Podcasts about DigiCert

In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We'll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and other critical industries, check out our whitepapers on the topic: https://security.imprivata.com/putting-complex-passwords-to-work-for-you-wp.html https://www.imprivata.com/resources/whitepapers/passwordless-journey-healthcare This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivataidv to learn more about them! As digital identities multiply and certificate lifespans shrink, enterprises face growing challenges in securing trust across users, devices, and systems. This session explores why unifying PKI and IAM is essential to closing identity-related trust gaps and how platforms like DigiCert ONE—integrating PKI, DNS, and automation—help eliminate outages, streamline security operations, and future-proof organizations. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertidv to learn more about them! Identity-related attacks are now the dominant threat vector in cybersecurity, yet most organizations remain hindered by fragmented tools, siloed data, and disconnected teams. “Multiplayer AI” offers a new model for identity security, emphasizing interoperability between human experts and AI agents to create a unified, real-time system of systems. By fostering collaboration through open standards and shared intelligence, enterprises can close security gaps, reduce attacker dwell time, and respond faster—transforming identity security from isolated defense into coordinated resilience. https://www.radiantlogic.com/blog/the-dentity-security-paradox-when-more-tools-create-bigger-blind-spots/ This segment is sponsored by Radiant Logic. Visit https://securityweekly.com/radiantlogicidv to learn more about them! In this era of technological advancements where businesses are going digital and more cloud based while preferring remote work environment, cyber threats are surprising growing at the rate never seen before. This makes Identity and Access Management (IAM) and Privileged Access Management (PAM) no more an optional thing but a core crucial requirement. These are not just IT tools anymore- they are important for the security of people, data, and operations. More and more organizations from different industries are now turning to IAM and PAM as managed services to handle the growing complexity of access control and cybersecurity. Why? Because managing identity internally is becoming harder, more expensive, and riskier. With a trusted managed service partner, businesses gain expert support, 24/7 monitoring, scalability, and peace of mind—all while staying compliant and secure. This segment will explore how IAM and PAM managed services are helping companies reduce risk, simplify operations, and stay ahead of evolving security challenges. Whether you're an IT leader, security professional, or business decision-maker, you'll learn why outsourcing identity and access management is quickly becoming a smart, strategic move for the modern enterprise https://www.idmexpress.com/blogs https://www.idmexpress.com/post/cyberark-privileged-access-management-pam-implementation https://www.idmexpress.com/iam-products This segment is sponsored by IDMEXPRESS. Visit https://securityweekly.com/idmidv to implement and manage IAM and PAM solutions tailored to your business needs. Duo's biggest announcement since push-MFA. Duo is defining the future of Identity by unveiling a solution that attackers will hate and users will love. This segment is sponsored by Cisco Duo. Visit https://securityweekly.com/duoidv to learn more about them! In this interview, we will explore the power of data-driven identity leadership and how organizations can leverage analytics to enhance their identity security strategies. Hear insights on aligning data with business goals, improving decision-making, and proactively managing risk. Learn how analytics can transform your identity program from reactive to strategic, driving measurable success. This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them or get a free demo! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-412

In this episode of Tech Talks Daily, I sat down with Ashley Stevenson, VP of Product and Solution Marketing at DigiCert, to explore the shifting landscape of digital trust. We are living in a time where certificate-related outages still disrupt critical systems, identity management is becoming more complex, and the arrival of quantum computing is no longer a distant concern. Ashley brought clarity to these issues with a practical look at how DigiCert is helping organizations manage trust at scale. Our conversation began with the foundational role DNS and PKI play in digital infrastructure. While most users never think about them, every secure connection begins with DNS resolving a domain and PKI establishing trust. DigiCert has combined these layers in a single platform, DigiCert1, designed to automate and simplify how trust is managed across networks, users, and connected devices. We explored the increasing importance of certificate lifecycle management. With certificate lifespans moving from 398 days to just 47 by 2029, and domain validations required every 10 days, automation is no longer a convenience. It is a necessity. DigiCert1 addresses this through centralized inventory, policy enforcement, proactive notifications, and full automation from issuance to installation. Ashley also shared insights on the convergence of PKI and identity and access management. From IoT to human users, digital identities are multiplying and evolving. PKI is playing a larger role in enabling passwordless authentication and supporting verifiable credentials, especially as organizations move toward privacy-enhancing and standards-based models. Looking ahead, we discussed quantum readiness and crypto agility. DigiCert is already helping customers evaluate which systems are most vulnerable and preparing them to adopt quantum-safe algorithms when needed. Whether the concern is policy change, an unexpected breach, or emerging tech, the ability to adapt quickly is key. How do you build a strategy for trust that adapts to this pace of change? This episode offers an inside look at how DigiCert is answering that question.

In dieser Folge gibt es ein längeres Gespräch zu einer eigentlich recht marginalen Neuerung im WebPKI-Ökosystem. Auf Drängen von Chrome bauen CAs ein Feature aus TLS-Zertifikaten aus, das einige wenige Serverbetreiber nutzten. Ist es statthaft, die Marktmacht derart zu nutzen - und ist die Begründung sinnvoll? Das diskutieren Sylvester und Christopher ausgiebig. Außerdem hat Sylvester ein kleines, nützliches Werkzeug für Tor-Nutzer namens Oniux gefunden und erzählt anhand eines kleinen Fehlers im Ankündigungsartikel des Tor Project, welche Auswirkungen es haben kann, wenn eine .onion-URL irrtümlich bei einem DNS-Server landet. Außerdem befassen die Hosts sich mit den "Busts" gegen Cybercrime-Strukturen, die Malware-Loader und Infostealer vertrieben. Im großen Stil haben Ermittler und IT-Unternehmen diese kriminellen Banden hochgenommen. Und zu guter Letzt gibt es noch ein Eis mit einem falsch kodierten &-Zeichen... - Reddit-AmA mit Sylvester und Christopher: https://www.reddit.com/r/de_EDV/comments/1ksksrb/ama_mit_christopher_kunz_und_sylvester_tremmel_am/ - Digicert zu X9-CA: https://www.digicert.com/blog/how-the-clientauth-crackdown-is-pushing-finance-toward-x9-pki - Oniux: https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/ Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-397

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-397

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Show Notes: https://securityweekly.com/bsw-397

In this episode, Jenna interviews Dean Coclin, senior director of Industry Strategy at DigiCert, about the recent vote by the CA/Browser Forum to shorten the lifespan of TLS certificates to 47 days by 2029. They discuss:The schedule for the changes and the gradual increments lifespans will shorten byThe rationale behind shortening certificate lifetimesHow to start preparing for changesDigiCert will be hosting a webinar on this topic on May 6 called "Unpacking Certificate Changes: Live Expert Q&A." Register here: https://digicert.registration.goldcast.io/events/2c6c723b-5725-4406-9289-6df8ddd20f93?referrer=https://www.digicert.com/&referrer=https://www.digicert.com/&referrer=https://www.digicert.com/&referrer_page=a28f9ca5-7abf-4ce2-9b6b-571e50e49239

In the latest episode of Politely Pushy, Eric Chemi sits down with a few guests to discuss the upcoming RSA Conference, a critical event for the world's cybersecurity community.Tune in as LastWatchdog.com's Byron Acohido, DigiCert's Christina Knittel, and ConnectSafely.org's Larry Magid swap their best-kept secrets and tried-and-true methods to win at RSA.As with most industry events, failing to plan is planning to fail. Take it from these experts as you get into gear and prepare to attend.

New Year, New Role: 3 Key Strategies for Cyber LeadersListen to the latest Agent of Influence episode with Bindi Davé, Deputy CISO at DigiCert, as she discusses the Golden Triangle approach when entering a new company, focusing on asset discovery, defining acceptable risk, and fostering a comprehensive cybersecurity culture. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

Joanna Lindquist, Partner Account Executive at DigiCert, shares her dynamic journey in cybersecurity sales, co-founding IntelliCon, and inspiring the next generation of women in tech. Discover insights into career growth, channel management, and building inclusive tech communities. Guest Connect:LinkedIn: https://www.linkedin.com/in/joannalindquist/ Stats on Stats ResourcesMerch: https://www.statsonstats.io/shop LinkTree: https://linktr.ee/statsonstatspodcast Stats on Stats Partners & AffiliatesIntelliCON 2025Website: https://www.intelliguards.com/intellic0n-speakers Register: https://www.eventbrite.com/e/intellic0n-2025-tickets-1002600072807 Use Discount Code for 20% off Tickets: STATSONSTATSPath AIWebsite: https://yourpath.ai Discount Code: Join our Discord community for access!Antisyphon TrainingWebsite: https://www.antisyphontraining.com MAD20 TrainingWebsite: https://mad20.io Discount Code: STATSONSTATS15Ellington Cyber Academy: https://kenneth-ellington.mykajabi.com Discount Code: STATSONSTATSKevtech AcademyWebsite: https://www.kevtechitsupport.com Dream Chaser's Coffee Website: https://dreamchaserscoffee.com Discount code: STATSONSTATSPodcasts We LikeDEM Tech FolksWebsite: https://linktr.ee/developeverymind YouTube: https://www.youtube.com/@demtechfolks IntrusionsInDepthWebsite: https://www.intrusionsindepth.com YouTube: https://www.youtube.com/@IntrusionsInDepth ----------------------------------------------------- Episode was shot and edited at BlueBox Studio Tampa https://blueboxdigital.com/bluebox-studio/

This episode was recorded live at Security Field Day (XFD) 12 in October, 2024. As delegates at the event, JJ and Drew heard presentations from DigiCert, Dell Technologies, SonicWall, and Citrix. These presentations covered topics including digital certificate management, post-quantum cryptography, supply chain security, recovering from ransomware, Zero Trust Network Access (ZTNA), and Secure Service... Read more »

This episode was recorded live at Security Field Day (XFD) 12 in October, 2024. As delegates at the event, JJ and Drew heard presentations from DigiCert, Dell Technologies, SonicWall, and Citrix. These presentations covered topics including digital certificate management, post-quantum cryptography, supply chain security, recovering from ransomware, Zero Trust Network Access (ZTNA), and Secure Service... Read more »

About twice a year, the post-quantum computing (PQC) niche of the cybersecurity industry pushes out truckloads of press releases and articles about the coming quantum computing apocalypse. In all of this content there is little explanation regarding what this means for most people. It seems like everyone should be concerned, based on the level of urgency the companies present, but in the end, no one has yet built a quantum computer capable of breaking even the most standard 256-bit encryption. To that statement the industry responds with, “Yet.” This year, however, the National Institute of Standards and Technology (NIST) issued the first, approved algorithm standards to produce encryptions capable of fighting off quantum computing attacks. So we thought it would be a good idea to put together a batch of experts to explain why the rest of us should care. The invitation was put out to a dozen experts in the PQC industry, but also to the companies tasked with implementing their products into the internet. Unfortunately, none of the PQC companies ended up accepting the invitation when they learned they would on the same platform discussing their approaches. But we did get acceptances from representatives from the other group. Our final panel was comprised of Karl Holqvist, CEO of of LastWall; Tim Hollebeek, industry strategist for Digicert: and Murali Palanisamy, CEO of AppviewX. --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Our big story this week is from AMD. They're opening up their wallet to the tune of nearly $5 billion to buy ZT Systems. The two companies have had a preexisting partnership, with ZT having collaborated on the EPYC processor lines. ZT's biggest customers are AWS and Azure, as ZT specializes in hyperscale AI systems that are bought by the rack. This move follows a very recent acquisition of Silo AI, which we covered on the Rundown, as well as their last big acquisition of Xilinx. There's a lot to unpack here and the Futurum Group has had some amazing coverage of this deal so far. Stephen, let's start with you. What does ZT Systems have that makes them so attractive to AMD. Time Stamps: 0:00 - Welcome to the Rundown 1:48 - Morpheus Data Acquired by HPE 5:31 - Launchable Acquired by CloudBees 8:26 - Kioxia Reveals Broadband SSD 12:43 - DigiCert to Acquire Vercara to Expand Security Portfolio 16:25 - Western Digital Races Past NetApp with All-Flash OpenFlex 20:11 - Massive Data Leak From Plaintext Passwords 24:34 - ZT Systems to be Acquired by AMD 40:15 - The Weeks Ahead 42:19 - Thanks for Watching Hosts: Tom Hollingsworth: https://www.twitter.com/NetworkingNerd Stephen Foskett: https://www.twitter.com/SFoskett Follow Gestalt IT Website: https://www.GestaltIT.com/ Twitter: https://www.twitter.com/GestaltIT LinkedIn: https://www.linkedin.com/company/Gestalt-IT Tags: #Rundown, #CyberSecurity, #EPYC, @AMD, @ZTSystems, @WesternDigital, @NetApp, @DigiCert, @Vercara, @Kioxia, @Launchable, @CloudBees, @MorpheusData, @HPE, @GestaltIT, @TechFieldDay, @TheFuturmGroup, @Sfoskett, @NetworkingNerd,

In der elften Folge von "Passwort" reden Sylvester und Christopher über einige Security-News der vergangenen Tage. Den Anfang macht eine Remote-Code-Execution-Lücke in Windows, die durch manipulierte IPv6-Pakete ausgelöst wird und bis jetzt noch für verdächtig wenig Aufregung sorgt. Ein bekannter Tech-Youtuber ging durch Phishing seines X-Kontos verlustig und Google ließ sich Fake-Werbung für seine eigenen Sicherheitsprodukte unterschieben - das erstaunt die Hosts, die mit mehr Gegenwehr seitens der Opfer gerechnet hätten. Außerdem geht es um einen Cyberkriminellen, der sich einen Datenschatz bei einer Darknet-Überwachungsfirma zusammenkratze und eine in letzter Sekunde verhinderte massive Supply-Chain-Attacke gegen Python. Für Liebhaber CA-bezogener Neuigkeiten gibt's am Ende noch ein Schmankerl, bei dem auch Juristen mitmischten. - PwnedPasswords Downloader: https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader - Für hartgesottene, die trotz Sylvesters Warnung einen E-Mail-Server selbst hosten möchten: https://github.com/postalserver/postal

Josh and Kurt talk about a few stories around the TLS CA certificate world. It's all pretty dire sounding. There's not a lot of organization or process in the space, and the root CAs are literally the foundation of modern society, everything needs them to function. There's not a lot of positive ideas here, it's mostly a show where Kurt explains to Josh what's going on, because Josh doesn't want to care (and will continue to ignore all of this going forward). Show Notes Firefox's Mozilla follows Google in losing trust in Entrust's TLS certificates DigiCert Revocation Incident (CNAME-Based Domain Validation) List of Trust Lists

On this week's show, Patrick Gray and Adam Boileau discuss the week's security news, including: Crowdstrike talks loud in its postmortem, but says very little Digicert fears the CA-Browser Forum, gets lawsuit from a customer Dmitri Alperovitch joins the show to talk about the Russian prisoner swap Cloudflare continues to harbour scum and villainy Professional ransomware crew … is an improvement? And much, much more. This week's episode is sponsored by Thinkst Canary. Marko Slaviero joins to discuss the unfashionable choice they made in hosting their platform one-VM-per-customer. Show notes CrowdStrike investors file class action suit following global IT outage | Cybersecurity Dive CrowdStrike rebukes Delta's negligence claims in fiery letter | Cybersecurity Dive Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf Sparks fly when lawyers meet a certificate revocation crt.sh | Alegeus U.S. releases Russian hackers in Evan Gershkovich prisoner swap U.S. Trades Cybercriminals to Russia in Prisoner Swap – Krebs on Security Who are the two major hackers Russia just received in a prisoner swap? | Ars Technica Hackers remotely wipe 13,000 students' iPads and Chromebooks after breaching safety software Mobile Guardian Device Management Application to be removed | MOE Ford wants patent for tech allowing cars to surveil and report speeding drivers I'm Sorry, Dave, You're Speeding | WIRED Cloudflare once again comes under pressure for enabling abusive sites | Ars Technica Low-Drama ‘Dark Angels' Reap Record Ransoms – Krebs on Security Bumble and Hinge allowed stalkers to pinpoint users' locations down to 2 meters, researchers say | TechCrunch Unfashionably secure: why we use isolated VMs – Thinkst Thoughts Defending AI Model Files from Unauthorized Access with Canaries | NVIDIA Technical Blog

In this episode, the hosts discuss the article titled 'Digicert to Delay Cert Revocation for Critical Infrastructure'. They talk about the challenges faced by companies in reissuing certificates within a short timeframe and the need for more time to ensure a seamless transition. They emphasize the importance of having a robust business continuity and disaster recovery plan, as well as the need for cross-team collaboration between security and administrative teams. The hosts also highlight the significance of staying informed and plugged in to the latest cybersecurity news and trends. Please LISTEN

Take a Network Break! This week we discuss a proposed class action lawsuit against CrowdStrike, while Delta investigates options to seek damages from CrowdStrike and Microsoft. Microsoft Azure goes down after a DDoS defense error, campus switch sales are forecast to drop significantly in 2024, and DigiCert warns customers that an error it made will... Read more »

Take a Network Break! This week we discuss a proposed class action lawsuit against CrowdStrike, while Delta investigates options to seek damages from CrowdStrike and Microsoft. Microsoft Azure goes down after a DDoS defense error, campus switch sales are forecast to drop significantly in 2024, and DigiCert warns customers that an error it made will... Read more »

Take a Network Break! This week we discuss a proposed class action lawsuit against CrowdStrike, while Delta investigates options to seek damages from CrowdStrike and Microsoft. Microsoft Azure goes down after a DDoS defense error, campus switch sales are forecast to drop significantly in 2024, and DigiCert warns customers that an error it made will... Read more »

רותם בר ומיי ברוקס חוזרים בפרק חדש ומלא אקשן!

Microsoft has released an accountability notice after the big Crowdstrike outage. According to the release, Microsoft is going to change and innovate in the area of end-to-end resilience. This includes things like VBS enclaves, which require no kernel mode drivers, as well as Azure Attestation, which determines secure boot posture. The messaging indicates that Microsoft sees kernel access is their biggest issue and they are going to try and develop new tools that eliminate the need for it. Time Stamps: 0:00 - Welcome to the Rundown 1:24 - SK hynix Considers US IPO for Solidigm 6:37 - Marvell Teralynx Leaps into Production 10:54 - Marvell Structures DDR4 With CXL 2.0 15:08 - Secure Boot Totally Insecure 20:46 - VMware Takes Group Authentication Exploit to New Highs 26:02 - DigiCert Underscores Certificate Revocation Woes 30:40 - Microsoft's Resiliency Notice And Path Forward 44:43 - The Weeks Ahead 46:29 - Thanks for Watching! Hosts: Tom Hollingsworth: https://www.twitter.com/NetworkingNerd Stephen Foskett: https://www.twitter.com/SFoskett Follow Gestalt IT Website: https://www.GestaltIT.com/ Twitter: https://www.twitter.com/GestaltIT LinkedIn: https://www.linkedin.com/company/Gestalt-IT Tags: #Rundown, #MicrosoftCrash, #CrowdstrikeUpdate, @Microsoft, @Solidigm, @SKHynix, @RonWestfallDX, @TheFuturumGroup, @MarvellTech, @VMware, @DigiCert, @TechFieldDay, @GestaltIT, @SFoskett, @NetworkingNerd,

Forecast = Persistent cyber heat dome in effect with no sign of abatement. In this episode of Storm⚡️Watch, we dive into the latest cybersecurity news and trends. We kick things off with a breaking story about DigiCert's certificate revocation incident. Due to a validation issue affecting about 0.4% of their domain validations, DigiCert is revoking certificates with less than 24 hours' notice. This could impact thousands of SSL certs and potentially cause outages worldwide starting July 30 at 19:30 UTC. Organizations using affected certificates should be prepared for a busy night of renewals. Our Cyberside Chat focuses on a critical vulnerability in VMware ESXi hypervisors that ransomware operators are actively exploiting. Identified as CVE-2024-37085, this flaw allows attackers to gain full administrative access to ESXi servers without proper validation. Several ransomware groups, including Storm-0506 and Storm-1175, have been using this vulnerability to deploy ransomware like Akira and Black Basta. Microsoft reports that incidents targeting ESXi hypervisors have doubled over the past three years, highlighting the growing threat to these systems. In our Cyber Spotlight, we examine a global cyber espionage campaign conducted by North Korean hackers. This operation aims to steal classified military intelligence to advance Pyongyang's nuclear weapons program. The hackers, known as Anadriel or APT45, have targeted defense and engineering companies involved in producing tanks, submarines, naval ships, fighter jets, and missile technologies. The campaign affects not only the US, UK, and South Korea but also entities in Japan and India. This underscores the persistent threat posed by state-sponsored actors from North Korea in their pursuit of military and nuclear ambitions. We wrap up with our Tag Roundup, highlighting recent trends in cyber threats, and our KEV Roundup, discussing the latest known exploited vulnerabilities cataloged by CISA. These segments provide valuable insights into the current threat landscape and help our listeners stay informed about potential risks to their organizations. Don't forget to check out the Storm Watch homepage and learn more about GreyNoise for additional cybersecurity resources and updates. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this episode of the SecurIT podcast, Philip de Souza is joined by Timothy Hollebeek, a veteran in the field of computer security with over 20 years of experience. Timothy shares his journey, including his contributions to DARPA-funded security research and his pivotal role in industry standards bodies like the CA/Browser Forum. As a leading figure at DigiCert, Timothy discusses the evolution and current trends in cybersecurity, focusing on the vital importance of Public Key Infrastructure (PKI) and the emerging threats posed by quantum computing. Timothy explains the pressing need for upgrading cryptographic systems to safeguard against future quantum threats and delves into the timeline for quantum computing's potential disruption of existing encryption methods. He emphasizes the importance of collaborative efforts in establishing robust cybersecurity standards and highlights the role of AI in error correction for quantum computers. Beyond the technical aspects, Timothy touches on the significance of personal growth, resilience, and maintaining traditional values in the fast-paced world of technology. This episode offers a comprehensive look at the challenges and opportunities in the cybersecurity landscape from a seasoned expert's perspective.

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

Entrust Responds Other major Certificate Authorities respond Passkey Redaction Attacks Syncing passkeys Port Knocking Fail2Ban The Polyfill.io Attack Show Notes - https://www.grc.com/sn/SN-982-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com vanta.com/SECURITYNOW bitwarden.com/twit panoptica.app

The alleged operator of Incognito Market is collared at JFK. The UK plans new ransomware reporting regulations. Time to update your JavaScript PDF library. CISA adds a healthcare interface engine to its Known Exploited Vulnerabilities (KEV) catalog. HHS launches a fifty million dollar program to help secure hospitals. A Fluent Bit vulnerability impacts major cloud platforms. The EPA issues a cybersecurity alert for drinking water systems. BiBi Wiper grows more aggressive. Siren is a new threat intelligence platform for open source software. On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert, joins N2K's Rick Howard to discuss “Innovation: balancing the good with the bad.” And is it just me, or does that AI assistant sound awfully familiar? Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert, joins N2K's Rick Howard to discuss “Innovation: balancing the good with the bad.” Rick caught up with Amit at the recent RSA Conference in San Francisco.  Selected Reading “Incognito Market” Owner Arrested for Operating One of the Largest Illegal Narcotics Marketplaces on the Internet (United States Department of Justice) Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record) CVE-2024-4367 in PDF.js Allows JavaScript Execution, Potentially Affecting Millions of Websites: Update Now (SOCRadar) CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw (SecurityWeek) Fluent Bit flaw discovered that impacts every major cloud provider (Tech Monitor) EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems (SecurityWeek) New BiBi Wiper version also destroys the disk partition table (Bleeping Computer) Enhancing Open Source Security: Introducing Siren by OpenSSF (OpenSSF) HHS offering $50 million for proposals to improve hospital cybersecurity (The Record) Scarlett Johansson Said No, but OpenAI's Virtual Assistant Sounds Just Like Her (The New York Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

The danger of post-breach disruption and downtime is extremely real. And while we should work to prevent these breaches in the first place, we must also be practical and pre-empt any potential incidents. Organisations armed with the most extensive software-based cybersecurity protection today continue to fall prey to hackers, have their operations disrupted and struggle to overcome the loss of data and system corruption. And with more business assets moving to the cloud than ever before - we are just asking for it aren't we? The answer to this lies in advanced engineering at the hardware layer. Easily integrated into enterprise servers and data centers to provide full-stack protection across the entire life cycle of a potential attack. Segment Resources: https://x-phy.com/flexxon-fortifies-data-center-security-with-x-phy-server-defender/ This segment is sponsored by Flexxon. Visit https://www.securityweekly.com/flexxonrsac to learn more about them! Over the past two years, we've seen the degree of digital trust in our day-to-day lives being pushed to its limits due to the unintended consequences of innovation. From GenAI to IoT security to quantum computing, we will see a “crescendo of trust” that will push trust to its absolute limits. Here, we will focus on IoT/device trust. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Security needs to be everywhere a potential threat exists – from an IOT device to an OT device, a factory floor, an element of infrastructure, an oil rig, a robotic device or an MRT machine – Cisco recognized that with increased connection comes a greater risk than ever before and that you must bring the security to these workloads...not the other way around. In order to keep up with today's sophisticated and expansive threat landscape, security can no longer be a fence; it needs to be embedded through the fabric of data centers, whether public or private. Cisco Hypershield does just that and gives defenders a fighting chance against adversaries, as now the industry has the advantage. Segment Resources: Hypershield Keynote: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/unveiling-a-new-era-of-ai-native-security-with-cisco-hypershield.html Cybersecurity Readiness Index: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m03/cybersecurity-readiness-index-2024.html DUO trusted access report: https://duo.com/assets/ebooks/2024-Duo-Trusted-Access-Report.pdf Jeetu's blog: https://blogs.cisco.com/news/cisco-hypershield-security-reimagined-hyper-distributed-security-for-the-ai-scale-data-center Official announcement: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/unveiling-a-new-era-of-ai-native-security-with-cisco-hypershield.html This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them! Show Notes: https://securityweekly.com/esw-362

The danger of post-breach disruption and downtime is extremely real. And while we should work to prevent these breaches in the first place, we must also be practical and pre-empt any potential incidents. Organisations armed with the most extensive software-based cybersecurity protection today continue to fall prey to hackers, have their operations disrupted and struggle to overcome the loss of data and system corruption. And with more business assets moving to the cloud than ever before - we are just asking for it aren't we? The answer to this lies in advanced engineering at the hardware layer. Easily integrated into enterprise servers and data centers to provide full-stack protection across the entire life cycle of a potential attack. Segment Resources: https://x-phy.com/flexxon-fortifies-data-center-security-with-x-phy-server-defender/ This segment is sponsored by Flexxon. Visit https://www.securityweekly.com/flexxonrsac to learn more about them! Over the past two years, we've seen the degree of digital trust in our day-to-day lives being pushed to its limits due to the unintended consequences of innovation. From GenAI to IoT security to quantum computing, we will see a “crescendo of trust” that will push trust to its absolute limits. Here, we will focus on IoT/device trust. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Security needs to be everywhere a potential threat exists – from an IOT device to an OT device, a factory floor, an element of infrastructure, an oil rig, a robotic device or an MRT machine – Cisco recognized that with increased connection comes a greater risk than ever before and that you must bring the security to these workloads...not the other way around. In order to keep up with today's sophisticated and expansive threat landscape, security can no longer be a fence; it needs to be embedded through the fabric of data centers, whether public or private. Cisco Hypershield does just that and gives defenders a fighting chance against adversaries, as now the industry has the advantage. Segment Resources: Hypershield Keynote: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/unveiling-a-new-era-of-ai-native-security-with-cisco-hypershield.html Cybersecurity Readiness Index: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m03/cybersecurity-readiness-index-2024.html DUO trusted access report: https://duo.com/assets/ebooks/2024-Duo-Trusted-Access-Report.pdf Jeetu's blog: https://blogs.cisco.com/news/cisco-hypershield-security-reimagined-hyper-distributed-security-for-the-ai-scale-data-center Official announcement: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/unveiling-a-new-era-of-ai-native-security-with-cisco-hypershield.html This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them! Show Notes: https://securityweekly.com/esw-362

Michael chats with Mike Nelson, Vice President of Digital Trust at DigiCert. In this episode, Michael and Mike discuss the latest cybersecurity regulations surrounding medical devices, how public key infrastructure (PKI) connects compliance and security to help medical device manufacturers meet those regulations, the meaning of “crypto-agility” and how it helps organizations adapt to and defend against cybersecurity threats, and much more. This episode is sponsored by DigiCert, digicert.com.   Visit with DigiCert at booth #1636 in the Cyber Command Center at HIMSS, March 11–15, in Orlando.   The views in this podcast do not necessarily reflect those of our sponsors.

In other ABM Done Right Podcasts, including the one with the CMO of Hushly, we talked about the state of ABM in cybersecurity and other industries that are in a crowded, undifferentiated space where transactional sales are prevalent. In this podcast with Michelle Radlowski (Senior Director, AMS & EMEA Regional Marketing and ABM at DigiCert), we explore:1. Why most ABM programs in cybersecurity are not leading to higher deals and greater ARR, GRR and NRR growth. There are 4 main reasons!2. Why many cybersecurity firms report 10% YoY drops in enterprise deals closed.3.  The role field marketing is playing in ABM, especially if you want to move accounts to revenue.4. How teams should be integrating and taking an account-based GTM approach.5. How DigiCert is taking a crawl, walk, run approach -- and the testing that the team completed before moving forward with ABM.6. The account-based enablement that's needed across the board for marketing, sales, field marketing and customer success teams. 

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and sponsored co-host Jason Sabin, CTO, DigiCert. Joining us is our guest, Alexandra Landegger, executive director of security, Collins Aerospace. In this episode: Are CISOs prepared for the legal surprises that can come in the aftermath of a cyberattack? What about the legal fallout that can occur afterward? How does a security team work with legal beforehand to address these issues when drawing up incident response? Thanks to our podcast sponsors, DigiCert DigiCert is a leading global provider of digital trust, the infrastructure that enables individuals and businesses to have confidence that their digital interactions are secure. DigiCert's award-winning solutions enable organizations to establish, manage, and extend public and private trust across their digital footprint, securing users, servers, devices, software and content.

The Gelsemium APT is active against a Southeast Asian government. A multi-year campaign against Tibetan, Uighur, and Taiwanese targets. Stealth Falcon's new backdoor. Predator spyware is deployed against Apple zero-days. An update on Pegasus spyware found in Meduza devices. There's a shift in Russian cyberespionage targeting. A rumor of cyberwar in occupied Crimea. In our Industry Voices segment, Amit Sinha, CEO of Digicert, describes digital trust for the software supply chain. Our guest is Arctic Wolf's Ian McShane with insights on the MGM and Caesars ransomware incident. And if you're looking for a Super Bowl pick, go with an egg-laying animal…and, oh, the NFL and CISA are noodling cyber defense for the big game. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/183 Selected reading. Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (Unit 42) Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (IBM X-Force Exchange) Evasive Gelsemium hackers spotted in attack against Asian govt (BleepingComputer) Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government (Unit 42) EvilBamboo Targets Mobile Devices in Multi-year Campaign (Volexity)  From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese (The Hacker News) Stealth Falcon preying over Middle Eastern skies with Deadglyph (We Live Security) t Deadglyph: Covertly preying over Middle Eastern skies (LABScon)  New stealthy and modular Deadglyph malware used in govt attacks (BleepingComputer)  Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (The Hacker News)  0-days exploited by commercial surveillance vendor in Egypt (Google). PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions (The Citizen Lab)  New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware (The Hacker News)  Egyptian presidential hopeful targeted by Predator spyware (Washington Post) Russian news outlet in Latvia believes European state behind phone hack (the Guardian)  Exclusive: Russian hackers seek war crimes evidence, Ukraine cyber chief says (Reuters). Russian hackers trying to steal evidence of Moscow's war crimes in Ukraine - cyber chief (Ukrinform). Large-scale cyberattack reported in occupied Crimea (The Kyiv Independent)  NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII (Dark Reading)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Dive into the intriguing world of Zero Trust and Digital Trust with Rebekah Johnson and Dean Coclin, Sr. Director of Business Development and Trust Specialist at DigiCert! Experience the thrilling surge in the adoption of the Zero Trust approach and dive into a discussion that underscores the vital need for a global agreement on trust standards. From the validation of identities in online transactions and emails to a riveting exploration of the Federal Government's push for a Zero-Trust Architecture, we're shedding light on a more secure future!

Today's guest is…Paul Barnhurst. Usually sitting in the presenter's chair, this special edition sees Paul Barnhurst, aka The FP&A Guy (and host of FP&A Today), reveal the highs and lows from his storied career in FP&A at American Express, Solera, and DigiCert. Guest host  is Annette deYoung, FP&A Solutions Consultant at Datarails, herself an FP&A veteran at companies including manufacturer, JL Clarke.   Highlights? Discover a rookie error that saw Paul deliver bonuses to the worst performers (yes, you read that right), rather than the best. How he met Jimmy Carter. The inside story of FP&A forecasting for American Express's (then) money-spinning Travelers Cheques business, and how his biggest FP&A tech accomplishment is still in place at a previous company.   Get to know your host as Paul reveals: The winding road to FP&A from his beginnings in government procurement contracts His big break at American Express despite “not really knowing what  FP&A was” With a love of numbers, why he was drawn to FP&A as his passion  Accounting vs FP&A and the best techniques he has used to manage the relationships His key learnings to becoming a truly excellent FP&A business partner The fears and journey in leaving big corporations to become a top FP&A consultant  Why finance tend to be such laggards when it comes to tech adoption What's it actually like using Google Sheets? YouTube video of this episode  Follow Paul Barnhurst on LinkedIn  Follow Datarails on LinkedIn FP&A Today is brought to you by Datarails.   Datarails is the financial planning and analysis platform that automates data consolidation, reporting and planning, while enabling finance teams to continue using their own Excel spreadsheets and financial models.   Get in touch at www.datarails.com   For AFP FP&A Continuing Education credit please complete the course via the Earmark Ap, must pass the quiz with 80% accuracy and send the completed certificate to pbarnhust@thefpandaguy.com for issuance of 1 hour of credit toward your AFP FP&A Certification. 

On this edition of the ESW news, we're all over the place! Funding and acquisitions are a little sad right now, but AI and TikTok bans raise our spirits. The hosts are split on feelings about the new .zip gTLD, there's a new standard for scoring an "AI Influence Level" (AIL), and lessons learned from Joe Sullivan's case and other Uber breaches. Also, don't miss the new AI tool DragGAN, which enables near magical levels of ease when manipulating photos.   What's even real anymore? We might not be able to tell for long... The reality is no organization is insusceptible to a breach – and security teams, alongside the C-suite, should prepare now to make the response more seamless once a crisis does happen. Based on his experience working 1:1 with security leaders in the private and public sectors, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, will share the critical steps organizations must take to best prepare for a security breach. This segment is sponsored by Raytheon. Visit https://securityweekly.com/raytheonrsac to learn more about them!   While companies utilize dozens of security solutions, they continue to be compromised and are continually searching for their real cybersecurity gaps amongst the overload of vulnerability data. A primary issue security teams face is that they lack a way to continuously validate the effectiveness of the different security solutions they have in place. Automated Security Validation is revolutionizing cybersecurity by applying software validation algorithms, for what was once manual penetration testing jobs. It takes the attacker's perspective to challenge the integrity and resilience of security defenses by continuously emulating cyber attacks against them. This segment is sponsored by Pentera. Visit https://securityweekly.com/penterarsac to learn more about them!   Security teams are always on the lookout for external threats that can harm our organizations. However, an internal threat can derail productivity and lead to human error and burnout: repetitive, mundane tasks. To effectively defend against evolving threats, organizations must leverage no-code automation and free analysts to focus on higher-level projects that can improve their organization's security posture. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesrsac to learn more about them!   In today's hyper-connected world, devices are everywhere, people are online constantly and sensitive data has moved to the cloud. Given these trends, organizations are making digital trust a strategic imperative. More than ever, companies need a unified platform, modern architecture and flexible deployment options in order to put digital trust to work. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them!   Bill Brenner, VP of content strategy at CyberRisk Alliance, and Cisco storyteller/team leader/editor Steve Ragan discuss the issues security professionals are sinking their teeth into at RSA Conference 2023, including: Threats organizations face amid geopolitical strife (Russia/Ukraine, China, North Korea) What SOCs need to respond to a world on fire (training for cloud-based ops, XDR) Challenges of identity and access management (zero trust, MFA, hybrid work environments) Challenges of vulnerability management (finding the most critical flaws in the cloud, key attack vectors in 2023, ransomware) This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw319 

On this edition of the ESW news, we're all over the place! Funding and acquisitions are a little sad right now, but AI and TikTok bans raise our spirits. The hosts are split on feelings about the new .zip gTLD, there's a new standard for scoring an "AI Influence Level" (AIL), and lessons learned from Joe Sullivan's case and other Uber breaches. Also, don't miss the new AI tool DragGAN, which enables near magical levels of ease when manipulating photos.   What's even real anymore? We might not be able to tell for long... The reality is no organization is insusceptible to a breach – and security teams, alongside the C-suite, should prepare now to make the response more seamless once a crisis does happen. Based on his experience working 1:1 with security leaders in the private and public sectors, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, will share the critical steps organizations must take to best prepare for a security breach. This segment is sponsored by Raytheon. Visit https://securityweekly.com/raytheonrsac to learn more about them!   While companies utilize dozens of security solutions, they continue to be compromised and are continually searching for their real cybersecurity gaps amongst the overload of vulnerability data. A primary issue security teams face is that they lack a way to continuously validate the effectiveness of the different security solutions they have in place. Automated Security Validation is revolutionizing cybersecurity by applying software validation algorithms, for what was once manual penetration testing jobs. It takes the attacker's perspective to challenge the integrity and resilience of security defenses by continuously emulating cyber attacks against them. This segment is sponsored by Pentera. Visit https://securityweekly.com/penterarsac to learn more about them!   Security teams are always on the lookout for external threats that can harm our organizations. However, an internal threat can derail productivity and lead to human error and burnout: repetitive, mundane tasks. To effectively defend against evolving threats, organizations must leverage no-code automation and free analysts to focus on higher-level projects that can improve their organization's security posture. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesrsac to learn more about them!   In today's hyper-connected world, devices are everywhere, people are online constantly and sensitive data has moved to the cloud. Given these trends, organizations are making digital trust a strategic imperative. More than ever, companies need a unified platform, modern architecture and flexible deployment options in order to put digital trust to work. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them!   Bill Brenner, VP of content strategy at CyberRisk Alliance, and Cisco storyteller/team leader/editor Steve Ragan discuss the issues security professionals are sinking their teeth into at RSA Conference 2023, including: Threats organizations face amid geopolitical strife (Russia/Ukraine, China, North Korea) What SOCs need to respond to a world on fire (training for cloud-based ops, XDR) Challenges of identity and access management (zero trust, MFA, hybrid work environments) Challenges of vulnerability management (finding the most critical flaws in the cloud, key attack vectors in 2023, ransomware) This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw319 

In today's hyper-connected world, devices are everywhere, people are online constantly and sensitive data has moved to the cloud. Given these trends, organizations are making digital trust a strategic imperative. More than ever, companies need a unified platform, modern architecture and flexible deployment options in order to put digital trust to work. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them!   Bill Brenner, VP of content strategy at CyberRisk Alliance, and Cisco storyteller/team leader/editor Steve Ragan discuss the issues security professionals are sinking their teeth into at RSA Conference 2023, including: Threats organizations face amid geopolitical strife (Russia/Ukraine, China, North Korea) What SOCs need to respond to a world on fire (training for cloud-based ops, XDR) Challenges of identity and access management (zero trust, MFA, hybrid work environments) Challenges of vulnerability management (finding the most critical flaws in the cloud, key attack vectors in 2023, ransomware) This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw319 

In today's hyper-connected world, devices are everywhere, people are online constantly and sensitive data has moved to the cloud. Given these trends, organizations are making digital trust a strategic imperative. More than ever, companies need a unified platform, modern architecture and flexible deployment options in order to put digital trust to work. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them!   Bill Brenner, VP of content strategy at CyberRisk Alliance, and Cisco storyteller/team leader/editor Steve Ragan discuss the issues security professionals are sinking their teeth into at RSA Conference 2023, including: Threats organizations face amid geopolitical strife (Russia/Ukraine, China, North Korea) What SOCs need to respond to a world on fire (training for cloud-based ops, XDR) Challenges of identity and access management (zero trust, MFA, hybrid work environments) Challenges of vulnerability management (finding the most critical flaws in the cloud, key attack vectors in 2023, ransomware) This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw319 

The Utah Women & Leadership Project and the Governor's Office of Economic Opportunity have created an inspiring initiative to identify and highlight 100 Utah companies that champion women. By supporting employees through education, family-friendly benefits, policies, or programs that advance women, these companies have created an environment where women can thrive. This episode highlights DigiCert. DigiCert is the global leader in digital trust and creates digital trust solutions. Dr. Susan Madsen, Founding Director of the Utah Women & Leadership Project, is joined by Kelsey Berteaux, Sr. Legal Operations Analyst, and Sinead Godkin, Chief People Officer.Support the show

The world is getting smaller. How does one move from the U.S. and successfully practice public relations in a foreign nation? What are the initial steps and preparation required? Amelia Mecham did just that. She moved from the U.S. to London, England where for the past few years she has prospered in her communications position with DigiCert. She outlines her pre-trip preparation, the adjustments she needed to make to fit in, and much more. She also offers advice to determine your standing on the cultural scale and how to survive once you make the move.  Below are some sites to provide helpful guidance.  Please provide a review of this episode. Thank you!!!Compare countries' cultures: https://www.hofstede-insights.comTake Your Cultural Assessment:  https://erinmeyer.com/tools/ We proudly announce this podcast is now available on Amazon ALEXA. Simply say: "ALEXA play Public Relations Review Podcast" to hear the latest episode. To see a list of ALL our episodes go to our podcast website: www. public relations reviewpodcast.com or go to orApple podcasts and search "Public Relations Review Podcast." Thank you for listening. Please subscribe and leave a review.Support the show

Could a senior Latvian politician really be responsible for scamming hundreds of "mothers-of-two" in the UK? (Probably not, despite Graham's theories...) And should we be getting worried about the AI wonder that is ChatGPT?All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.Plus don't miss our featured interview with DigiCert's Brian "PKI" Trzupek.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Artis Pabriks.‘I left my partner and lost £80,000 to a fake Facebook romance': Manchester mum's warning over catfishing scam - Manchester World.'I know I have been a fool but these are the things we do for love', says mum duped out of £80k by Facebook lover - Manchester Evening News.Amazon Warns Employees to Beware of ChatGPT - Gizmodo. ChatGPT's soaring popularity has added $5 billion to the wealth of Nvidia's founder as Wall Street bets on AI boom for the chipmaker - Business Insider. ChatGPT raises red flags by acing MBA exam.ChatGPT passes exams from law and business schools - CNN. I asked ChatGPT how to negotiate a raise. Career coaches said I'd probably get one by following the AI chatbot's steps and script - Business Insider. Real estate agents say they can't imagine working without ChatGPT now - CNN. Science journals ban listing of ChatGPT as co-author on papers - The Guardian. Blakes 7 Bot - an automated bot that posts lines of dialogue from Blakes 7.Yarn - Find video clips by quotes.The New Gurus Podcast - BBC Sounds. Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for....