Podcasts about EDR

Send us a textA neighboring Wi‑Fi, a handful of stolen credentials, and a quiet leap into a high‑value network—the kind of pivot that sounds cinematic until you realize how practical it is. We unpack that playbook and turn it into concrete defenses you can deploy across your environment, from client endpoints and browsers to databases, servers, and industrial control systems.We start at the edge, where phishing, drive‑by downloads, and man‑in‑the‑middle still win far too often. You'll get a clear blueprint for upgrading endpoint security with EDR, strict patching, and browser hardening, plus when to retire or sandbox legacy applets and how to stop sensitive data bleeding from local caches. From there we map the landscape of modern data platforms: the internal, conceptual, and external layers of databases; the resilience of distributed DBs; the interoperability and pitfalls of ODBC; and the security tradeoffs between NoSQL flexibility and relational ACID guarantees. Expect practical guardrails like TLS on every link, parameterized queries for SQLi defense, and role‑based access with tight segregation of duties.Finally, we focus on servers and ICS, where downtime costs real money and, in OT, can impact safety. Learn how to prioritize hardening and patching without breaking legacy apps, isolate critical services to reduce blast radius, centralize logging to a SIEM, and apply the Purdue model to segment OT from IT. We share tested moves for OT environments—firewalls and DMZs, constrained remote access, realistic backup and recovery plans—and explain how to integrate safety and cybersecurity so alarms, procedures, and people work as one.If you find this valuable, subscribe, share it with a teammate who owns Wi‑Fi or databases, and leave a quick review telling us the first control you'll implement this week. Your feedback helps more practitioners discover tools that actually reduce risk.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Three banks in four days isn't just a bragging right for penetration testers. It's a wake-up call showing that expensive security tools and alarm systems often fail when tested by skilled operators who understand both human behavior and technical vulnerabilities. Greg Hatcher and John Stigerwalt, co-founders of White Knight Labs, talk about their latest physical penetration tests on financial institutions, manufacturing facilities protecting COVID-19 vaccine production, and why their new Server 2025 course had to rewrite most common Active Directory tools. They share stories of armed guards, police gun draws, poison ivy reconnaissance, and a bag of chips that saved them from serious trouble. The conversation reveals why EDR alone won't stop ransomware, how offline backups remain the exception rather than the rule, and what security controls actually work when attackers bring custom tooling. Impactful Moments: 00:00 - Intro 01:00 - New training courses launched 03:00 - Server 2025 breaks standard tools 05:00 - COVID facility physical penetration 07:00 - Armed guards change the game 10:00 - Police draw guns on operators 13:00 - Bag of chips saves the day 15:00 - Nighttime versus daytime physical tests 18:00 - VIP home security assessments 20:00 - 2026 threat predictions 22:00 - Why EDR doesn't stop ransomware 27:00 - Low cost ransomware simulation ROI 29:00 - Three banks in four days 32:00 - Deepfake as the new EDR Links: Connect with our guests –  Greg Hatcher: https://www.linkedin.com/in/gregoryhatcher2/ John Stigerwalt: https://www.linkedin.com/in/john-stigerwalt-90a9b4110/ Learn more about White Knight Labs: https://www.whiteknightlabs.com Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Parce que… c'est l'épisode 0x679! Shameless plug 25 et 26 février 2026 - SéQCure 2026 CfP 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2025 - SSTIC 2026 Notes IA Surfer Block all AI browsers for the foreseeable future: Gartner Google says Chrome's AI creates risks only more AI can fix Se tirer dans le pied Gemini Enterprise No-Click Flaw Exposes Sensitive Data Copilot's No Code AI Agents Liable to Leak Company Data ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery Over the top New OpenAI models likely to pose “high” cybersecurity risk AI hackers are coming dangerously close to beating humans New cybersecurity guidance paves the way for AI in critical infrastructure AI-Powered Free Security-Audit Checklist 2026 3 ans d'audits cybersécu et finalement, c'est une IA qui trouve la faille en 4 jours New Prompt Injection Attack via Malicious MCP Servers Let Attackers Drain Resources ‘Botnets in physical form' are top humanoid robot risk Building Trustworthy AI Agents Microsoft to Bundle Security Copilot in M365 Enterprise License Privacy Firewall - Le garde fou de vos IA Red Malicious Go Packages Mimic as Google's UUID Library to Exfiltrate Sensitive Data Ransomware gangs turn to Shanya EXE packer to hide EDR killers Researchers spot 700 percent increase in hypervisor attacks New Mirai Botnet Variant ‘Broadside' Actively Attacking Users in the Wild 700+ self-hosted Git instances battered in 0-day attacks 10K Docker images spray live cloud creds across the internet Infoblox Threat Intel: “Canadian online marketplace se…” - Infosec Exchange Kali Linux 2025.4 released with 3 new tools, desktop updates Apple fixes two zero-day flaws exploited in ‘sophisticated' attacks Blue Windows PowerShell now warns when running Invoke-WebRequest scripts Stop Breaking TLS Daring Fireball: iMessage's Delivery Architecture Makes It Hard to Block Without Blocking All iOS Push Notifications Why a secure software development life cycle is critical for manufacturers Le BISO, maillon opérationnel entre cybersécurité et métiers Microsoft bounty program now includes any flaw impacting its services MITRE Releases Top 25 Most Dangerous Software Weaknesses of 2025 Harden Windows Security - Blindez votre Windows sans installer un seul logiciel tiers ! Privacy ICO: Home Office hushed up facial recognition biases Hackers Can Leverage Delivery Receipts on WhatsApp and Signal to Extract User Private Information Identité The EFF Nails It: What's Wrong With UK Digital ID Why Isn't Online Age Verification Just Like Showing Your ID In Person? Australia social media ban: Teens navigate new world without social media as ban takes effect Lawmaker calls facial recognition on doorbell cameras a ‘privacy nightmare' Effacer son téléphone devant les douaniers peut vous envoyer en prison (logique) Canada's privacy regulator to probe billboards equipped with facial scanning tech Firefox Survey Finds Only 16% Feel In Control of Their Privacy Choices Online Information warfare The war on disinformation is a losing battle UK calls on Europe to counter Russia's expanding info wars Germany summons Russian ambassador over cyberattack, election disinformation Want to sway an election? Here's how much fake online accounts cost Divers Bad OPSEC Considered Harmful Should You Trust Your VPN Location? Collaborateurs Nicolas-Loïc Fortin Crédits Montage par Intrasecure inc Locaux réels par Moxy Montreal Downtown

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: AI, Human Behavior & Cybersecurity's Future: Cutting Complexity and Strengthening DefensePub date: 2025-12-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe future of cybersecurity won't be won by tools alone - it will be won by people, process, and smarter use of AI. In this episode of Protect It All, host Aaron Crow sits down with cybersecurity veteran Sharad Rai to explore how IT and OT security teams can reduce complexity, fight alert fatigue, and build stronger defenses through foundational practices and intelligent automation. Sharad brings decades of real-world experience - from early firewall management to leading large-scale security programs at major financial institutions. Together, Aaron and Sharad break down what actually works in cybersecurity today: simplifying policies, understanding user behavior, strengthening basics like patching, and leveraging AI for contextual decision-making. You'll learn: Why human behavior is the root of both risk and resilience How AI can reduce complexity, noise, and alert fatigue What “good vs bad” looks like through an AI-driven, context-aware lens How policy overload cripples organizations - and how to fix it Why OT and IT security still depend on foundational hygiene The rise of browser-based security and Chrome as an endpoint What's coming next: AI-driven phishing, contextual controls, and automated response Whether you're a security leader, practitioner, or just navigating modern cyber challenges, this episode will reshape how you think about defending systems and the people using them. Tune in to discover how AI, clarity, and human-centered design are shaping cybersecurity's next chapter only on Protect It All. Key Moments:  06:21 "Cybersecurity Basics: Know the Layers" 09:49 "Defining Good to Block Bad" 13:03 Alarm Fatigue and Information Overload 14:01 Alarm Tuning and Data Utilization 19:02 RFID Tags and Process Frustration 23:03 Simplifying Cybersecurity for Success 25:18 "AI Optimizing Policy Adjustments" 27:33 "Tech Frustrations Then and Now" 31:46 Cloud Computing Transformed Everyday Work 36:05 Focus on Foundational Basics About the guest :  Sharad Rai is a cybersecurity leader and architect with over 20 years of experience securing some of the world's most complex financial institutions. As Vice President of Security and Architecture at State Street, he leads regulatory-driven initiatives and delivers enterprise-wide cybersecurity programs across cloud, infrastructure, and endpoint platforms. Sharad has held key security roles at Morgan Stanley, BNP Paribas, Jefferies, and Foundation Medicine, with deep expertise in EDR, PAM, SASE, ZTNA, and cloud-native security. He is known for simplifying complexity, reducing risk, and bridging product, engineering, and executive teams. How to connect Sharad: https://www.linkedin.com/in/sharad-rai-cissp-a951a28 Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast  To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Arrancamos con la referencia a un vídeo viral en Instagram de AutoFM sobre siniestralidad de motoristas y estado de las carreteras (baches, guardarraíles). Mensaje central: parte de las caídas y lesiones se deben a infraestructuras deficientes; “muchas carreteras son ilegales” por incumplir estándares. Dónde está José y por qué • En el Congreso Internacional de Investigación de Accidentes de Tráfico organizado por CESVIMAP (grupo MAPFRE). • Objetivo: impulsar en España una cultura de investigación técnica de siniestros, no solo de atribución de responsabilidades. Estructura del congreso (3 jornadas) • Día 1 (ensayos en CESVIMAP): o Crash test 1 en pista cerrada. o Crash test 2 en exterior, alcance a 40 km/h con un coche teledirigido contra otro vehículo; todo perimetrado y con medidas de seguridad. o Demostraciones de ADAS. • Día 2 (jornada técnica, Palacio de Congresos): o ~25 ponentes; inicio sobre las 08:00. o Ponencias de Fuerzas y Cuerpos de Seguridad, fiscales, investigadores independientes y Toyota. o Toyota presenta solución propia complementaria al EDR para registrar variables (acelerador, freno, volante, etc.) cuando el impacto no alcanza umbral de disparo del EDR (que registra aprox. 5 s antes y 5 s después). Se ilustran dos casos reales (uno incidente y otro accidente). • Día 3 (avances previstos): o Presentación de gemelos digitales de los dos crash tests físicos, con comparativa entre un vehículo 100% eléctrico y otro convencional en calidad/volumen de datos y comportamiento. Tecnología y dato • Recordatorio: la UE obliga a equipar EDR en vehículos recientes; las FFCCSSE pueden acceder vía OBD para leer telemetría del evento (5 s ± del impacto). • El valor del dato complementario (p. ej., soluciones de fabricante) permite reconstrucciones más fieles cuando el EDR no se activa. Diagnóstico sobre investigación en España • Crítica central: el sistema solo busca responsables (civil/penal) y no impulsa una investigación técnica independiente “tipo aviación/ferroviario/marítimo” para extraer lecciones e implantar medidas preventivas. • Déficits públicos: o FFCCSSE: insuficiencia de medios y formación; buena parte de la capacitación de policías locales depende de su voluntad personal, vacaciones e inversión propia. o Empresas privadas: en España hay 3–4 gabinetes punteros internacionalmente que sí invierten y trabajan con alto rigor técnico. • Propuesta: aplicar el modelo de investigación de aviación a la seguridad vial reduciría la mortalidad y obligaría a mejorar infraestructuras. Infraestructura viaria • Mención a informes de la Asociación Española de la Carretera: o Déficit de inversión en mantenimiento de miles de millones de euros. o >50% de los kilómetros de la red presentan defectos graves. • Consecuencia: impacto directo en heridos y fallecidos. Didáctica del crash test de moto (40 km/h) • La gravedad del daño depende de la deceleración (pasar de 40 km/h a 0 en milisegundos), no solo de la velocidad nominal. • Por geometría de la colisión, el casco puede impactar contra el pilar A (objeto rígido), con picos de deceleración altos en cabeza, más un segundo impacto contra el suelo. • Ver y “sentir” un crash test (ruido, cámaras de alta velocidad) ayuda a tomar conciencia de la severidad real. Próximos contenidos ligados al congreso • Podcast especial “El pulso del Congreso de Investigación de Accidentes de Tráfico”: 3 horas de repaso auditivo con entrevistas (publicación prevista en próximos días). • Cobertura adicional en AutoFM y YouTube con detalle de los ensayos y resultados de gemelos digitales. • España necesita investigación técnica sistemática de siniestros, además de la penal/civil. • Dato de calidad + tecnología (EDR y registros ampliados) + mejora de vías = palancas para reducir víctimas. • El congreso de CESVIMAP está empujando en esa dirección con demostraciones reales, análisis y colaboración multi-actor. Hasta aquí el programa de hoy del podcast de seguridad vial y educación vial. ¿Quieres escuchar episodios anteriores sobre seguridad en moto? • P138 100 tramos más peligrosos para motoristas https://go.ivoox.com/rf/72292314 • P154 Hugo de 14 años muere en el campeonato Europeo de motociclismo. https://go.ivoox.com/rf/73574655 • P176 Motos sin ITV https://go.ivoox.com/rf/75543112 • P262 Seguridad Vial en moto No me llames paquete https://go.ivoox.com/rf/93733543 • P289 Caídas en quad o moto y la importancia de la equipación adecuada. Seguridad vial Dakar 2023 https://go.ivoox.com/rf/101146657 • P300 Seguridad vial en moto en el Dakar https://go.ivoox.com/rf/101515123 • P327 Seguridad vial en moto, formación conducción, compra de equitación y exigir la retirada de guardarraíles asesinos https://go.ivoox.com/rf/105221622 • P376 seguridad vial en moto, episodio 5 del verano de seguridad en Onda Cero https://go.ivoox.com/rf/114152759 • P470 La seguridad vial en moto a debate https://go.ivoox.com/rf/126752010 • P566 chaleco airbag moto para la atgc https://go.ivoox.com/rf/135729959 • P557 4000 motos en la manifestación motera por la seguridad vial https://go.ivoox.com/rf/134812092 • P601 charla de seguridad vial en la concentración motorista La Leyenda en Cantalejo https://go.ivoox.com/rf/137929200 • P610 motoristas maltratados por Juan Carlos toribio en la concentración La Leyenda https://go.ivoox.com/rf/139115892 • P656 que sucede con la seguridad de los motoristas https://go.ivoox.com/rf/149781060 ¿Quieres escuchar episodios anteriores sobre seguridad en Euro NCAP? • P22 Seguridad infantil en Euro NCAP 2020 https://go.ivoox.com/rf/60410726 • P31 La seguridad infantil de los 7 coches ensayados en Euro NCAP 2020 https://go.ivoox.com/rf/63999896 • P119 En AutoFM hablamos del origen de lo que hoy es Euro NCAP https://go.ivoox.com/rf/70766776 • P192 Hyundai Ioniq 5 en Euro NCAP https://go.ivoox.com/rf/77624794 • P200 El coche más seguro para niños según Euro NCAP https://go.ivoox.com/rf/79810679 • P278 ¿Qué es EuroNCAP? https://go.ivoox.com/rf/97118681 • P320 Seguridad EuroNCAP en el Lexus RX https://go.ivoox.com/rf/104093361 • P325 Cupra en Euro NCAP seguridad made in Spain https://go.ivoox.com/rf/104841125 • P353 Euro NCAP y la seguridad de nuestros vehículos https://go.ivoox.com/rf/111970962 • P413 Etiquetas de seguridad en EuroNCAP https://go.ivoox.com/rf/121984964 • P426 BMW Serie 5 en EuroNCAP https://go.ivoox.com/rf/121989858 • P525 el coche más seguro en euro ncap 2023-24 https://go.ivoox.com/rf/132581951 • P617 euro ncap deepal s07 https://go.ivoox.com/rf/143237685 • P619 Xpeng pasa por Euro NCAP https://go.ivoox.com/rf/143237909 • P621 NIO EL6 en EuroNCAP https://go.ivoox.com/rf/143595669 • P655 Euro NCAP Jaecoo 7 https://go.ivoox.com/rf/149781056 ¿Quieres escuchar episodios anteriores sobre patinetes eléctricos (VMP) y su influencia en la educación vial y seguridad vial? • VMP o los patinetes eléctricos (13-11-2020) https://go.ivoox.com/rf/58970634 • P29 200€ de multa a los patinetes que circulen por la acera (19-1-2021) https://go.ivoox.com/rf/63999858 • P39 El 80% de los accidentados en patinete eléctrico iban sin casco. https://go.ivoox.com/rf/64652023 • P88. En la sección de RiveKids dentro de AutoFM hablamos de atropellos de niños con patinete eléctrico VMP https://go.ivoox.com/rf/68488690 • P134 Tráfico dice que se va a poner duro con patinetes y bicicletas https://go.ivoox.com/rf/71998645 • P205 certificado para VMP y manual de características del patinete eléctrico https://go.ivoox.com/rf/81250012 • P222 Normativa del patinete eléctrico en Onda Cero https://go.ivoox.com/rf/86695954 • P228 El patinete eléctrico no es un juguete en Auto FM https://go.ivoox.com/rf/87765635 • P329 lista de patinetes eléctricos certificados por la DGT https://go.ivoox.com/rf/105222377 • P449 Se prohíbe el patinete eléctrico en el metro de Bilbao https://go.ivoox.com/rf/124482727 ¿Quieres escuchar episodios anteriores sobre cómo la DGT afronta la educación vial y seguridad vial? • P47 La DGT recauda más de un millón de euros al día en multas https://go.ivoox.com/rf/65042824 • P68 2.880 conductores fueron denunciados dos o más veces en un mismo año por no llevar el cinturón de seguridad. https://go.ivoox.com/rf/66793732 • P72 La otra cara del rescate en carretera. DGT https://go.ivoox.com/rf/67030950 • P78 ¿Por qué nos denuncia la DGT en España? https://go.ivoox.com/rf/67470851 • P85 los tribunales anulan la mitad de las multas que pone la DGT. https://go.ivoox.com/rf/68027004 • P189 Cómo adelantar con seguridad https://go.ivoox.com/rf/76818386 • 6 puntos por usar el móvil al volante y más cambios de la DGT. https://go.ivoox.com/rf/60394281 • P383 ¿Hay que abrochar el cinturón de seguridad incluso sin ocupantes en las plazas traseras? https://go.ivoox.com/rf/115775880 • P444 Ocurrencias de la DGT en 2024 https://go.ivoox.com/rf/124103189 • P559 estrategia de país en la seguridad vial https://go.ivoox.com/rf/134812303 • P447 Propuestas de la DGT para bajar fallecidos en carretera https://go.ivoox.com/rf/124482117 • P456 La DGT incumple la promesa de retirar la Ley de tráfico si aumentaban los fallecidos https://go.ivoox.com/rf/124862871 • P494 La DGT frena los cambios del carnet de conducir https://go.ivoox.com/rf/130588417 • P538 En un accidente no se multiplica el peso como dice la DGT https://go.ivoox.com/rf/133370042 • P559 estrategia de país en la seguridad vial https://go.ivoox.com/rf/134812303 • P564 la seguridad en los adelantamientos https://go.ivoox.com/rf/135729856 • P633 La DGT controla a los conductores profesionales https://go.ivoox.com/rf/144450395 • P569 la DGT hace campanas de buenismo con los patinetes https://go.ivoox.com/rf/135730039 ¿Quieres escuchar episodios anteriores del podcast de educación vial y seguridad vial? • P6 Coronavirus y Seguridad Vial https://go.ivoox.com/rf/49513283 • P169 Seguridad vial en Onda Cero https://go.ivoox.com/rf/74292123 • P125 ¿Isofix en un SsangYong Rodius? Y mucha más seguridad vial https://go.ivoox.com/rf/71289331 • P196 Seguridad vial para bebés prematuros y CIPSEVI https://go.ivoox.com/rf/78652365 • P168 Sin ruedas no hay seguridad vial https://go.ivoox.com/rf/74292023 • P182 La educación vial en El Enfoque, Onda Madrid https://go.ivoox.com/rf/76018355 • P7 Mascarillas y guantes son al coronavirus lo que el cinturón de seguridad y los SRI a la violencia vial https://go.ivoox.com/rf/50038459 • P197 Estudio sobre la inseguridad vial en el contenido de las series en Capital Radio https://go.ivoox.com/rf/78897119 • P565 la mayoría de gente no usa el cinturón de seguridad https://go.ivoox.com/rf/135729932 • P561 4 de cada 10 conductores dan positivo en drogas https://go.ivoox.com/rf/134812530 • P541 La DGT no sabe dónde hay más de 650 millones de euros https://go.ivoox.com/rf/133580231 ¿Quieres escuchar episodios anteriores del podcast de seguridad vial en el Dakar? • P290 Lluvia torrencial, helicópteros que no pueden volar y buggies en medio de riadas. Seguridad vial Dakar 2023 https://go.ivoox.com/rf/101146767 • P291. Señalización de accidentes en la carrera más dura del mundo. Seguridad vial Dakar 2023 https://go.ivoox.com/rf/101146815 • P295 Exceso de velocidad, radar, sanción y distancia de frenado. Seguridad vial Dakar 2023 https://go.ivoox.com/rf/101147162 • P297 Muere atropellado por conseguir la mejor foto. Seguridad vial Dakar 2023 https://go.ivoox.com/rf/101514720 • P302 El Dakar 2023 da una lección de seguridad vial. La velocidad no mata, matan otras cosas. Seguridad vial Dakar https://go.ivoox.com/rf/101515334 • P301 Seguridad Vial con Manolo Plaza en el Dakar y en la vida. Seguridad vial Dakar 2023 https://go.ivoox.com/rf/101515325 • P300 La seguridad vial en moto en el Dakar y en las carreteras españolas. Seguridad vial Dakar 2023 https://go.ivoox.com/rf/101515123 • P294 Cansancio y fatiga extrema en competición. Seguridad vial Dakar 2023 https://go.ivoox.com/rf/101147100 • P296 ¿Es más seguro un chasis tubular? Biomecánica del impacto y aceleraciones en la seguridad vial Dakar 2023 https://go.ivoox.com/rf/101514635 • P288 Arco antivuelco o jaula de seguridad. Seguridad vial Dakar 2023 https://go.ivoox.com/rf/100776113 • P293 Hans. Seguridad vial Dakar 2023 https://go.ivoox.com/rf/101146904 • P292. Pos seguridad después de un vuelco o un accidente ¿qué hacer?. Seguridad vial Dakar 2023 https://go.ivoox.com/rf/101146866 • P287 Arnés vs cinturón de seguridad. Seguridad vial Dakar 2023 https://go.ivoox.com/rf/100775999 • P299 Conducir sin luna en la seguridad vial Dakar 2023 https://go.ivoox.com/rf/101515049 • P298 Fallece atropellado un aficionado que estaba viendo el Dakar 2023. Seguridad vial dentro y fuera de la competición https://go.ivoox.com/rf/101514818 • P430 Prologo Dakar 2024, seguridad vial https://go.ivoox.com/rf/122182887 • P438 Etapa 10 Dakar 2024 competición vs vida real en la señalización https://go.ivoox.com/rf/123338733 • P435 Etapa 5 Dakar 2024, la fatiga https://go.ivoox.com/rf/122440640 • P440 Etapa de descanso Dakar 2024 los twit de la DGT https://go.ivoox.com/rf/123339096 • P439 Etapa 11 Dakar 2024 adelantamientos extremos https://go.ivoox.com/rf/123338820 • P436 Atropello de un espectador en el Dakar 2024 https://go.ivoox.com/rf/122440725 • P434 Etapa 4 seguridad jurídica y excesos de velocidad en el Dakar 2024 https://go.ivoox.com/rf/122440464 • P431 Etapa 1 Dakar 2024, espectador atropellado https://go.ivoox.com/rf/122229047 • P432 Etapa 2 Dakar 2024, jaula de seguridad y Carles Falcón https://go.ivoox.com/rf/122229139 • P433 Etapa 3 Dakar 2024, los 3 impactos de un accidente https://go.ivoox.com/rf/122440325 “El verdadero viaje es el que termina como comenzó, con felicidad e inocencia” Feliz viaje hasta el próximo programa. _______________________________________

CISA warns that pro-Russia hacktivist groups are targeting US critical infrastructure. Google patches three new Chrome zero-day vulnerabilities. North Korean actors exploit React2Shell to deploy a new backdoor.  Researchers claim Docker Hub secret leakage is now a systemic problem. Attackers exploit an unpatched zero-day in Gogs, the self-hosted Git service. IBM patches more than 100 vulnerabilities across its product line. Storm-0249 abuses endpoint detection and response tools. The DOJ indicts a former Accenture employee for allegedly misleading federal customers about cloud security. Our guest is Kavitha Mariappan, Chief Transformation Officer at Rubrik, talking about understanding & building resilience against identity-driven threats. A malware tutor gets schooled by the law. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Kavitha Mariappan, Chief Transformation Officer at Knowledge Partner Rubrik, talking about understanding and building resilience against identity-driven threats. Tune into Kavitha's full conversation here.  New Rubrik Research Finds Identity Resilience is Imperative as AI Wave Floods the Workplace with AI Agents (Press release) The Identity Crisis: Understanding and Building Resilience Against Identity-Driven Threats (Report)  Agentic AI and Identity Sprawl (Data Security Decoded podcast episode) Host Caleb Tolin and guest ⁠Joe Hladik⁠, Head of Rubrik Zero Labs, to unpack the findings from their the report Kavitha addresses.  Resources: Rubrik's Data Security Decoded podcast airs semi-monthly on the N2K CyberWire network with host Caleb Tolin. You can catch new episodes twice a month on Tuesdays on your favorite podcast app. Selected Reading CISA: Pro-Russia Hacktivists Target US Critical Infrastructure New cybersecurity guidance paves the way for AI in critical infrastructure | CyberScoop Google Releases Critical Chrome Security Update to Address Zero-Days - Infosecurity Magazine North Korea-linked ‘EtherRAT' backdoor used in React2Shell attacks | SC Media Thousands of Exposed Secrets Found on Docker Hub - Flare Hackers exploit unpatched Gogs zero-day to breach 700 servers IBM Patches Over 100 Vulnerabilities - SecurityWeek Ransomware IAB abuses EDR for stealthy malware execution US charges former Accenture employee with misleading feds on cloud platform's security - Nextgov/FCW Man gets jail for filming malware tutorials for syndicate; 129 Singapore victims lost S$3.2m - CNA Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Compiling to Bash! How e-waste became a conference badge Overflows via underflows and reporting to CERT Users are using AI to complete mandatory infosec training! AI in your IDE is not a good idea Cybercrime is on the rise, and its the kids AI can replace humans in power plants Will AI prompt injection ever go away? To use a VPN or to not use a VPN, that is the question Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-904

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Compiling to Bash! How e-waste became a conference badge Overflows via underflows and reporting to CERT Users are using AI to complete mandatory infosec training! AI in your IDE is not a good idea Cybercrime is on the rise, and its the kids AI can replace humans in power plants Will AI prompt injection ever go away? To use a VPN or to not use a VPN, that is the question Show Notes: https://securityweekly.com/psw-904

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Compiling to Bash! How e-waste became a conference badge Overflows via underflows and reporting to CERT Users are using AI to complete mandatory infosec training! AI in your IDE is not a good idea Cybercrime is on the rise, and its the kids AI can replace humans in power plants Will AI prompt injection ever go away? To use a VPN or to not use a VPN, that is the question Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-904

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvHeadlines about eight Chrome zero days aren't just noise—they're a prompt to act with precision. We open with the fastest, most reliable steps to reduce exposure: force updates with MDM, restart browsers to trigger patches, narrow to a hardened enterprise browser, and brief your SOC to tune EDR for active exploit patterns. You'll get a focused checklist that's quick to run and easy to defend to leadership.From there, we turn the lens to CISSP Domain 8 with five questions that teach more than they test. We explain why strict schema validation for JSON beats blanket escaping, and how misuse and abuse case analysis during requirements gives you the strongest assurance that security is built into design, not bolted on. We also break down supply chain risk in CI/CD with a practical recipe: software composition analysis, cryptographic signature checks, internal artifact repositories, and policy gates that block malicious or license-violating packages before they ship.Design flaws are the silent killers. We highlight a common mistake—putting sensitive business logic in the browser—and show how to move decisions server-side, validate every request, and protect against client tampering. Finally, we get tactical about containerized microservices: image signing plus runtime verification, read-only filesystems, minimal base images, and network policies that enforce least privilege. These are the controls that turn incident response into a manageable drill, not a firestorm.If you're preparing for the CISSP or leading an engineering team, you'll leave with strategies you can apply today: browser patching that sticks, threat modeling that finds real risks, SCA that calms your pipeline, and container security that proves runtime trust. Enjoyed this conversation? Subscribe, share with a teammate, and leave a quick review to help more people find it.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Compiling to Bash! How e-waste became a conference badge Overflows via underflows and reporting to CERT Users are using AI to complete mandatory infosec training! AI in your IDE is not a good idea Cybercrime is on the rise, and its the kids AI can replace humans in power plants Will AI prompt injection ever go away? To use a VPN or to not use a VPN, that is the question Show Notes: https://securityweekly.com/psw-904

Cybersecurity Today: Google Chrome's AI Safety Plan, React2Shell Fixes, & New Ransomware Tactics In this episode of Cybersecurity Today, host Jim Love discusses Google's new security blueprint for AI-powered Chrome agents, highlighting measures against indirect prompt injections and model errors. Learn about Next JS's new tool for addressing the critical React2Shell vulnerability and the emerging threat from Storm 0249 using EDR tools for ransomware. The episode also covers new data showing manufacturers remain top ransomware targets. Sponsored by Meter. 00:00 Introduction and Sponsor Message 00:22 Google's New Security Plan for Chrome Agents 03:41 Next JS Scanner for React2Shell Vulnerability 05:41 Storm 0249: Malware Hidden in EDR Tools 07:45 Ransomware Targets Manufacturing Sector 09:34 Conclusion and Final Notes

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we delve into endpoint security—a crucial topic for anyone preparing for IT certification exams, especially CompTIA. Traditional firewalls no longer fully protect your network; attackers now exploit endpoints like laptops, phones, printers, and smart devices to breach security. We explore how threats bypass perimeter defenses by targeting users and devices directly, and explain essential controls such as hardening, segmentation, encryption, patching, behavior analytics, and access management. Whether you're studying for your CompTIA exam or seeking practical IT skills development, this episode offers critical insights and IT certification tips to strengthen your understanding of cybersecurity fundamentals. Tune in to enhance your tech exam prep and advance your technology education journey.We start with foundations that actually move risk: baseline configurations, aggressive patch management, and closing unnecessary ports and services. From there we layer modern defenses—EDR and XDR for continuous telemetry and automated containment, UEBA to surface the 3 a.m. login or odd data pulls, and the underrated duo of least privilege and application allow listing to deny unknown code a chance to run. You'll hear why full disk encryption is non‑negotiable and how policy, not heroics, sustains security over time.Mobile endpoints take center stage with clear tactics for safer travel and remote work: stronger screen locks and biometrics, MDM policies that enforce remote wipe and jailbreak detection, and connection hygiene that favors VPN and cellular over public Wi‑Fi. We break down evil twin traps, side loading risks, and permission sprawl, then pivot to IoT realities—default passwords, stale firmware, exposed admin panels—and how VLAN isolation and firmware schedules defang them. A real case of a chatty lobby printer becoming an attack pivot drives home the need for logging and outbound controls through SIEM.The takeaway is simple and urgent: if it connects, it can be attacked, and if it's hardened, segmented, encrypted, and monitored, it can be defended. Subscribe for more practical security deep dives, share this with a teammate who owns devices or networks, and leave a review to tell us which control you'll deploy first.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Send us a textAt IT Nation Connect 2025, Mike DePalma—VP of SMB Cybersecurity at OpenText—sits down with Joey Pinz to talk about rebuilding community in the MSP world, evolving vendor programs, and the tidal wave of AI reshaping security and operations.Mike shares how OpenText's new EDR rollout is simplifying life for ConnectWise partners, the surprising results of their latest MSP Report, and why most AI projects fail—hint: it's not the tech. He opens up about the Datto → Kaseya acquisition, lessons in leadership, and why discipline, presence, and family still define success more than revenue or market share.

Danny Jenkins — Founder of ThreatLocker and the Zero-Trust RevolutionDanny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny's journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/ 00:00 Introduction to Cybersecurity and ThreatLocker02:26 The Birth of ThreatLocker: A Personal Journey05:42 The Evolution of Zero Trust Security08:35 Real-World Impact of Cyber Attacks11:25 The Importance of a Hacker Mindset14:46 The Role of SOC Teams in Cybersecurity17:34 Building a Culture of Security20:23 Hiring for Passion and Skill in Cybersecurity23:44 Understanding Zero Trust: Trust No One26:32 Lifestyle Polygraph: Personal Insights and Fun29:41 Conclusion and Future of ThreatLocker

AI agents aren't just reacting anymore, they're thinking, learning, and sometimes deleting your entire production database without asking. The real question isn't if your AI agent will be hacked, it's when, and whether you'll have the right hooks in place to stop it before it happens. In this episode, Ron breaks down the ChatGPT Atlas vulnerability that shocked researchers, revealing how malicious prompts can turn AI assistants against their own users by bypassing safeguards and accessing file systems. He presents his new talk "Hooking Before Hacking," introducing a framework for applying EDR principles, prevention, detection, and response, to AI agents before they execute unauthorized commands. From pre-tool use hooks that catch malicious intent to one-time passwords that put humans back in the loop, this episode shares practical security controls you can implement today to prevent your AI agents from going rogue.   Impactful Moments: 00:00 - Introduction 02:00 - ChatGPT Atlas vulnerability exposed 04:00 - AI technology outpacing security guardrails 05:00 - Guardrail jailbreaks and prompt injection 06:00 - AI agents deleting production databases 07:00 - EDR principles for AI agents 09:00 - Pre-tool use hooks catch intention 11:00 - User prompt sanitization prevents leaks 14:00 - One-time passwords for agent workflows 16:00 - Automation mistakes across 10 years   Links: Connect with Ron on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Check out the entire article here: https://www.yahoo.com/news/articles/cybersecurity-experts-warn-openai-chatgpt-101658986.html  GitHub Repository: https://hackervalley.com/hooking-before-hacking  See Ron's "Hooking Before Hacking" presentation slides here: http://hackervalley.com/hooking-before-hacking-presentation Check out our website: https://hackervalley.com/ Upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio    

This episode breaks down Endpoint Detection and Response EDR and why it has become a core element of modern cybersecurity. You'll learn how EDR monitors devices in real time, detects sophisticated threats, supports deep investigations, and enables instant response to minimize damage. A perfect starting point for anyone looking to understand how organizations strengthen endpoint security against today's evolving attacks.

In this Security Squawk episode, Brian Horning from Xact IT is joined by guests to unpack three real ransomware incidents, the rapid rise of “The Gentlemen” gang, and how attackers bypass basic security by turning off tools like Windows Defender. You'll learn why relying only on built-in protections creates dangerous blind spots, what layered security with EDR, SOC monitoring, and log retention looks like, and the practical steps business leaders can take now to harden their defenses and reduce ransomware risk.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvSecurity programs fail when they try to do everything at once. We walk through a clear three-phase plan that keeps you focused and effective: start with a real gap assessment anchored in leadership's risk tolerance, convert findings into decisions to mitigate, accept, or transfer risk, and then implement with a balanced mix of people, process, and tools. Along the way, we share what to look for when hiring a virtual CISO and how to turn that engagement into actionable momentum instead of another shelfware report.From there, we tighten the perimeter by defining bounds that keep systems within safe lanes: role-based access control, data classification, DLP, segmentation, encryption, and change management that shrinks blast radius. We get tactical with process isolation, sandboxing, capability-based security, and application whitelisting, plus a grounded comparison of MAC vs DAC and when a hybrid model makes sense. Defense in depth ties it together with physical safeguards, network protections, EDR and patching, application security practices, and data security. We keep the human layer practical with targeted awareness training and a tested incident response plan.Resilience is the throughline. We advocate for secure defaults and least privilege by design, logging that's actually reviewed, and updates that apply on a measured cadence. When things break, fail safely: graceful degradation, clean error handling, separation of concerns, redundancy, and real-world drills that expose weak spots early. Governance keeps the program honest with separation of duties, dual control, job rotation, and change boards that prevent unilateral risk. Finally, we demystify zero trust: start small, micro-segment your crown jewels, verify continuously, and respect cloud nuances without overcomplicating your stack.If this helps you clarify your next move, follow the show, share it with a teammate, and leave a quick review so others can find it. Tell us: which phase are you tackling first?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode of 'Cybersecurity Today,' host Jim Love covers multiple pressing topics: CloudFlare's major outage affecting services like OpenAI and Discord, Microsoft's new AI feature in Windows 11 and its potential malware risks, a new red team tool that exploits cloud-based EDR systems, and a new tactic using calendar invites as a stealth attack vector. Additionally, a critical SAP vulnerability scoring a perfect 10 on the CVSS scale is discussed alongside a peculiar event where Anthropic's AI mistakenly tried to report a cybercrime to the FBI. The episode wraps up with a mention of the book 'Alyssa, A Tale of Quantum Kisses' and a thank you to Meter for sponsoring the podcast. Tune in for essential cybersecurity insights. 00:00 Introduction and Sponsor Message 00:22 CloudFlare Outage Causes Major Disruptions 02:55 Microsoft's New AI Features and Malware Risks 05:22 Silent but Deadly: New Red Team Tool 07:39 Calendar Invites as a Stealth Attack Vector 10:04 Critical SAP Vulnerability 12:11 Anthropic's AI and the FBI Incident 14:06 Conclusion and Final Thoughts

AI is accelerating ransomware attacks and reshaping the cyber threat landscape. Join Brendan Hall, Alliant Cyber, and Brad LaPorte, Morphisec, as they discuss how evolving ransomware tactics and polymorphic malware are challenging traditional cybersecurity defenses. Together they share how a preemptive approach to ransomware protection can help organizations reduce exposure, lower insurance costs and strengthen cyber resilience as AI continues to accelerate the speed and sophistication of attacks. They also highlight how Morphisec's patented technology and ransomware-free guarantee provide a powerful layer of protection that complements existing MDR and EDR tools.

ඕස්ට්‍රේලියාවේ EDR, නොහොත් Experienced Driver Recognition පද්ධතියේ මෑතකදී සිද්ධ වූ විශේෂ වෙනස්කම් පිළිබඳව SBS සිංහල සේවය සිදු කල සාකච්ඡාවට සවන් දෙන්න

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-433

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-433

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-433

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-433

EDr. AJ Kolhari discusses Russia's successful test of the nuclear-powered Burevestnik cruise missile, which flew 14,000 km for 15 hours. The missile captures and compresses air, heating it over a nuclear reactor to create thrust. Kulhari emphasizes the danger because it flies low (50 to 100 m) and is hard to detect. He notes this nuclear propulsion technology, or similar ramjet designs, could revolutionize commercial travel and be applied to flight on Mars, using its CO₂ atmosphere for heating. 1958

Hackers use Windows Hyper-V to evade EDR detection Critical Cisco UCCX flaw lets attackers run commands as root The Louvre's video security password was reportedly Louvre  Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment — and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats — stop them with ThreatLocker. Find the stories behind the headlines at CISOseries.com.

Send us a textA single Windows shortcut can open the door to espionage—and that's exactly where we begin. We break down a fresh LNK exploit campaign to show how hidden command execution and DLL sideloading slip past busy teams, then pivot into the core defense most organizations underuse: disciplined configuration management. From baselines and version control to change boards and rapid rollback, we map the habits and tools that turn chaos into control.We walk through building secure, realistic baselines with CIS Benchmarks and NIST 800‑128, and why “simple and enforceable” beats “perfect and ignored.” You'll hear how least privilege for change stops shadow tweaks, how EDR and application firewalls catch command and control, and how automation with Ansible, SCCM, and Terraform keeps fleets consistent. We spotlight the CMDB as a living source of truth—only valuable if you maintain ownership, automate updates, and report on drift so leadership and risk teams can act.Change governance becomes your stabilizer. A change control board aligns IT, security, operations, risk, and compliance before big moves, while an emergency change advisory board authorizes fast action for zero‑days and incidents with a strict post‑implementation review. We break down the full change lifecycle—request, impact analysis, staging, implementation, verification, CMDB updates—and the common pitfalls to avoid, including undocumented changes, brittle rollbacks, and ignoring post‑change scan results. Expect practical guidance on when to auto‑patch Windows, how to iterate quarterly without overengineering, and what metrics prove progress.If you're aiming to master CISSP Domain 7 or just want fewer outages and faster recovery, this conversation gives you a clear blueprint to reduce attack surface and increase stability. If it helps, share it with a teammate, subscribe for more deep dives, and leave a quick review so we can keep improving for you.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud and a recognized expert in SIEM, log management, and PCI DSS compliance, will help us cut through the buzzwords and discuss modern security operations.Join the Defender Fridays community, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals.Dr. Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. He is also a co-host of Cloud Security Podcast.Until June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics, and is credited with inventing the term "EDR." He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Kybernetická bezpečnosť už dávno nie je len o antivíruse a heslách. Hoci sa firmy na Slovensku v základnej hygiene zlepšili, mnohé stále podceňujú sofistikovanejšie hrozby. Často investujú do pokročilých technológií, no nemajú kvalifikovaných ľudí, ktorí by ich vedeli správne vyhodnocovať a manažovať. Prečo je dôležité oddeliť IT od bezpečnosti a aké sú možnosti pre firmy, ktoré si vlastný bezpečnostný tím nemôžu dovoliť?V novom dieli podcastu SHARE sa moderátor Maroš Žofčin rozpráva s Júliusom Seleckým, Solution Architectom spoločnosti Eset, o reálnom stave kybernetickej bezpečnosti v slovenských firmách, o najčastejších chybách a o riešeniach, ako je manažovaná detekcia a reakcia (MDR). Podcast prinášame v spolupráci so spoločnosťou Eset.Pripravte sa na budúcnosť s knihou od redaktorov Živé.sk „Umelá inteligencia: Pripravte sa na budúcnosť“. Teraz aj ako ebook! TIP: https://zive.aktuality.sk/clanok/0RfdZVW/nahliadnite-do-buducnosti-vydavame-knihu-o-umelej-inteligencii/V podcaste hovoríme aj o týchto témach:V čom sa slovenské firmy zlepšili (heslá, aktualizácie) a čo stále podceňujú.Prečo by IT oddelenie a bezpečnostné oddelenie mali byť striktne oddelené.Analýza rizík: Ako majú firmy identifikovať, čo je pre ich biznis kľúčové.Čo sú EDR a XDR systémy a prečo bežný antivírus už nestačí.Aké sú možnosti pre firmy, ktoré nemajú vlastných bezpečnostných expertov (MDR).Téme sa venujeme aj v článku: https://zive.aktuality.sk/clanok/nmdWnCW/firmy-maju-antivirusy-no-chyba-im-tato-klucova-vec-mnohe-na-to-doplatili/ Podcast SHARE pripravuje magazín Živé.sk.

Ransomware detection is more complex than most organizations realize. In this episode, cybersecurity expert Mike Saylor breaks down the real-world signs of ransomware attacks—from users complaining about slow computers to smart devices acting strangely. We explore polymorphic malware that changes based on its target, the risks posed by managed service providers using shared credentials, and why milliseconds matter in ransomware detection and response. Mike explains the difference between EDR, XDR, SIEM, and SOAR tools, helping you understand which security solutions you actually need. We also discuss why 24/7 monitoring is non-negotiable and how even small businesses can afford proper ransomware detection capabilities. If you're trying to protect your organization without breaking the bank, this episode offers practical guidance on building your security stack and knowing when to call in expert help.

Send us a textYou can harden your network and still miss the front door: aging edge devices with elevated access, thin logging, and long‑ignored firmware. We dig into the uncomfortable truth behind “set it and forget it” firewalls, VPNs, and gateways, then lay out a practical Domain 7 playbook that helps you detect faster, respond cleaner, and recover without chaos.We start with the incident management sequence that actually works under pressure—detection, response, mitigation, reporting, recovery, remediation, and lessons learned—showing how legal timelines, stakeholder updates, and RTO/RPO planning fit together. From there, we map the controls that pull their weight: next‑gen firewalls and WAFs, IDS/IPS, smart whitelisting and blacklisting, sandboxing that anticipates time‑bomb malware, and when to lean on EDR, MDR, and UEBA to cut through alert fatigue.Then we get hands‑on with vulnerability and patch management, focusing on asset inventory, critical‑first prioritization, scanning automation, and staged deployments with real rollback plans. We connect the dots to change management so fixes don't become outages. Resilience gets its due: backup integrity and rotation, hot/warm/cold recovery sites, multi‑region processing, HA pairs, QoS to preserve critical traffic, and fault‑tolerant design that keeps services running when parts fail.Finally, we round out security operations with disaster recovery drills—from tabletop to full cutover—plus business continuity planning that aligns cyber recovery with revenue‑critical processes. Physical security and personal safety close the loop: layered access, surveillance, environmental controls, and travel and duress protocols that protect your people as well as your data. If you're preparing for the CISSP or sharpening a real program, you'll leave with concrete steps to reduce risk now and a roadmap to mature over time.Enjoyed this deep dive? Subscribe, share with a teammate who owns Domain 7, and leave a quick review to help others find the show. Your feedback shapes future topics and tools we build for you.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode, Dr. Dave Chatterjee speaks with Anupam Upadhyay, Senior Vice President, Product Management, Palo Alto Networks, a seasoned product and cybersecurity leader, to unpack the “new browser wars” and why enterprise browsers are fast becoming a core battleground in the fight for digital trust. Drawing on over two decades of experience spanning Cisco, startups, and Palo Alto, Upadhyay traces the evolution of the humble browser from a passive content viewer into the primary interface for cloud applications, collaboration tools, and sensitive business data.The conversation examines the browser's expanding role as both a productivity hub and a primary attack vector—accounting for over 90 percent of initial intrusions via phishing, malicious extensions, or session hijacking. Through the lens of the Commitment-Preparedness-Discipline (CPD) Framework, Dr. Chatterjee and Anupam Upadhyay emphasize that securing the enterprise browser is not merely a technical exercise but a governance imperative: leadership commitment to zero-trust principles, preparedness through hardened configurations and employee training, and disciplined enforcement of consistent controls across devices and partners.Time Stamps• 00:49 — Dave's introduction and guest overview.• 03:00 — Anupam Upadhyay's career journey and reinvention at Palo Alto Networks.• 05:00 — Historical context: how browsers stayed outside the security spotlight.• 08:40 — Cloud and SaaS migration shifting business to the browser.• 11:20 — Emerging browser threats and data sanctity concerns.• 14:30 — Malicious extensions and the limits of traditional EDR.• 16:07 — Browser security as part of Zero Trust architecture.• 18:30 — Balancing security and user experience.• 22:10 — Operating in hostile environments and credential revocation.• 25:00 — Dr. Chatterjee introduces the CPD framework for governance.• 28:45 — Implementation and user adoption challenges.• 30:00 — Continuous testing and discipline in browser security.• 33:05 — Closing takeaways on Zero Trust mindset and defense-in-depth.Podcast summary with discussion highlights - https://www.dchatte.com/episode-93-the-new-browser-wars-why-the-enterprise-browser-has-become-cybersecuritys-next-battleground/Connect with Host Dr. Dave Chatterjee LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles PublishedRamasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A...

Three Buddy Problem (Episode 68): The buddies are trapped in timezone hell with cross-country travel this week. In this special episode, we present Juan Andres Guerrero-Saade's LABScon 2025 keynote-day presentation on the state of cybersecurity and why this phase of our collective project has failed, and how to build something smarter, more sustainable, and deeply interconnected in its place. Juanito traces the field's evolution from chaos to consolidation, weaving in cybernetics, standardization, and the dawning coexistence of human and artificial evaluative power. The result is part philosophical sermon, part rallying cry, an invitation to reject the industry's slave morality, rethink our tools, and steer the next era of defense with intention.

On this week's meeting agenda: • Aidan escaped the sub-basement and caught a showing of The Master Plan at the newly renovated Globe Theatre. • Admin has been talking for months about how they changed the city's Design Standards so that new residential roads will be wider. How did that happen? When did that happen? Why did that happen? We have the backstory on that. • Really good news from the Housing Accelerator front! Yay! • Economic Development Regina presented their 2026 budget to city council. It did not go well. • The Regina Public Library also presented their 2026 budget to city council. It didn't go great either but at least it went better than EDR's. • The Queen City Improvement Bureau's Halloween-adjacent 10th Anniversary LIVE Show is coming up October 29, 7pm at the Artesian on 13th! • The mayor made a big funding announcement for downtown. Note: Apologies for how Paul's voice sounds like a gravel quarry that's smoked a pack of cigarettes a day for 35 years. The doctors say there's nothing modern medicine can do to speed up his vocal recovery and the satanic rituals have not helped.

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-896

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Show Notes: https://securityweekly.com/psw-896

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-896

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A newly disclosed vulnerability in Redis, dubbed RediShell and tracked as CVE-2025-49844, affects all Redis versions and carries a maximum CVSS score of 10.0.Cisco has disclosed a critical zero-day vulnerability—CVE-2025-20352—affecting its widely deployed IOS and IOS XE software, confirming active exploitation in the wild.Researchers at NCC Group have found that voice cloning technology has reached a level where just five minutes of recorded audio is enough to generate convincing voice clones in real time.A China-linked cyber-espionage group, tracked as UNC5221, has been systematically targeting network infrastructure appliances that lack standard endpoint detection and response (EDR) support.Dutch authorities have arrested two 17-year-old boys suspected of being recruited by pro-Russian hackers to carry out surveillance activities.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things the compiler should catch Breaking out of the shell Hacking with sound, for real, not just another side channel attack Bring back 2G When the game engine gets hacked Oracle 0-days This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-895

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things the compiler should catch Breaking out of the shell Hacking with sound, for real, not just another side channel attack Bring back 2G When the game engine gets hacked Oracle 0-days This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/psw-895

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things the compiler should catch Breaking out of the shell Hacking with sound, for real, not just another side channel attack Bring back 2G When the game engine gets hacked Oracle 0-days This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-895

In the world of cybersecurity, there are big lies that have been perpetuated about compliance, fixability and communication--and it's time to burn it all down and start over.  Many experts see one main cybersecurity truth, especially about AI, SIEM, EDR and related business technology. By examining the intersection of AI, cybersecurity, and compliance, we can gain a deeper understanding of the lies that have been told about the state of cybersecurity and work towards a more secure future. Tune in to this thought-provoking Send us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Support the show

Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco's 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide. Plus, Cisco's controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China's long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Help Wanted: What are these odd requests about? An odd request is hitting a number of our honeypots with a somewhat unusual HTTP request header. Please let me know if you no what the request is about. https://isc.sans.edu/forums/diary/Help+Wanted+What+are+these+odd+reuqests+about/32302/ Forta GoAnywhere MFT Vulnerability Forta s GoAnywhere MFT product suffers from a critical deserialization vulnerability. Forta released an advisory disclosing the vulnerability on Thursday. https://www.fortra.com/security/advisories/product-security/fi-2025-012 EDR Freeze A new tool, EDR Freeze, allows regular users to suspend EDR processes. https://www.zerosalarium.com/2025/09/EDR-Freeze-Puts-EDRs-Antivirus-Into-Coma.html

Alright, it's time to catch up on the final round of the Enduro World Cup in Morillon and Enduro World Champs in Aletsch Arena with Morgane Charre and Greg Callaghan. Morillon was a brand new venue which the riders said featured some of the best trails they've ever raced. With the titles already decided, it was all in for those chasing the remaining overall podium places and those looking for their first taste of EDR success. Aletsch delivered a challenging sting in the season's tail to see who would take home those sought after World Champs stripes. So sit back, hit play, and enjoy this episode with Morgane Charre and Greg Callaghan. You can also watch this episode on YouTube here. Podcast Stuff Listener Offers Downtime listeners can now get 10% off of Stashed Space Rails. Stashed is the ultimate way to sort your bike storage. Their clever design means you can get way more bikes into the same space and easily access whichever one you want to ride that day. If you have 2 or more bikes in your garage, they are definitely worth checking out. Just head to stashedproducts.com/downtime and use the code DOWNTIME at the checkout for 10% off your entire order. And just so you know, we get 10% of the sale too, so it's a win win. Patreon I would love it if you were able to support the podcast via a regular Patreon donation. Donations start from as little as £3 per month. That's less than £1 per episode and less than the price of a take away coffee. Every little counts and these donations will really help me keep the podcast going and hopefully take it to the next level. To help out, head here. Merch If you want to support the podcast and represent, then my webstore is the place to head. All products are 100% organic, shipped without plastics, and made with a supply chain that's using renewable energy. We now also have local manufacture for most products in the US as well as the UK. So check it out now over at downtimepodcast.com/shop. Newsletter If you want a bit more Downtime in your life, then you can join my newsletter where I'll provide you with a bit of behind the scenes info on the podcast, interesting bits and pieces from around the mountain bike world, some mini-reviews of products that I've been using and like, partner offers and more. You can do that over at downtimepodcast.com/newsletter. Follow Us Give us a follow on Instagram @downtimepodcast or Facebook @downtimepodcast to keep up to date and chat in the comments. For everything video, including riding videos, bike checks and more, subscribe over at youtube.com/downtimemountainbikepodcast. Are you enjoying the podcast? If so, then don't forget to follow it. Episodes will get delivered to your device as soon as it's available and it's totally free. You'll find all the links you need at downtimepodcast.com/follow. You can find us on Apple Podcast, Spotify, Google and most of the podcast apps out there. Our back catalogue of amazing episodes is available at downtimepodcast.com/episodes Photo - Sven Martin

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero's major push into vulnerability management. With its new Nuclei integration, runZero is now able to get a very accurate picture of what's vulnerable in your environment, without spraying highly privileged credentials at attackers on your network. It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud. This episode is also available on Youtube. Show notes

HR software giant Workday discloses a data breach. Researchers uncover a zero-day in Elastic's EDR software. Ghost-tapping is an emerging fraud technique where cybercriminals use NFC relay attacks to exploit stolen payment card data. Germany may be on a path to ban ad blockers. A security researcher documents multiple serious flaws in McDonald's systems. There's a new open-source framework for testing 5G security flaws. New York's Attorney General sues the banks behind Zelle over fraud allegations. The DOJ charges the alleged Zeppelin ransomware operator and seizes over $2.8 million in cryptocurrency. Tim Starks from CyberScoop discusses the overlooked changes that two Trump executive orders could bring to cybersecurity. Bots build their own echo chambers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest Today we have Tim Starks from CyberScoop discussing the overlooked changes that two Trump executive orders could bring to cybersecurity. Selected Reading HR giant Workday discloses data breach after Salesforce attack (Bleeping Computer) Researchers report zero-day vulnerability in Elastic Endpoint Detection and Respons Driver that enables system compromise (Beyond Machines) Ghost-Tapping and the Chinese Cybercriminal Retail Fraud Ecosystem (Recorded Future) Is Germany on the Brink of Banning Ad Blockers? User Freedom, Privacy, and Security Is At Risk. (Open Policy & Advocacy) How I Hacked McDonald's (Their Security Contact Was Harder to Find Than Their Secret Sauce Recipe) (bobdahacker) Boffins say tool can sniff 5G traffic, launch 'attacks' without using rogue base stations (The Register) New York claims Zelle's shoddy security enabled a billion dollars in scams  (The Verge) US Seizes $2.8 Million From Zeppelin Ransomware Operator (SecurityWeek) Researchers Made a Social Media Platform Where Every User Was AI. The Bots Ended Up at War (Gizmodo) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices