Podcasts about DigiCert

Die Security-Welt überschlägt sich und täglich werden neue, schwere Sicherheitslücken im Linuxkernel bekannt. Christopher und Sylvester versuchen, Schritt zu halten und erzählen von Dirty Frag und Copy Fail 2. Auch in der PKI-Welt brennt's allerorten: Bei D-Trust schon wieder (oder immer noch) und DigiCert hatte Ärger mit Malware-Angriffen. Außerdem geht Sylvester auf den nur teilweise erfolgreichen Wechsel der Linux-Coreutils zur Programmiersprache Rust ein und erzählt über Ransomwarezahlungen. Die sind nämlich nicht nur ethisch, sondern auch rechtlich ein zweischneidiges Schwert - und eine Garantie für das Ende der Erpressung bieten sie auch nicht.

Sailpoint, Skoda, Best Western Hotels, DigiCert, Foxconn, and OpenAI are having a not great week...

DigiCert's latest security mishap triggered not just a scramble behind the scenes, but a cascading crisis that briefly wiped trust from millions of Windows systems. Find out how a single support slip, followed by Microsoft's heavy-handed response, left critical infrastructures exposed. The FCC decides router firmware updates are useful. Netgear applies for and gets a full FCC pass. AI uncovers a 21-year old critical FreeBSD RCE. What was behind that Let's Encrypt outage. AI model repositories are overflowing with malware. The CISA 2015 info-sharing act is being renewed. Edge leaves ALL usernames and passwords in the clear. An examination of DigiCert's breach and their response Show Notes - https://www.grc.com/sn/SN-1078-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: cyberhoot.com/securitynow guardsquare.com doppel.com outsystems.com/twit threatlocker.com/twit

DigiCert's latest security mishap triggered not just a scramble behind the scenes, but a cascading crisis that briefly wiped trust from millions of Windows systems. Find out how a single support slip, followed by Microsoft's heavy-handed response, left critical infrastructures exposed. The FCC decides router firmware updates are useful. Netgear applies for and gets a full FCC pass. AI uncovers a 21-year old critical FreeBSD RCE. What was behind that Let's Encrypt outage. AI model repositories are overflowing with malware. The CISA 2015 info-sharing act is being renewed. Edge leaves ALL usernames and passwords in the clear. An examination of DigiCert's breach and their response Show Notes - https://www.grc.com/sn/SN-1078-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

DigiCert's latest security mishap triggered not just a scramble behind the scenes, but a cascading crisis that briefly wiped trust from millions of Windows systems. Find out how a single support slip, followed by Microsoft's heavy-handed response, left critical infrastructures exposed. The FCC decides router firmware updates are useful. Netgear applies for and gets a full FCC pass. AI uncovers a 21-year old critical FreeBSD RCE. What was behind that Let's Encrypt outage. AI model repositories are overflowing with malware. The CISA 2015 info-sharing act is being renewed. Edge leaves ALL usernames and passwords in the clear. An examination of DigiCert's breach and their response Show Notes - https://www.grc.com/sn/SN-1078-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

DigiCert's latest security mishap triggered not just a scramble behind the scenes, but a cascading crisis that briefly wiped trust from millions of Windows systems. Find out how a single support slip, followed by Microsoft's heavy-handed response, left critical infrastructures exposed. The FCC decides router firmware updates are useful. Netgear applies for and gets a full FCC pass. AI uncovers a 21-year old critical FreeBSD RCE. What was behind that Let's Encrypt outage. AI model repositories are overflowing with malware. The CISA 2015 info-sharing act is being renewed. Edge leaves ALL usernames and passwords in the clear. An examination of DigiCert's breach and their response Show Notes - https://www.grc.com/sn/SN-1078-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

DigiCert's latest security mishap triggered not just a scramble behind the scenes, but a cascading crisis that briefly wiped trust from millions of Windows systems. Find out how a single support slip, followed by Microsoft's heavy-handed response, left critical infrastructures exposed. The FCC decides router firmware updates are useful. Netgear applies for and gets a full FCC pass. AI uncovers a 21-year old critical FreeBSD RCE. What was behind that Let's Encrypt outage. AI model repositories are overflowing with malware. The CISA 2015 info-sharing act is being renewed. Edge leaves ALL usernames and passwords in the clear. An examination of DigiCert's breach and their response Show Notes - https://www.grc.com/sn/SN-1078-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

DigiCert's latest security mishap triggered not just a scramble behind the scenes, but a cascading crisis that briefly wiped trust from millions of Windows systems. Find out how a single support slip, followed by Microsoft's heavy-handed response, left critical infrastructures exposed. The FCC decides router firmware updates are useful. Netgear applies for and gets a full FCC pass. AI uncovers a 21-year old critical FreeBSD RCE. What was behind that Let's Encrypt outage. AI model repositories are overflowing with malware. The CISA 2015 info-sharing act is being renewed. Edge leaves ALL usernames and passwords in the clear. An examination of DigiCert's breach and their response Show Notes - https://www.grc.com/sn/SN-1078-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

DigiCert's latest security mishap triggered not just a scramble behind the scenes, but a cascading crisis that briefly wiped trust from millions of Windows systems. Find out how a single support slip, followed by Microsoft's heavy-handed response, left critical infrastructures exposed. The FCC decides router firmware updates are useful. Netgear applies for and gets a full FCC pass. AI uncovers a 21-year old critical FreeBSD RCE. What was behind that Let's Encrypt outage. AI model repositories are overflowing with malware. The CISA 2015 info-sharing act is being renewed. Edge leaves ALL usernames and passwords in the clear. An examination of DigiCert's breach and their response Show Notes - https://www.grc.com/sn/SN-1078-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: cyberhoot.com/securitynow guardsquare.com doppel.com outsystems.com/twit threatlocker.com/twit

EP 291.  In this week's update:When a 200-pound internet-connected machine can be hijacked from 6,000 miles away, the smart home has officially become a liability.The moment security researchers have long anticipated has arrived: AI is no longer just defending systems - it's actively being used to break them.The same open ecosystems that accelerated AI adoption are now emerging as a significant and underestimated vector for supply chain attacks.In a landscape where breaches are inevitable, DigiCert's handling of a code-signing compromise offers a rare and instructive model for what accountability actually looks like.A browser trusted with your most sensitive credentials is quietly leaving them exposed in memory - and the vendor considers it working as intended.Google is embedding fraud detection directly into the operating system, signaling a fundamental shift in where the mobile security perimeter now begins.After years of a fragmented messaging security landscape, Apple and Google have closed one of the most glaring cross-platform encryption gaps in consumer technology.Decades of observational data linking coffee to longevity may finally have a molecular foundation - and it has nothing to do with caffeine.Let's go grab a mug!Find all links and the full transcript for this podcast here.

DigiCert's latest security mishap triggered not just a scramble behind the scenes, but a cascading crisis that briefly wiped trust from millions of Windows systems. Find out how a single support slip, followed by Microsoft's heavy-handed response, left critical infrastructures exposed. The FCC decides router firmware updates are useful. Netgear applies for and gets a full FCC pass. AI uncovers a 21-year old critical FreeBSD RCE. What was behind that Let's Encrypt outage. AI model repositories are overflowing with malware. The CISA 2015 info-sharing act is being renewed. Edge leaves ALL usernames and passwords in the clear. An examination of DigiCert's breach and their response Show Notes - https://www.grc.com/sn/SN-1078-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: cyberhoot.com/securitynow guardsquare.com doppel.com outsystems.com/twit threatlocker.com/twit

Synopsis Cette semaine, Patrick et Jacques reçoivent Jonathan Bastille, technicien informatique avec mandat sécurité au Cégep de Rivière-du-Loup. Jonathan raconte sa transition du privé vers le secteur public, et le contraste brutal entre la rapidité de décision en PME et le rythme « paquebot » d'un milieu où chaque changement passe par un conseil d'administration. La discussion bifurque rapidement vers la loi 25, l'illusion de conformité par bouts de papier, et l'attitude de trop de PME québécoises : « la sécurité, c'est pas important — j'attends que ça le devienne ». Le trio s'attaque ensuite à un sujet récurrent du podcast : la futilité de la majorité des campagnes de phishing simulé. Renforcement positif vs punition, tests qui ne mesurent que le clic au lieu du processus de détection en arrière, et l'argument central de Patrick — si vos employés deviennent bons à reconnaître votre simulation, ils ne deviennent pas pour autant bons à reconnaître les vraies attaques. Jonathan partage aussi une histoire concrète où il a bloqué le device code flow dans Microsoft, juste avant qu'une attaque réelle utilisant exactement cette technique frappe l'organisation. Côté actualités, plusieurs nouvelles passent au crible : le retour forcé au bureau qui a accouché du néologisme « téléprésentiel », la sortie maladroite du chef du CST qui blâme la proximité avec les États-Unis pour les cyberattaques canadiennes, et surtout le combo explosif CopyFeld + cPanel — une vulnérabilité Linux d'escalade de privilèges présente depuis 2007 et un piratage massif de panneaux d'administration d'hébergeurs. L'épisode se ferme sur une campagne de phishing déployant ScreenConnect chez 80+ organisations, un faux positif retentissant de Microsoft Defender sur des certificats DigiCert, et un rappel martelé : tant que les utilisateurs travaillent en local admin, aucun EDR ne va vous sauver. Crew Patrick Mathieu Jacques Sauvé Jonathan Bastille (invité spécial) Liens et ressources Patrick Microsoft Attack Surface Reduction Rules Device code phishing - Microsoft Microsoft Digital Defense Report Téléprésentiel – retour au bureau, 3 h de trafic pour Teams (Journal de Montréal) Proximité avec les États-Unis et cyberattaques – Radio-Canada cPanel / WHM – exploitation massive du contournement d'authentification (TechCrunch) Copy Fail – exploitation pour obtenir root sur Linux (CISA / BleepingComputer) Jacques Campagne phishing ScreenConnect 80+ organisations Microsoft Defender faux positif DigiCert / Cerdigent Jonathan Microsoft Defender for Endpoint Microsoft Sentinel Microsoft Intune Shamelessplug Inscriptions Hackfest 2026 Hackfest CTF Polar - journée pour les gestionnaires en cybersécurité Call for Paper Hackfest 2026 (mai à fin août) iHack - 30 mai 2026 (Québec, Trois-Rivières, Chicoutimi, Montréal) Discord Hackfest securite.fm Crédits Montage audio par Hackfest Communication Musique par Caleidisco – Candy Island - Much Too Loose Locaux virtuels par Streamyard

Instructure discloses breach amid leak threats DigiCert revokes certificates Silver Fox targets Indian and Russian orgs Get the show notes here: https://cisoseries.com/cybersecurity-news-instructure-discloses-breach-digicert-revokes-certificates-silver-fox-targets-indian-and-russian-orgs/ Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Malicious Ad for Homebrew Leads to MacSync Stealer https://isc.sans.edu/diary/Malicious%20Ad%20for%20Homebrew%20Leads%20to%20MacSync%20Stealer/32942 Wireshark Update https://www.wireshark.org/docs/relnotes/wireshark-4.6.5.html Digicert Microsoft Defender False Positive https://www.reddit.com/r/cybersecurity/comments/1t2hfsh/mde_flagging_digi_cert_certificate_as_malicious/ https://bugzilla.mozilla.org/show_bug.cgi?id=2033170 cPanel Exploited https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as malware and removed them from Windows systems, breaking trust chains and causing widespread application failures. The issue was traced to a faulty detection signature (Trojan:Win32/CertyAgent), now fixed in update version 1.449.430.0.  At the same time, DigiCert confirmed a separate security incident where attackers compromised support systems and used internal tools to issue valid code-signing certificates. At least 60 certificates were revoked, including 27 linked to the Zong Stealer malware campaign.  Meanwhile, a critical cPanel vulnerability (CVE-2026-41940) is being actively exploited. Attackers used the flaw as a zero-day since February, compromising at least 44,000 servers and deploying new SORI ransomware using ChaCha20 and RSA-2048 encryption.  Also in this episode: The Linux "Copyfail" privilege escalation bug is now confirmed exploited and added to CISA's Known Exploited Vulnerabilities list A 10/10 critical vulnerability (CVE-2026-37541) in Open Vehicle Monitoring System could allow remote code execution in connected car environments This episode breaks down how these attacks work, why patch timing matters, and where organizations are most exposed right now. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Suggested Chapters (for retention and SEO) 00:00 Microsoft Defender deletes trusted certificates 02:20 DigiCert breach and stolen code-signing certificates 05:20 cPanel zero-day exploited, 44,000 servers compromised 08:40 Linux Copyfail vulnerability now actively exploited 10:40 Critical flaw in open-source car software  

DigiCert got hacked via a malicious screensaver file, two ransomware negotiators each get four years in prison, Trellix discloses a security breach, and another Russian hacker gets arrested while vacationing in the wrong place. Show notes Risky Bulletin: DigiCert hacked with a malicious screensaver file

Most organizations don't fail because of technology. They fail because decision authority is unclear in the first critical minutes. “Being careful” is often interpreted as waiting for certainty, but that delay creates exposure. How should executives make decisions under pressure? Ann Marie van den Hurk, Founder at Mind The Gap Advisory, joins Business Security Weekly to discuss how executive paralysis leads to business damage. Ann Marie will discuss: Where Paralysis Actually Comes From What “Being Careful” Looks Like in Practice Why the First 20 Minutes Matter How Paralysis Becomes Business Damage Why Existing Plans Don't Hold What Actually Fixes It Then, we rebroadcast two interviews from RSAC 2026. Autonomous Intelligence and the Future of Digital Trust AI agents are no longer experimental tools — they are becoming autonomous participants in enterprise infrastructure. Acting independently, making decisions at machine speed, and interacting directly with sensitive systems, these agents fundamentally reshape the trust model that underpins modern organizations. As AI becomes embedded across operations, security must evolve from perimeter defense to continuous, identity-driven trust. This conversation explores what it means to build a resilient trust architecture for autonomous systems — one that ensures verifiable identity, constrained authority, accountability, and governance at scale. We'll examine how enterprises can balance innovation with control, prevent misuse or spoofed agents, and prepare for a future defined by machine-to-machine interactions. At stake is not just cybersecurity, but the integrity of digital trust itself. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Know Your AI Agents Through Visibility, Control, and Accountability AI agents are rapidly embedding into core enterprise workflows with broad access to sensitive systems and the ability to act autonomously, creating new challenges for security leaders tasked with enabling innovation while maintaining control. In this interview, Matt Immler will discuss why organizations must know about every agent operating in their environment and how to bring those agents under governance. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-441

Most organizations don't fail because of technology. They fail because decision authority is unclear in the first critical minutes. "Being careful" is often interpreted as waiting for certainty, but that delay creates exposure. How should executives make decisions under pressure? Ann Marie van den Hurk, Founder at Mind The Gap Advisory, joins Business Security Weekly to discuss how executive paralysis leads to business damage. Ann Marie will discuss: Where Paralysis Actually Comes From What "Being Careful" Looks Like in Practice Why the First 20 Minutes Matter How Paralysis Becomes Business Damage Why Existing Plans Don't Hold What Actually Fixes It Then, we rebroadcast two interviews from RSAC 2026. Autonomous Intelligence and the Future of Digital Trust AI agents are no longer experimental tools — they are becoming autonomous participants in enterprise infrastructure. Acting independently, making decisions at machine speed, and interacting directly with sensitive systems, these agents fundamentally reshape the trust model that underpins modern organizations. As AI becomes embedded across operations, security must evolve from perimeter defense to continuous, identity-driven trust. This conversation explores what it means to build a resilient trust architecture for autonomous systems — one that ensures verifiable identity, constrained authority, accountability, and governance at scale. We'll examine how enterprises can balance innovation with control, prevent misuse or spoofed agents, and prepare for a future defined by machine-to-machine interactions. At stake is not just cybersecurity, but the integrity of digital trust itself. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Know Your AI Agents Through Visibility, Control, and Accountability AI agents are rapidly embedding into core enterprise workflows with broad access to sensitive systems and the ability to act autonomously, creating new challenges for security leaders tasked with enabling innovation while maintaining control. In this interview, Matt Immler will discuss why organizations must know about every agent operating in their environment and how to bring those agents under governance. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! Show Notes: https://securityweekly.com/bsw-441

Most organizations don't fail because of technology. They fail because decision authority is unclear in the first critical minutes. "Being careful" is often interpreted as waiting for certainty, but that delay creates exposure. How should executives make decisions under pressure? Ann Marie van den Hurk, Founder at Mind The Gap Advisory, joins Business Security Weekly to discuss how executive paralysis leads to business damage. Ann Marie will discuss: Where Paralysis Actually Comes From What "Being Careful" Looks Like in Practice Why the First 20 Minutes Matter How Paralysis Becomes Business Damage Why Existing Plans Don't Hold What Actually Fixes It Then, we rebroadcast two interviews from RSAC 2026. Autonomous Intelligence and the Future of Digital Trust AI agents are no longer experimental tools — they are becoming autonomous participants in enterprise infrastructure. Acting independently, making decisions at machine speed, and interacting directly with sensitive systems, these agents fundamentally reshape the trust model that underpins modern organizations. As AI becomes embedded across operations, security must evolve from perimeter defense to continuous, identity-driven trust. This conversation explores what it means to build a resilient trust architecture for autonomous systems — one that ensures verifiable identity, constrained authority, accountability, and governance at scale. We'll examine how enterprises can balance innovation with control, prevent misuse or spoofed agents, and prepare for a future defined by machine-to-machine interactions. At stake is not just cybersecurity, but the integrity of digital trust itself. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Know Your AI Agents Through Visibility, Control, and Accountability AI agents are rapidly embedding into core enterprise workflows with broad access to sensitive systems and the ability to act autonomously, creating new challenges for security leaders tasked with enabling innovation while maintaining control. In this interview, Matt Immler will discuss why organizations must know about every agent operating in their environment and how to bring those agents under governance. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-441

Most organizations don't fail because of technology. They fail because decision authority is unclear in the first critical minutes. "Being careful" is often interpreted as waiting for certainty, but that delay creates exposure. How should executives make decisions under pressure? Ann Marie van den Hurk, Founder at Mind The Gap Advisory, joins Business Security Weekly to discuss how executive paralysis leads to business damage. Ann Marie will discuss: Where Paralysis Actually Comes From What "Being Careful" Looks Like in Practice Why the First 20 Minutes Matter How Paralysis Becomes Business Damage Why Existing Plans Don't Hold What Actually Fixes It Then, we rebroadcast two interviews from RSAC 2026. Autonomous Intelligence and the Future of Digital Trust AI agents are no longer experimental tools — they are becoming autonomous participants in enterprise infrastructure. Acting independently, making decisions at machine speed, and interacting directly with sensitive systems, these agents fundamentally reshape the trust model that underpins modern organizations. As AI becomes embedded across operations, security must evolve from perimeter defense to continuous, identity-driven trust. This conversation explores what it means to build a resilient trust architecture for autonomous systems — one that ensures verifiable identity, constrained authority, accountability, and governance at scale. We'll examine how enterprises can balance innovation with control, prevent misuse or spoofed agents, and prepare for a future defined by machine-to-machine interactions. At stake is not just cybersecurity, but the integrity of digital trust itself. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Know Your AI Agents Through Visibility, Control, and Accountability AI agents are rapidly embedding into core enterprise workflows with broad access to sensitive systems and the ability to act autonomously, creating new challenges for security leaders tasked with enabling innovation while maintaining control. In this interview, Matt Immler will discuss why organizations must know about every agent operating in their environment and how to bring those agents under governance. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! Show Notes: https://securityweekly.com/bsw-441

Quantum computing isn't distant anymore, but is a rapidly approaching milestone that is already reshaping the foundations of digital security. Faced with a new reality, organizations everywhere are preparing for the post quantum era. Encryption, the essential safeguard for global data protection, will need to evolve quickly, and the timeline to act is shrinking fast. For this reason, Thales PQC Palooza at RSAC has become one of the industry's must-attend gatherings, and this episode takes you right into the heart of this year's event. Hear from leaders across the PQC ecosystem including Keyfactor, DigiCert, Quside, The Quantum Crunch, Thales and more, who break down the current state of PQC and the critical steps toward quantum-safe architectures.

In this episode, PhoneBoy talks about the DigiCert issue, an excerpt from our External Cyber Risks session, four features you should be using, a SmartConsole extension to help you find zero hit-count rules, and new API calls in R82 JHF 38.Upcoming Sessions the week of September 8 2025:The Future of SD-WANManagement API Best PracticesQuantum Spark Management UnleashedRemote Access and SASE Best Practices 

DigiCert is widely recognized for its expertise in PKI and as a TLS certificate authority. As you can imagine, they have a significant perspective on the quantum computing threat to encryption and the migration to post-quantum cryptography (PQC). We cover everything from the challenges of upgrading IoT devices to ML-DSA signature sizes, as well as the new DigiCert One platform the company offers to help manage the migration process. In the middle of this episode, you'll even get a clear summary of what a successful rollout to PQC looks like. Join host Konstantinos Karagiannis for a wide-ranging chat on actionable PQC steps you can take with Kevin Hilscher from DigiCert. There's even a Quantum Safe Playground to experiment with!For more information on DigiCert, visit www.digicert.com/.   Visit the Quantum Safe Playground at https://labs.digicert.com/quantum-safe.Visit Protiviti at www.protiviti.com/US-en/technology-consulting/quantum-computing-services to learn more about how Protiviti is helping organizations get post-quantum ready.  Follow host Konstantinos Karagiannis on all socials: @KonstantHacker and follow Protiviti on LinkedIn and Twitter: @Protiviti.     Questions and comments are welcome!  Theme song by David Schwartz, copyright 2021.Visit Protiviti at www.protiviti.com/US-en/technology-consulting/quantum-computing-services  to learn more about how Protiviti is helping organizations get post-quantum ready.  Follow host Konstantinos Karagiannis on all socials: @KonstantHacker and follow Protiviti Technology on LinkedIn and X: @ProtivitiTech.             Questions and comments are welcome!  Theme song by David Schwartz, copyright 2021.  The views expressed by the participants of this program are their own and do not represent the views of, nor are they endorsed by, Protiviti Inc., The Post-Quantum World, or their respective officers, directors, employees, agents, representatives, shareholders, or subsidiaries.  None of the content should be considered investment advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. Thanks for listening to this podcast. Protiviti Inc. is an equal opportunity employer, including minorities, females, people with disabilities, and veterans.  

S2E11: Zero Trust, Quantum Threats, and the Digital Health Security Mandate: A CHIME x DigiCert Deep Dive Host: Frank Cutitta Guest: Mike Nelson, Global VP Digital Trust, DigiCert To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen

In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We'll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and other critical industries, check out our whitepapers on the topic: https://security.imprivata.com/putting-complex-passwords-to-work-for-you-wp.html https://www.imprivata.com/resources/whitepapers/passwordless-journey-healthcare This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivataidv to learn more about them! As digital identities multiply and certificate lifespans shrink, enterprises face growing challenges in securing trust across users, devices, and systems. This session explores why unifying PKI and IAM is essential to closing identity-related trust gaps and how platforms like DigiCert ONE—integrating PKI, DNS, and automation—help eliminate outages, streamline security operations, and future-proof organizations. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertidv to learn more about them! Identity-related attacks are now the dominant threat vector in cybersecurity, yet most organizations remain hindered by fragmented tools, siloed data, and disconnected teams. “Multiplayer AI” offers a new model for identity security, emphasizing interoperability between human experts and AI agents to create a unified, real-time system of systems. By fostering collaboration through open standards and shared intelligence, enterprises can close security gaps, reduce attacker dwell time, and respond faster—transforming identity security from isolated defense into coordinated resilience. https://www.radiantlogic.com/blog/the-dentity-security-paradox-when-more-tools-create-bigger-blind-spots/ This segment is sponsored by Radiant Logic. Visit https://securityweekly.com/radiantlogicidv to learn more about them! In this era of technological advancements where businesses are going digital and more cloud based while preferring remote work environment, cyber threats are surprising growing at the rate never seen before. This makes Identity and Access Management (IAM) and Privileged Access Management (PAM) no more an optional thing but a core crucial requirement. These are not just IT tools anymore- they are important for the security of people, data, and operations. More and more organizations from different industries are now turning to IAM and PAM as managed services to handle the growing complexity of access control and cybersecurity. Why? Because managing identity internally is becoming harder, more expensive, and riskier. With a trusted managed service partner, businesses gain expert support, 24/7 monitoring, scalability, and peace of mind—all while staying compliant and secure. This segment will explore how IAM and PAM managed services are helping companies reduce risk, simplify operations, and stay ahead of evolving security challenges. Whether you're an IT leader, security professional, or business decision-maker, you'll learn why outsourcing identity and access management is quickly becoming a smart, strategic move for the modern enterprise https://www.idmexpress.com/blogs https://www.idmexpress.com/post/cyberark-privileged-access-management-pam-implementation https://www.idmexpress.com/iam-products This segment is sponsored by IDMEXPRESS. Visit https://securityweekly.com/idmidv to implement and manage IAM and PAM solutions tailored to your business needs. Duo's biggest announcement since push-MFA. Duo is defining the future of Identity by unveiling a solution that attackers will hate and users will love. This segment is sponsored by Cisco Duo. Visit https://securityweekly.com/duoidv to learn more about them! In this interview, we will explore the power of data-driven identity leadership and how organizations can leverage analytics to enhance their identity security strategies. Hear insights on aligning data with business goals, improving decision-making, and proactively managing risk. Learn how analytics can transform your identity program from reactive to strategic, driving measurable success. This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them or get a free demo! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-412

In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We'll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and other critical industries, check out our whitepapers on the topic: https://security.imprivata.com/putting-complex-passwords-to-work-for-you-wp.html https://www.imprivata.com/resources/whitepapers/passwordless-journey-healthcare This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivataidv to learn more about them! As digital identities multiply and certificate lifespans shrink, enterprises face growing challenges in securing trust across users, devices, and systems. This session explores why unifying PKI and IAM is essential to closing identity-related trust gaps and how platforms like DigiCert ONE—integrating PKI, DNS, and automation—help eliminate outages, streamline security operations, and future-proof organizations. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertidv to learn more about them! Identity-related attacks are now the dominant threat vector in cybersecurity, yet most organizations remain hindered by fragmented tools, siloed data, and disconnected teams. “Multiplayer AI” offers a new model for identity security, emphasizing interoperability between human experts and AI agents to create a unified, real-time system of systems. By fostering collaboration through open standards and shared intelligence, enterprises can close security gaps, reduce attacker dwell time, and respond faster—transforming identity security from isolated defense into coordinated resilience. https://www.radiantlogic.com/blog/the-dentity-security-paradox-when-more-tools-create-bigger-blind-spots/ This segment is sponsored by Radiant Logic. Visit https://securityweekly.com/radiantlogicidv to learn more about them! In this era of technological advancements where businesses are going digital and more cloud based while preferring remote work environment, cyber threats are surprising growing at the rate never seen before. This makes Identity and Access Management (IAM) and Privileged Access Management (PAM) no more an optional thing but a core crucial requirement. These are not just IT tools anymore- they are important for the security of people, data, and operations. More and more organizations from different industries are now turning to IAM and PAM as managed services to handle the growing complexity of access control and cybersecurity. Why? Because managing identity internally is becoming harder, more expensive, and riskier. With a trusted managed service partner, businesses gain expert support, 24/7 monitoring, scalability, and peace of mind—all while staying compliant and secure. This segment will explore how IAM and PAM managed services are helping companies reduce risk, simplify operations, and stay ahead of evolving security challenges. Whether you're an IT leader, security professional, or business decision-maker, you'll learn why outsourcing identity and access management is quickly becoming a smart, strategic move for the modern enterprise https://www.idmexpress.com/blogs https://www.idmexpress.com/post/cyberark-privileged-access-management-pam-implementation https://www.idmexpress.com/iam-products This segment is sponsored by IDMEXPRESS. Visit https://securityweekly.com/idmidv to implement and manage IAM and PAM solutions tailored to your business needs. Duo's biggest announcement since push-MFA. Duo is defining the future of Identity by unveiling a solution that attackers will hate and users will love. This segment is sponsored by Cisco Duo. Visit https://securityweekly.com/duoidv to learn more about them! In this interview, we will explore the power of data-driven identity leadership and how organizations can leverage analytics to enhance their identity security strategies. Hear insights on aligning data with business goals, improving decision-making, and proactively managing risk. Learn how analytics can transform your identity program from reactive to strategic, driving measurable success. This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them or get a free demo! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-412

In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We'll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and other critical industries, check out our whitepapers on the topic: https://security.imprivata.com/putting-complex-passwords-to-work-for-you-wp.html https://www.imprivata.com/resources/whitepapers/passwordless-journey-healthcare This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivataidv to learn more about them! As digital identities multiply and certificate lifespans shrink, enterprises face growing challenges in securing trust across users, devices, and systems. This session explores why unifying PKI and IAM is essential to closing identity-related trust gaps and how platforms like DigiCert ONE—integrating PKI, DNS, and automation—help eliminate outages, streamline security operations, and future-proof organizations. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertidv to learn more about them! Identity-related attacks are now the dominant threat vector in cybersecurity, yet most organizations remain hindered by fragmented tools, siloed data, and disconnected teams. “Multiplayer AI” offers a new model for identity security, emphasizing interoperability between human experts and AI agents to create a unified, real-time system of systems. By fostering collaboration through open standards and shared intelligence, enterprises can close security gaps, reduce attacker dwell time, and respond faster—transforming identity security from isolated defense into coordinated resilience. https://www.radiantlogic.com/blog/the-dentity-security-paradox-when-more-tools-create-bigger-blind-spots/ This segment is sponsored by Radiant Logic. Visit https://securityweekly.com/radiantlogicidv to learn more about them! In this era of technological advancements where businesses are going digital and more cloud based while preferring remote work environment, cyber threats are surprising growing at the rate never seen before. This makes Identity and Access Management (IAM) and Privileged Access Management (PAM) no more an optional thing but a core crucial requirement. These are not just IT tools anymore- they are important for the security of people, data, and operations. More and more organizations from different industries are now turning to IAM and PAM as managed services to handle the growing complexity of access control and cybersecurity. Why? Because managing identity internally is becoming harder, more expensive, and riskier. With a trusted managed service partner, businesses gain expert support, 24/7 monitoring, scalability, and peace of mind—all while staying compliant and secure. This segment will explore how IAM and PAM managed services are helping companies reduce risk, simplify operations, and stay ahead of evolving security challenges. Whether you're an IT leader, security professional, or business decision-maker, you'll learn why outsourcing identity and access management is quickly becoming a smart, strategic move for the modern enterprise https://www.idmexpress.com/blogs https://www.idmexpress.com/post/cyberark-privileged-access-management-pam-implementation https://www.idmexpress.com/iam-products This segment is sponsored by IDMEXPRESS. Visit https://securityweekly.com/idmidv to implement and manage IAM and PAM solutions tailored to your business needs. Duo's biggest announcement since push-MFA. Duo is defining the future of Identity by unveiling a solution that attackers will hate and users will love. This segment is sponsored by Cisco Duo. Visit https://securityweekly.com/duoidv to learn more about them! In this interview, we will explore the power of data-driven identity leadership and how organizations can leverage analytics to enhance their identity security strategies. Hear insights on aligning data with business goals, improving decision-making, and proactively managing risk. Learn how analytics can transform your identity program from reactive to strategic, driving measurable success. This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them or get a free demo! Show Notes: https://securityweekly.com/esw-412

In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We'll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and other critical industries, check out our whitepapers on the topic: https://security.imprivata.com/putting-complex-passwords-to-work-for-you-wp.html https://www.imprivata.com/resources/whitepapers/passwordless-journey-healthcare This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivataidv to learn more about them! As digital identities multiply and certificate lifespans shrink, enterprises face growing challenges in securing trust across users, devices, and systems. This session explores why unifying PKI and IAM is essential to closing identity-related trust gaps and how platforms like DigiCert ONE—integrating PKI, DNS, and automation—help eliminate outages, streamline security operations, and future-proof organizations. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertidv to learn more about them! Identity-related attacks are now the dominant threat vector in cybersecurity, yet most organizations remain hindered by fragmented tools, siloed data, and disconnected teams. “Multiplayer AI” offers a new model for identity security, emphasizing interoperability between human experts and AI agents to create a unified, real-time system of systems. By fostering collaboration through open standards and shared intelligence, enterprises can close security gaps, reduce attacker dwell time, and respond faster—transforming identity security from isolated defense into coordinated resilience. https://www.radiantlogic.com/blog/the-dentity-security-paradox-when-more-tools-create-bigger-blind-spots/ This segment is sponsored by Radiant Logic. Visit https://securityweekly.com/radiantlogicidv to learn more about them! In this era of technological advancements where businesses are going digital and more cloud based while preferring remote work environment, cyber threats are surprising growing at the rate never seen before. This makes Identity and Access Management (IAM) and Privileged Access Management (PAM) no more an optional thing but a core crucial requirement. These are not just IT tools anymore- they are important for the security of people, data, and operations. More and more organizations from different industries are now turning to IAM and PAM as managed services to handle the growing complexity of access control and cybersecurity. Why? Because managing identity internally is becoming harder, more expensive, and riskier. With a trusted managed service partner, businesses gain expert support, 24/7 monitoring, scalability, and peace of mind—all while staying compliant and secure. This segment will explore how IAM and PAM managed services are helping companies reduce risk, simplify operations, and stay ahead of evolving security challenges. Whether you're an IT leader, security professional, or business decision-maker, you'll learn why outsourcing identity and access management is quickly becoming a smart, strategic move for the modern enterprise https://www.idmexpress.com/blogs https://www.idmexpress.com/post/cyberark-privileged-access-management-pam-implementation https://www.idmexpress.com/iam-products This segment is sponsored by IDMEXPRESS. Visit https://securityweekly.com/idmidv to implement and manage IAM and PAM solutions tailored to your business needs. Duo's biggest announcement since push-MFA. Duo is defining the future of Identity by unveiling a solution that attackers will hate and users will love. This segment is sponsored by Cisco Duo. Visit https://securityweekly.com/duoidv to learn more about them! In this interview, we will explore the power of data-driven identity leadership and how organizations can leverage analytics to enhance their identity security strategies. Hear insights on aligning data with business goals, improving decision-making, and proactively managing risk. Learn how analytics can transform your identity program from reactive to strategic, driving measurable success. This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them or get a free demo! Show Notes: https://securityweekly.com/esw-412

In this episode of Tech Talks Daily, I sat down with Ashley Stevenson, VP of Product and Solution Marketing at DigiCert, to explore the shifting landscape of digital trust. We are living in a time where certificate-related outages still disrupt critical systems, identity management is becoming more complex, and the arrival of quantum computing is no longer a distant concern. Ashley brought clarity to these issues with a practical look at how DigiCert is helping organizations manage trust at scale. Our conversation began with the foundational role DNS and PKI play in digital infrastructure. While most users never think about them, every secure connection begins with DNS resolving a domain and PKI establishing trust. DigiCert has combined these layers in a single platform, DigiCert1, designed to automate and simplify how trust is managed across networks, users, and connected devices. We explored the increasing importance of certificate lifecycle management. With certificate lifespans moving from 398 days to just 47 by 2029, and domain validations required every 10 days, automation is no longer a convenience. It is a necessity. DigiCert1 addresses this through centralized inventory, policy enforcement, proactive notifications, and full automation from issuance to installation. Ashley also shared insights on the convergence of PKI and identity and access management. From IoT to human users, digital identities are multiplying and evolving. PKI is playing a larger role in enabling passwordless authentication and supporting verifiable credentials, especially as organizations move toward privacy-enhancing and standards-based models. Looking ahead, we discussed quantum readiness and crypto agility. DigiCert is already helping customers evaluate which systems are most vulnerable and preparing them to adopt quantum-safe algorithms when needed. Whether the concern is policy change, an unexpected breach, or emerging tech, the ability to adapt quickly is key. How do you build a strategy for trust that adapts to this pace of change? This episode offers an inside look at how DigiCert is answering that question.

In dieser Folge gibt es ein längeres Gespräch zu einer eigentlich recht marginalen Neuerung im WebPKI-Ökosystem. Auf Drängen von Chrome bauen CAs ein Feature aus TLS-Zertifikaten aus, das einige wenige Serverbetreiber nutzten. Ist es statthaft, die Marktmacht derart zu nutzen - und ist die Begründung sinnvoll? Das diskutieren Sylvester und Christopher ausgiebig. Außerdem hat Sylvester ein kleines, nützliches Werkzeug für Tor-Nutzer namens Oniux gefunden und erzählt anhand eines kleinen Fehlers im Ankündigungsartikel des Tor Project, welche Auswirkungen es haben kann, wenn eine .onion-URL irrtümlich bei einem DNS-Server landet. Außerdem befassen die Hosts sich mit den "Busts" gegen Cybercrime-Strukturen, die Malware-Loader und Infostealer vertrieben. Im großen Stil haben Ermittler und IT-Unternehmen diese kriminellen Banden hochgenommen. Und zu guter Letzt gibt es noch ein Eis mit einem falsch kodierten &-Zeichen... - Reddit-AmA mit Sylvester und Christopher: https://www.reddit.com/r/de_EDV/comments/1ksksrb/ama_mit_christopher_kunz_und_sylvester_tremmel_am/ - Digicert zu X9-CA: https://www.digicert.com/blog/how-the-clientauth-crackdown-is-pushing-finance-toward-x9-pki - Oniux: https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/ Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-397

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Show Notes: https://securityweekly.com/bsw-397

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-397

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Show Notes: https://securityweekly.com/bsw-397

In this episode, Jenna interviews Dean Coclin, senior director of Industry Strategy at DigiCert, about the recent vote by the CA/Browser Forum to shorten the lifespan of TLS certificates to 47 days by 2029. They discuss:The schedule for the changes and the gradual increments lifespans will shorten byThe rationale behind shortening certificate lifetimesHow to start preparing for changesDigiCert will be hosting a webinar on this topic on May 6 called "Unpacking Certificate Changes: Live Expert Q&A." Register here: https://digicert.registration.goldcast.io/events/2c6c723b-5725-4406-9289-6df8ddd20f93?referrer=https://www.digicert.com/&referrer=https://www.digicert.com/&referrer=https://www.digicert.com/&referrer_page=a28f9ca5-7abf-4ce2-9b6b-571e50e49239

In the latest episode of Politely Pushy, Eric Chemi sits down with a few guests to discuss the upcoming RSA Conference, a critical event for the world's cybersecurity community.Tune in as LastWatchdog.com's Byron Acohido, DigiCert's Christina Knittel, and ConnectSafely.org's Larry Magid swap their best-kept secrets and tried-and-true methods to win at RSA.As with most industry events, failing to plan is planning to fail. Take it from these experts as you get into gear and prepare to attend.

Joanna Lindquist, Partner Account Executive at DigiCert, shares her dynamic journey in cybersecurity sales, co-founding IntelliCon, and inspiring the next generation of women in tech. Discover insights into career growth, channel management, and building inclusive tech communities. Guest Connect:LinkedIn: https://www.linkedin.com/in/joannalindquist/ Stats on Stats ResourcesMerch: https://www.statsonstats.io/shop LinkTree: https://linktr.ee/statsonstatspodcast Stats on Stats Partners & AffiliatesIntelliCON 2025Website: https://www.intelliguards.com/intellic0n-speakers Register: https://www.eventbrite.com/e/intellic0n-2025-tickets-1002600072807 Use Discount Code for 20% off Tickets: STATSONSTATSPath AIWebsite: https://yourpath.ai Discount Code: Join our Discord community for access!Antisyphon TrainingWebsite: https://www.antisyphontraining.com MAD20 TrainingWebsite: https://mad20.io Discount Code: STATSONSTATS15Ellington Cyber Academy: https://kenneth-ellington.mykajabi.com Discount Code: STATSONSTATSKevtech AcademyWebsite: https://www.kevtechitsupport.com Dream Chaser's Coffee Website: https://dreamchaserscoffee.com Discount code: STATSONSTATSPodcasts We LikeDEM Tech FolksWebsite: https://linktr.ee/developeverymind YouTube: https://www.youtube.com/@demtechfolks IntrusionsInDepthWebsite: https://www.intrusionsindepth.com YouTube: https://www.youtube.com/@IntrusionsInDepth ----------------------------------------------------- Episode was shot and edited at BlueBox Studio Tampa https://blueboxdigital.com/bluebox-studio/

This episode was recorded live at Security Field Day (XFD) 12 in October, 2024. As delegates at the event, JJ and Drew heard presentations from DigiCert, Dell Technologies, SonicWall, and Citrix. These presentations covered topics including digital certificate management, post-quantum cryptography, supply chain security, recovering from ransomware, Zero Trust Network Access (ZTNA), and Secure Service... Read more »

This episode was recorded live at Security Field Day (XFD) 12 in October, 2024. As delegates at the event, JJ and Drew heard presentations from DigiCert, Dell Technologies, SonicWall, and Citrix. These presentations covered topics including digital certificate management, post-quantum cryptography, supply chain security, recovering from ransomware, Zero Trust Network Access (ZTNA), and Secure Service... Read more »

On this week's show, Patrick Gray and Adam Boileau discuss the week's security news, including: Crowdstrike talks loud in its postmortem, but says very little Digicert fears the CA-Browser Forum, gets lawsuit from a customer Dmitri Alperovitch joins the show to talk about the Russian prisoner swap Cloudflare continues to harbour scum and villainy Professional ransomware crew … is an improvement? And much, much more. This week's episode is sponsored by Thinkst Canary. Marko Slaviero joins to discuss the unfashionable choice they made in hosting their platform one-VM-per-customer. Show notes CrowdStrike investors file class action suit following global IT outage | Cybersecurity Dive CrowdStrike rebukes Delta's negligence claims in fiery letter | Cybersecurity Dive Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf Sparks fly when lawyers meet a certificate revocation crt.sh | Alegeus U.S. releases Russian hackers in Evan Gershkovich prisoner swap U.S. Trades Cybercriminals to Russia in Prisoner Swap – Krebs on Security Who are the two major hackers Russia just received in a prisoner swap? | Ars Technica Hackers remotely wipe 13,000 students' iPads and Chromebooks after breaching safety software Mobile Guardian Device Management Application to be removed | MOE Ford wants patent for tech allowing cars to surveil and report speeding drivers I'm Sorry, Dave, You're Speeding | WIRED Cloudflare once again comes under pressure for enabling abusive sites | Ars Technica Low-Drama ‘Dark Angels' Reap Record Ransoms – Krebs on Security Bumble and Hinge allowed stalkers to pinpoint users' locations down to 2 meters, researchers say | TechCrunch Unfashionably secure: why we use isolated VMs – Thinkst Thoughts Defending AI Model Files from Unauthorized Access with Canaries | NVIDIA Technical Blog

Take a Network Break! This week we discuss a proposed class action lawsuit against CrowdStrike, while Delta investigates options to seek damages from CrowdStrike and Microsoft. Microsoft Azure goes down after a DDoS defense error, campus switch sales are forecast to drop significantly in 2024, and DigiCert warns customers that an error it made will... Read more »

Take a Network Break! This week we discuss a proposed class action lawsuit against CrowdStrike, while Delta investigates options to seek damages from CrowdStrike and Microsoft. Microsoft Azure goes down after a DDoS defense error, campus switch sales are forecast to drop significantly in 2024, and DigiCert warns customers that an error it made will... Read more »

Take a Network Break! This week we discuss a proposed class action lawsuit against CrowdStrike, while Delta investigates options to seek damages from CrowdStrike and Microsoft. Microsoft Azure goes down after a DDoS defense error, campus switch sales are forecast to drop significantly in 2024, and DigiCert warns customers that an error it made will... Read more »

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

The alleged operator of Incognito Market is collared at JFK. The UK plans new ransomware reporting regulations. Time to update your JavaScript PDF library. CISA adds a healthcare interface engine to its Known Exploited Vulnerabilities (KEV) catalog. HHS launches a fifty million dollar program to help secure hospitals. A Fluent Bit vulnerability impacts major cloud platforms. The EPA issues a cybersecurity alert for drinking water systems. BiBi Wiper grows more aggressive. Siren is a new threat intelligence platform for open source software. On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert, joins N2K's Rick Howard to discuss “Innovation: balancing the good with the bad.” And is it just me, or does that AI assistant sound awfully familiar? Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert, joins N2K's Rick Howard to discuss “Innovation: balancing the good with the bad.” Rick caught up with Amit at the recent RSA Conference in San Francisco.  Selected Reading “Incognito Market” Owner Arrested for Operating One of the Largest Illegal Narcotics Marketplaces on the Internet (United States Department of Justice) Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record) CVE-2024-4367 in PDF.js Allows JavaScript Execution, Potentially Affecting Millions of Websites: Update Now (SOCRadar) CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw (SecurityWeek) Fluent Bit flaw discovered that impacts every major cloud provider (Tech Monitor) EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems (SecurityWeek) New BiBi Wiper version also destroys the disk partition table (Bleeping Computer) Enhancing Open Source Security: Introducing Siren by OpenSSF (OpenSSF) HHS offering $50 million for proposals to improve hospital cybersecurity (The Record) Scarlett Johansson Said No, but OpenAI's Virtual Assistant Sounds Just Like Her (The New York Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.