Podcasts about ddos

Cyber attack disrupting service by overloading the provider of the service

  • 1,105PODCASTS
  • 2,583EPISODES
  • 44mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jan 13, 2023LATEST
ddos

POPULARITY

20152016201720182019202020212022

Categories



Best podcasts about ddos

Show all podcasts related to ddos

Latest podcast episodes about ddos

The CyberWire
Updates on the hybrid war, and on the incidents at the Royal Mail, the FAA, and the Guardian. Royal ransomware exploits Citrix vulnerability. CISA's annual report is out.

The CyberWire

Play Episode Listen Later Jan 13, 2023 28:35


GitHub disables NoName accounts. Russia dismisses reports of cyberespionage attempts against US National Laboratories. The Royal Mail cyber incident is now identified as ransomware attack. An update on the NOTAM issues that interfered with civil aviation. A Citrix vulnerability is exploited by ransomware group. CISA publishes its annual report. Bryan Vorndran of the FBI Cyber Division calibrates expectations with regard to the IC3. Our guest is Kayne McGladrey with insights on 2023 from the IEEE. And Positive Hack Days and the growing isolation of Russia's cyber sector. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/8 Selected reading.  Impact of Technology in 2023 and Beyond (IEEE) Ukraine at D+323: Fighting in Soledar, and industrial mobilization. (CyberWire) GitHub disables pro-Russian hacktivist DDoS pages (CyberScoop) Russia criticises Reuters story on Russian hackers targeting U.S. nuclear scientists (Reuters) Royal Mail cyber incident now identified as ransomware attack. (CyberWire) Not a cyberattack, but an IT failure. (CyberWire) The Guardian breach and news media as targets. (CyberWire) Citrix vulnerability exploited by ransomware group. (CyberWire) 2022 Year In Review (CISA) Russia's largest hacking conference reflects isolated cyber ecosystem (Brookings)

Risky Business
Risky Business #690 -- 2023 will be a rough year for critical online services

Risky Business

Play Episode Listen Later Jan 11, 2023 Very Popular


On this week's show Patrick Gray and Adam Boileau discuss the news we missed while on break. Because it's the first show of the year, we split the discussion into themes: Attacks against critical online services like Okta, CircleCI, Slack and Lastpass will increase in volume All the latest global intrigue, from NSO being noped by the US Supreme Court to DDoS attacks in Serbia, Turla's latest campaign, supply chain attacks against Ukraine, why Russia has been more active than we realised and much more A ransomware wrap, a discussion about the rise of data extortion and why it's unlikely to remain a huge problem Why automotive security research will actually be interesting this year PLUS: A bunch of random news! This week's show is brought to you by Trail of Bits. Dan Guido is this week's sponsor guest and he joins us to talk about something they've developed – a zero knowledge proof of exploit technique. Very interesting stuff! Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen) | Ars Technica Devs urged to rotate secrets after CircleCI suffers security breach | The Daily Swig LastPass: Hackers accessed and copied customers' password vaults - The Record from Recorded Future News GitHub incident allowed attacker to copy Okta's source code - The Record from Recorded Future News Supreme Court dismisses spyware company NSO Group's claim of immunity - The Record from Recorded Future News Serbian government reports ‘massive DDoS attack' amid heightened tensions in Balkans - The Record from Recorded Future News Iran's support of Russia draws attention of pro-Ukraine hackers - The Record from Recorded Future News Pro-Ukraine hackers leak Russian data in hopes someone will make sense of it - The Record from Recorded Future News CISA researchers: Russia's Fancy Bear infiltrated US satellite network Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters NSA cyber director warns of Russian digital assaults on global energy sector - CyberScoop Notorious Russian hacking group appears to resurface with fresh cyberattacks on Ukraine Military operations software in Ukraine was hit by Russian hackers - The Record from Recorded Future News New supply chain attack targeted Ukrainian government networks - The Record from Recorded Future News Moldovaʼs government hit by flood of phishing attacks - The Record from Recorded Future News Kremlin-backed hackers targeted a “large” petroleum refinery in a NATO nation | Ars Technica Cyber Command conducted offensive operations to protect midterm elections - The Record from Recorded Future News Guardian newspaper hit by suspected ransomware attack, staff told not to come to office - The Record from Recorded Future News British company that helps make semiconductors hit by cyber incident - The Record from Recorded Future News Port of Lisbon website still down as LockBit gang claims cyberattack - The Record from Recorded Future News SickKids: 80% of hospital priority systems back online after LockBit ransomware attack - The Record from Recorded Future News Canada's largest children's hospital struggles to recover from pre-Christmas ransomware attack - The Record from Recorded Future News Canadian copper mine suffers ransomware attack, shuts down mills - The Record from Recorded Future News Los Angeles housing authority says cyberattack disrupting systems - The Record from Recorded Future News The Guardian contacts data protection regulator after suspected ransomware incident - The Record from Recorded Future News Australian fire service operating 85 stations shuts down network after cyberattack - The Record from Recorded Future News San Francisco BART investigating ransomware attack - The Record from Recorded Future News Hackers leak sensitive files following attack on San Francisco transit police New U.S. cyber strategy will require critical infrastructure companies to protect against hacks - The Washington Post Car hackers discover vulnerabilities that could let them hijack millions of vehicles Compromised dispatch system helped move taxis to front of the line | Ars Technica Researcher Deepfakes His Voice, Uses AI to Demand Refund From Wells Fargo Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots Cybercriminals' latest grift: powdered milk and sugar by the truckload - The Record from Recorded Future News This app will self-destruct: How Belarusian hackers created an alternative Telegram for activists - The Record from Recorded Future News Chinese researchers claim to have broken RSA with a quantum computer. Experts aren't so sure. - The Record from Recorded Future News Key bitcoin developer calls on FBI to recover $3.6M in digital coin | Ars Technica Chick-fil-A acknowledges customer account abuse but denies compromise of internal systems - The Record from Recorded Future News Microsoft ends Windows 7 security updates | TechCrunch

Cyber Security Today
Cyber Security Today, Jan 11, 2023 - Debate on ransomware attacks dropping continues, beware of long-hidden backdoors and lots of patches released

Cyber Security Today

Play Episode Listen Later Jan 11, 2023 6:48 Very Popular


This episode reports on a new ransomware survey, a warning on old backdoors, DDoS attacks with ransoms going up and more

The CyberWire
Notes on patches. Dark Pink industrial cyberespionage campaign in Asia. Kinsing cryptojacking. Hacktivist DDoS against Iran. Healthcare cyber risk management. Pokémon NFTs.

The CyberWire

Play Episode Listen Later Jan 11, 2023 31:44


Patch Tuesday. CISA releases two ICS Advisories and makes some additions to its Known Exploited Vulnerabilities Catalog. Dark Pink APT is active against Asian targets. Kinsing cryptojacking targets Kubernetes instances. Ukrainian hacktivists conduct DDoS against Iranian sites. Risk exposure and a hospital's experience with ransomware. The Health3PT initiative seeks to manage 3rd-party risk. Tim Starks from the Washington Post's Cyber 202 on cyber rising to the level of war crime. Our guest is Connie Stack, CEO of Next DLP, on the path to leadership within cyber for women. And phishing with Pokémon NFTs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/7 Selected reading. The Daily 202 (Latest Cybersecurity 202) Microsoft Releases January 2023 Security Updates (CISA) > Adobe Releases Security Updates for Multiple Products (CISA)  Black Box KVM (CISA) Delta Electronics InfraSuite Device Master (CISA) Known Exploited Vulnerabilities Catalog (CISA) Dark Pink (Group-IB) New Dark Pink APT group targets govt and military with custom malware (BleepingComputer) Kinsing cryptojacking. (CyberWire) Ukraine at D+321: "Difficult in places." (CyberWire) Iranian websites impacted by pro-Ukraine DDoS attacks (SC Media)  Ransomware attack against SickKids said to be unusual. (CyberWire) Health3PT seeks a uniform approach to healthcare supply chain issues. (CyberWire) Breaking the glass ceiling: My journey to close the leadership gap. (CyberWire, Creating Connections) Pokémon NFTs used as malware vectors. (CyberWire)

Malicious Life
Cyberbunker, Part 2

Malicious Life

Play Episode Listen Later Jan 10, 2023 31:36 Very Popular


Spamhaus's decision to add Cyberbunker to its list of Spam sources led the Stophaus coalition to initiate a DDoS attack later dubbed “The attack that almost broke the Internet.” The fallout from this attack led to Cyberbunker relocating to a bunker in Germany - but it was the involvement of an Irish drug lord known as 'The Penguin' that led to the bullet-proof hosting company's downfall.

The CyberHub Podcast
Daily Cybersecurity News: Twitter User Data for Sale, $725M Facebook Fine, SBOM News & More

The CyberHub Podcast

Play Episode Listen Later Dec 27, 2022 10:00


Daily Cybersecurity News: Twitter User Data for Sale, $725M Facebook Fine, SBOM News & More Cybersecurity News CyberHub Podcast December 27th, 2022 Today's Headlines and the latest #cybernews from the desk of the #CISO: Data of 400 Million Twitter Users for Sale as Irish Privacy Watchdog Announces Probe Hackers exploit bug in WordPress gift card plugin with 50K installs Zerobot adds new exploits, DDoS attack capabilities Software bills of material face long road to adoption Facebook Agrees to Pay $725 Million to Settle Privacy Suit Story Links: https://www.securityweek.com/data-400-million-twitter-users-sale-irish-privacy-watchdog-announces-probe https://www.bleepingcomputer.com/news/security/hackers-exploit-bug-in-wordpress-gift-card-plugin-with-50k-installs/ https://therecord.media/microsoft-zerobot-adds-new-exploits-ddos-attack-capabilities/ https://www.cyberscoop.com/dhs-sbom-adoption/ https://www.securityweek.com/facebook-agrees-pay-725-million-settle-privacy-suit Apply now to be a featured partner on the show: https://www.cyberhubpodcast.com/contact ****** Find James Azar Host of CyberHub Podcast, CISO Talk, and Goodbye Privacy James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/c/TheCyberHubPodcast Rumble: https://rumble.com/c/c-1353861 Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel! #cybernews #infosec #cybersecurity #cyberhubpodcast #practitionerbrief #cisotalk #ciso #infosecnews #infosec #infosecurity #cybersecuritytips #podcast #technews #tinkertribe #givingback #securitytribe #securitygang #informationsecurity

Um Inventor Qualquer
Funções do AWS Lambda reduzem custos de aplicações e aumentam a segurança

Um Inventor Qualquer

Play Episode Listen Later Dec 23, 2022 11:36 Transcription Available


Entenda como usar funções Lambda junto com sua aplicação para reduzir custos e aliviar a carga da sua aplicação além de torná-la mais segura contra ataques DDoS. Rodar funções serverless com o Lambda para processar logs e redimensionar imagens são só alguns exemplos de como tirar o peso da sua API e economizar com o Free Tier do Lambda.O curso AWS 2.0 está sendo preparado com muito cuidado e dedicação para atender às principais demandas de mercado para profissionais e empreendedores de tecnologia.Inscreva-se agora para aproveitar todas as vantagens do pré-lançamento:https://www.uminventorqualquer.com.br/curso-aws/Inscreva-se no Canal Wesley Milan para acompanhar os Reviews de serviços AWS:https://bit.ly/3LqiYwgMe siga no Instagram: https://bit.ly/3tfzAj0LinkedIn: https://www.linkedin.com/in/wesleymilan/Podcast: https://bit.ly/3qa5JH1

Cyber Security Today
Cyber Security Today, Week in Review for Friday, December 23, 2022

Cyber Security Today

Play Episode Listen Later Dec 23, 2022 23:04


This episode features a discussion on the US seizure of 48 DDoS-for-hire sites, security patches for Samaba, Ukrainians fooled by free Windows 10 and more

Breaking Badness
142. Pheast of the Seven Phishes

Breaking Badness

Play Episode Listen Later Dec 21, 2022 54:45


This week Kelsey LaBelle, Tim Helming, and Taylor Wilkes-Pierce discuss domains seized by the FBI linked to DDoS-for-hire services along with Rick Osgood's blog on ChatGPT's phishing potential.

ITSPmagazine | Technology. Cybersecurity. Society
Why Protecting Your Business Data Is More Like Securing A Museum Than A Bank | Demystifying Data Protection | An Imperva Story With Terry Ray

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Dec 20, 2022 48:55


Data is dynamic. Data is unique. It's critical for businesses to maintain data security and integrity by treating it differently based on what it is, what it's for, who is accessing it, how it's being used, and the overall context surrounding these things.Join us for a conversation with Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow, as we explore:What challenges do businesses face when it comes to protecting data in our modern world?What security risks do insider threats present to an organization and why are they so hard to stop?Why are more organizations moving to agentless data security?How have Imperva Data Security solutions evolved to meet the new challenges of securing data wherever it lives?Note: This story contains promotional content. Learn more.GuestTerry RaySVP Data Security GTM, Field CTO and Imperva FellowOn Linkedin | https://www.linkedin.com/in/terry-ray/On Twitter | https://twitter.com/TerryRay_FellowResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Product: Imperva Data Security FabricData Discovery Solution: Data discovery and classificationData Security Solution: Sensitive and personal data securityVideo: Demystifying Data Protection: Steps To Find, Monitor And Control Without ChaosWebinar: What Security Professionals Need to Know About Privacy in 2023Whitepaper: A data-centric cybersecurity framework for digital transformationAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

InfosecTrain
Benefits of Cloud Security | Security Services and Security Goals | InfosecTrain

InfosecTrain

Play Episode Listen Later Dec 19, 2022 13:40


A group of security techniques known as "cloud security" are used to safeguard data, apps, and infrastructure that are hosted in the cloud. It is used in cloud environments to defend against malware, hackers, distributed denial of service (DDoS) assaults, and unauthorized user access and use. Maintaining consumer trust and safeguarding the resources that contribute to your competitive advantage depend on preventing leaks and data theft. For any business moving to the cloud, cloud security is essential due to its capacity to protect your data and assets. Thank you for watching this video, For more details or free demo with out expert write into us at sales@infosectrain.com Subscribe to our channel to get video updates. Hit the subscribe button above. Facebook: https://www.facebook.com/Infosectrain/ Twitter: https://twitter.com/Infosec_Train LinkedIn: https://www.linkedin.com/company/infosec-train/ Instagram: https://www.instagram.com/infosectrain/ Telegram: https://t.me/infosectrains

Cyber Security Today
Cyber Security Today, Dec. 16, 2022 - Denial of service attack sites shut, a Twitter spy is sentenced, and more

Cyber Security Today

Play Episode Listen Later Dec 16, 2022 6:18


This episode reports on the closing of 48 DDoS for hire sites, data breaches at Social Blade and an Australian email provider, and a new Facebook scam

Cyber Security Headlines
Japanese MirrorStealer malware, HTML smuggling SVGs, DDoS-for-hire arrests

Cyber Security Headlines

Play Episode Listen Later Dec 16, 2022 8:22


Hackers target Japanese politicians with new MirrorStealer malware Crooks use HTML smuggling to spread QBot malware via SVG files FBI charges 6, seizes domains linked to DDoS-for-hire service platforms Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com. For the stories behind the headlines, head to CISOseries.com.

UNSECURITY: Information Security Podcast
Unsecurity Episode 194: Veeam Backup/Replication Being Exploited, FBI Seizes 48 Domains, and More.

UNSECURITY: Information Security Podcast

Play Episode Listen Later Dec 16, 2022 33:42


Episode 194 of the Unsecurity Podcast is now live! This week, Oscar and Brad discuss a CISA alert regarding Veeam backup and replication vulnerabilities being exploited, FBI seizing 48 domains linked to DDoS services, hackers using .svg files to install QBot malware on windows systems, and more.Links:CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks https://thehackernews.com/2022/12/cisa-alert-veeam-backup-and-replication.htmlFBI Seized 48 Domains Linked to World's Leading DDoS-for-Hire Services https://gbhackers.com/fbi-seized-48-domains/Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518Hackers Use SVG Images to Install QBot Malware on Windows Systems https://gbhackers.com/hackers-use-svg-images/Give episode 194 a listen and send any questions, comments, or feedback to unsecurity@protonmail.com Don't forget to like and subscribe!

The CyberWire
Updates on the cyber phases of a hybrid war. Alleged booters busted. Progress report from the US anti-ransomware task force. Suspicion in AIIMS hack turns toward China.

The CyberWire

Play Episode Listen Later Dec 15, 2022 34:37


Trojanized Windows 10 installers are deployed against Ukraine. Alleged booters have been collared, and their sites disabled. A progress report on US anti-ransomware efforts. Suspicion in a cyberattack against India turns toward China. Bryan Vorndran from the FBI's Cyber Division talks about deep fakes. Our guest is Lisa Plaggemier from the National Cybersecurity Alliance (NCA) on the launch of their Historically Black Colleges and Universities Career Program. And hybrid war and fissures in the underworld. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/239 Selected reading. Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government (Mandiant) Federal Prosecutors in Los Angeles and Alaska Charge 6 Defendants with Operating Websites that Offered Computer Attack Services (US Department of Justice) Global crackdown against DDoS services shuts down most popular platforms | Europol (Europol)  Readout of Second Joint Ransomware Task Force Meeting (Cybersecurity and Infrastructure Security Agency) US finds its ‘center of gravity' in the fight against ransomware (The Record by Recorded Future)  AIIMS cyber attack may have originated in China, Hong Kong (The Times of India)  AIIMS Delhi Servers Were Hacked By Chinese, Damage Contained: Sources (NDTV.com) Russia-Ukraine war reaches dark side of the internet (Al Jazeera)

Tech Update | BNR
TomTom strijdt met techreuzen tegen Google, Apple verbetert Kaarten hier, politie haalt DDoS-winkels neer

Tech Update | BNR

Play Episode Listen Later Dec 15, 2022 4:50


TomTom wil een interoperabel alternatief bieden voor Google Map. De Nederlandse digitale-kaartenmaker slaat daarvoor de handen ineen met Amazon Web Services, Meta en Microsoft. Het nieuwe initiatief draagt de naam Overture Maps Foundation. Daarmee wil TomTom proberen vooral de vele stromen aan data op te vangen en op een goede manier te combineren, voor allerlei toepassingen door iedereen. Ook in deze Tech Update: - Apple komt met nieuwe functies voor de eigen navigatieapp Kaarten - Tientallen DDoS-verkoopsites zijn offline gehaald door een internationale politieactieSee omnystudio.com/listener for privacy information.

The CyberWire
The IT Army of Ukraine claims VTB DDoS. DPRK exploits Internet Explorer vulnerability. New variant of Babuk ransomware reported. Blind spots in air-gapped networks. And, dog and cat hacking.

The CyberWire

Play Episode Listen Later Dec 8, 2022 32:32


The IT Army of Ukraine claims responsibility for DDoS against a Russian bank. North Korea exploits an Internet Explorer vulnerability. A new variant of Babuk ransomware has been reported. Blind spots in air-gapped networks. Rob Boyce from Accenture has insights on the most recent ransomware trends. Our guest is Nathan Howe from Zscaler with the latest on Zero Trust. And the hacking of cats and dogs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/234 Selected reading. IT Army of Ukraine Hit Russian Banking Giant with Crippling DDoS Attack (HackRead)  Internet Explorer 0-day exploited by North Korean actor APT37 (Google) Morphisec Discovers Brand New Babuk Ransomware Variant in Major Attack (PRWeb) Bypassing air-gapped networks via DNS (Pentera)  What to Know About an Unlikely Vector for Cyber Threats: Household Pets (Insurance Journal)

The CyberWire
Cyberespionage, privateering, hacktivism and influence operations, in Ukraine, Russia, the Middle East, and elsewhere. Criminals need quality control, too. A new entry in CISA's KEV Catalog.

The CyberWire

Play Episode Listen Later Dec 6, 2022 33:45


A Chinese cyberespionage campaign is believed to be active in the Middle East. Poor quality control turns ransomware into a wiper, and a typo crashes a cryptojacker. A large DDoS attack is reported to have hit a Russian state-owned bank. Privateers compromise Western infrastructure to stage cyberattacks. Cyber operations against national morale. A look at the Vice Society. Ben Yelin on the growing concerns over TicTok. Ann Johnson from Afternoon Cyber Tea speaks with Charles Blauner about the evolution of the CISO role. And CISA has added an entry to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/232 Selected reading. BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign (Bitdefender Labs)  The Story of a Ransomware Turning into an Accidental Wiper | FortiGuard Labs (Fortinet Blog)  Syntax errors are the doom of us all, including botnet authors (Ars Technica)  Russia's No. 2 bank VTB suffers largest DDoS in history (Computing)  Russia compromises major UK and US organisations to attack Ukraine (Lupovis)  Russia's online attacks target Ukrainians' feelings (POLITICO)  Vice Society: Profiling a Persistent Threat to the Education Sector (Unit 42) CISA Adds One Known Exploited Vulnerability to Catalog (CISA)

Blue Security
DDoS Protection

Blue Security

Play Episode Listen Later Dec 5, 2022 18:22


On this week's episode, Adam and Andy talk about CISA's DDoS protection guidance. This follows the episode on Microsoft's Digital Defense Report where DDoS attacks and protections were also highlighting in the report. ------------------------------------------- YouTube Video Link: https://youtu.be/_9puZjc05H4 ------------------------------------------- Documentation: https://www.cisa.gov/sites/default/files/publications/understanding-and-responding-to-ddos-attacks_508c.pdf https://www.cisa.gov/cisa-tabletop-exercise-packages https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bUvv?culture=en-us&country=us https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bcRe?culture=en-us&country=us ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com --- Send in a voice message: https://anchor.fm/blue-security-podcast/message

DrZeroTrust
Cyber news and Zero Trust insights for 11/30/2022

DrZeroTrust

Play Episode Listen Later Dec 1, 2022 28:58


Do buyers always configure vendor security solutions correctly? Is there a magic button to push and then your organization is secure? Do vendors have no risks or avenues of compromise? How bad is the MSQL database security that is out there right now (think millions). The DoD released it's strategy for Zero Trust, what should we take away from that? Amazon is offering a security data lake recently, is that a good thing? The White House and Starlink were hit by a threat group via a DDoS attack, so what? And another attack on an island nation that is now working off of paper to run the government, super. Those points and more on this episode.

The CyberWire
DDoS as a holiday-season threat to e-commerce. TikTok challenge spreads malware. Meta's GDPR fine. US Cyber Command describes support for Ukraine's cyber defense.

The CyberWire

Play Episode Listen Later Nov 29, 2022 29:42


DDoS as a holiday-season threat to e-commerce. A TikTok challenge spreads malware. Meta's GDPR fine. Mr. Security Answer Person John Pescatore has thoughts on phishing resistant MFA. Joe Carrigan describes Intel's latest efforts to thwart deepfakes. And US Cyber Command describes support for Ukraine's cyber defense. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/227 Selected reading. Holiday DDoS Cyberattacks Can Hurt E-Commerce, Lack Legal Remedy (Bloomberg Law) TikTok ‘Invisible Body' challenge exploited to push malware (BleepingComputer)  $275M Fine for Meta After Facebook Data Scrape (Dark Reading)  Before the Invasion: Hunt Forward Operations in Ukraine (U.S. Cyber Command)

Oxide and Friends
Leaving Twitter with Tim Bray

Oxide and Friends

Play Episode Listen Later Nov 29, 2022 72:38


Oxide and Friends: November 28th, 2022Leaving Twitter with Tim BrayWe've been hosting a live show weekly on Mondays at 5p for about an hour, and recording them all; here is the recording from November 28th, 2022.In addition to Bryan Cantrill and Adam Leventhal, our special guest was Tim Bray. Other speakers on November 28th included Adam Jacob, Toasterson, and raggi. (Did we miss your name and/or get it wrong? Drop a PR!)Some of the topics we hit on, in the order that we hit them: Bye, Twitter by Tim Bray jwz: PSA: Do Not Use Services That Hate The Internet jwz: Mastodon stampede "Federation" now apparently means "DDoS yourself." Tim Bray On Algorithms On terrible Twitter ads: @intelnews: "Moore's Law only stops when innovation stops.” PRs needed! If we got something wrong or missed something, please file a PR! Our next show will likely be on Monday at 5p Pacific Time on our Discord server; stay tuned to our Mastodon feeds for details, or subscribe to this calendar. We'd love to have you join us, as we always love to hear from new speakers!

Cyber and Technology with Mike
28 November 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Nov 28, 2022 8:32


In today's podcast we cover four crucial cyber and technology topics, including: 1.        Russian hacktivists claim attack against EU Parliament 2.        Researchers uncover new ransomware in Ukraine 3.        U.S. implements import ban of Chinese telecommunications equipment 4.        British giver order to cease use of Chinese security cameras I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Cyber, cyber...
Cyber, Cyber… – 295 – Raport (24.11.2022 r.) – DDoS na Parlament Europejski

Cyber, cyber...

Play Episode Listen Later Nov 24, 2022 12:25


Cyber, Cyber… Raport to specjalna edycja naszego podcastu. Od poniedziałku do piątku relacjonujemy dla Was najważniejsze wydarzenia z zakresu działań podejmowanych w cyberprzestrzeni. Dzisiejszy odcinek poprowadził Kamil Gapiński. Zapraszamy! Dzisiejsze tematy: Uwaga na X-File Manager – fałszywego menedżera plików w Google Play Gracze narażeni na cryptominery i kradzież danych DDoS na Parlament Europejski CISA aktualizuje More

Noticias de Tecnología Express
Amazon se compromete con las salas de cine - NTX 257

Noticias de Tecnología Express

Play Episode Listen Later Nov 24, 2022 8:51


Llega Stable Diffusion 2, ¿Apple comprará un equipo de futbol? Y Amazon gastará mil millones al año en películas.Puedes apoyar la realización de este programa con una suscripción. Más información por acáNoticias:-Foxconn ofreció a sus trabajadores un acuerdo de 10,000 yuans, o $1,400 dólares, para finalizar con las protestas. -Un reporte de Ars Technica informa que la página web del Parlamento Europeo recibió un ataque DDoS que la dejó fuera de línea por varias horas, después de que se llevara a cabo una votación para declarar al gobierno ruso como un “país patrocinador de terroristas”.-Stability AI presentó la versión 2.0 de Stable Diffusion. -Dos fuentes deportivas informan que Apple ha “expresado su interés” en comprar al Manchester United. -Amazon se ha comprometido a gastar mil millones de dólares en lanzamientos de entre 8 y 10 películas en salas de cine al añoAnálisis: Las salas de cine como herramienta de marketing¿Prefieres leer las noticias? ¡Suscríbete a mi newsletter y te llegarán todos los días!   Become a member at https://plus.acast.com/s/noticias-de-tecnologia-express. Hosted on Acast. See acast.com/privacy for more information.

The CyberWire
Privileged insiders and the abuse of “Oops.” Nemesis Kitten exploits Log4Shell. TrojanOrders in the holiday season. Emotet's back. RapperBot notes. And an arrest in the Zeus cybercrime case.

The CyberWire

Play Episode Listen Later Nov 17, 2022 31:03


Meta employees, contractors compromised customer accounts. Nemesis Kitten found in US Government network. Unpatched Magento instances hit with "TrojanOrders." Emotet has returned after three quiet months. DDoS attacks in game servers by RapperBot. Carole Theriault looks at long term lessons learned from the 2019 Capital One breach. FBI Cyber Division AD Bryan Vorndran updates us on cyber threats. And an alleged "Zeus" cybercrime boss has been arrested in Switzerland. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/221 Selected reading. Meta Employees, Security Guards Fired for Hijacking User Accounts (Wall Street Journal) CISA Alert AA22-320A – Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester. (CyberWire) Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester (CISA) Iranian government-linked hackers got into Merit Systems Protection Board's network (Washington Post) Iranian hackers compromise US government network in cryptocurrency generating scheme, officials say (CNN) Magento stores targeted in massive surge of TrojanOrders attacks (BleepingComputer)  A Comprehensive Look at Emotet's Fall 2022 Return (Proofpoint)  Notorious Emotet botnet returns after a few months off (Register)  Updated RapperBot malware targets game servers in DDoS attacks (BleepingComputer)  Russia's cyber forces ‘underperformed expectations' in Ukraine: senior US official (The Hill) Suspected Zeus cybercrime ring leader ‘Tank' arrested by Swiss police (BleepingComputer)

Tevora Talks Info-Sec Podcast
Tevora Talks - Killnet Hacktivist Group Attack Governments with DDoS + Black Friday and Cyber Monday Safety!

Tevora Talks Info-Sec Podcast

Play Episode Listen Later Nov 17, 2022 29:55


This week, Matt Mosley and Kash Izadseta cover Killnet gang and Holiday online shopping safety! Killnet's DDoS Campaign Shopping safely online for the Holidays. Links mentioned in this episode: https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/killnet https://privacy.com/ http://tevoratalks.com Instagram, Twitter, Facebook: @TevoraTalks

The Azure Podcast
Episode 447 - DDOS Protection on Azure

The Azure Podcast

Play Episode Listen Later Nov 16, 2022


Sujit and Evan are joined by Amir Dahan, Senior Product Manager for Networking at Microsoft, to discuss Azure DDOS protection. Media File: Edpisode447.mp3 YouTube: https://youtu.be/B_TNr6c2F9o Other Updates Use managed identities with Azure Front Door Standard/Premium (Preview) | Microsoft Learn Azure Machine Learning—Generally availability updates for November 2022 | Azure updates | Microsoft Azure General availability: New cost recommendations for Virtual Machine Scale Sets | Azure updates | Microsoft Azure

The Azure Podcast
Episode 446 - Security & L7 DDoS protection @ Edge, DNS Security, and Private DNS

The Azure Podcast

Play Episode Listen Later Nov 13, 2022


Azure Networking Engineering Manager Abhishek Tiwari joins us once again, this time to talk about all of the work his team has done to add L7 and DDOS protection at the Edge and the enhancements in the DNS Service to make it more secure. Media: https://azpodcast.blob.core.windows.net/episodes/Episode446.mp3 YouTube: https://youtu.be/yTtchBGLsKg   Other updates: General availability: Default Rule Set 2.1 for Azure Web Application Firewall | Azure updates | Microsoft Azure   Azure Multi-Factor Authentication Server will be deprecated 30 September 2024 | Azure updates | Microsoft Azure   General availability: Azure Automation supports Availability zones | Azure updates | Microsoft Azure   Generally available: Static Web Apps support for preview environments in Azure DevOps | Azure updates | Microsoft Azure

ITSPmagazine | Technology. Cybersecurity. Society
Why Privacy Compliance Is A Challenge For Many Organizations | Prepare To Meet Varying Compliance Requirements | Part 2 | An Imperva Story With Kate Barecchia

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Nov 11, 2022 36:21


In the first episode of this two-part series, we looked at the history of privacy law and regulation and we explored how the definitions and requirements are expanding for the benefit of consumers and the impact and challenges they create for the business. We also dissected the differences between data privacy, compliance, and security and how organizations can determine what its data privacy posture will look like in comparison/contrast to its security posture.In this second episode, we take a closer look at actionable strategies and steps organizations can take to operationalize data privacy compliance and how to leverage data privacy initiatives to create a stronger security posture. As we explore these challenges, we begin to uncover the realities of the increased complexity that comes with each decision the business makes to create, collect, store, process, and share sensitive information throughout multiple business systems, applications, and geographies. While there is a clear need to protect the data from being inappropriately accessed by authorized or unauthorized users, a better strategy can be found in the simplification of the business systems and processes thereby avoiding (or at least reducing) the exposure to compliance and security risk.Whatever the drivers are behind your business outcomes and IT operations decisions, having an outcome in mind for privacy and security will give you something to shoot for. Whether it's creating the strongest posture possible or simply checking the boxes for compliance, at least you know where you're going and can begin to head down that path.  Clarity and consistency in action brings improved preparedness and increased confidence to the conversation, which leads to more positive outcomes all the way around.Note: This story contains promotional content. Learn more.GuestKate BarecchiaDeputy General Counsel & Global Data Privacy Officer at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/kate-barecchia-82759a14/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Product: Imperva Data Security FabricData Discovery Solution: Data discovery and classificationData Security Solution: Sensitive and personal data securityWebinar: What Security Professionals Need to Know About Privacy in 2023Whitepaper: A data-centric cybersecurity framework for digital transformationAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Screaming in the Cloud
The Quest to Make Edge Computing a Reality with Andy Champagne

Screaming in the Cloud

Play Episode Listen Later Nov 10, 2022 46:56


About AndyAndy is on a lifelong journey to understand, invent, apply, and leverage technology in our world. Both personally and professionally technology is at the root of his interests and passions.Andy has always had an interest in understanding how things work at their fundamental level. In addition to figuring out how something works, the recursive journey of learning about enabling technologies and underlying principles is a fascinating experience which he greatly enjoys.The early Internet afforded tremendous opportunities for learning and discovery. Andy's early work focused on network engineering and architecture for regional Internet service providers in the late 1990s – a time of fantastic expansion on the Internet.Since joining Akamai in 2000, Akamai has afforded countless opportunities for learning and curiosity through its practically limitless globally distributed compute platform. Throughout his time at Akamai, Andy has held a variety of engineering and product leadership roles, resulting in the creation of many external and internal products, features, and intellectual property.Andy's role today at Akamai – Senior Vice President within the CTO Team - offers broad access and input to the full spectrum of Akamai's applied operations – from detailed patent filings to strategic company direction. Working to grow and scale Akamai's technology and business from a few hundred people to roughly 10,000 with a world-class team is an amazing environment for learning and creating connections.Personally Andy is an avid adventurer, observer, and photographer of nature, marine, and astronomical subjects. Hiking, typically in the varied terrain of New England, with his family is a common endeavor. He enjoys compact/embedded systems development and networking with a view towards their applications in drone technology.Links Referenced: Macrometa: https://www.macrometa.com/ Akamai: https://www.akamai.com/ LinkedIn: https://www.linkedin.com/in/andychampagne/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Forget everything you know about SSH and try Tailscale. Imagine if you didn't need to manage PKI or rotate SSH keys every time someone leaves. That'd be pretty sweet, wouldn't it? With Tailscale SSH, you can do exactly that. Tailscale gives each server and user device a node key to connect to its VPN, and it uses the same node key to authorize and authenticate SSH.Basically you're SSHing the same way you manage access to your app. What's the benefit here? Built-in key rotation, permissions as code, connectivity between any two devices, reduce latency, and there's a lot more, but there's a time limit here. You can also ask users to reauthenticate for that extra bit of security. Sounds expensive?Nope, I wish it were. Tailscale is completely free for personal use on up to 20 devices. To learn more, visit snark.cloud/tailscale. Again, that's snark.cloud/tailscaleCorey: Managing shards. Maintenance windows. Overprovisioning. ElastiCache bills. I know, I know. It's a spooky season and you're already shaking. It's time for caching to be simpler. Momento Serverless Cache lets you forget the backend to focus on good code and great user experiences. With true autoscaling and a pay-per-use pricing model, it makes caching easy. No matter your cloud provider, get going for free at gomomento.co/screaming That's GO M-O-M-E-N-T-O dot co slash screamingCorey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I like doing promoted guest episodes like this one. Not that I don't enjoy all of my promoted guest episodes. But every once in a while, I generally have the ability to wind up winning an argument with one of my customers. Namely, it's great to talk to you folks, but why don't you send me someone who doesn't work at your company? Maybe a partner, maybe an investor, maybe a customer. At Macrometa who's sponsoring this episode said, okay, my guest today is Andy Champagne, SVP at the CTO office at Akamai. Andy, thanks for joining me.Andy: Thanks, Corey. Appreciate you having me. And appreciate Macrometa letting me come.Corey: Let's start with talking about you, and then we'll get around to the Macrometa discussion in the fullness of time. You've been at an Akamai for 22 years, which in tech company terms, it's like staying at a normal job for 75 years. What's it been like being in the same place for over two decades?Andy: Yeah, I've got several gold watches. I've been retired twice. Nobody—you know, Akamai—so in the late-90s, I was in the ISP universe, right? So, I was in network engineering at regional ISPs, you know, kind of cutting teeth on, you know, trying to scale networks and deal with the flux of user traffic coming in from the growth of the web. And, you know, frankly, it wasn't working, right?Companies were trying to scale up at the time by adding bigger and bigger servers, and buying literally, you know, servers, the size of refrigerators. And all of a sudden, there was this company that was coming together out in Cambridge, I'm from Massachusetts, and Akamai started in Cambridge, Massachusetts, still headquartered there. And Akamai was forming up and they had a totally different solution to how to solve this, which was amazing. And it was compelling and it drew me there, and I am still there, 22-odd years in, trying to solve challenging problems.Corey: Akamai is one of those companies that I often will describe to people who aren't quite as inclined in the network direction as I've been previously, as one of the biggest companies of the internet that you've never heard of. You are—the way that I think of you historically, I know this is not how you folks frame yourself these days, but I always thought of you as the CDN that you use when it really mattered, especially in the earlier days of the internet where there were not a whole lot of good options to choose from, and the failure mode that Akamai had when I was looking at it many years ago, is that, well, it feels enterprise-y. Well, what does that mean exactly because that's usually used as a disparaging term by any developer in San Francisco. What does that actually unpack to? And to my mind, it was, well, it was one of the more expensive options, which yes, that's generally not a terrible thing, and also that it felt relatively stodgy, for lack of a better term, where it felt like updating things through an API was more of a JSON API—namely a guy named Jason—who would take a ticket, possibly from Jira if they were that modern or not, and then implement it by hand. I don't believe that it is quite that bad these days because, again, this was circa 2012 that we're talking here. But how do you view what Akamai is and does in 2022?Andy: Yeah. Awesome question. There's a lot to unpack in there, including a few clever jabs you threw in. But all good.Corey: [laugh].Andy: [laugh]. I think Akamai has been through a tremendous, tremendous series of evolutions on the internet. And really the one that, you know, we're most excited about today is, you know, earlier this year, we kind of concluded our acquisition of Linode. And if we think about Linode, which brings compute into our platform, you know, ultimately Akamai today is a compute company that has a security offering and has a delivery offering as well. We do more security than delivery, so you know, delivery is kind of something that was really important during our first ten or twelve years, and security during the last ten, and we think compute during the next ten.The great news there is that if you look at Linode, you can't really find a more developer-focused company than Linode. You essentially fall into a virtual machine, you may accidentally set up a virtual machine inadvertently it's so easy. And that is how we see the interface evolving. We see a compute-centric interface becoming standard for people as time moves on.Corey: I'm reminded of one of those ancient advertisements, I forget, I think would have been Sun that put it out where the network is the computer or the computer is the network. The idea of that a computer sitting by itself unplugged was basically just this side of useless, whereas a bunch of interconnected computers was incredibly powerful. That today and 2022 sounds like an extraordinarily obvious statement, but it feels like this is sort of a natural outgrowth of that, where, okay, you've wound up solving the CDN piece of it pretty effectively. Now, you're expanding out into, as you say, compute through the Linode acquisition and others, and the question I have is, is that because there's a larger picture that's currently unfolding, or is this a scenario where well, we nailed the CDN side of the world, well, on that side of the universe, there's no new worlds left to conquer. Let's see what else we can do. Next, maybe we'll start making toasters.Andy: Bunch of bored guys in Cambridge, and we're just like, “Hey, let's go after compute. We don't know what we're doing.” No. There's a little bit more—Corey: Exactly. “We have money and time. Let's combine the two and see what we can come up with.”Andy: [laugh]. Hey, folks, compute: it's the new thing. No, it's more than that. And you know, Akamai has a very long history with the edge, right? And Akamai started—and again, arrogantly saying, we invented the concept of the edge, right, out there in '99, 2000, deploying hundreds and then to thousands of different locations, which is what our CDN ran on top of.And that was a really new, novel concept at the time. We extended that. We've always been flirting with what is called edge computing, which is how do we take pieces of application logic and move them from a centralized point and move them out to the edge. And I mean, cripes, if you go back and Google, like, ‘Akamai edge computing,' we were working on that in 2003, which is a bit like ancient history, right? And we are still on a quest.And literally, we think about it in the company this way: we are on a quest to make edge computing a reality, which is how do you take applications that have centralized chokepoints? And how do you move as much of those applications as possible out to the edge of the network to unblock user performance and experience, and then see what folks developers can enable with that kind of platform?Corey: For me, it seems that the rise of AWS—which is, by extension, the rise of cloud—has been, okay, you wind up building whatever you want for the internet and you stuff it into an AWS region, and oh, that's far away from your customers and/or your entire architecture is terrible so it has to make 20 different calls to the data center in series rather than in parallel. Great, how do we reduce the latency as much as possible? And their answer has largely seemed to be, ah, we'll build more regions, ever closer to you. One of these days, I expect to wake up and find that there's an announcement that they're launching a new region in my spare room here. It just seems to get closer and closer and closer. You look around, and there's a cloud construction crew stalking you to the mall and whatnot. I don't believe that is the direction that the future necessarily wants to be going in.Andy: Yeah, I think there's a lot there. And I would say it this way, which is, you know, having two-ish dozen uber-large data centers is probably not the peak technology of the internet, right? There's more we need to do to be able to get applications truly distributed. And, you know, just to be clear, I mean, Amazon AWS's done amazing stuff, they've projected phenomenal scale and they continue to do so. You know, but at Akamai, the problem we're trying to solve is really different than how do we put a bunch of stuff in a small number of data centers?It's, you know, obviously, there's going to be a centralized aspect, but there also needs to be incredibly integrated and seamless, moves through a gradient of compute, where hey, maybe you're in a very large data center for your AI/ML, kind of, you know, offline data lake type stuff. And then maybe you're in hundreds of locations for mid-tier application processing, and, you know, reconciliation of databases, et cetera. And then all the way out at the edge, you know, in thousands of locations, you should be there for user interactivity. And when I say user interactivity, I don't just mean, you know, read-only, but you've got to be able to do a read-write operation in synchronous fashion with the edge. And that's what we're after is building ultimately a platform for that and looking at tools, technology, and people along the way to help us with it.Corey: I've built something out, my lasttweetinaws.com threading Twitter client, and that's… it's fine. It's stateless, but it's a little too intricate to effectively run in the Lambda@Edge approach, so using their CloudFront offering is simply a non-starter. So, in order to get low latency for people using it around the world, I now have to deploy it simultaneously to 20 different AWS regions.And that is, to be direct, a colossal pain in the ass. No one is really doing stuff like that, that I can see. I had to build a whole lot of customs tooling just to get a CI/CD system up and working. Their strong regional isolation is great for containing blast radii, but obnoxious when you're trying to get something deployed globally. It's not the only way.Combine that with the reality that ingress data transfer to any of their regions is free—generally—but sending data to the internet is a jewel beyond price because all my stars, that is egress bandwidth; there is nothing more valuable on this planet or any other. And that doesn't quite seem right. Because if that were actively true, a whole swath of industries and apps would not be able to exist.Andy: Yeah, you know, Akamai, a huge part of our business is effectively distributing egress bandwidth to the world, right? And that is a big focus of ours. So, when we look at customers that are well positioned to do compute with Akamai, candidly, the filtering question that I typically ask with customers is, “Hey, do you have a highly distributed audience that you want to engage with, you know, a lot of interactivity or you're pushing a lot of content, video, updates, whatever it is, to them?” And that notion of highly distributed applications that have high egress requirements is exactly the sweet spot that we think Akamai has, you know, just a great advantage with, between our edge platform that we've been working on for the last 20-odd years and obviously, the platform that Linode brings into the conversation.Corey: Let's talk a little bit about Macrometa.Andy: Sure.Corey: What is the nature of your involvement with those folks? Because it seems like you sort of crossed into a whole bunch of different areas simultaneously, which is fascinating and great to see, but to my understanding, you do not own them.Andy: No, we don't. No, they're an independent company doing their thing. So, one of the fun hats that I get to wear at Akamai is, I'm responsible for our Akamai Ventures Program. So, we do our corporate investing and all this kind of thing. And we work with a wide array of companies that we think are contributing to the progression of the internet.So, there's a bunch of other folks out there that we work with as well. And Macrometa is on that list, which is we've done an investment in Macrometa, we're board observers there, so we get to sit in and give them input on, kind of, how they're doing things, but they don't have to listen to us since we're only observers. And we've also struck a preferred partnership with them. And what that means is that as our customers are building solutions, or as we're building solutions for our customers, utilizing the edge, you know, we're really excited and we've got Macrometa at the table to help with that. And Macrometa is—you know, just kind of as a refresher—is trying to solve the problem of distributed data access at the edge in a high-performance and almost non-blocking, developer-friendly way. And that is very, very exciting to us, so that's the context in which they're interesting to our continuing evolution of how the edge works.Corey: One of the questions I always like to ask, and it's usually not considered a personal attack when I asked the question—Andy: Oh, good.Corey: But it's, “Describe what the company does.” Now, at some places like the latter days of Yahoo, for example, it's very much a personal attack. But what is it that Macrometa does?Andy: So, Macrometa provides a worldwide, high-speed distributed database that is resident on what today, you could call the edge of the network. And the advantage here is, instead of having one SQL server sitting somewhere, or what you would call a distributed SQL Server, which is two SQL Servers sitting next to one another, Macrometa has a high-speed data store that allows you to, instead of having that centralized SQL Server, have it run natively at the edge of the network. And when you're building applications that run on the edge or anywhere, you need to try to think about how do you have the data as close to the user or to the access point as possible. And that's the problem Macrometa is after and that's what their products today solve. It's an incredibly bright team over there, a fantastic founder-CEO team, and we're really excited to be working with him.Corey: It wasn't intentionally designed this way as a setup when I mentioned a few minutes ago, but yeah, my Twitter client works across the 20-some-odd AWS regions, specifically because it's stateless. All of the state, other than a couple of API keys at provision time, wind up living in the user's browser. If this was something that needed to retain state in any way, like, you know, basically every real application under the sun, this strategy would absolutely not work unless I wound up with some heinous form of circular replication, and then you wind up with a single region going down and everything explodes. Having a cohesive, coherent data layer that spans all of that is key.Andy: Yeah, and you're on to the classical, you know, CompSci issue here around edge, which is if you have 100 edge regions, how do you have consistent state storage between applications running on N of those? And that is the problem Macrometa is after, and, you know, Akamai has been working on this and other variants of the edge problem for some time. We're very excited to be working with the folks at Macrometa. It's a cool group of folks. And it's an interesting approach to the technology. And from what we've seen so far, it's been working great.Corey: The idea of how do I wind up having persistent, scalable state across a bunch of different edge locations is not just a hard computer science problem; it's also a hard cloud economics problem, given the cost of data transit in a bunch of different directions between different providers. It turns, “How much does it cost?” In most cases to a question that can only be answered by well let's run it for a few days and find out. Which is not usually the best way to answer some questions. Like, “Is that power socket live?” “Let's touch it and find out.” Yeah, there are ways you learn that are extraordinarily painful.Andy: Yeah no, nobody should be doing that with power sockets. I think this is one of these interesting areas, which is this is really right in Akamai's backyard but it's not realized by a lot of folks. So, you know, Akamai has, for the last 20-odd-years, been all about how do we egress as much as possible to the entire internet. The weird areas, the big areas, the small areas, the up-and-coming areas, we serve them all. And in doing that, we've built a very large global fabric network, which allows us to get between those locations at a very low cost because we have to move our own content around.And hooking those together, having a essentially private network fabric that hooks the vast majority of our big locations together and then having very high-speed egress out of all of the locations to the internet, you know, that's been how we operate our business at scale effectively and economically for years, and utilizing that for compute data replication, data synchronization tasks is what we're doing.Corey: There are a lot of different solutions that could be used to solve a lot of the persistent data layer question. For example, when you had to solve a similar problem with compute, you had a few options in front of you. Well, we could buy a whole bunch of computers and stuff them in a rack somewhere because, eh, cloud; how hard could it be? Saner heads prevailed, and no, no, no, we're going to buy Linode, which was honestly a genius approach on about three different levels, and I'm still unconvinced the industry sees that for the savvy move that it was. I'm confident that'll change in time.Why not build it yourself? Or alternately, acquire another company that was working on something similar? Instead, you're an investor in a company that's doing this effectively, but not buying them outright?Andy: Yeah, you know, and I think that's—Akamai is beyond at this point in thinking that it's just about ownership, right? I think that this—we don't have to own everything in order to have a successful ecosystem. You know, certainly, we're going to want to own key parts of it and that's where you saw the Linode acquisition, where we felt that was kind of core. But ultimately, we believe in promoting customer choice here. And there's a pretty big role that we have that we think we can help with companies, such as folks like Macrometa where they have, you know, really interesting technology, but they can use leverage, they can use some of our go-to-market, they can use, you know, some of our, you know, kind of guidance and expertise on running a startup—which, by the way, it's not an easy job for these folks—and that's what we're there to do.So, with things like Linode, you know, we want to bring it in, and we want to own it because we think it's just so compelling, and it fits so well with where we want to go. With folks like Macrometa, you know, that's still a really young area. I mean, you know, Linode was in business for many, many, many years and was a good-sized business, you know, before we bought them.Corey: Yeah, there's something to be said, for letting the market shake something out rather than having to do it all yourself as trailblazers. I'm a big believer in letting other companies do things. I mean, one of the more annoying things, from my position, is this idea where AWS takes a product strategy of, “Yes.” That becomes a bit of a challenge when they're trying to wind up building compete decks, and how do we defeat the competition? And it's like, “Wh—oh, you're talking about the other hyperscalers?” “No, we're talking with the service team one floor away.”That just seems a little on the strange side to—some companies get too big and too expensive on some level. I think that there's a very real risk of Akamai trying to do everything on the internet if you continue to expand and start listing out things that are not currently in your portfolio. And, oh, we should do that, too, and we should do that, too, and we should do that, too. And suddenly, it feels pretty closely aligned with you're trying to do everything.Andy: Yeah. I think we've been a company who has been really disciplined and not doing everything. You know, we started with CDN. And you know, we're talking '98 to 2010, you know, CDN was really our thing, and we feel we executed really well on that. We probably executed quite quietly and well, but feel we executed pretty well on that.Really from 2010, 2012 to 2020, it was all about security, right? And, you know, we built, you know, pretty amazing security business, hundred percent of SaaS business, on top of our CDN platform with security. And now we're thinking about—we did that route relatively quietly, as well, and now we're thinking about the next ten years and how do we have that same kind of impact on cloud. And that is exciting because it's not just centralized cloud; it's about a distributed cloud vision. And that is really compelling and that's why you know, we've got great folks that are still here and working on it.Corey: I'm a big believer in the idea that you can start getting distilled truth out of folks, particularly companies, the more you compress the space they have to wind up saying. Something that's why Twitter very often lets people tip their hands. But a commonplace that I look for is the title field on a company's website. So, when I go over to akamai.com, you position yourself as something that fits in a small portion of a tweet, which is good. Whenever have a Tolstoy-length paragraph in the tooltip title for the browser tab, that's a problem.But you say simply, “Security, cloud delivery, performance. Akamai.” Which is beautifully well done, but security comes first. I have a mental model of Akamai as being a CDN and some other stuff that I don't fully understand. But again, I first encountered you folks in the early-2000s.It turns out that it's hard to change existing opinions. Are you a CDN Company or are you a security company?Andy: Oh, super—Corey: In other words, if someone wind up mis-alphabetizing that and they're about to get censured after this show because, “No, we're a CDN, first; why did you put security first?”Andy: You know, so all those things feed off each other, right? And this has been a question where it's like, you know, our security layer and our distributed WAF and other security offerings run on top of the CDN layer. So, it's all about building a common compute edge and then leveraging that for new applications. CDN was the first application. The next and second application was security.And we think the third application, but probably not the final one, is compute. So, I think I don't think anyone in marketing will be fired by the ordering that they did on that. I think that ultimately now, you know, for—just if we look at it from a monetary perspective, right, we do more security than we do CDN. So, there's a lot that we have in the security business. And you know, compute's got a long way to go, especially because it's not just one big data center of compute; it is a different flavor than I think folks have seen before.Corey: When I was at RSA, you folks were one of the exhibitors there. And I like to make the common observation that there are basically six companies that exhibit at RSA. Yeah, there are hundreds of booths, but it's the same six products, all marketed are different logos with different words. And they all seem to approach it from a few relatively expectable personas and positions. I've always found myself agreeing with the things that you folks say, and maybe it's because of my own network-centric background, but it doesn't seem like you take the same approach that a number of other companies do or it's, “Oh, it has to start with the way that developers write their first line of code.” Instead, it seems to take a holistic view that comes from the starting position of everything talks to each other on a network basis, and from here, let's move forward. Is that accurate to how you view the security space?Andy: Yeah, you know, our view of the security space is—again, it's a network-centric one, right? And our work in the security space initially came from really big DDoS attacks, right? And how do we stop Distributed Denial of Service attacks from impacting folks? And that was the initial benefit that we brought. And from there, we evolved our story around, you know, how do we have a more sophisticated WAF? How do we have predictive capabilities at the edge?So ultimately, we're not about ingraining into your process of how your thing was written or telling you how to write it. We're about, you know, essentially being that perimeter edge that is watching and monitoring everything that comes into you to make sure that, you know, hey, we're not seeing Log4j-type exploits coming at you, and we'll let you know if we do, or to block malicious activity. So, we fit on anything, which is why our security business has been so successful. If you have an application on the edge, you can put Akamai Security in front of it and it's going to make your application better. That's been super compelling for the last, you know, again, last decade or so that we've really been focused on security.Corey: I think that it is a mistake to take a security model that starts with a view of what people have in front of them day-to-day—like, I look at my laptop and say, “Oh, this is what I spend my time on. This is where all security must start and stop.” Because yeah, okay, great. If you get physical access to my laptop, it's pretty much game over on some level. But yeah, if you're at a point where you're going to bust into my house and threaten me in order to get access to my laptop, here you go.There are no secrets that I am in possession of that are worth dying for. It's just money and that's okay. But looking at it through a lens of the internet has gone from science experiment to thing that the nerds love to use to a cornerstone of the fabric of modern society. And that's not because of the magic supercomputer that we all have in our pockets, but rather because those magic supercomputers can talk to the sum total of human knowledge and any other human anywhere on the planet, basically, ever. And I don't know that that evolution has been really appreciated by society at large as far as just how empowering that can be. But it completely changes the entire security paradigm from back in the '80s when I got started, don't put untrusted floppy disks into your computer or it might literally explode on your desk.Andy: [laugh]. So, we're talking about floppy disks now? Yes. So, first of all, the scope of impact of the internet has increased, meaning what you can do with it has increased. And directly proportional to that increase the threat vectors have increased, right? And the more systems are connected, the more vulnerabilities there are.So listen, it's easy to scare anybody about security on the internet. It is a topic that is an infinite well of scariness. At the same time, you know, and not just Akamai, but there's a lot of companies out there that can, whether it's making your development more secure, making your pipeline, your digital supply chain a more secure, or then you know where Akamai is, we're at the end, which is you know, helping to wrap around your entire web presence to make it more secure, there's a variety of companies that are out there really making the internet work from a security perspective. And honestly, there's also been tremendous progress on the operating system front in the last several years, which previously was not as good—probably is way to characterize it—as it is today. So, and you know, at the end of the day, the nerds are still out there working, right?We are out here still working on making the internet, you know, scale better, making it more secure, making it more robust because we're probably not done, right? You know, phones are awesome, and tablet devices, et cetera, are awesome, but we've probably got more coming. We don't quite know what that is yet, but we want to have the capacity, safety, and compute to power it.Corey: How does Macrometa as a persistent data layer tie into your future vision of security first as what Akamai does? I can see a few directions, but I'm going to go out on a limb and guess that before you folks decided to make an investment in such a thing, you probably gave it more than the 30 seconds or whatnot or so a thought that I've had to wind up putting these pieces together.Andy: So, a few things there. First of all, Macrometa, ultimately, we see them coming in the front door with our compute solution, right? Because as folks are building capabilities on the edge, “Hey, I want to run compute on the edge. How do I interoperate with data?” The worst answer possible is, “Well, call back to the centralized data store.”So, we want to ensure that customers have choice and performance options for distributed data access. Macrometa fits great there. However, now pause that; let's transition back to the security point you raised, which is, you know, coordinating an edge data security platform is a really complicated thing. Because you want to make sure that threats that are coming in on one side of the network, or you know, in one given country, you know, are also understood throughout the network. And there's a definite role for a data platform in doing that.We obviously, you know, for the last ten years have built several that help accomplish that at scale for our network, but we also recognize that, you know, innovation in data platforms is probably not done. And you know, Macrometa's got some pretty interesting approaches. So, we're very interested in working with them and talking jointly with customers, which we've done a bunch of, to see how that progresses. But there's tie-ins, I would say, mostly on compute, but secondarily, there's a lot of interesting areas with real-time security intel, they can be very useful as well.Corey: Since I have you here, I would love to ask you something that's a little orthogonal to the rest of this conversation, but I don't even care about that because that's why it's my show; I can ask what I want.Andy: Oh, no.Corey: Talk to me a little bit about the Linode acquisition. Because when it first came out, I thought, “Oh, Linode must not be doing well, so it's an acqui-hire scenario.” Followed by, “Wait a minute, that doesn't seem quite right.” And I dug deeper, and suddenly, I started to see a bunch of things that made sense. But that's just my outside perspective. I prefer to see you justify what it is that you've done.Andy: Justify what we've done. Well, with that positive framing—Corey: Exactly. “Explain yourself. How dare you, sir?”Andy: [laugh]. “What are you doing?” So, to take that, which is first of all, Linode was doing great when we bought them and they're continuing to do great now. You know, backstory here is actually a fun one. So, I personally have been a customer of Linode for about 13 years, and you know, super familiar with their offerings, as we're a bunch of other folks at Akamai.And what ultimately attracted us to Linode was, first of all, from a strategic perspective, is we talked about how Akamai thinks about Compute being a gradient of compute: you've got the edge, you've got kind of a middle tier, and you've got more centralized locations. Akamai has the edge, we've got the middle, we didn't have the central. Linode has got the central. And obviously, you know, we're going to see some significant expansion of capacity and scale there, but they've got the central location. And, you know, ultimately, we feel that there's a lot of passion in Linode.You know, they're a Linux open-source-centric company, and believe it or not Akamai is, too. I mean, you know, that's kind of how it works. And there was a great connection between the sorts of folks that they had and how they think about customers. Linode was a really customer-driven company. I mean, they were fanatical.I mean, I as a, you know, customer of $30 a month personally, could open a ticket and I'd get an answer in five minutes. And that's very similar to kind of how Akamai is driven, which is we're very customer-centric, and when a customer has a problem or need something different, you know, we're on it. So, there's literally nothing bad there and it's a super exciting beginning of a new chapter for Akamai, which is really how do we tackle compute? We're super excited to have the Linode team. You know, they're still mostly down in Philadelphia doing their thing.And, you know, we've hired substantially and we're continuing to do so, so if you want to work there, drop a note over. And it's been fantastic. And it's one of our, you know, really large acquisitions that we've done, and I think we were really lucky to find a great company in such a good position and be able to make it work.Corey: From my perspective, one of the areas that has me excited about the acquisition stems from what I would consider to be something of a customer-base culture misalignment between the two companies. One of the things that I have always enjoyed about Linode—and in the interest of full transparency, they have been a periodic sponsor over the last five or six years of my ridiculous nonsense. I believe that they are not at the moment which I expect you to immediately rectify after this conversation, of course.Andy: I'll give you my credit card. Yeah.Corey: Excellent. Excellent. We do not get in the way of people trying to give you money. But it was great because that's exactly it. I could take a credit card in the middle of the night and spin up things on Linode.And it was one of those companies that aligned very closely to how I tended to view cloud infrastructure from the perspective of, I need a Linux box, or I need a bunch of Linux boxes right there, right now, and I don't have 12 weeks to go to cloud school to learn the intricacies of a given provider. It more or less just worked in a whole bunch of easy ways. Whereas if I wanted to roll out at Akamai, it was always I would pull up the website, and it's, “Click here to talk to our enterprise sales team.” And that tells me two things. One, it is probably going to be outside of my signing authority because no one trusts me with money for obvious reasons, when I was an employee, and two, you will not be going to space today because those conversations always take time.And it's going to be—if I'm in a hurry and trying to get something out the door, that is going to act as a significant drag on capability. Now, most of your customers do not launch things by the seat of their pants, three hours after the idea first occurs to them, but on Linode, that often seems to be the case. The idea of addressing developers early on in the ‘it's just an idea' phase. I can't shake the feeling that there's a definite future in which Linode winds up being able to speak much more effectively to enterprise, while Akamai also learns to speak to, honestly, half-awake shitposters at 2 a.m. when we're building something heinous.Andy: I feel like you've been sitting in on our strategy presentations. Maybe not the shitposters, but the rest of it. And I think the way that I would couch it, my corporate-speak of that, would be that there's a distinct yin and yang, there a complementary nature between the customer bases of Akamai, which has, you know, an incredible list of enterprise customers—I mean, the who's-who of enterprise customers, Akamai works with them—but then, you know, Linode, who has really tremendous representation of developers—that's what we'll use for the name posts—like, folks like myself included, right, who want to throw something together, want to spin up a VM, and then maybe tear it down and never do it again, or maybe set up 100 of them. And, to your point, the crossover opportunities there, which is, you know, Linode has done a really good job of having small customers that grow over time. And by having Akamai, you know, you can now grow, and never have to leave because we're going to be able to bring enough scale and throughput and, you know, professional help services as you need it to help you stay in the ecosystem.And similarly, Akamai has a tremendous—you know, the benefit of a tremendous set of enterprise customers who are out there, you know, frankly, looking to solve their compute challenges, saying, “Hey, I have a highly distributed application. Akamai, how can you help me with this?” Or, “Hey, I need presence in x or y.” And now we have, you know, with Linode, the right tools to support that. And yes, we can make all kinds of jokes about, you know, Akamai and Linode and different, you know, people and archetypes we appeal to, but ultimately, there's an alignment between Akamai and Linode on how we approach things, which is about Linux, open-source, it's about technical honesty and simplicity. So, great group of folks. And secondly, like, I think the customer crossover, you're right on it. And we're very excited for how that goes.Corey: I also want to call out that Macrometa seems to have split this difference perfectly. One of the first things I visit on any given company's page when I'm trying to understand them is the pricing page. It's one of those areas where people spend the least time, early on, but it's also where they tend to be the most honest. Maybe that's why. And I look for two things, and Macrometa has both of them.The first is a ‘try it for free, right now, get started.' It's a free-tier approach. Because even if you charge $10 or whatnot, there are many developers working on things in odd hours where they don't necessarily either have the ability to make that purchase decision, know that they have the ability to make that purchase decision, or are willing to do that by the seat of their pants. So, ‘get started for free' is important; it means you can develop right now. Conversely, there are a bunch of enterprise procurement departments out there who will want a whole bunch of custom things.Custom SLAs, custom support responses, custom everything, and they also don't know how to sign a check that doesn't have two commas in it. So, you don't probably want to avoid those customers, but what they're looking for is an enterprise offering that is no price. There should not be a price tag on that because you will never get it right for everyone, but what they want to see is ‘click here to contact sales.' That is coded language for, “We are serious professionals and know who you are and how you like to operate.” They've got both and I think that is absolutely the right decision.Andy: It do—Corey: And whatever you have in between those two is almost irrelevant.Andy: No, I think you're on it. And Macrometa, their pricing philosophy allows you to get in and try it with zero friction, which is super important. Like, I don't even have to use a credit card. I can experiment for free, I can try it for free, but then as I grow their pricing tier kind of scales along with that. And it's a—you know, that is the way that folks try applications.I always try to think about, hey, you know, if I'm on a team and we're tasked with putting together a proof of concept for something in two days, and I've got, you know, a couple folks working with me, how do I do that? And you don't have time for procurement, you might need to use the free thing to experiment. So, there is a lot that they can do. And you know, their pricing—this transparency of pricing that they have is fantastic. Now, Linode, also very transparent, we don't have a free tier, but you know, you can get in for very low friction and try that as well.Corey: Yeah, companies tend to go through a maturity curve evolution on these things. I've talked to companies that purely view it is how much money a given customer is spending determines how much attention they get. And it's like, “Yeah, maybe take a look through some of your smaller users or new signups there.” Yeah, they're spending $10 a month or whatnot, but their email address is@cocacola.com. Just spitballing here; maybe you might want a white-glove a few of those folks, just because not everyone comes in the door via an RFP.Andy: Yep. We look at customers for what your potential is, right? Like, you know, how much could you end up spending with us, right? You know, so if you're building your application on Linode, and you're going to spend $20, for the first couple months, that's totally fine. Get in there, experiment, and then you know, in the next several years, let's see where it goes. So, you're exactly right, which is, you know, that username@enterprisedomain.com is often much more indicative than what the actual bill is on a monthly basis.Corey: I always find it a little strange when I have a vendor that I'm doing business with, and then suddenly, an account person reaches out, like, hey, let's just have a call for half an hour to talk about what you're doing and how you're doing it. It's my immediate response to that these days, just of too many years doing that, as, “I really need to look at that bill. How much are we spending, again?” And I honestly, usually not that much because believe it or not, when you focus on cloud economics for a living, you pay attention to your credit card bills, but it is always interesting to see who reaches out and who doesn't. That's been a strange approach, and there is no one right answer for all of this.If every free tier account user of any given cloud provider wound up getting constant emails from their account managers, it's how desperate are you to grow revenue, and what are you about to do to pricing? At some level of becomes… unhelpful.Andy: I can see that. I've had, personally, situations where I'm a trial user of something, and all of a sudden I get emails—you know, using personal email addresses, no Akamai involvement—all of a sudden, I'm getting emails. And I'm like, “Really? Did I make the priority list for you to call me and leave me a voicemail, and then email me?” I don't know how that's possible.So, from a personal perspective, totally see that. You know, from an account development perspective, you know, kind of with the Akamai hat on, it's challenging, right? You know, folks are out there trying to figure out where business is going to come from. And I think if you're able to get an indicator that somebody, you know, maybe you're going to call that person at enterprisedomain.com to try to figure out, you know, hey, is this real and is this you with a side project or is this you with a proof of concept for something that could be more fruitful? And, you know, Corey, they're probably just calling you because you're you.Corey: One of the things that I was surprised by where I saw the exact same thing. I started getting a series of emails from my account manager for Google Workspaces. Okay, and then I really did a spit-take when I realized this was on my personal address. Okay… so I read this carefully because what the hell is happening? Oh, they're raising prices and it's a campaign. Great.Now, my one-user vanity domain is going to go from $6 a month to $8 a month or whatever. Cool, I don't care. This is not someone actively trying to reach out as a human being. It's an outreach campaign. Cool, fair. But that's the problem, on some level, for super-tiny customers. It's a, what is it, is it a shakedown? What are they about to yell at me for?Andy: No, I got the same thing. My Google Workspace personal account, which is, like, two people, right? Like, and I got an email and then I think, like, a voicemail. And I'm like, I read the email and I'm like—you know, it's going—again, it's like, it was like six something and now it's, like, eight something a month. So, it's like, “Okay. You're all right.”Corey: Just go—that's what you have a credit card for. Go ahead and charge it. It's fine. Now, yeah, counterpoint if you're a large company, and yeah, we're just going to be raising prices by 20% across the board for everyone, and you look at this and like, that's a phone number. Yeah, I kind of want some special outreach and conversations there. But it's odd.Andy: It's interesting. Yeah. They're great.Corey: Last question before we call this an episode. In 22 years, how have you seen the market change from your perspective? Most people do not work in the industry from one company's perspective for as long as you have. That gives you a somewhat privileged position to see, from a point of relative stability, what the industry has done.Andy: So—Corey: What have you noticed?Andy: —and I'm going to give you an answer, which is about, like, the sales cycle, which is it used to be about meetings and about everybody coming together and used to have to occasionally wear a suit. And there would be, you know, meetings where you would need to get a CEO or CFO to personally see a presentation and decide something and say, “Okay, we're going with X or Y. We're going to make a decision.” And today, those decisions are, pretty far and wide, made much, much further down in the organization. They're made by developers, team leads, project managers, program managers.So, the way people engage with customers today is so different. First of all, like, most meetings are still virtual. I mean, like, yeah, we have physical meetings and we get together for things, but like, so much more is done virtually, which is cool because we built the internet so we wouldn't have to go anywhere, so it's nice that we got that landed. It's unfortunate that we had to do with Covid to get there, but ultimately, I think that purchasing decisions and technology decisions are distributed so much more deeply into the organization than they were. It used to be a, like, C-level thing. We're now seeing that stuff happened much further down in the organization.We see that inside Akamai and we see it with our customers as well. It's been, honestly, refreshing because you tend to be able to engage with technical folks when you're talking about technical products. And you know, the business folks are still there and they're helping to guide the discussions and all that, but it's a much better time, I think, to be a technical person now than it probably was 20 years ago.Corey: I would say that being a technical person has gotten easier in a bunch of ways; it's gotten harder in a bunch of ways. I would say that it has transformed. I was very opposed to the idea that oh, as a sysadmin, why should I learn to write code? And in retrospect, it was because I wasn't sure I could do it and it felt like the rising tide was going to drown me. And in hindsight, yeah, it was the right direction for the industry to go in.But I'm also sensitive to folks who don't want to, midway through their career, pick up an entirely new skill set in order to remain relevant. I think that it is a lot easier to do some things. Back when Akamai started, it took an intimate knowledge of GCC compiler flags, in most cases, to host a website. Now, it is checking a box on a web page and you're done. Things have gotten easier.The abstractions continue to slip below the waterline, so the things we have to care about getting more and more meaningful to the business. We're nowhere near our final form yet, but I'm very excited about how accessible this industry is to folks that previously would not have been, while also disheartened by just how much there is to know. Otherwise, “Oh yeah, that entire aspect of the way that this core thing that runs my business, yeah, that's basically magic and we just hope the magic doesn't stop working, or we make a sacrifice to the proper God, which is usually a giant trillion-dollar company.” And the sacrifice is, of course, engineering time combined with money.Andy: You know, technology is all about abstraction layers, right? And I think—that's my view, right—and we've been spending the last several decades, not, ‘we' Akamai; ‘we' the technology industry—on, you know, coming up with some pretty solid abstraction layers. And you're right, like, the, you know, GCC j6—you know, -j6—you know, kind of compiler tags not that important anymore, we could go back in time and talk about inetd, the first serverless. But other than that, you know, as we get to the present day, I think what's really interesting is you can contribute technically without being a super coding nerd. There's all kinds of different technical approaches today and technical disciplines that aren't just about development.Development is super important, but you know, frankly, the sysadmin skill set is more valuable today if you look at what SREs have become and how important they are to the industry. I mean, you know, those are some of the most critical folks in the entire piping here. So, don't feel bad for starting out as a sysadmin. I think that's my closing comment back to you.Corey: I think that's probably a good place to leave it. I really want to thank you for being so generous with your time.Andy: Anytime.Corey: If people want to learn more about how you see the world, where can they find you?Andy: Yeah, I mean, I guess you could check me out on LinkedIn. Happy to shoot me something there and happy to catch up. I'm pretty much read-only on social, so I don't pontificate a lot on Twitter, but—Corey: Such a good decision.Andy: Feel free to shoot me something on LinkedIn if you want to get in touch or chat about Akamai.Corey: Excellent. And of course, our thanks goes well, to the fine folks at Macrometa who have promoted this episode. It is always appreciated when people wind up supporting this ridiculous nonsense that I do. My guest has been Andy Champagne SVP at the CTO office over at Akamai. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an insulting comment that will not post successfully because your podcast provider of choice wound up skimping out on a provider who did not care enough about a persistent global data layer.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Cyber Security Headlines
Treasury thwarts Killnet, UK scanning devices, Denmark train cyberattack

Cyber Security Headlines

Play Episode Listen Later Nov 7, 2022 8:24 Very Popular


US Treasury thwarts DDoS attack from Russian Killnet group British government scanning all Internet devices hosted in UK Denmark trains halted by cyberattack And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.  

Breaking Analysis with Dave Vellante
Cloudflare's Supercloud…What Multi Cloud Could Have Been

Breaking Analysis with Dave Vellante

Play Episode Listen Later Nov 7, 2022 22:58


Over the past decade, Cloudflare has built a global network that has the potential to become the fourth U.S.-based hyperscale-class cloud. In our view, the company is building a durable revenue model with hooks into many important markets. These include the more mature DDoS protection space, but also extend to growth sectors such as zero trust, a serverless platform for application development and an increasing number of services such as database and object storage. In essence, Cloudflare can be thought of as a giant, distributed supercomputer that can connect multiple clouds and act as a highly efficient scheduling engine– allocating and optimizing resources at scale. Its disruptive DNA is increasingly attracting novel startups and established global firms looking for a reliable, secure, high performance, low latency and more cost effective alternative to AWS and legacy infrastructure solutions. In this Breaking Analysis we initiate deeper coverage of Cloudflare. While the stock got hammered this past week on tepid guidance, we are optimistic about the company's future. In this post, we'll briefly explain our take on the company and its unique business model. We'll then share some peer comparisons with both a financial snapshot and some fresh ETR survey data. Finally we'll show some examples of how we think Cloudflare could be a disruptive force with a supercloud-like offering that, in many respects, is what multi-cloud should have been. 

Vater Sohn Podcast
Cyberkriminalität

Vater Sohn Podcast

Play Episode Listen Later Nov 6, 2022 48:10


Wir reden über die Arten der Cyberkriminalität - auch beim Gaming! Ausserdem geben wir Tips wie man sich schützen kann.

The CyberWire
OpenSSL indeed patched. CISA is confident of election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. BEC and gift cards. And that's one sweet ride.

The CyberWire

Play Episode Listen Later Nov 2, 2022 24:48 Very Popular


OpenSSL patches two vulnerabilities. CISA and election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. Business email compromise and gift cards. Tim Starks from the Washington Posts' Cybersecurity 202 has the latest on election security. A visit to the CyberWire's Women in Cyber Security event. And consequences for Raccoon Stealer from the war in Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/211 Selected reading. OpenSSL patched today. (CyberWire) OpenSSL Releases Security Update (CISA)  OpenSSL releases fixes for two ‘high' severity vulnerabilities (The Record by Recorded Future) OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway! (Naked Security) Threat Advisory: High Severity OpenSSL Vulnerabilities (Cisco Talos Blog) OpenSSL Vulnerability Patch Released (Sectigo® Official) Clearing the Fog Over the New OpenSSL Vulnerabilities (Rezilion) OpenSSL vulnerability CVE-2022-3602 (Remote Code Execution) and CVE-2022-3786 (Denial of Service) Check Point Research Update (Check Point Software) Undisclosed OpenSSL vulnerability: Free scripts for target scoping (Lightspin) Discussions of CISA's part in elections and the JCDC. (CyberWire) U.S. Treasury thwarted attack by Russian hacker group last month-official (Reuters)  XDR data reveals threat trends. (CyberWire) What happens to a gift card given to a scammer? (CyberWire) How Russia's war in Ukraine helped the FBI crack one of the biggest cybercrime cases in years (MarketWatch)

Business of Tech
Wed Nov-2-2022: Break-fix is back, says Datto; AD Servers attack, and NY right-to-repair

Business of Tech

Play Episode Listen Later Nov 2, 2022 6:04


Three things to know today Break-fix is back, says Kaseya's Datto AD servers are spewing DDoS attacks AND Could New York pass the first right to repair law?      Do you want to get the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/   Support the show on Patreon:  https://patreon.com/mspradio/   Want our stuff?  Cool Merch?  Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com   Follow us on: Facebook: https://www.facebook.com/mspradionews/ Twitter: https://twitter.com/mspradionews/ Instagram: https://www.instagram.com/mspradio/ LinkedIn: https://www.linkedin.com/company/28908079/  

The Cloud Pod
186: Google Cloud Next, More Like Google Cloud Passed

The Cloud Pod

Play Episode Listen Later Oct 31, 2022 72:24


On The Cloud Pod this week, Amazon EC2 Trn1 instances for high-performance model training are now available, 123 new things were announced at Google Cloud Next ‘22, Several new Azure capabilities were announced at Microsoft Ignite, and many new announcements were made at Oracle CloudWorld. Thank you to our sponsor, Foghorn Consulting, which provides top-notch cloud and DevOps engineers to the world's most innovative companies. Initiatives stalled because you're having trouble hiring? Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week. Episode Highlights ⏰ Amazon EC2 Trn1 instances for high-performance model training are now available. ⏰ 123 new things were announced at Google Cloud Next ‘22. ⏰ Several new Azure capabilities were announced at Microsoft Ignite. ⏰ Many new announcements from Oracle CloudWorld. Top Quote

Computer Talk with TAB
Computer Talk Hr 1 10-29-22

Computer Talk with TAB

Play Episode Listen Later Oct 29, 2022 36:02


Microsoft update breaks OneDrive, Microsoft Servers are being used in DDoS attacks. Alice looking for ways to improve screen viewing for impaired people, Can't configure my weather station! How do I remove my old email address from my Apple Gmail App, Facebook counterfeiting accounts.

ITSPmagazine | Technology. Cybersecurity. Society
Why Privacy Compliance Is A Challenge For Many Organizations | Prepare To Meet Varying Compliance Requirements | Part 1 | An Imperva Story With Kate Barecchia

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Oct 26, 2022 40:49


Over 100+ countries and counting (along with a growing number is U.S. states) have enacted data privacy legislation, creating a super-complex global data privacy landscape. Unless, of course, you approach the situation with a different mindset.Join us to explore the relationship between privacy, security, compliance, and ethics as organizations try to find the perfect balance in data creation, collection, storage, usage, and collaboration.Don't worry, we'll set the record straight for the differences between the “DPO” and the “DPO” … as well as the participation and responsibilities of security, privacy, engineering, legal, compliance, and more.In this first episode, we look at the history of privacy law and regulation and we explore how the definitions and requirements are expanding for the benefit of consumers and the impact and challenges they create for the business.We also get into the differences between data privacy, compliance, and security and how organizations can determine what its data privacy posture will look like in comparison/contrast to its security posture.Is it a one-size-fits-all approach? As an engineer turned legal professional turned privacy executive, you might be surprised to hear what Kate's recommendations are.Note: This story contains promotional content. Learn more.GuestKate BarecchiaDeputy General Counsel & Global Data Privacy Officer at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/kate-barecchia-82759a14/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Product: Imperva Data Security FabricData Discovery Solution: Data discovery and classificationData Security Solution: Sensitive and personal data securityWebinar: What Security Professionals Need to Know About Privacy in 2023Whitepaper: A data-centric cybersecurity framework for digital transformationAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The Tech Blog Writer Podcast
2153: NETSCOUT Reveal Insights From DDOS Threat Intelligence Report

The Tech Blog Writer Podcast

Play Episode Listen Later Oct 25, 2022 28:03


NETSCOUT recently announced findings from its DDoS Threat Intelligence Report. The findings demonstrate how sophisticated cybercriminals have become at bypassing defences with new DDoS attack vectors and successful methodologies. "By constantly innovating and adapting, attackers are designing new, more effective DDoS attack vectors or doubling down on existing effective methodologies," said Richard Hummel, threat intelligence lead at NETSCOUT. "In the first half of 2022, attackers conducted more pre-attack reconnaissance, exercised a new attack vector called TP240 PhoneHome, created a tsunami of TCP flooding attacks, and rapidly expanded high-powered botnets to plague network-connected resources. In addition, bad actors have openly embraced online aggression with high-profile DDoS attack campaigns related to geopolitical unrest, which have had global implications." NETSCOUT's Active Level Threat Analysis System (ATLAS™) compiles DDoS attack statistics from most of the world's ISPs, large data centres, and government and enterprise networks. This data represents intelligence on attacks occurring in over 190 countries, 550 industries, and 50,000 autonomous system numbers (ASNs). NETSCOUT's ATLAS Security Engineering and Response Team (ASERT) analyses and curates this data to provide unique insights in its biannual report. When I hear phrases such as DNS water-torture attacks and carpet-bombing attacks on the rise combined with a new Netscout Threat Intelligence report, I immediately reached out to my go-to guy for cybersecurity threats. Richard Hummel rejoins me on Tech TAlks Daily to discuss the news in more detail and demystify some of the terminologies around the threat landscape.

The CyberWire
Notes and lessons on the hybrid war. Update on Zimbra exploitation. Microsoft fixes misconfigured storage. The state of the cyber workforce. Trends in phishing and ransomware.

The CyberWire

Play Episode Listen Later Oct 20, 2022 34:03 Very Popular


DDoS as misdirection. NSA shares lessons learned from cyber operations observed in Russia's war against Ukraine. Advice from CISA on Zimbra.. A misconfigured Microsoft storage endpoint has been secured. Notes from a study on the Cybersecurity Workforce . The cost to businesses of phishing. Betsy Carmelite from Booz Allen Hamilton on managing mental health in the cyber workforce. Our guest is Ismael Valenzuela of Blackberry with insights on "The Cyber Insurance Gap". And updates to the ransomware leaderboard. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/202 Selected reading. Bulgarian cyberattack: Sabotage as a cover for spying? (Deutsche Welle) Bulgarian websites impacted by Killnet DDoS attack (SC Media)  Lessons From Ukraine: NSA Cyber Chief Lauds Industry Intel (Meritalk) NSA Cybersecurity Director's Six Takeaways From the War in Ukraine (Infosecurity Magazine)  NSA cyber chief says Ukraine war is compelling more intelligence sharing with industry (CyberScoop)  Investigation Regarding Misconfigured Microsoft Storage Location (Microsoft Security Response Center) 2019 Cybersecurity Workforce Study ((ISC)²)  The Business Cost of Phishing (Ironscales) Leading Ransomware Variants Q3 2022 (Intel471)

The CyberWire
Mobilizing DDoS-as-a-service. Interpol takes down Black Axe gang members. Trends in phishing. Spyder Loader active in Hong Kong. Europol announces arrests in keyless car hacking case.

The CyberWire

Play Episode Listen Later Oct 18, 2022 34:12 Very Popular


Mobilizing DDoS-as-a-service. Interpol takes down the Black Axe gang members. A look at phishing trends. Spyder Loader is active in Hong Kong. Joe Carrigan looks at Google's launch of passwordless authentication. Our guest is Dr. Eman El-Sheikh from University of West Florida's Center for Cybersecurity on NSA-funded National Cybersecurity Workforce Development Programs. And Europol announces arrests in a case of keyless car hacking. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/200 Selected reading. Project DDOSIA Russia's answer to disBalancer (Radwaare) Russian DDOSIA Project Pays Volunteers to Participate in DDOS Attacks on Western Companies (Gridinsoft Blogs) International crackdown on West-African financial crime rings (Interpol) Giant online scamming syndicate 'Black Axe' destroyed in Interpol-led operation (teiss) INTERPOL-led Operation Takes Down 'Black Axe' Cyber Crime Organization (The Hacker News) Operation Jackal: Interpol arrests Black Axe fraud suspects (Register) When the Black Axe falls: cybercrime suspects detained in global bust (Cybernews) International Police Action Blunts Black Axe Criminal Group - HS Today (Hstoday) Q3 2022 Cofense Phishing Intelligence Trends Review (Cofense) Spyder Loader: Malware Seen in Recent Campaign Targeting Organizations in Hong Kong (Symantec) Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation (Cybereason) 31 arrested for stealing cars by hacking keyless tech | Europol (Europol) European gang that sold car hacking tools to thieves arrested (The Record by Recorded Future)

TechStuff
The Zombies Are Attacking

TechStuff

Play Episode Listen Later Oct 12, 2022 38:53 Very Popular


What is a zombie computer? What is a botnet? And what the heck is a DDoS attack? We look at a common tactic used by hackers to silence or inconvenience a target, how it works, and the measures companies like Cloudflare take to mitigate them.See omnystudio.com/listener for privacy information.