Podcasts about EDR

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Sometimes, one plus one is three. Back in 2021, McAfee's Enterprise business merged with FireEye to form Trellix. Today, the net result is a company that generates $1.2 billion globally and $400 million in the public sector. In today's interview, Ken Karsten details how federal leaders can use Trellix to improve cybersecurity in a federal world with rapidly increasing end points. Setting the stage, Ken Karsten reviews an Executive Order 14028  from 2021 that encouraged federal agencies to aggressively protect endpoints, sometimes called Endpoint Detection and Response. In four short years, AI has transformed the way malicious actors attack end points and the defense had to be improved. Enter, Extended Detection and response. During the interview, Ken Karsten gives listeners an overview of XDR's continuous monitoring, advanced analytics, and rapid threat assessment and response capabilities. Advances in AI have allowed Trellix to deliver EDR and XDR capabilities at a drastically reduced cost. Topics in the discussion include Operational Technology, 5G, and Trellix's recent DoD IL5 authorization. Provide a link to download the Trellix Cyber Threat Report.

I used to think of my car as just a tool to get from point A to point B. But after this conversation, I can't help but see it as something else entirely, a powerful data collection device that knows far more about me than I realized. From where I go and who I text to how I drive and even what's on my phone, today's vehicles are gathering a staggering amount of personal information. In this episode, I talk with Andrea Amico, the founder of Privacy4Cars. Andrea is one of the leading voices in automotive data privacy and someone who's spent years uncovering the hidden ways cars collect, store, and share our information. He breaks down how connected cars work, what's actually being tracked, and why it matters not just for your privacy, but for your safety and finances too. We get into everything from rental car risks and data left behind when you sell a car, to how automakers and third parties might be profiting off your data without your knowledge. If you've ever paired your phone with a vehicle or assumed your texts disappear when you disconnect, this episode is going to change the way you think about driving and how to take back control. Show Notes: [01:28] Andrea started Privacy4Cars because cars collect a lot of data. There were zero protections for privacy and security. He's dedicated to turning your car into a more private space and giving you more choice, understanding, and control. [02:25] We talk about when cars started collecting data. OnStar started about 25 years ago. Things really began to evolve when Bluetooth and navigation became common. [03:12] Things really exploded with modern telematics which is like putting a cell phone inside your car that calls home all the time. The average car collects around 25 GB of data per day. [04:08] We talk about the type of data that is collected by cars from GPS to having your phone collected and the car even knowing your weight. [05:26] The sensors in your car know exactly how you drive. [06:46] Informed consumers are better off. These data collecting policies are usually hidden in the car manufacturers privacy policies. [08:46] You can find your car's privacy policy at Vehicle Privacy Report. [10:21] The goal is to make the car manufacturer's behavior visible to consumers, because that's the way to drive better company behavior. [11:26] When you rent a car and when you sell a car, your car is like a giant unencrypted hard drive that contains your data. [12:06] We should wipe the data in our cars the same way we wipe the data in our phones when we replace them. [13:05] You can find a tool to help remove data from your car at Privacy4Cars. [14:21] We talk about what rental cars get from your connected phone.  [17:24] Found data can be used in targeted spear phishing attacks. [19:18] Most cars since 2017 have a SIM card. If a prior owner consented to data collection, that data is still being collected when you take over the car. [22:15] Ford estimated that they would make $2,000 per car per year from data services. [24:17] It's common for cars to even have a camera that looks at you. In a few years it might be common for vehicles to monitor for things like intoxication. [26:56] Organizations creating standards like the Future of Privacy Forum. [29:09] Cars have an EDR electronic data recorder. It's like a black box for when an accident happens. [34:05] Delete data when you buy, rent, or sell a car. Opt out if you can. [36:33] Think about your car just like your computers and your phone. [37:15] Andrea shares a story about how an ex-spouse was able to duplicate her key. The dealer wanted $1,000 to reset her car. [40:23] Parting advice includes looking up your car's VIN at Vehicle Privacy Report. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Andrea Amico - Privacy4Cars Privacy4Cars Vehicle Privacy Report Andrea Amico - LinkedIn Future of Privacy Forum Endpoints-On-Wheels – Protecting Company And Employee Data In Cars. Ciso Mitigation Strategies For Fleets, Rentals, And Personnel-Owned Vehicles

OctoSQL & Vulnerability Data OctoSQL is a neat tool to query files in different formats using SQL. This can, for example, be used to query the JSON vulnerability files from CISA or NVD and create interesting joins between different files. https://isc.sans.edu/diary/OctoSQL+Vulnerability+Data/32026 Mirai vs. Wazuh The Mirai botnet has now been observed exploiting a vulnerability in the open-source EDR tool Wazuh. https://www.akamai.com/blog/security-research/botnets-flaw-mirai-spreads-through-wazuh-vulnerability DNS4EU The European Union created its own public recursive resolver to offer a public resolver compliant with European privacy laws. This resolver is currently operated by ENISA, but the intent is to have a commercial entity operate and support it by a commercial entity. https://www.joindns4.eu/ WordPress FAIR Package Manager Recent legal issues around different WordPress-related entities have made it more difficult to maintain diverse sources of WordPress plugins. With WordPress plugins usually being responsible for many of the security issues, the Linux Foundation has come forward to support the FAIR Package Manager, a tool intended to simplify the management of WordPress packages. https://github.com/fairpm

Entrevista con el experto en ciberseguridad Abraham Pasamar, CEO de Incide, tras una conferencia de ciberseguridad en Panamá. La discusión resalta la importancia de compartir información y cooperar entre países para abordar desafíos comunes de ciberseguridad. Pasamar detalla específicamente la amenaza prevalente del ransomware, explicando los métodos típicos de intrusión utilizados por los atacantes, las motivaciones financieras detrás de estos ataques (descrito como un negocio muy lucrativo y con carácter económico puramente), y el uso creciente de la doble extorsión por parte de los actores de amenazas que roban datos antes de cifrar los sistemas. La conversación también enfatiza el papel crucial de la preparación y los protocolos de crisis para que las empresas respondan eficazmente a los incidentes de ciberseguridad, ofreciendo consejos prácticos sobre cómo fortalecer las defensas contra vectores de ataque comunes, como el uso de segundos factores de autenticación, mantener el software actualizado y usar soluciones EDR con un servicio de respuesta temprana. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/

Two parts to this episode: Tech Segment: Updating Linux Systems - Beyond apt-get upgrade * Custom scripts for ensuring your Linux systems are up-to-date * topgrade - tutorial for using topgrade to update Linux systems on various Linux distributions Discussion Topic: Anti-Malware and/or EDR on Linux Platforms * PCI calls for scanning Linux systems * What tools exist for analyzing Linux systems? (AIDE, uac, chkrootkit) * Best Anti-Malware for Linux - Commercial tools, open-source, both, none? * ClamAV - fa-notify and the dangers Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-877

Two parts to this episode: Tech Segment: Updating Linux Systems - Beyond apt-get upgrade * Custom scripts for ensuring your Linux systems are up-to-date * topgrade - tutorial for using topgrade to update Linux systems on various Linux distributions Discussion Topic: Anti-Malware and/or EDR on Linux Platforms * PCI calls for scanning Linux systems * What tools exist for analyzing Linux systems? (AIDE, uac, chkrootkit) * Best Anti-Malware for Linux - Commercial tools, open-source, both, none? * ClamAV - fa-notify and the dangers Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-877

Two parts to this episode: Tech Segment: Updating Linux Systems - Beyond apt-get upgrade * Custom scripts for ensuring your Linux systems are up-to-date * topgrade - tutorial for using topgrade to update Linux systems on various Linux distributions Discussion Topic: Anti-Malware and/or EDR on Linux Platforms * PCI calls for scanning Linux systems * What tools exist for analyzing Linux systems? (AIDE, uac, chkrootkit) * Best Anti-Malware for Linux - Commercial tools, open-source, both, none? * ClamAV - fa-notify and the dangers Show Notes: https://securityweekly.com/psw-877

Round two of the World Cup Downhill series has delivered with plenty of drama! Join Kieran Bennett, Lester Perry and James Rennie to dive into the Loudenvielle World Cup and all of the drama that came with maybe the fastest track we have seen in quite some time. Some side tracks are taken into the Nove Mesto XC World Cup, Unbound gravel and EDR, along with some completely random tangents that we all know you love.Brought to you by:Maxxis Tyres - New Zealand's tyre of choice!To see the full line up from Maxxis, check out www.marleen.co.nz/brands/maxxis.htmlFox Suspensionhttps://ridefox.com/pages/bikeIf you enjoy the OTB Podcast and would like to support, please consider joining us on Patreon and help keep the podcast alive. This isn't even close to a job for us and is done for your enjoyment! https://www.patreon.com/TheOTBPodcast

Enduro is back and it feels like it might be turning a corner. After a couple of tough seasons, there's a real sense of momentum building in the sport, and we're here for it. In this episode, I'm joined by Greg Callaghan and Morgane Charre, two riders who've been at the sharp end of Enduro racing for years, to dig into the first two rounds of the 2025 EDR season. We're talking big changes: the return of two-day racing, a fresh energy in the pits, and a crop of new talent shaking things up. Greg and Morgane share their experiences from Pietra and Poland so we get the low down on what went on. We get into everything from course design and recovery strategies to weather chaos, injuries, and the impact of a brand new documentary series that's got people talking. There's still a way to go, but if the start of the season is anything to go by, Enduro's future is looking a whole lot brighter. So it's time to sit back, hit play and listen to this episode with Morgane Charre and Greg Callaghan. You can also watch this episode on YouTube here. You can follow Morgane on Instagram @morganecharre. Greg is @greg_callaghan on Instagram and you can find his YouTube channel here. To be in with the chance of winning a set of Magura Gustav Pros and a Wahoo ELEMNT BOLT bike computer, fill out our audience survey here before the end of June 2025. Podcast Stuff Supporting Partners Magura With the new Gustav Pro, Magura have produced the ultimate gravity and ebike brake. With all the power you could ever need, delivered with incredible modulation, you never need to question your brakes again. Head to magura.com and check them out. Wahoo Head to wahoofitness.com to check out Wahoo's brand new ELEMNT BOLT and ROAM bike computers. From tracking your rides, through navigation, to sharing the results, Wahoo have got you covered with easy to use, lightweight computers with incredible battery life. Listener Offers Downtime listeners can now get 10% off of Stashed Space Rails. Stashed is the ultimate way to sort your bike storage. Their clever design means you can get way more bikes into the same space and easily access whichever one you want to ride that day. If you have 2 or more bikes in your garage, they are definitely worth checking out. Just head to stashedproducts.com/downtime and use the code DOWNTIME at the checkout for 10% off your entire order. And just so you know, we get 10% of the sale too, so it's a win win. Patreon I would love it if you were able to support the podcast via a regular Patreon donation. Donations start from as little as £3 per month. That's less than £1 per episode and less than the price of a take away coffee. Every little counts and these donations will really help me keep the podcast going and hopefully take it to the next level. To help out, head here. Merch If you want to support the podcast and represent, then my webstore is the place to head. All products are 100% organic, shipped without plastics, and made with a supply chain that's using renewable energy. We now also have local manufacture for most products in the US as well as the UK. So check it out now over at downtimepodcast.com/shop. Newsletter If you want a bit more Downtime in your life, then you can join my newsletter where I'll provide you with a bit of behind the scenes info on the podcast, interesting bits and pieces from around the mountain bike world, some mini-reviews of products that I've been using and like, partner offers and more. You can do that over at downtimepodcast.com/newsletter. Follow Us Give us a follow on Instagram @downtimepodcast or Facebook @downtimepodcast to keep up to date and chat in the comments. For everything video, including riding videos, bike checks and more, subscribe over at youtube.com/downtimemountainbikepodcast. Are you enjoying the podcast? If so, then don't forget to follow it. Episodes will get delivered to your device as soon as it's available an...

This week, we are joined by Deepen Desai, Zscaler's Chief Security Officer and EVP of Cyber and AI Engineering, taking a dive deep into Mustang Panda's latest campaign. Zscaler ThreatLabz uncovered new tools used by Mustang Panda, including the backdoors TONEINS, TONESHELL, PUBLOAD, and the proxy tool StarLoader, all delivered via phishing. They also discovered two custom keyloggers, PAKLOG and CorKLOG, and an EDR evasion tool, SplatCloak, highlighting the group's focus on surveillance, persistence, and stealth in cyberespionage operations.4o. The research can be found here: Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Deepen Desai, Zscaler's Chief Security Officer and EVP of Cyber and AI Engineering, taking a dive deep into Mustang Panda's latest campaign. Zscaler ThreatLabz uncovered new tools used by Mustang Panda, including the backdoors TONEINS, TONESHELL, PUBLOAD, and the proxy tool StarLoader, all delivered via phishing. They also discovered two custom keyloggers, PAKLOG and CorKLOG, and an EDR evasion tool, SplatCloak, highlighting the group's focus on surveillance, persistence, and stealth in cyberespionage operations.4o. The research can be found here: Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 Learn more about your ad choices. Visit megaphone.fm/adchoices

This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-875

This episode is sponsored by Edmond de Rothschild and Palistar Capital and first appeared on The Infrastructure Investor Podcast  Digital infrastructure is developing rapidly, turbocharged first by the coronavirus pandemic and now by advances in artificial intelligence, which have turned data centres into arguably the hottest investment in infrastructure at the moment. The sector also includes fibre and towers, both of which are also attracting strong investor interest. This episode focuses on the growth of – and opportunities within – digital infrastructure's three key subsectors. Jean-Francis Dusch, global head of infrastructure and structured finance at EdR, and Josh Oboler, investment partner at Palistar Capital, explore how AI is transforming the data centre landscape, where to find the best opportunities in fibre, and why towers continue to make such a good investment.

This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-875

This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Show Notes: https://securityweekly.com/psw-875

The LockBit ransomware gang has been hacked. Google researchers identify a new infostealer called Lostkeys. SonicWall is urging customers to patch three critical device vulnerabilities. Apple patches a critical remote code execution flaw. Cisco patches 35 vulnerabilities across multiple products. Iranian hackers cloned a German modeling agency's website to spy on Iranian dissidents. Researchers bypass SentinelOne's EDR protection. Education tech firm PowerSchool faces renewed extortion. CrowdStrike leans into AI amidst layoffs. Our guest is Caleb Barlow, CEO of Cyberbit, discussing the mixed messages of the cyber skills gaps. Honoring the legacy of Joseph Nye. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Caleb Barlow, CEO of Cyberbit, who is discussing the mixed messages of the cyber skills gaps. Selected Reading LockBit ransomware gang hacked, victim negotiations exposed (Bleeping Computer) Russian state-linked Coldriver spies add new malware to operation (The Record) Fake AI Tools Push New Noodlophile Stealer Through Facebook Ads (Hackread) SonicWall urges admins to patch VPN flaw exploited in attacks (Bleeping Computer) Researchers Details macOS Remote Code Execution Vulnerability - CVE-2024-44236 (Cyber Security News) Cisco IOS XE Wireless Controllers Vulnerability Enables Full Device Control for Attackers (Cyber Security News) Cisco Patches 35 Vulnerabilities Across Several Products (SecurityWeek) Iranian Hackers Impersonate as Model Agency to Attack Victims (Cyber Security News) Hacker Finds New Technique to Bypass SentinelOne EDR Solution (Infosecurity Magazine) CrowdStrike trims workforce by 5 percent, aims to rely on AI (The Register) Despite ransom payment, PowerSchool hacker now extorting individual school districts (The Record)  Joseph Nye, Harvard professor, developer of “soft power” theory, and an architect of modern international relations, dies at 88 (Harvard University)  Nye Lauded for Cybersecurity Leadership (The Belfer Center for Science and International Affairs at Harvard University) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Security news for this week: RDP and credentials that are not really revoked, and some RDP bitmap caching fun Some magic info on MagicINFO Vulnerability Management Zombies There is a backdoor in your e-commerce Airborne: vulnerabilities in AirPlay Bring your own installer - crafty EDR bypass The Signal clone used by US government officials: shocker: has been hacked AI slop vulnerability reporting Bricking iPhones with a single line of code Hacking planet technology Vibe hacking for the win? Cybersecurity CEO arrested for deploying malware Hello my perverted friend FastCGI - fast, but vulnerable Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-873

Security news for this week: RDP and credentials that are not really revoked, and some RDP bitmap caching fun Some magic info on MagicINFO Vulnerability Management Zombies There is a backdoor in your e-commerce Airborne: vulnerabilities in AirPlay Bring your own installer - crafty EDR bypass The Signal clone used by US government officials: shocker: has been hacked AI slop vulnerability reporting Bricking iPhones with a single line of code Hacking planet technology Vibe hacking for the win? Cybersecurity CEO arrested for deploying malware Hello my perverted friend FastCGI - fast, but vulnerable Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-873

Security news for this week: RDP and credentials that are not really revoked, and some RDP bitmap caching fun Some magic info on MagicINFO Vulnerability Management Zombies There is a backdoor in your e-commerce Airborne: vulnerabilities in AirPlay Bring your own installer - crafty EDR bypass The Signal clone used by US government officials: shocker: has been hacked AI slop vulnerability reporting Bricking iPhones with a single line of code Hacking planet technology Vibe hacking for the win? Cybersecurity CEO arrested for deploying malware Hello my perverted friend FastCGI - fast, but vulnerable Chapters: 0:00 Opening and introductions 2:43 Panel introductions and conference recaps 4:46 Conference announcements and Corncon discussion 8:05 RSAC 2025 recap and vulnerability management trends 15:44 RDP credential revocation flaw in Windows 11 34:57 Apple AirPlay "wormable" vulnerabilities and third-party device risks 44:10 Signal clone breach used by US officials (TeleMessage incident) 55:38 Supply chain attack: Magento extensions backdoor 66:12 "Hello my perverted friend": Sextortion scam analysis 72:10 Security culture and phishing awareness at home 75:25 Digital signage vulnerabilities: Samsung MagicInfo 81:41 Threat hunting tradecraft and blue team operations 88:38 AI slop in vulnerability reporting and vibe hacking 98:59 Apple notification DoS and sandbox bypass 101:24 VMware licensing controversy and alternatives 107:14 CEO arrested for planting malware in hospital systems 116:06 FastCGI vulnerabilities in embedded/IoT systems 122:12 Rooting Android phones and device locking 124:08 Closing and outro Show Notes: https://securityweekly.com/psw-873

In the leadership and communications section, The C-suite gap that's putting your company at risk, CISOs band together to urge world governments to harmonize cyber rules, Cybersecurity is Not Working: Time to Try Something Else, and more! Organizations are increasingly threatened by cyberattacks originating from their suppliers. Existing tools (like EDR, MDR, and XDR) effectively handle threats within an organization, but leave a gap regarding third-party risk. SecurityScorecard created the Supply Chain Detection and Response category to empower organizations to shift from being reactive and uncertain to confidently and proactively protecting their entire supply chain. What is Supply Chain Detection and Response (SCDR)?: https://securityscorecard.com/blog/what-is-supply-chain-detection-and-response/ Learn more about continuous supply chain cyber risk detection and response: https://securityscorecard.com/why-securityscorecard/supply-chain-detection-response/ Claim Your Free SCDR Assessment: https://securityscorecard.com/get-started-scdr/#form This segment is sponsored by Security Scorecard. Visit https://securityweekly.com/securityscorecardrsac for more information on how SecurityScorecard MAX and Supply Chain Detection and Response can help your organization identify and resolve supply chain risks. In this interview, Axonius CISO Lenny Zeltser shares the vision behind Axonius Exposures, the company's latest innovation in unified risk management. Launched ahead of RSA Conference 2025, Exposures tackles one of the most persistent challenges in cybersecurity today: making sense of fragmented risk signals to drive confident, actionable decision-making. Lenny will discuss how Exposures unifies security findings, asset intelligence, and business context in a single platform — giving security teams the clarity and automation they need to prioritize what truly matters. He'll also explore what this launch means for Axonius' mission, the evolution of cyber asset management, and how organizations can move from reactive security postures to proactive, risk-based strategies. Want to see how Axonius Exposures gives you the clarity to take action on your most critical risks? Visit https://securityweekly.com/axoniusrsac to learn more and schedule a personalized demo. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-394

In the leadership and communications section, The C-suite gap that's putting your company at risk, CISOs band together to urge world governments to harmonize cyber rules, Cybersecurity is Not Working: Time to Try Something Else, and more! Organizations are increasingly threatened by cyberattacks originating from their suppliers. Existing tools (like EDR, MDR, and XDR) effectively handle threats within an organization, but leave a gap regarding third-party risk. SecurityScorecard created the Supply Chain Detection and Response category to empower organizations to shift from being reactive and uncertain to confidently and proactively protecting their entire supply chain. What is Supply Chain Detection and Response (SCDR)?: https://securityscorecard.com/blog/what-is-supply-chain-detection-and-response/ Learn more about continuous supply chain cyber risk detection and response: https://securityscorecard.com/why-securityscorecard/supply-chain-detection-response/ Claim Your Free SCDR Assessment: https://securityscorecard.com/get-started-scdr/#form This segment is sponsored by Security Scorecard. Visit https://securityweekly.com/securityscorecardrsac for more information on how SecurityScorecard MAX and Supply Chain Detection and Response can help your organization identify and resolve supply chain risks. In this interview, Axonius CISO Lenny Zeltser shares the vision behind Axonius Exposures, the company's latest innovation in unified risk management. Launched ahead of RSA Conference 2025, Exposures tackles one of the most persistent challenges in cybersecurity today: making sense of fragmented risk signals to drive confident, actionable decision-making. Lenny will discuss how Exposures unifies security findings, asset intelligence, and business context in a single platform — giving security teams the clarity and automation they need to prioritize what truly matters. He'll also explore what this launch means for Axonius' mission, the evolution of cyber asset management, and how organizations can move from reactive security postures to proactive, risk-based strategies. Want to see how Axonius Exposures gives you the clarity to take action on your most critical risks? Visit https://securityweekly.com/axoniusrsac to learn more and schedule a personalized demo. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-394

In the leadership and communications section, The C-suite gap that's putting your company at risk, CISOs band together to urge world governments to harmonize cyber rules, Cybersecurity is Not Working: Time to Try Something Else, and more! Organizations are increasingly threatened by cyberattacks originating from their suppliers. Existing tools (like EDR, MDR, and XDR) effectively handle threats within an organization, but leave a gap regarding third-party risk. SecurityScorecard created the Supply Chain Detection and Response category to empower organizations to shift from being reactive and uncertain to confidently and proactively protecting their entire supply chain. What is Supply Chain Detection and Response (SCDR)?: https://securityscorecard.com/blog/what-is-supply-chain-detection-and-response/ Learn more about continuous supply chain cyber risk detection and response: https://securityscorecard.com/why-securityscorecard/supply-chain-detection-response/ Claim Your Free SCDR Assessment: https://securityscorecard.com/get-started-scdr/#form This segment is sponsored by Security Scorecard. Visit https://securityweekly.com/securityscorecardrsac for more information on how SecurityScorecard MAX and Supply Chain Detection and Response can help your organization identify and resolve supply chain risks. In this interview, Axonius CISO Lenny Zeltser shares the vision behind Axonius Exposures, the company's latest innovation in unified risk management. Launched ahead of RSA Conference 2025, Exposures tackles one of the most persistent challenges in cybersecurity today: making sense of fragmented risk signals to drive confident, actionable decision-making. Lenny will discuss how Exposures unifies security findings, asset intelligence, and business context in a single platform — giving security teams the clarity and automation they need to prioritize what truly matters. He'll also explore what this launch means for Axonius' mission, the evolution of cyber asset management, and how organizations can move from reactive security postures to proactive, risk-based strategies. Want to see how Axonius Exposures gives you the clarity to take action on your most critical risks? Visit https://securityweekly.com/axoniusrsac to learn more and schedule a personalized demo. Show Notes: https://securityweekly.com/bsw-394

At RSAC Conference 2025, Sean Martin catches up with Brian Dye, CEO of Corelight, to explore a recurring truth in cybersecurity: attackers adapt, and defenders must follow suit. In this episode, Dye lays out why traditional perimeter defenses and endpoint controls alone are no longer sufficient—and why it's time for security teams to look back toward the network for answers.Beyond the Perimeter: Visibility as a Force MultiplierAccording to Dye, many organizations are still relying on security architectures that were top-of-the-line a decade ago. But attackers have already moved on. They're bypassing endpoint detection and response (EDR) tools, exploiting unmanaged devices, IoT, and edge vulnerabilities. What's left exposed is the network itself—and that's where Corelight positions itself: providing what Dye calls “ground truth” through network-based visibility.Rather than rearchitecting environments or pushing intrusive solutions, Corelight integrates passively through out-of-line methods like packet brokers or traffic mirroring. The goal? Rich, contextual, retrospective visibility—without disrupting the network. This capability has proven essential for responding to advanced threats, including lateral movement and ransomware campaigns where knowing exactly what happened and when can mean the difference between paying a ransom or proving there's no real damage.Three Layers of Network InsightDye outlines a layered approach to detection:1. Baseline Network Activity – High-fidelity summaries of what's happening.2. Raw Detections – Behavioral rules, signatures, and machine learning.3. Anomaly Detection – Identifying “new and unusual” activity with clustering math that filters out noise and highlights what truly matters.This model supports teams who need to correlate signals across endpoints, identities, and cloud environments—especially as AI-driven operations expand the attack surface with non-human behavior patterns.The Metrics That MatterDye points to three critical success metrics for teams:• Visibility coverage over time.• MITRE ATT&CK coverage, especially around lateral movement.• The percentage of unresolved cases—those embarrassing unknowns that drain time and confidence.As Dye shares, organizations that prioritize network-level visibility not only reduce uncertainty, but also strengthen every other layer of their detection and response strategy.Learn more about Corelight: https://itspm.ag/coreligh-954270Note: This story contains promotional content. Learn more.Guest: Brian Dye, Chief Executive Officer, Corelight | https://www.linkedin.com/in/brdye/ResourcesLearn more and catch more stories from Corelight: https://www.itspmagazine.com/directory/corelightLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, brian dye, network, visibility, ransomware, detection, cybersecurity, soc, anomalies, baselining, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Send us a text In this episode, Joe sits down with John Carse, Field CISO at SquareX, to dive into the often-overlooked world of browser security and the evolving landscape of cybersecurity. Recorded despite a 12-hour time difference (Singapore to the US!), John shares:The Browser Security Gap: Why 85% of user time in browsers is a growing risk for SaaS and cloud environments .SquareX's Solution: How SquareX acts as an EDR for browsers, detecting and responding to threats like polymorphic extensions .Career Journey: From early IT days to field CISO, John reveals how foundational IT skills (help desk, field services) make better cyber professionals .Real-World Insights: Lessons from working with the US Navy and the importance of understanding IT systems for effective cybersecurity . Check Your Browser Security: Visit SquareX Browser Security to assess your controls. Learn More About SquareX: Explore their solution at sqrx.com. Connect with John: Find him on X @JohnCarseChapters00:00 Introduction and Time Zone Challenges02:54 John Carse's Journey into IT06:05 Transitioning to Cybersecurity08:46 The Importance of Customer Service in IT11:36 Formative Experiences in Help Desk and Field Services14:35 Understanding IT Systems for Cybersecurity23:51 The Interplay Between IT Skills and Cybersecurity24:41 The Role of Security Engineers in IT28:43 Understanding the Complexity of Cybersecurity29:33 Exploring the Field CISO Role32:55 The Browser as a Security Frontier42:07 Challenges in SaaS Security46:20 The Importance of Browser Security AwarenessSubscribe for more cybersecurity insights and career tips! Share your thoughts in the comments—how are you securing your browser? Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast

We've been in enough conversations to know when something clicks. This one did — and it did from the very first moment.In our debut Brand Story with White Knight Labs, we sat down with co-founders John Stigerwalt and Greg Hatcher, and what unfolded was more than a company intro — it was a behind-the-scenes look at what offensive security should be.John's journey is the kind that earns your respect quickly: he started at the help desk and worked his way to CISO, before pivoting into red teaming and co-founding WKL. Greg's path was more unconventional — from orchestral musician to Green Beret to cybersecurity leader. Two very different stories, but a shared philosophy: learn by doing, adapt without a manual, and never take the easy route when something meaningful is on the table.That mindset now defines how White Knight Labs works with clients. They don't sell cookie-cutter pen tests. Instead, they ask the right question up front: How does your business make money? Because if you can answer that, you can identify what a real-world attacker would go after. Then they simulate it — not in theory, but in practice.Their ransomware simulation service is a perfect example. They don't just show up with a scanner. They emulate modern adversaries using Cobalt Strike, bypassing endpoint defenses with in-house payloads, encrypting and exfiltrating data like it's just another Tuesday. Most clients fail the test — not because they're careless, but because most simulations aren't this real.And that's the point.White Knight Labs isn't here to help companies check a box. They're here to expose the gaps and raise the bar — because real threats don't play fair, and security shouldn't pretend they do.What makes them different is what they don't do. They're not an all-in-one shop, and they're proud of that. They won't touch IR for major breaches — they've got partners for that. They only resell hardware and software they've personally vetted. That honesty builds credibility. That kind of focus builds trust.Their training programs are just as intense. Between live DEF CON courses and their online platform, they're giving both new and experienced professionals a chance to train the way they operate: no shortcuts, no watered-down certs, just hard-earned skills that translate into real-world readiness.Pass their ODPC certification, and you'll probably get a call — not because they need to check a hiring box, but because it proves you're serious. And if you can write loaders that bypass real defenses? You're speaking their language.This first conversation with John and Greg reminded us why we started this series in the first place. It's not just about product features or service offerings — it's about people who live and breathe what they do, and who bring that passion into every test, every client call, and every training they offer.We've got more stories with them on the way. But if this first one is any sign of what's to come, we're in for something special.⸻Learn more about White Knight Labs: Guests:John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/White Knight Labs Website | https://itspm.ag/white-knight-labs-vukr______________________Keywords: penetration testing, red team, ransomware simulation, offensive security, EDR bypass, cybersecurity training, White Knight Labs, advanced persistent threat, cybersecurity startup, DEF CON training, security partnerships, cybersecurity services______________________ResourcesVisit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukrLearn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

LevelBlue's latest Threat Trends Report pulls no punches: phishing, malware, and ransomware attacks are not just continuing—they're accelerating. In this episode of ITSPmagazine's Brand Story podcast, hosts Sean Martin and Marco Ciappelli are joined by Kenneth Ng, a threat hunter and lead incident responder on LevelBlue's Managed Detection and Response (MDR) team, to unpack the findings and recommendations from the report.Phishing as a Service and the Surge in Email CompromisesOne of the most alarming trends highlighted by Kenneth is the widespread availability of Phishing-as-a-Service (PhaaS) kits, including names like RaccoonO365, Mamba 2FA, and Greatness. These kits allow attackers with little to no technical skill to launch sophisticated campaigns that bypass multi-factor authentication (MFA) by hijacking session tokens. With phishing attacks now leading to full enterprise compromises, often through seemingly innocuous Microsoft 365 access, the threat is more serious than ever.Malware Is Smarter, Simpler—and It's Spreading FastMalware, particularly fake browser updates and credential stealers like Lumma Stealer, is also seeing a rise in usage. Kenneth points out the troubling trend of malware campaigns that rely on basic user interactions—like copying and pasting text—leading to full compromise through PowerShell or command prompt access. Basic group policy configurations (like blocking script execution for non-admin users) are still underutilized defenses.Ransomware: Faster and More Automated Than EverThe speed of ransomware attacks has increased dramatically. Kenneth shares real-world examples where attackers go from initial access to full domain control in under an hour—sometimes in as little as ten minutes—thanks to automation, remote access tools, and credential harvesting. This rapid escalation leaves defenders with very little room to respond unless robust detection and prevention measures are in place ahead of time.Why This Report MattersRather than presenting raw data, LevelBlue focuses on actionable insights. Each major finding comes with recommendations that can be implemented regardless of company size or maturity level. The report is a resource not just for LevelBlue customers, but for any organization looking to strengthen its defenses.Be sure to check out the full conversation and grab the first edition of the Threat Trends Report ahead of LevelBlue's next release this August—and stay tuned for their updated Futures Report launching at RSA Conference on April 28.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Kenneth Ng, threat hunter and lead incident responder on LevelBlue's Managed Detection and Response (MDR) team | On LinkedIn: https://www.linkedin.com/in/ngkencyber/ResourcesDownload the LevelBlue Threat Trends Report | Edition One: https://itspm.ag/levelbyqdpLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this edition of Snake Oilers three vendors pitch host Patrick Gray on their tech: Pangea: Guardrails and security for AI agents and applications (https://pangea.cloud) Worried about your AI apps going rogue, being mean to your customers or even disclosing sensitive information? Pangea exists to address these risks. Fascinating stuff. Cosive: A threat intelligence company that can host your MISP server in AWS. CloudMISP! (https://www.cosive.com/snakeoilers) Are you running a MISP server on some old hardware under a desk in your SOC? There's a better way! Cosive can run it for you on AWS so you can just use it instead of wrestling with maintaining it. They also do some CTI consulting to help you get better use out of MISP. Sysdig: A Linux runtime security platform (https://sysdig.com/) The modern Windows network is an all-singing, all-dancing, perfectly orchestrated, EDR-protected ballet. The modern Linux production environment… isn't. Find out how Sysdig can help you get some visibility and control over your Linux fleet. This episode is also available on Youtube. Show notes

In the security news this week: You should really just patch things, the NVD backlog, Android phones with malware pre-installed, so convenient, keyloggers and a creepy pharmacist, snooping on federal workers, someone stole your browser history, NSA director fired, deputy director of NSA also fired, CrushFTP the saga continues, only steal the valid credit cards, another post that vanished from the Internet, hiding in NVRAM, protecting the Linux kernel, you down with MCP?, more EOL IoT, bypassing kernel protections, when are you ready for a pen test, red team and bug bounty, what EDR is really missing, and based on this story you should just patch everything all the time! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-869

In the security news this week: You should really just patch things, the NVD backlog, Android phones with malware pre-installed, so convenient, keyloggers and a creepy pharmacist, snooping on federal workers, someone stole your browser history, NSA director fired, deputy director of NSA also fired, CrushFTP the saga continues, only steal the valid credit cards, another post that vanished from the Internet, hiding in NVRAM, protecting the Linux kernel, you down with MCP?, more EOL IoT, bypassing kernel protections, when are you ready for a pen test, red team and bug bounty, what EDR is really missing, and based on this story you should just patch everything all the time! Show Notes: https://securityweekly.com/psw-869

In the security news this week: You should really just patch things, the NVD backlog, Android phones with malware pre-installed, so convenient, keyloggers and a creepy pharmacist, snooping on federal workers, someone stole your browser history, NSA director fired, deputy director of NSA also fired, CrushFTP the saga continues, only steal the valid credit cards, another post that vanished from the Internet, hiding in NVRAM, protecting the Linux kernel, you down with MCP?, more EOL IoT, bypassing kernel protections, when are you ready for a pen test, red team and bug bounty, what EDR is really missing, and based on this story you should just patch everything all the time! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-869

In the security news this week: You should really just patch things, the NVD backlog, Android phones with malware pre-installed, so convenient, keyloggers and a creepy pharmacist, snooping on federal workers, someone stole your browser history, NSA director fired, deputy director of NSA also fired, CrushFTP the saga continues, only steal the valid credit cards, another post that vanished from the Internet, hiding in NVRAM, protecting the Linux kernel, you down with MCP?, more EOL IoT, bypassing kernel protections, when are you ready for a pen test, red team and bug bounty, what EDR is really missing, and based on this story you should just patch everything all the time! Show Notes: https://securityweekly.com/psw-869

In this episode of the cybersecurity month-end review, host Jim Love is joined by Daina Proctor from IBM in Ottawa, Randy Rose from The Center for Internet Security from Saratoga Springs, and David Shipley, CEO of Beauceron Security from Fredericton. The panel discusses major cybersecurity stories from the past month, including the Oracle Cloud breach and its communication failures, the misuse of Signal by U.S. government officials, and global cybersecurity regulation efforts such as the UK's new critical infrastructure laws. They also cover notable incidents like the Kuala Lumpur International Airport ransomware attack and the NHS Scotland cyberattack, the continuous challenges of EDR bypasses, and the importance of fusing anti-fraud and cybersecurity efforts. The discussion emphasizes the need for effective communication and stringent security protocols amidst increasing cyber threats. 00:00 Introduction and Panelist Introductions 01:25 Oracle Cloud Breach: A Case Study in Incident Communication 10:13 Signal Group Chat Controversy 20:16 Leadership and Cybersecurity Legislation 23:30 Cybersecurity Certification Program Overview 24:27 Challenges in Cybersecurity Leadership 24:59 Importance of Data Centers and MSPs 26:53 UK Cybersecurity Bill and MSP Standards 28:09 Cyber Essentials and CMMC Standards 32:47 EDR Bypasses and Small Business Security 39:32 Ransomware Attacks on Critical Infrastructure 43:34 Law Enforcement and Cybercrime 47:24 Conclusion and Final Thoughts

# Title * HN59 - Microsoft AI Discovers 20 Zero-Day Vulnerabilities in Bootloaders! ## Description

Podcast: Industrial Cybersecurity InsiderEpisode: The CISO & Talent Crisis: Turnover Meets OT Cybersecurity GapsPub date: 2025-04-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino and Craig dive deep into the disturbing talent exodus in cybersecurity. The discussion is sparked by Gartner's prediction that 25% of cybersecurity professionals will leave the field in the next year. They explore the growing gap between IT and OT teams, the lack of CISO influence in executive leadership, and the friction between cybersecurity goals and operational uptime. With real-world anecdotes and hard-hitting insights, they unpack everything from rogue assets and malware in OT environments to the challenges of implementing EDR tools in live production lines. Whether you're a CISO, CIO, or plant manager, this episode offers a candid look at the complex dynamics of securing industrial environments — and how collaboration is the only path forward.Chapters:00:00:00 – Kicking Off with a Brutal Reality Check on Cybersecurity00:01:06 – Gartner Says 25% of Cyber Pros Are Leaving — Here's Why That Matters00:03:15 – IT vs OT: The Culture Clash Still Killing Cyber Progress00:09:35 – Why the Wrong Service Partner Could Be Your Biggest Risk00:14:05 – Malware, Rogue Assets, and the Ugly Truth About Your Plant Floor00:18:22 – Real Strategies for Fixing the IT/OT Disconnect (Without Killing Uptime)00:24:06 – Stop Talking. Start Acting. What Cyber Leaders Need to Do TodayLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity Insider NewsletterDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Velta Technology, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

A successful SIEM deployment depends on a lot more than implementing the SIEM correctly. So many other things in your environment have an impact on your chances of a successful SIEM. Are the right logs enabled? Is your EDR working correctly? Would you notice a sudden increase or decrease in events from critical sources? What can practitioners do to ensure the success of their SIEM deployment? This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! In this interview, we feature some research from Geoff Cairns, an analyst at Forrester Research. This is a preview to the talk he'll be giving at Identiverse 2025 in a few months. We won't have time to cover all the trends, but there are several here that I'm excited to discuss! Deepfake Detection Difficult Zero Trust Agentic AI Phishing resistant MFA adoption Identity Verification Machine Identity Decentralized Identity Post Quantum Shared Signals Segment Resources: The Top Trends Shaping Identity And Access Management In 2025 - (Forrester subscription required) In this week's enterprise security news, Big funding for Island Is DLP finally getting disrupted? By something that works? We learn all about Model Context Protocol servers Integrating SSO and SSH! Do we have too many cybersecurity regulations? Toxic cybersecurity workplaces Napster makes a comeback this week, we've got 50% less AI and 50% more co-hosts All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-400

A successful SIEM deployment depends on a lot more than implementing the SIEM correctly. So many other things in your environment have an impact on your chances of a successful SIEM. Are the right logs enabled? Is your EDR working correctly? Would you notice a sudden increase or decrease in events from critical sources? What can practitioners do to ensure the success of their SIEM deployment? This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! In this interview, we feature some research from Geoff Cairns, an analyst at Forrester Research. This is a preview to the talk he'll be giving at Identiverse 2025 in a few months. We won't have time to cover all the trends, but there are several here that I'm excited to discuss! Deepfake Detection Difficult Zero Trust Agentic AI Phishing resistant MFA adoption Identity Verification Machine Identity Decentralized Identity Post Quantum Shared Signals Segment Resources: The Top Trends Shaping Identity And Access Management In 2025 - (Forrester subscription required) In this week's enterprise security news, Big funding for Island Is DLP finally getting disrupted? By something that works? We learn all about Model Context Protocol servers Integrating SSO and SSH! Do we have too many cybersecurity regulations? Toxic cybersecurity workplaces Napster makes a comeback this week, we've got 50% less AI and 50% more co-hosts All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-400

Podcast with Chandra Pandey, Founder & CEO, Seceon – recorded at MSP Summit, Channel Partners 2025 At the 2025 MSP Summit in Las Vegas, Seceon founder and CEO Chandra Pandey shared how his company is reshaping cybersecurity delivery for MSPs and MSSPs. Speaking with Doug Green, publisher of Technology Reseller News, Pandey outlined a powerful vision: giving MSPs the tools to provide better-than-enterprise-grade security at a price point even the smallest customers can afford. “Threat actors don't care which vendor you use—they know how to get around siloed tools. You need a platform that works in real time, across all telemetry, with built-in remediation.” Founded over a decade ago, Seceon was built from the ground up as a cybersecurity platform, not a patchwork of point solutions. The result is a fully integrated stack that ingests application, network, and endpoint telemetry in real time, correlates context with global threat intelligence, and automatically neutralizes threats—through auto-remediation or actionable, guided response. Pandey emphasized Seceon's multi-tenant, multi-tiered architecture, designed specifically to empower MSPs to deliver advanced protection with minimal overhead. For MSPs, that means onboarding hundreds of customers quickly and cost-effectively, while building long-term stickiness and recurring revenue. A featured case study discussed during the podcast tells the story of a mid-sized MSP that suffered a significant breach while using conventional SIEM and EDR tools. After transitioning to Seceon, the company not only secured its infrastructure, but transformed its business—growing revenue by triple digits and achieving 60%+ margins by reselling advanced cyber services through Seceon's platform. “It's not just margin for profit—it's margin to invest in people, deliver better service, and grow. That's the power of platform-based cybersecurity.” Pandey's message to the channel at MSP Summit was clear: cybersecurity is no longer a luxury reserved for the enterprise. With Seceon, MSPs can deliver superior protection to SMBs and SMEs—and thrive doing it. Learn more: www.seceon.com

A successful SIEM deployment depends on a lot more than implementing the SIEM correctly. So many other things in your environment have an impact on your chances of a successful SIEM. Are the right logs enabled? Is your EDR working correctly? Would you notice a sudden increase or decrease in events from critical sources? What can practitioners do to ensure the success of their SIEM deployment? This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! Show Notes: https://securityweekly.com/esw-400

In this episode of Global Risk Community Chat, we discussed revolutionizing vulnerability management with Joe Silva, the co-founder and CEO of Spektion. Joe shares his expertise in cybersecurity, drawing from his extensive experience as the former global CISO at JLL and cybersecurity leader at TransUnion.  Spektion is transforming the way organizations manage vulnerabilities by leveraging runtime behavior analysis to address risks beyond traditional CVE-based systems. Joe explains how their innovative approach helps enterprises understand software exploitability, prioritize risks, and integrate with existing tools like EDR, XDR, and SIEM. He also shares actionable insights for CISOs, risk managers, and security executives to enhance their vulnerability management strategies while reducing manual efforts and resource strain. If you want to be our guest or suggest someone for an upcoming episode, send your email to info@globalriskconsult.com with the subject line “Guest Proposal.”  Don't miss this insightful conversation on risk management, cybersecurity, and the future of vulnerability solutions.

Detection rules aren't just for fun—they're critical for securing cloud environments. But are you using them the right way? In this episode, Ashish Rajan sits down with David French, Staff Adoption Engineer for Security at Google Cloud, to break down how organizations can scale Detection as Code across AWS, Azure, and Google Cloud.Why prevention isn't enough—and how detection fills the gapThe biggest mistakes in detection rules that could blow up your SOCHow to scale detections across hundreds (or thousands) of cloud accountsThe ROI of Detection as Code—why security leaders should careCommon low-hanging fruit detections every cloud security team should implementDavid has spent over a decade working in detection engineering, threat hunting, and building SIEM & EDR products. He shares real-world insights on how companies can improve their detection strategies and avoid costly security missteps.Guest Socials: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠David's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(03:06) What is Detection as Code?(03:41) What was before Detection as Code?(05:36) Business ROI for doing Detection as Code?(07:49) Building Security Operations in Google Cloud(12:41) Threat Detection for different type of workload(14:54) What is Google SecOps?(20:36) Different kinds of Detection people can create(24:46) Scaling Detection across many Google Cloud accounts(28:47) The role of Data Pipeline in Detection(31:44) Detections people can start with(34:14) Stages of maturity for detection(36:43) Skillsets for Detection Engineering(39:32) The Fun Section

In this episode, we sit down with Lior Div and Nate Burke of 7AI to discuss Agentic AI, Service-as-Software, and the future of Cybersecurity. Lior is the CEO/Co-Founder of 7AI and a former CEO/Co-Founder of Cybereason, while Nate brings a background as a CMO with firms such as Axonius, Nagomi, and now 7AI.Lior and Nate bring a wealth of experience and expertise from various startups and industry-leading firms, which made for an excellent conversation.We discussed:The rise of AI and Agentic AI and its implications for cybersecurity.Why the 7AI team chose to focus on SecOps in particular and the importance of tackling toil work to reduce cognitive overload, address workforce challenges, and improve security outcomes.The importance of distinguishing between Human and Non-Human work, and why the idea of eliminating analysts is the wrong approach.Being reactive and leveraging Agentic AI for threat hunting and proactive security activities.The unique culture that comes from having the 7AI team in-person on-site together, allowing them to go from idea to production in a single day while responding quickly to design partners and customer requests.Challenges of building with Agentic AI and how the space is quickly evolving and growing.Key perspectives from Nate as a CMO regarding messaging around AI and getting security to be an early adopter rather than a laggard when it comes to this emerging technology.Insights from Lior on building 7AI compared to his previous role, founding Cybereason, which went on to become an industry giant and leader in the EDR space.

Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage https://www.knostic.ai/what-we-do Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-865

Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: * https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage * https://www.knostic.ai/what-we-do Show Notes: https://securityweekly.com/psw-865

00:00 - PreShow Banter™ — Agent A.I.07:35 - BHIS - Talkin' Bout [infosec] News 2025-03-1010:47 - Story # 1: 12 Chinese hackers charged with US Treasury breach — and much, much more15:25 - Story # 2: Signal President Meredith Whittaker calls out agentic AI as having ‘profound' security and privacy issues25:33 - Story # 3: X/Twitter is down for a third time today27:33 - Story # 4: Developer sabotaged ex-employer with kill switch activated when he was let go33:37 - Story # 5: Undocumented commands found in Bluetooth chip used by a billion devices45:37 - Story # 6: Cybercrime's Cobalt Strike Use Plummets 80% Worldwide46:19 - Story # 7: Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags55:01 - Story # 8: Ransomware gang encrypted network from a webcam to bypass EDR

Ransomware gang bypasses EDR via a webcam Toronto Zoo updates January 2024 attack damage House bill requires federal contractors to implement vulnerability disclosure policies  Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. Then add: Find the stories behind the headlines at CISOseries.com.  

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: North Korea pulls off a 1.5 billion dollar crypto heist Apple pulls Advanced Data Protection from the UK Black Basta ransomware gang's internal chats leak Russians snoop on Signal with QR codes And Myanmar ships thousands of freed scam compound workers to Thailand Regular guest Lina Lau joins to discuss her work reading Chinese incident response reports on WeChat, and how that has people thinking that … she outed the NSA? This week's episode is sponsored by Airlock Digital, and allow-listing tragics Daniel Schell and David Cottingham are along with an amusing tale of using Windows' own allow-listing software to block EDR from loading. This episode is also available on Youtube. Show notes Hackers drained $1.4 billion of cryptocurrency from Bybit exchange, CEO confirms | The Record from Recorded Future News CertiK - Bybit Incident Technical Analysis Hackers use ‘sophisticated' macOS malware to steal cryptocurrency, Microsoft says | The Record from Recorded Future News EU sanctions North Korean tied to Lazarus group over involvement in Ukraine war | The Record from Recorded Future News Sanctions: Iranians Flock to Crypto; Int'l Actions Target Russia - Chainalysis Apple turns off iCloud encryption feature in UK following reported government legal order | The Record from Recorded Future News Swedish authorities seek backdoor to encrypted messaging apps | The Record from Recorded Future News Leaked chat logs expose inner workings of secretive ransomware group - Ars Technica Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News Meta Sues Alleged Violent Extortionist For Holding Instagram Accounts Hostage Weathering the storm: In the midst of a Typhoon Thailand to take in 7,000 rescued from illegal cyber scam hubs in Myanmar | The Record from Recorded Future News Genea confirms cyber breach after ‘unauthorised third party' accesses data | news.com.au — Australia's leading news site Managed healthcare defense contractor to pay $11 million over alleged cyber failings | The Record from Recorded Future News Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News Director-General's Annual Threat Assessment 2025 | ASIO An inside look at NSA (Equation Group) TTPs from China's lense

The latest episode of the On Location series, recorded at ThreatLocker's Zero Trust World 2025 in Orlando, brings forward a deep and practical conversation about implementing Zero Trust principles in real-world environments. Hosted by Marco Ciappelli and Sean Martin, this episode features Avi Solomon, CIO of a law firm with nearly 30 years in IT and a strong focus on cybersecurity.The Journey to Proactive SecurityAvi Solomon shares his experience transitioning from traditional security models to a proactive, preventive approach with ThreatLocker. With a background in engineering, consulting, and security (CISSP certified), Solomon outlines his initial concerns with reactive endpoint detection and response (EDR) solutions. While EDR tools act as a secondary insurance policy, he emphasizes the need for a preventive layer to block threats before they manifest.Solomon's firm adopted ThreatLocker a year ago, replacing a legacy product to integrate its proactive security measures. He highlights the platform's maturation, including network control, storage control, application whitelisting, and cloud integration. The shift was not only a technological change but also a cultural one, aligning with the broader philosophy of Zero Trust—approaching security with a mindset that nothing within or outside the network should be trusted by default.Implementing Zero Trust with EaseA standout moment in the episode is Solomon's recount of his implementation process. His conservative approach included running ThreatLocker in observation mode for two months before transitioning fully to a secure mode. When the switch was finally flipped, the result was remarkable—zero disruptions, no pushback from users, and a smooth transition to a less risky security posture. Solomon attributes this success to ThreatLocker's intuitive deployment and adaptive learning capabilities, which allowed the system to understand normal processes and minimize false positives.Redefining Zero Trust: “Near Zero Trust”Solomon introduces a pragmatic take on Zero Trust, coining the term “Near Zero Trust” (NZT). While achieving absolute Zero Trust is an ideal, Solomon argues that organizations should strive to get as close as possible by layering strategic solutions. He draws a clever analogy comparing Zero Trust to driving safely before relying on a seatbelt—proactive behavior backed by reactive safeguards.Tune in to the full episode to explore more of Avi Solomon's insights, hear stories from the conference floor, and learn practical approaches to embedding Zero Trust principles in your organization's security strategy.Guest: Avi Solomon, Chief Information Officer at Rumberger | Kirk | On LinkedIn: https://www.linkedin.com/in/aviesolomon/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Click here to send us your ideas and feedback on Blueprint!In this episode, we sit down with Ryan Thompson, a seasoned expert in building dashboards that actually detect real threats—not just look pretty. With experience at Elastic, Alert Logic, and top EDR vendors, Ryan shares deep insights into the science behind effective dashboards and how security teams can cut through the noise to find the threats on your network.We cover:Why most SOC dashboards fail to deliver real insights—and how to fix them.The right way to structure dashboards for SIEM, EDR, and threat hunting.How to visualize security data effectively to make detection faster.The balance between automation, alerts, and analyst intuition.If you're a SOC analyst, detection engineer, or security leader looking to elevate your dashboard game and sharpen your cyber threat detection skills, this is an episode you won't want to miss!Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: Blue Team Fundamentals - Security Operations and Analysis LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-394

A federal court finds the FBI's warrantless section 702 searches unconstitutional. The DOJ charges five in a fake IT worker scheme. The Texas Attorney General expands his investigation into automakers' data sharing. CISA highlights vulnerabilities in the aircraft collision avoidance system. Estonia will host Europe's new space cybersecurity testing ground. Hackers use hardware breakpoints to evade EDR detection. Subaru's Starlink connected vehicle service exposed sensitive customer and vehicle data. Asian nations claim progress against criminal cyber-scam camps. Our guest today is Dr. Chris Pierson, Founder and CEO of BlackCloak, with his outlook on 2025. Sticking AI crawlers in the tar pit.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Dr. Chris Pierson, Founder and CEO of BlackCloak, joining us to share trends he sees coming our way in 2025. Selected Reading Court rules FBI's warrantless searches violated Fourth Amendment (Ars Technica) US Charges Five People Over North Korean IT Worker Scheme (SecurityWeek) Texas probes four more car companies over how they collect and sell consumer data (The Record) CISA Warns of Flaws in Aircraft Collision Avoidance Systems (BankInfo Security) ESA - Estonia to host Europe's new space cybersecurity testing ground (European Space Agency) Bypassing EDR Detection by Exploiting Hardware Breakpoints at CPU Level (Cyber Security News) Subaru Starlink Vulnerability Exposed Cars to Remote Hacking (SecurityWeek) China and friends say they're hurting cyber-slave scam camps (The Register) Developer Creates Infinite Maze That Traps AI Training Bots (404 Media)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices