifies 22,000 individuals of a data breach. A new cyberattack method called BitM allows hackers to bypass multi-factor authentication.  A Chinese cyberespionage group targets Central European diplomats. A new cyberattack uses ChatGPT infrastructure to target the financial sector and U.S. government agencies. Australia sues a major securities firm over inadequate protection of customer data. Our Threat Vector segment examines how unifying security capabilities strengthens cyber resilience. Cybercriminals say, “Get me Edward Snowden on the line!” Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment Security platformization is transforming the way organizations defend against cyber threats. In this episode of Threat Vector, host David Moulton speaks with Carlos Rivera, Senior Analyst at Forrester, about how unifying security capabilities strengthens cyber resilience. To listen to the full discussion, please check out the episode here or on your favorite podcast app, and tune in to new episodes of Threat Vector by Palo Alto Networks every Thursday.  Selected Reading Critical Apache Tomcat RCE Vulnerability Exploited in Just 30hrs of Public Exploit (Cyber Security News) CISA Rehires Fired Employees, Immediately Puts Them on Leave (GovInfo Security) Western Alliance Bank Discloses Data Breach Linked to Cleo Hack (SecurityWeek) New BitM Attack Lets Hackers Steal User Sessions Within Seconds (Cyber Security News) US Lawmakers Reintroduce Bill to Boost Rural Water Cybersecurity  (SecurityWeek) Chinese Hackers Target European Diplomats with Malware (GovInfo Security) Hackers Exploit ChatGPT with CVE-2024-27564, 10,000+ Attacks in a Week (Hackread) Australia Sues FIIG Investment Firm in Cyber 'Wake-Up Call' (GovInfo Security) Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Extortionists are skipping email and sending official-looking ransom letters through the U.S. Postal Service. Here's the scoop.

Tonight on Veritas... our special guest is Ricoh Danielson. A U.S. Army combat veteran who served nine rotations in Iraq and Afghanistan. A cybersecurity expert who has fought digital battles just as intense as those on the front lines. We live in an era where wars are no longer just fought with bombs and bullets. Today's battleground is digital. Cybercriminals operate like shadow armies, launching attacks that can cripple entire industries, disrupt governments, and destroy lives - all with a few keystrokes. Ricoh Danielson has spent years standing between these invisible threats and the world's most vulnerable targets. From Fortune 500 companies to hospitals, government agencies to everyday people - he has seen firsthand how cyber warfare is evolving. The ransomware industry alone is worth billions, and the criminals behind it are getting smarter, faster, and more ruthless. What happens when artificial intelligence fuels cybercrime? When disinformation becomes indistinguishable from reality? And when our most critical infrastructure - power grids, hospitals, financial systems - becomes the next target? How did a soldier become a warrior on the digital frontier? What dangers lurk in the shadows of the internet? And most importantly - what can you do to protect yourself before it's too late? This is the war we can't afford to lose.

#SecurityConfidential #DarkRhiinoSecurityFormer US Most Wanted turned Good Guy, Brett Johnson, also known as “The Original Internet Godfather,” was a key figure in the cybercrime world for over 20 years, founding ShadowCrew—the first organized cybercrime community. Brett was Convicted of 39 felonies and placed on the U.S. Most Wanted List, his expertise in identity theft, fraud, and hacking was unmatched—until he turned his life around. Now a leading cybersecurity consultant and speaker, Brett uses his past to educate companies, law enforcement, and individuals on how to protect themselves from the criminals he once worked alongside. His journey from cybercriminal to cybersecurity expert has been featured on CNN, NBC, Vice, Wired, and more. 00:00 Intro01:32 Our Guest05:05 “I call myself a criminal”18:40 I like Ebay a LOT24:02 Victims will be judged38:00 What are companies getting wrong?39:58 Why don't we see employers educating employees?55:46 Connect with Brett----------------------------------------------------------------To learn more about Brett visit https://www.anglerphish.com/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com

#SecurityConfidential #DarkRhiinoSecurityFormer US Most Wanted turned Good Guy, Brett Johnson, also known as “The Original Internet Godfather,” was a key figure in the cybercrime world for over 20 years, founding ShadowCrew—the first organized cybercrime community. Brett was Convicted of 39 felonies and placed on the U.S. Most Wanted List, his expertise in identity theft, fraud, and hacking was unmatched—until he turned his life around. Now a leading cybersecurity consultant and speaker, Brett uses his past to educate companies, law enforcement, and individuals on how to protect themselves from the criminals he once worked alongside. His journey from cybercriminal to cybersecurity expert has been featured on CNN, NBC, Vice, Wired, and more. 00:00 Intro01:32 Our Guest05:05 “I call myself a criminal”18:40 I like Ebay a LOT24:02 Victims will be judged38:00 What are companies getting wrong?39:58 Why don't we see employers educating employees?55:46 Connect with Brett----------------------------------------------------------------------To learn more about Brett visit https://www.anglerphish.com/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com----------------------------------------------------------------------SOCIAL MEDIA:Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!Instagram: @securityconfidential and @DarkrhiinosecurityFacebook: @Dark-Rhiino-Security-IncTwitter: @darkrhiinosecLinkedIn: @dark-rhiino-securityYoutube: @DarkRhiinoSecurity ​

Recorded during ThreatLocker Zero Trust World 2025 in Orlando, this episode of the On Location series features an engaging conversation with Alex Benton, Special Projects at ThreatLocker. Benton shares insights from his Metasploit lab, a beginner-friendly session that demonstrates the power of tools like Metasploit and Nmap in cybersecurity. The lab's objective is clear: to illustrate how easily unpatched systems can be exploited and reinforce the critical need for consistent patch management.Understanding the Metasploit LabBenton explains how participants in the lab learned to execute a hack manually before leveraging Metasploit's streamlined capabilities. The manual process involves identifying vulnerable machines, gathering IP addresses, examining open ports, and assessing software vulnerabilities. With Metasploit, these steps become as simple as selecting an exploit and running it, underscoring the tool's efficiency.A key demonstration in the lab involved Eternal Blue, the exploit associated with the WannaCry virus in 2017. Benton emphasizes how Metasploit simplifies this complex attack, highlighting the importance of maintaining patched systems to prevent similar vulnerabilities.The Real-World Implications of Unpatched SystemsThe discussion dives into the risks posed by cybercriminals who use tools like Metasploit to automate attacks. Benton points out that malicious actors often analyze patch notes to identify potential vulnerabilities and create scripts to exploit unpatched systems quickly. The conversation touches on the dark web's role in providing detailed information about exposed systems, making it even easier for attackers to target vulnerable machines.Lessons from WannaCryThe episode revisits the WannaCry incident, where a vulnerability in Windows systems led to a global cybersecurity crisis. Benton recounts how outdated systems and the absence of a strong security culture created an environment ripe for exploitation. He also shares the story of cybersecurity researchers, including Marcus Hutchins, who played pivotal roles in mitigating the virus's impact by identifying and activating its kill switch.Tune in to Learn MoreThis episode offers valuable insights into cybersecurity practices, the dangers of unpatched environments, and the tools that both ethical hackers and cybercriminals use. Listen in to gain a deeper understanding of how to secure your systems and why proactive security measures are more crucial than ever.Guest: Alex Benton, Special Projects at ThreatLocker | On LinkedIn: https://www.linkedin.com/in/alex-benton-b805065/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

AI reshaping society — the way we live and work. However, it is also supercharging illicit activity from deepfakes to automated fraud, large-scale cyberattacks to child exploitation. In this episode Ari sits down with Hany Farid, UC Berkeley professor and leading expert on deepfakes and AI-driven deception, to unpack how criminals are exploiting artificial intelligence to manipulate reality, commit crimes, and challenge global security. Hany kicks off the episode with a jaw-dropping live deepfake demonstration, impersonating Ari in real time — a stark warning about how AI-generated identities can be used to deceive businesses, governments, and individuals. From fraudsters using deepfakes to bypass KYC and infiltrate financial institutions, to nation-state actors leveraging AI to spread disinformation and wage cyber warfare, the conversation explores the far-reaching implications of this rapidly evolving technology.Ari and Hany also discuss real-world examples of AI-driven crime, including: Synthetic identity fraud and deepfake scams targeting banks and crypto platforms Cybercriminals using AI-powered phishing and social engineering attacks The role of AI in North Korea's cybercrime operations How deepfakes could be weaponized for political and national security threats The ethical and legal challenges surrounding AI-generated contentDespite the risks, there is hope. Ari and Hany dive into the critical need for AI-powered defenses, regulatory frameworks, and public-private collaboration to combat these emerging threats. They discuss the importance of blockchain intelligence, deepfake detection tools, and cybersecurity innovations in staying ahead of bad actors who are weaponizing AI. This is one of the most eye-opening TRM Talks episodes to date — don't miss this deep dive into the intersection of AI, crime, and security.Today's GuestHany Farid, Professor, University of California, BerkeleyHost: Ari Redbord, Global Head of Policy, TRM Labs

AI-generated videos are becoming shockingly realistic, and the latest breakthrough—OmniHuman 1 by ByteDance—could change everything. This new model creates lifelike video from a single image, raising serious concerns for fraud prevention, KYC (Know Your Customer) processes, and identity verification.In this episode, I sit down with AI expert Konstantin to discuss:✅ What is OmniHuman 1 and why is it so revolutionary?✅ How fraudsters can use AI to bypass KYC security checks.✅ The dangers of real-time deepfake technology in the future.✅ How businesses can protect themselves from AI-generated fraud.

Mary Hamilton is a cyber security expert and the CEO of Mad Data. She works with companies from coast to coast to protect their data. Apple warns iPhone users to update devices — security breach means cyber criminals can control phones

With financial fraud on the rise, protecting your personal and banking information has never been more important. A recent JD Power study found that nearly 29% of bank account holders experienced fraud in some form over a 12-month period.To help us navigate the best security practices, Aaron Caid shares expert advice on how to safeguard your accounts from cybercriminals.Aaron Caid is the Chief Marketing Officer at Christian Community Credit Union, an underwriter of Faith & Finance. 1. Strengthen Your Password SecurityA strong, unique password is your first line of defense against fraud. Here's how to create one that's tough to crack:Use a mix of uppercase and lowercase letters, numbers, and special characters.Avoid using common words or easily guessed phrases (e.g., "password123" or your birthdate).Consider using a password manager to generate and securely store complex passwords.In addition to a strong password, enable two-factor authentication (2FA) for your financial apps. This extra layer of security requires a one-time passcode (usually sent via text or an authentication app) to verify your identity when logging in or completing transactions.Pro Tip: Turn off text message previews on your phone. If a scammer steals your phone, they could see your passcode on your lock screen and gain access to your accounts.2. Monitor Your Accounts & Stay Alert for FraudVigilance is key when it comes to detecting fraudulent activity early.Regularly check your bank accounts for unauthorized transactions.Review your credit reports through the three major bureaus—Equifax, Experian, and TransUnion—by visiting AnnualCreditReport.com.Sign up for transaction alerts from your bank or credit union to get notified of suspicious activity.Fraudsters also use phishing scams—fake emails, texts, or calls—to trick people into giving away personal information. These scams often create a sense of urgency to pressure you into acting quickly.Never share your:Username or passwordOne-time passcodesAccount or personal information over the phone, email, chat, or textHackers can spoof phone numbers and email addresses to make messages appear legitimate, even impersonating banks and credit unions. If you're ever unsure, call your financial institution directly to verify any suspicious messages.3. Use Secure Wi-Fi & Protect Your Personal InformationWe all love a good coffee shop work session, but public Wi-Fi networks are a big security risk when accessing sensitive financial accounts. Hackers can intercept your data and steal your login credentials.Always use a secure, password-protected Wi-Fi network when banking online.Use a Virtual Private Network (VPN) for added encryption and security.Also, ensure you don't let identity thieves find your personal information in the trash!Shred documents containing sensitive details like account numbers, social security numbers, or other financial information. Shredders cost as little as $35—a small price to pay for big security.Stay Secure & Bank with PurposeAs fraud prevention becomes increasingly important, many Christians are seeking banking solutions that align with their values. Christian Community Credit Union (CCCU) offers a Harvest Bundle—a unique checking and savings account designed to help members grow their savings while supporting missions worldwide.4% APY on the first $5,000 in Harvest Checking5% APY on the first $5,000 in Harvest Savings1.5% cash back on purchases with the Cash Rewards Visa CardA portion of proceeds supports missions, including gospel outreach, protecting vulnerable children, and fighting human trafficking. For those looking to align their banking with their faith, the Harvest Bundle from CCCU offers competitive rates and kingdom impact—a win-win for wise financial stewardship.If you're looking for a banking partner that reflects your faith and values, consider joining Christian Community Credit Union (CCCU).Ready to bank with purpose? Visit JoinChristianCommunity.com today!On Today's Program, Rob Answers Listener Questions:Can you provide a list of the faith-based investments that I can invest in? I'm trying to invest differently with my 401(k) funds.  I have an old work comp claim that was incorrectly billed, causing Medicare to deny payment. What happened, and how can I prevent this in the future? Also, if I submit a claim to the work comp company and they only pay a portion, am I responsible for the remaining balance? I own a free-and-clear home in Davenport. There is no mortgage anymore, and I would like to transfer 50% of ownership to a family member. Would I have to pay any taxes, or would my family members have to pay them because of this transfer? I'm retired, receiving $70,000 annually from disability and SSDI. I have $50,000 in a TSP account and $9,000 in debt that I'm paying off. I'm currently renting for $1,500 per month. Should I use my VA loan to purchase a home or just continue renting? I have a Roth IRA that I formed from a 403(b) annuity a couple of years ago. I'm 73 and will be 74 in a couple of months. At what point does the RMD apply to my Roth? Also, I'm retired and have Social Security and a retirement pension. I occasionally make profits from a book I publish and workshops I do. Can I make contributions to my Roth from those profits?Resources Mentioned:Faithful Steward: FaithFi's New Quarterly MagazineList of Faith-Based Investing FundsCenters for Medicare & Medicaid Services (CMS.gov)AnnualCreditReport.comLook At The Sparrows: A 21-Day Devotional on Financial Fear and AnxietyRich Toward God: A Study on the Parable of the Rich FoolFind a Certified Kingdom Advisor (CKA) or Certified Christian Financial Counselor (CertCFC)FaithFi App Remember, you can call in to ask your questions most days at (800) 525-7000. Faith & Finance is also available on the Moody Radio Network and American Family Radio. Visit our website at FaithFi.com where you can join the FaithFi Community and give as we expand our outreach.

DOGE is hacking America This Ad-Tech company is powering surveillance of US military personnel Apple and Google take down malicious mobile apps from their app stores Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines

In our news wrap Wednesday, President Trump says the prisoner exchange with Russia that included American Mark Fogel could be an 'important part' in ending the war in Ukraine, eight government watchdogs are suing the president for abruptly firing them last month and the Kennedy Center's new board of trustees made Trump its chairman and fired the institution's famed president Deborah Rutter. PBS News is supported by - https://www.pbs.org/newshour/about/funders

In our news wrap Wednesday, President Trump says the prisoner exchange with Russia that included American Mark Fogel could be an 'important part' in ending the war in Ukraine, eight government watchdogs are suing the president for abruptly firing them last month and the Kennedy Center's new board of trustees made Trump its chairman and fired the institution's famed president Deborah Rutter. PBS News is supported by - https://www.pbs.org/newshour/about/funders

Cybercriminals are becoming increasingly adept at phishing, with a significant rise in successful attacks targeting employees. Last year, 8.4 out of every 1,000 users clicked on a phishing link—nearly triple the rate from the previous year. This isn't just about suspicious emails; malicious links are prevalent across the internet, and attackers are leveraging generative AI to create increasingly convincing imitations of legitimate business communications and websites. While you've likely been warned about fake package delivery notices and bank alerts, it's crucial to understand that the most successful phishing attacks often impersonate cloud or other technology vendors—the very tools you rely on every day at work. These tech-related phishing links were clicked 27% of the time last year, according to Netskope's latest Cloud and Threat Report, significantly higher than fake bank or social media links. Don't be fooled by sophisticated-looking emails or websites, especially those related to technology services. Always consider the context: Are you expecting this communication? Does it align with your current work projects? And when in doubt, contact your IT or technical support team directly to verify the legitimacy of any suspicious communication. The 60-second "Security Nudge" is brought to you by CybSafe, developers of the Human Risk Management Platform. Learn more at https://cybsafe.com

Imagine waking up to thousands of customers scammed—using your brand's name. The website looked real. The emails were flawless. No one saw it coming. This is the new reality of AI-powered fraud. Cybercriminals don't need weeks to set up a scam anymore—they need just 4 hours. Rod Schultz, CEO of Bolster AI, exposes the rise of automated phishing, brand impersonation, and large-scale fraud, plus the strategies businesses need to stop attacks before they escalate. Rod: www.linkedin.com/in/rodschultz Bolster AI: www.bolster.ai Jon: www.linkedin.com/in/jon-mclachlan Sasha: www.linkedin.com/in/aliaksandr-sinkevich YSecurity: www.ysecurity.io

Chaos and security concerns continue in Washington. Spanish authorities arrest a man suspected of hacking NATO, the UN, and the US Army. A major U.S. hiring platform exposes millions of resumes. Another British engineering firm suffers a cyberattack. Cisco patches multiple vulnerabilities. Cybercriminals exploit SVG files in phishing attacks. SparkCat SDK targets cryptocurrency via Android and iOS apps. CISA directs federal agencies to patch a high-severity Linux kernel flaw. Thailand leaves scamming syndicates in the dark. Positive trends in the fight against ransomware. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discusses the evolution of security data lakes and the "bring your own" model for security tools. Don't eff with the FCC. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, guest Cliff Crosland, CEO and Co-founder at Scanner.dev, discusses the evolution of security data lakes and the "bring your own" model for security tools. For some additional details, check out their blog on “Security Data Lakes: A New Tool for Threat Hunting, Detection & Response, and GenAI-Powered Analysis.” Selected Reading Musk's DOGE agents access sensitive personnel data, alarming security officials (Washington Post) Union groups sue Treasury over giving DOGE access to sensitive data (The Record) Hacker Who Targeted NATO, US Army Arrested in Spain (SecurityWeek) Hiring platform serves users raw with 5.4 million CVs exposed (Cybernews) IMI becomes the latest British engineering firm to be hacked (TechCrunch) Cisco Patches Critical Vulnerabilities in Enterprise Security Product (SecurityWeek) Scalable Vector Graphics files pose a novel phishing threat (Sophos News) Crypto-stealing apps found in Apple App Store for the first time (Bleeping Computer) Ransomware payments dropped in 2024 as victims refused to pay hackers (TechCrunch) CISA orders agencies to patch Linux kernel bug exploited in attacks (Bleeping Computer) Thailand cuts power supply to Myanmar scam hubs (The Record) Robocallers posing as FCC fraud prevention team call FCC staff (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of Cybersecurity Today with Jim Love, explore the growing concerns surrounding DeepSeek AI's censorship and lack of guardrails, the rise of 'Shadow AI' in workplaces, and how cybercriminals exploit major cloud providers like AWS and Azure. Learn about a phishing scam targeting Microsoft single sign-on that's been undetected for six years, and get insights into the critical measures needed to safeguard against these evolving threats. 00:00 Introduction to Cybersecurity Today 00:25 DeepSeek AI: Censorship and Security Concerns 02:56 Shadow AI: The Rise of Unauthorized Generative Tools 05:05 Cloud Providers Exploited by Cybercriminals 07:31 Phishing Scams Targeting Microsoft Single Sign-On 09:03 Conclusion and Listener Engagement

Hackers linked to China and Iran are using AI to enhance cyberattacks. An AI-powered messaging tool for Slack and Discord is reportedly leaking user data. British engineering giant Smiths Group suffers a cyberattack. Rockwell Automation details critical and high-severity vulnerabilities. Researchers warn of new side-channel vulnerabilities in Apple CPUs. The Hellcat ransomware gang looks to humiliate its victims. SparkRAT targets macOS users and government entities. Flashpoint looks at FleshStealer malware. Cybercriminals leverage trust in government websites. Our guest is Ivan Novikov, CEO at Wallarm, sharing insights on the recent United States ruling that bars certain Chinese and Russian connected car tech from being imported into the US. QR code shenanigans.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Ivan Novikov, CEO at Wallarm, sharing insights on the recent United States ruling that bars certain Chinese and Russian connected car tech from being imported into the US and its impact. Selected Reading Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster Cyberattacks (Wall Street Journal) Update: Cybercriminals still not fully on board the AI train (yet) (Sophos) Unprotected AI service streams private Slack messages for 30 bucks a month (Cybernews) Engineering giant Smiths Group discloses security breach (Bleeping Computer) Rockwell Patches Critical, High-Severity Vulnerabilities in Several Products (SecurityWeek) New Apple CPU side-channel attacks steal data from browsers (Bleeping Computer) SLAP (Predictors Fail) Meow-ware gang: the cyber cats who humiliate their prey (Cybernews) Hackers Attacking Windows, macOS, and Linux systems With SparkRAT (GB Hackers) Unmasking FleshStealer: A New Infostealer Threat in 2025 (Flashpoint) Threat Actors Exploit Government Websites for Phishing (Infosecurity Magazine) Christian Walther: "@gvy_dvpont Got me thinking… c…"  (Mastodon) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

If you're like most people, you've been experimenting with generative AI tools like ChatGPT, X's Grok, and Google Gemini to see how they can make your job easier. So have cybercriminals – and new figures suggest that they have become incredibly successful at it, with Sumsub's Identity Fraud Report 2024 finding that AI-generated deepfake fraud now accounts for 7% of all fraud – up from basically zero a little over a year ago. Experts expect this to increase further during 2025 as AI tools get even better at generating convincing images, videos, and even conversational chatbots that sound exactly like you – or your boss. Cybercriminals will try anything to get one up on you – even enlisting people as ‘mules' to sell credentials and work around fraud detection systems. Tools to detect this kind of fraud are improving, but the best thing you can do to protect yourself and your company from deepfake fraud is to stay skeptical of everything you're told online – and to not do anything you're asked to until you have independently verified it. The 60-second "Security Nudge" is brought to you by CybSafe, developers of the Human Risk Management Platform. Learn more at https://cybsafe.com

In episode 117 of Cybersecurity Where You Are, Sean Atkinson reflects on the 2025 cybersecurity predictions of 12 experts at the Center for Internet Security® (CIS®), as shared on the CIS website.Here are some highlights from our episode:01:40. Artificial intelligence (AI) as a means for crafting higher quality phishing emails04:24. Zero trust with identity as a catalyst in 202507:55. A governance focus for K-12 school districts12:37. Secure by design as part of the DNA of IT departments14:22. The need for continuous patching with Internet of Things (IoT) devices15:27. Training and adherence to basic cybersecurity practices as ongoing emphases17:15. Consolidation from an operations perspective20:40. The integration of AI into business operations24:07. The socio-political impacts of emerging technologies on multidimensional threats26:46. Growing attention on cloud security and data location29:13. Cybercriminal markets and Phishing as a Service models32:16. The benefit of AI to organizationsResourcesEpisode 75: How GenAI Continues to Reshape CybersecurityAn Examination of How Cyber Threat Actors Can Leverage Generative AI PlatformsHow to Deter Multidimensional Threats in the Connected WorldEpisode 116: AI-Enhanced Ransomware and Defending Against ItEpisode 44: A Zero Trust Framework Knows No EndEpisode 107: Continuous Improvement via Secure by DesignEpisode 76: The Role of Thought Leadership in CybersecurityEpisode 63: Building Capability and Integration with SBOMsEpisode 95: AI Augmentation and Its Impact on Cyber DefenseWhy Employee Cybersecurity Awareness Training Is ImportantEpisode 110: How Security Culture and Corporate Culture MeshEpisode 99: How Cyber-Informed Engineering Builds ResilienceEpisode 87: Marking 11 Years as a Verizon DBIR ContributorIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Most people think cybersecurity training is about knowledge, but what if motivation is the real key to success? David Shipley, CEO and Field CISO at Beauceron Security, shares how psychology and neuroscience reshape how we approach security awareness, reducing risks in ways tech alone never could. In this episode, Ron and David examine why people, not technology, are at the core of effective cybersecurity. David teaches us about the SCARF model, warns us about the dangers of overconfidence in training, and explains how gamification can drive meaningful behavior change when it comes to cybersecurity awareness and risk reduction.    Impactful Moments: 00:00 – Introduction 02:00 – David Shipley's journey from journalist to cybersecurity leader 06:10 – Why motivation outshines knowledge in security training 08:20 – The Dunning-Kruger effect: Overconfidence in cybersecurity 11:17 – How overreliance on tech increases click rates 17:03 – Cybercriminals' evolving tactics and emotional manipulation 25:00 – Gamification in cybersecurity: Changing security behaviors 30:56 – Using the SCARF model to enhance security culture 39:45 – Emotional intelligence as a defense against AI threats Links: Connect with our guest, David Shipley: https://www.linkedin.com/in/dbshipley/ Learn more about Beauceron Security here: www.beauceronsecurity.com/partner   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Adam Khan, VP of Security Operations at Barracuda, joins to discuss his team's work on "The evolving use of QR codes in phishing attacks." Cybercriminals are evolving phishing tactics by embedding QR codes, or “quishing,” into PDF documents attached to emails, tricking recipients into scanning them to access malicious websites that steal credentials. Barracuda researchers found over half a million such emails from June to September 2024, with most impersonating brands like Microsoft, DocuSign, and Adobe to exploit urgency and trust. To counter these attacks, businesses should deploy multilayered email security, use AI-powered detection tools, educate employees on QR code risks, and enable multifactor authentication to safeguard accounts. The research can be found here: Threat Spotlight: The evolving use of QR codes in phishing attacks Learn more about your ad choices. Visit megaphone.fm/adchoices

Matt and Brett talk about many scams including chargebacks911 and Frank Abagnale. Brett's Channel https://www.youtube.com/@UCu9abuJiEXwNPecsZGqHXpQ Follow me on all socials! Instagram: https://www.instagram.com/insidetruecrime/ TikTok: https://www.tiktok.com/@mattcoxtruecrime Do you want to be a guest? Send me an email here: insidetruecrime@gmail.com Do you want a custom "con man" painting to shown up at your doorstep every month? Subscribe to my Patreon: https: //www.patreon.com/insidetruecrime Do you want a custom painting done by me? Check out my Etsy Store: https://www.etsy.com/shop/coxpopart Listen to my True Crime Podcasts anywhere: https://anchor.fm/mattcox Check out my true crime books! Shark in the Housing Pool: https://www.amazon.com/dp/B0851KBYCF Bent: https://www.amazon.com/dp/B0BV4GC7TM It's Insanity: https://www.amazon.com/dp/B08KFYXKK8 Devil Exposed: https://www.amazon.com/dp/B08TH1WT5G Devil Exposed (The Abridgment): https://www.amazon.com/dp/1070682438 The Program: https://www.amazon.com/dp/B0858W4G3K Bailout: https://www.barnesandnoble.com/w/bailout-matthew-cox/1142275402 Dude, Where's My Hand-Grenade?: https://www.amazon.com/dp/B0BXNFHBDF/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1678623676&sr=1-1 Checkout my disturbingly twisted satiric novel! Stranger Danger: https://www.amazon.com/dp/B0BSWQP3WX If you would like to support me directly, I accept donations here: Paypal: https://www.paypal.me/MattCox69 Cashapp: $coxcon69 --- Support this podcast: https://podcasters.spotify.com/pod/show/mattcox/support

We return to a conversation we had over the summer with Unit 221B's Allison Nixon about young cybercriminals, radicalization, and the search for self in the virtual world.

CISA urges senior government officials to enhance mobile device security. Russian state-sponsored hacker group Sandworm is targeting Ukrainian soldiers. A website bug in GPS tracking firm Hapn is exposing customer information. Multiple critical vulnerabilities have been identified in Sharp branded routers. Ireland's Data Protection Commission fines Meta $263 million for alleged GDPR violations. Google releases an urgent Chrome security update to address four high-rated vulnerabilities. Cyberattacks on India-based organizations surged 92% year-over-year. Cybercriminals target Google Calendar to launch phishing attacks. Fortinet patches a critical vulnerability in FortiWLM. Juniper Networks warns of a botnet infection targeting routers with default credentials. Our guest is Jeff Krull, principal and practice leader of Baker Tilly's cybersecurity practice, with advice on using employee access controls to limit internal cyber threats. When is “undesirable” a badge of honor? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Jeff Krull, principal and practice leader of Baker Tilly's cybersecurity practice, talking about using employee access controls to limit internal cyber threats. Selected Reading CISA urges senior government officials to lock down mobile devices amid ongoing Salt Typhoon breach (The Record) Sandworm-linked hackers target users of Ukraine's military app in new spying campaign (The Record) Tracker firm Hapn spilling names of thousands of GPS tracking customers (TechCrunch) Multiple security flaws reported in SHARP routers (Beyond Machines) Meta fined $263 million for alleged GDPR violations that led to data breach (The Record) Update Google Chrome Now—4 New Windows, Mac, Linux Security Warnings (Forbes) India Sees Surge in Banking, Utilities API Attacks (Dark Reading) Google Calendar Phishing Scam Targets Users with Malicious Invites (Hackread) Fortinet Patches Critical FortiWLM Vulnerability (SecurityWeek) Juniper Warns of Mirai Botnet Targeting Session Smart Routers (SecurityWeek) Recorded Future CEO Calls Russia's “Undesirable” Listing a “Compliment” (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Kraft Heinz mac & cheese under fire… Delta and Amazon hacked… Cybercriminal indicted… Water recall… SC Monkeys… SC Emus… Mountain Lions In N Texas… Conan hosting The Oscars… CMA's this week… Miss Universe 2024 is Miss Denmark… Tyson/Paul fight… Trump at UFC… Quick College Football recap… Email: Chewingthefat@theblaze.com Subscribe to Blaze TV www.blazetv.com/jeffy Who Died Today: Rita Carrey 68 / Bela Karolyi 82 / Vladimar Shhklyarov 39 / Princess Yuriko 101… Spirit Airlines files for bankruptcy… Advance Auto Parts closing stores… Betty White Stamp next year… Joke of The Day… Learn more about your ad choices. Visit megaphone.fm/adchoices