Podcasts about EDR

*5:00am: What moment made you feel like you were about to be in a crime scene? *6:00am: Technology tried to sabotage you? What was a sign that you were getting older? *7:00am: What is your job perk? (EDR's at Casinos) *8:00am: Skye Marsh from Southwest Exotic Avian Rescue Talk Lose Toucan in Las Vegas, What's the weirdest thing you've seen with your own eyes in Las Vegas?

In this episode, we're digging into malicious browser extensions...the quiet, often overlooked attack vector living inside nearly every organization. While we focus on patching servers, hardening Active Directory, and deploying EDR, attackers are increasingly abusing the browser as their initial foothold. We'll break down how these extensions work, why they're so dangerous, and what IT leaders can realistically do about it.Check out these resources:Annex - Enterprise Software Extension Security & Managementhttps://crxaminer.tech/https://x.com/tucknerhttps://x.com/IceSolstBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Podcast: Industrial Cybersecurity InsiderEpisode: Your OT Cybersecurity Strategy Is Failing: Here's WhyPub date: 2026-02-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino and Craig reunite to tackle the shifts occuring in industrial cybersecurity in 2026.They discuss how OT-focused IDS software companies are shifting away from managed services to partner with systems integrators who understand the plant floor.The conversation explores the challenges manufacturers face—from aging infrastructure spanning decades to flat layer-2 networks that give remote vendors unrestricted access.They emphasize that IT departments cannot effectively manage OT assets they don't own or understand, especially when dealing with equipment older than their cybersecurity staff.The episode covers the pitfalls of penetration testing in live manufacturing environments, the reality of shadow IT versus shadow OT, and why EDR solutions struggle in control system environments.Dino and Craig stress the importance of treating cybersecurity as a marathon rather than a sprint, starting with basic asset inventory and microsegmentation.They call on manufacturing leaders to stop deferring to IT for OT security, attend industry-specific conferences like S4X26, and partner with systems integrators who have deep automation expertise.With threats mounting, the time for action is now—not next quarter.Chapters:(00:00:00) - Welcome & What We've Been Up To(00:00:48) - The Big Shift: Why OT IDS Companies Are Backing Away From Managed Services(00:03:00) - The Shelfware Problem: When Security Tools Sit Unused(00:04:12) - Why Pen Testing Can Be Disruptive (or Dangerous) in Manufacturing Environments(00:05:54) - The Reality of Legacy Infrastructure: Equipment Older Than Your Cybersecurity Team(00:07:43) - Who Can Actually Patch Your Control Systems?(00:09:04) - Supply Chain Vulnerabilities: You're Only as Strong as Your Weakest Link(00:11:01) - The Last Mile Challenge: Asset Inventory, Microsegmentation & Starting Small(00:13:55) - The Shelfware to Tool-Switching Problem: Why Companies Are Reconsidering Their First Choice(00:16:18) - Shadow IT vs. Shadow OT: Who Really Owns Plant Floor Security?(00:19:00) - Why EDR Struggles in Control System Environments(00:21:35) - Time to Step Up: Why Manufacturing Leaders Can't Defer to IT Anymore(00:23:00) - Where to Learn: S4, Automation Fair, and Why You Need to Attend Industry Conferences(00:25:00) - Finding the Right Partner: Systems Integrators Who Speak Automation and Cybersecurity(00:27:00) - Final Thoughts: The Time for Action Is NowLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In a world of "Decision Paralysis," which SIM should you choose? In this episode, we dive deep into why Wazuh has become the go-to solution for SOC analysts in 2026. Moving beyond the "injection-based licensing crisis" of traditional tools like Splunk and QRadar, Wazuh offers a unified, open-source platform that combines the "brain" of a SIM with the "guard" of an XDR.We provide a step-by-step practical look at Wazuh's architecture, its XML-based detection engine, and a live demonstration of Active Response, where the tool doesn't just detect a brute-force attack but automatically blocks the attacker in real-time.

Guest: Daniel Lyman, VP of Threat Detection and Response, Fiserv Topics: What is the right way for people to bridge the gap and translate executive dreams and board goals into the reality of life on the ground? How do we talk to people who think they have "transformed" their SOC simply by buying a better, shinier product (like a modern SIEM) while leaving their old processes intact? What are the specific challenges and advantages you've seen with a federated SOC versus a centralized one? What does a "federated" or "sub-SOC" model actually mean in practice? Why is the message that "EDR doesn't cover everything" so hard for some people to hear? Is this obsession with EDR a business decision or technology debt? How do you expect AI to change the calculus around data centralization versus data federation? What is your favorite example of telemetry that is useful, but usually excluded from a SIEM? What are the Detection and Response organizational metrics that you think are most valuable? Is the continued use of Excel an issue of tooling, laziness, or just because it is a fundamentally good way to interact with a small database? Resources: Video version "In My Time of Dying" book EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It? blog

Got a question or comment? Message us here!Attackers are hiding remote access trojans (RATs) inside malicious MSI installers disguised as legit software, and it's surging in early 2026. We break down how these phishing attacks bypass EDR, what to look for, and how SOC teams can stop them before they turn into full-blown breaches. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Send us a textThe weakest link is often sitting on the edge, blinking away with expired firmware and no vendor support. We kick off with a blunt reality check on outdated firewalls, load balancers, and IoT gateways, and why waiting two years to retire them is a gift to attackers. From there, we guide you through Domain 7.7 with a practical blueprint for operating and maintaining detective and preventive measures that actually hold up under pressure.We unpack firewall fundamentals with clear, real‑world tradeoffs: when a simple packet filter is enough, when stateful inspection and deep packet inspection earn their keep, and how a WAF stops the web attacks your L3/L4 controls will miss. You'll hear how RTBH can deflect denial‑of‑service floods upstream, and why segmentation is your best friend for reducing blast radius—whether you use internal segmentation firewalls for R&D, Purdue‑style tiers for industrial networks, or controlled air gaps for the most sensitive systems. In the cloud, we separate security groups from true firewalls and show how to stitch policies across hybrid environments without creating blind spots.Detection makes prevention smarter, so we break down IDS versus IPS in plain language. Baseline first, then block with intent to avoid outages. We compare host‑based and network‑based sensors, explain where to place them, and share tactics for cutting alert noise. You'll also get straight talk on allowlists and blacklists, the right way to maintain them, and why stale entries cause the ugliest outages. We explore sandboxing for safe detonation and learning, and give an unvarnished take on honeypots and honeynets—where they help, where they waste time, and what legal lines to respect.Not every team can build a 24x7 SOC, so we outline how MSSPs can extend your coverage with clear SLAs and ownership. Endpoint anti‑malware remains non‑negotiable, but tool sprawl is a trap—choose a strong EDR and manage it well. Finally, we dive into AI and machine learning: how they supercharge detection, triage, and response—and how adversaries use them too. The throughline is simple: shrink attack surface, raise signal quality, and respond faster than threats can pivot. If this helps you secure one more edge box or tune one more control, share it with a teammate, subscribe for more practical walkthroughs, and drop a review so we can keep raising the bar together.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Parce que… c'est l'épisode 0x705! Shameless plug 25 et 26 février 2026 - SéQCure 2026 31 mars au 2 avril 2026 - Forum INCYBER - Europe 2026 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 19 septembre 2026 - Bsides Montréal Notes IA Dumpster fire called OpenClaw OpenClaw (a.k.a. Moltbot) is everywhere all at once, and a disaster waiting to happen ‘Moltbook' social media site for AI agents had big security hole, cyber firm Wiz says MoltBot Skills exploited to distribute 400+ malware packages in days DIY AI bot farm OpenClaw is a security ‘dumpster fire' Detecting and Monitoring OpenClaw (clawdbot, moltbot) Clouds rush to deliver OpenClaw-as-a-service offerings A sane but extremely bull case on Clawdbot / OpenClaw OpenClaw: When AI Agents Get Full System Access – Revolution or Security Nightmare? It's easy to backdoor OpenClaw, and its skills leak API keys Using microvm.nix to sandbox Openclaw OpenClaw Partners with VirusTotal to Secure AI Agent Skill Marketplace 17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware Grok French prosecutors raid X offices, summon Musk over Grok deepfakes Kevin Beaumont: “The UK's Information Commissio…” - Cyberplace Kevin Beaumont: “Reuters reports Grok is still …” - Cyberplace Kevin Beaumont: “Elon Musk Under Investigation …” - Cyberplace Spain, Greece weigh teen social media bans, drawing fury from Elon Musk Vos agents IA sécurisés en -10 sec. sur Mac You won: Microsoft is walking back Windows 11's AI overload C'est prouvé : Le vibe coding va tuer l'open source Anthropic keeps Claude ad-free AWS intruder pulled off AI-assisted cloud break-in in 8 mins n8n's latest critical flaws bypass December fix Microsoft sets Copilot agents loose on your OneDrive files How Industrial Robot Safety Was Written In Blood Anthropic's Claude Opus 4.6 uncovers 500 zero-day flaws in open-source code GitHub - Deso-PK/make-trust-irrelevant: Make trust irrelevant for agentic AI using kernel-enforced authority boundaries. Malicious VS Code AI Extensions Harvesting Code from 1.5M Devs Red Notepad++ Notepad++ Hack Detailed Along With the IoCs and Custom Malware Used Notepad++ Users, You May Have Been Hacked by China Energy infrastructure cyberattacks are suddenly in fashion EDR killer tool uses signed kernel driver from forensic software Microsoft releases urgent Office patch. Russian-state hackers pounce. Attackers Using DNS TXT Records in ClickFix Script to Execute Powershell Commands nmapUnleashed Makes Nmap Scanning More Comfortable and Effective Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil Blue When Cloud Outages Ripple Across the Internet Microsoft rolls out native Sysmon monitoring in Windows 11 Ukraine tightens controls on Starlink terminals to counter Russian drones Satya Nadella decides Microsoft needs a quality czar EDR, Email, and SASE Miss This Entire Class of Browser Attacks Privacy GDPR is a failure California city turns off Flock cameras after company shared data without authorization Vos données sont déjà en vente… et vous ne vous en rendez même pas compte Lockdown Mode - La fonction d'Apple qui a mis le FBI en échec We had sex in a Chinese hotel, then found we had been broadcast to thousands Souveraineté Europe shrugs off tariffs, plots to end tech reliance on US Russian spy satellites have intercepted EU communications satellites Munich makes digital sovereignty measurable with its own score Commission trials European open source communications software Divers et insolites Bitcoin Why This Computer Scientist Says All Cryptocurrency Should “Die in a Fire” Bitcoin gets a zero price target in wake of Burry warning (BTC-USD:Cryptocurrency) Bitcoin de la “marde” ou de l'or en barre !! :) (Franck Desert) Flock CEO calls Deflock a “terrorist organization” Germany warns of Signal account hijacking targeting senior figures BrianKrebs: “Must-read: How ‘Pink Slime' Pu…” - Infosec Exchange We moved fast and broke things. It's time for a change. Collaborateurs Nicolas-Loïc Fortin Crédits Montage par Intrasecure inc Locaux réels par Intrasecure inc

In the security news this week: Residential proxy abuse is everywhere this week: from Google's takedown of IPIDEA to massive Citrix NetScaler scanning and the Badbox 2.0 botnet Supply chain fun time: Notepad++ updates were hijacked Attackers set their sights on: Ivanti EPMM, Dell Unity storage, Fortinet VPNs/firewalls, and ASUSTOR NAS devices Russian state hackers went after Poland's grid Is ICE on a surveillance shopping spree and into hacking anti-ICE apps? Ukraine's war-time Starlink problem is turning into a policy and controls experiment The AI security theme is alive and well with exposed LLM endpoints, OpenClaw/Moltbot/Moltbook fiasco, and letting anyone hijack agents Signed forensic driver for Windows is still an EDR killer The Trump administration's rollback of software security attestation National Cyber Director Sean Cairncross says: “less regulation, more cooperation.” Finally, there are some “only in infosec” human stories: * pen testers arrested in Iowa now getting a settlement, * a Google engineer convicted over stolen AI IP, * Booz Allen losing Treasury work over intentional insider leaks, * and an “AI psychosis” saga at an adult-content platform. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-912

In the security news this week: Residential proxy abuse is everywhere this week: from Google's takedown of IPIDEA to massive Citrix NetScaler scanning and the Badbox 2.0 botnet Supply chain fun time: Notepad++ updates were hijacked Attackers set their sights on: Ivanti EPMM, Dell Unity storage, Fortinet VPNs/firewalls, and ASUSTOR NAS devices Russian state hackers went after Poland's grid Is ICE on a surveillance shopping spree and into hacking anti-ICE apps? Ukraine's war-time Starlink problem is turning into a policy and controls experiment The AI security theme is alive and well with exposed LLM endpoints, OpenClaw/Moltbot/Moltbook fiasco, and letting anyone hijack agents Signed forensic driver for Windows is still an EDR killer The Trump administration's rollback of software security attestation National Cyber Director Sean Cairncross says: "less regulation, more cooperation." Finally, there are some "only in infosec" human stories: * pen testers arrested in Iowa now getting a settlement, * a Google engineer convicted over stolen AI IP, * Booz Allen losing Treasury work over intentional insider leaks, * and an "AI psychosis" saga at an adult-content platform. Show Notes: https://securityweekly.com/psw-912

In the security news this week: Residential proxy abuse is everywhere this week: from Google's takedown of IPIDEA to massive Citrix NetScaler scanning and the Badbox 2.0 botnet Supply chain fun time: Notepad++ updates were hijacked Attackers set their sights on: Ivanti EPMM, Dell Unity storage, Fortinet VPNs/firewalls, and ASUSTOR NAS devices Russian state hackers went after Poland's grid Is ICE on a surveillance shopping spree and into hacking anti-ICE apps? Ukraine's war-time Starlink problem is turning into a policy and controls experiment The AI security theme is alive and well with exposed LLM endpoints, OpenClaw/Moltbot/Moltbook fiasco, and letting anyone hijack agents Signed forensic driver for Windows is still an EDR killer The Trump administration's rollback of software security attestation National Cyber Director Sean Cairncross says: "less regulation, more cooperation." Finally, there are some "only in infosec" human stories: * pen testers arrested in Iowa now getting a settlement, * a Google engineer convicted over stolen AI IP, * Booz Allen losing Treasury work over intentional insider leaks, * and an "AI psychosis" saga at an adult-content platform. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-912

In the security news this week: Residential proxy abuse is everywhere this week: from Google's takedown of IPIDEA to massive Citrix NetScaler scanning and the Badbox 2.0 botnet Supply chain fun time: Notepad++ updates were hijacked Attackers set their sights on: Ivanti EPMM, Dell Unity storage, Fortinet VPNs/firewalls, and ASUSTOR NAS devices Russian state hackers went after Poland's grid Is ICE on a surveillance shopping spree and into hacking anti-ICE apps? Ukraine's war-time Starlink problem is turning into a policy and controls experiment The AI security theme is alive and well with exposed LLM endpoints, OpenClaw/Moltbot/Moltbook fiasco, and letting anyone hijack agents Signed forensic driver for Windows is still an EDR killer The Trump administration's rollback of software security attestation National Cyber Director Sean Cairncross says: "less regulation, more cooperation." Finally, there are some "only in infosec" human stories: * pen testers arrested in Iowa now getting a settlement, * a Google engineer convicted over stolen AI IP, * Booz Allen losing Treasury work over intentional insider leaks, * and an "AI psychosis" saga at an adult-content platform. Show Notes: https://securityweekly.com/psw-912

Parce que… c'est l'épisode 0x701! Shameless plug 25 et 26 février 2026 - SéQCure 2026 CfP 31 mars au 2 avril 2026 - Forum INCYBER - Europe 2026 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 19 septembre 2026 - Bsides Montréal Description Les initiatives du gouvernement du Québec en cybersécurité Dans cet épisode du podcast, je reçois Yvan Fournier, chef gouvernemental de la sécurité de l'information du gouvernement du Québec, qui occupe le poste de sous-ministre adjoint. Cette conversation révèle l'ampleur des transformations en cours au sein de l'appareil gouvernemental québécois en matière de cybersécurité. Un parcours technique impressionnant Yvan Fournier possède un parcours professionnel remarquable de 29 ans dans le réseau de la santé, où il a occupé pratiquement tous les postes possibles, du technicien jusqu'au directeur général de la cybersécurité. Son expertise technique est considérable : il détient 22 certifications en cybersécurité, a été le premier instructeur Novell francophone, et a même participé à des concours de hacking aux États-Unis. Cette solide expérience technique lui permet aujourd'hui d'apporter une vision pragmatique et éclairée à son rôle stratégique. Les 15 mesures obligatoires : une base solide En 2019, en collaboration avec des champions du réseau gouvernemental, l'équipe d'Yvan Fournier a établi 15 mesures obligatoires de cybersécurité, inspirées du référentiel NIST. Ces mesures incluent des éléments fondamentaux comme l'authentification multifacteur, l'application des correctifs de sécurité, et l'utilisation de systèmes d'exploitation encore supportés par les fabricants. Ces mesures constituent le socle sur lequel repose aujourd'hui la stratégie de cybersécurité gouvernementale, visant à protéger les données des citoyens et assurer la continuité des services publics. Une surveillance centralisée 24/7/365 L'un des projets phares actuels est la mise en place d'un service de surveillance centralisé fonctionnant 24 heures sur 24, 7 jours sur 7, 365 jours par année, basé sur l'intelligence artificielle. Historiquement, chaque organisme public devait assurer sa propre surveillance, ce qui créait des disparités importantes selon les ressources disponibles. Les petits organismes ne pouvaient pas se permettre d'avoir du personnel de garde en permanence. Le nouveau système centralise les données provenant de multiples sources : les EDR (antivirus avancés), les balayages de vulnérabilités externes et internes, les PDNS (pour surveiller les employés en télétravail), et les vérifications des Active Directory. Toutes ces informations convergent vers des SIEM et SOAR locaux, basés sur l'IA, permettant une vue d'ensemble complète de l'état de sécurité du gouvernement. Le gouvernement collabore également avec des firmes privées pour assurer cette surveillance continue. Fait intéressant, le coût de ce service est environ deux fois moins élevé que ce que paient certaines organisations privées, tout en offrant un niveau de service supérieur. Le regroupement RHI : une révolution organisationnelle Un changement majeur qui n'a pas reçu l'attention médiatique qu'il mérite est le regroupement RHI, qui intègre la cybersécurité de 52 organismes publics (ministères et organismes) directement au sein du MCN (Ministère de la Cybersécurité et du Numérique). Cette centralisation, qui prendra effet à partir du 1er avril, permettra d'harmoniser les choix technologiques et stratégiques dans tout l'appareil gouvernemental. Comme le souligne Fournier, ce n'est pas parce qu'un organisme est petit qu'il doit avoir une sécurité moins robuste, car tous les systèmes sont interconnectés et une vulnérabilité dans un petit organisme peut compromettre l'ensemble. L'automatisation et la réactivité L'un des enjeux majeurs identifiés par Fournier est la vitesse à laquelle les attaques se produisent désormais. Avec l'arrivée de l'intelligence artificielle, le nombre d'attaques a augmenté drastiquement, et le temps entre la découverte d'une vulnérabilité zero-day et son exploitation est passé de plusieurs jours ou semaines à environ quatre heures. Cette réalité impose une automatisation des réponses. Le nouveau système permettra non seulement de détecter les menaces en temps réel, mais aussi d'automatiser les réactions : bloquer automatiquement les serveurs compromis, déployer centralement les indicateurs de compromission (IOC) sur tous les pare-feu du gouvernement, et même arrêter préventivement les services à risque. L'exemple de la vulnérabilité SharePoint illustre bien cette capacité : le Québec a agi rapidement en fermant les systèmes vulnérables, alors qu'une autre province a subi le piratage de 900 serveurs SharePoint. Reconnaissance internationale et création de CVE Un accomplissement remarquable est que le Québec (et non le Canada) fait maintenant partie des 20 organisations mondiales autorisées à créer des CVE (Common Vulnerabilities and Exposures), aux côtés du Luxembourg. Cette reconnaissance témoigne de l'excellence des équipes de pentesting québécoises, qui découvrent régulièrement des vulnérabilités, parfois avec l'aide de pentesteurs virtuels basés sur l'IA. Le balayage de vulnérabilités : externe et interne Le balayage externe des vulnérabilités, déployé massivement pendant le confinement, permet déjà une visibilité complète sur la surface d'attaque visible depuis Internet. Le balayage interne, actuellement en cours de déploiement, apportera une dimension supplémentaire cruciale. Au-delà de l'identification des vulnérabilités, ces outils permettront de créer un inventaire automatisé et centralisé de tous les équipements, logiciels, et même des microcodes des contrôleurs de stockage et des BIOS. Cet inventaire facilitera grandement la gestion des risques : lorsqu'une nouvelle vulnérabilité est annoncée, il sera possible de cibler immédiatement les organismes concernés plutôt que d'alerter tout le monde. De plus, cet inventaire donnera une vision claire de la dette technique et permettra de prioriser les investissements en fonction des risques réels. Le défi des objets connectés Fournier identifie les objets connectés (IoT) comme un défi majeur pour l'avenir. Ces dispositifs, de plus en plus présents dans l'environnement gouvernemental (santé, transport, construction), posent des problèmes de sécurité particuliers. La majorité des microcodes sont produits par cinq grandes compagnies chinoises, et ces objets peuvent contenir des fonctionnalités insoupçonnées, comme la reconnaissance faciale dans un drone à 40 dollars. L'exemple du thermomètre d'aquarium ayant servi de point d'entrée pour paralyser un casino pendant 24 heures illustre les risques associés. Pour Fournier, avoir un inventaire complet des objets connectés dans l'appareil gouvernemental représente le “Saint Graal” de la cybersécurité. Le projet de loi 82 et les infrastructures critiques Le projet de loi 82 confère pour la première fois au gouvernement du Québec une responsabilité dans la sécurité des infrastructures critiques de la société civile. Cela inclut l'eau, l'électricité, et d'autres services essentiels. Le gouvernement commence déjà à travailler avec certaines municipalités qui manifestent un vif intérêt pour cette collaboration, particulièrement importante considérant la vulnérabilité des systèmes de gestion de l'eau. Conclusion Les initiatives présentées par Yvan Fournier démontrent que le gouvernement du Québec prend la cybersécurité au sérieux et investit massivement dans la protection de ses systèmes et des données des citoyens. La centralisation des ressources, l'automatisation des réponses, la surveillance continue, et l'adoption de technologies basées sur l'IA positionnent le Québec comme un leader en matière de cybersécurité gouvernementale. Ces efforts et combinés à l'ouverture au code source, tracent la voie vers un avenir numérique plus sûr pour tous les Québécois. Collaborateurs Nicolas-Loïc Fortin Yvan Fournier Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Podcast: Industrial Cybersecurity InsiderEpisode: Four Distinct Companies & One Critical Gap—The Ownership Crisis in OT SecurityPub date: 2026-01-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThis compilation episode brings together the most critical insights from Industrial Cybersecurity Insider conversations about the fundamental challenges plaguing OT security implementation and management.Industry experts dissect why traditional IT security approaches fail catastrophically on the plant floor, revealing that the core issue isn't technology—it's ownership, collaboration, and understanding.From the dangers of deploying endpoint detection without vendor qualification to the millions lost in unplanned downtime, this episode exposes the gap between security theory and operational reality.Listeners will discover why cybersecurity tools are often shelfware, how the "have and have-not" world creates vulnerability gaps across manufacturing facilities, and what "left of boom" thinking means for preventing incidents before they happen. Featuring hard-won lessons about shutdown windows, cyber-informed engineering, and the critical importance of building relationships between IT teams and plant floor operations, this episode delivers actionable intelligence for CISOs, plant managers, and anyone responsible for securing industrial control systems.Chapters:(00:00:00) - Introduction: The Core Problem of Ownership in OT Security(00:01:45) - Why IT Security Approaches Fail on the Plant Floor(00:04:30) - The Cloud Analogy: Lessons for OT Implementation(00:07:15) - The Missing Conversation: Capital Plans and OEMs(00:10:20) - IT vs OT Networks: Different Purposes, Different Risks(00:13:35) - EDR in OT: The Aftermarket Parts Problem(00:16:10) - Cyber-Informed Engineering: Building Security into Design(00:19:45) - The Have and Have-Not World of Plant Security(00:23:20) - Left of Boom: Visibility Beyond Security(00:27:15) - Who Should Lead the OT Security DiscussionLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Parce que… c'est l'épisode 0x698! Shameless plug 29 janvier 2026 - The Coming AI Hackers 25 et 26 février 2026 - SéQCure 2026 CfP 31 mars au 2 avril 2026 - Forum INCYBER - Europe 2026 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 19 septembre 2026 - Bsides Montréal Description Introduction Dans cet épisode, David Bizeul et Nicolas explorent l'interopérabilité entre composants de sécurité et présentent le projet Open XDR Architecture (OXA). La discussion met en lumière les défis de l'approche “best of breed” face à la plateformisation du marché de la cybersécurité, ainsi que les solutions innovantes pour favoriser l'interopérabilité. L'approche best of breed et ses défis David Bizeul se définit comme un fervent défenseur de l'approche best of breed, qui consiste à sélectionner la meilleure solution pour chaque problème spécifique en cybersécurité. Cette philosophie s'inscrit dans l'ADN de Sekoia, où l'ouverture et l'interopérabilité constituent des valeurs fondamentales. Cependant, cette approche se heurte à une réalité complexe : bien qu'un produit puisse être excellent dans son domaine, il ne représente qu'une lettre dans l'alphabet complet d'un workflow de cybersécurité. Le principal défi réside dans la compétition avec les grandes plateformes intégrées. Ces acteurs, principalement américains, ont pu racheter la concurrence pour des centaines de millions ou des milliards de dollars, créant des offres complètes de A à Z. Face à cette concentration, les éditeurs spécialisés doivent trouver des moyens alternatifs de créer de la valeur pour leurs clients sans disposer des mêmes ressources financières. Le projet Open XDR Architecture (OXA) Pour répondre à ces enjeux, trois sociétés françaises - Sekoia, Arfanglab et Glims - ont collaboré pour créer OXA. Sekoia propose une plateforme SOC, Arfanglab une solution EDR, et Glims une solution d'analyse de malware. Ensemble, ils ont développé une architecture ouverte permettant de faire du XDR (Extended Detection and Response) en favorisant l'interopérabilité entre différentes solutions technologiques de qualité. L'objectif d'OXA est de se positionner face aux acteurs plateformisants, non pas en suivant leur modèle d'acquisition agressive, mais en promouvant les standards, l'interopérabilité et des formats de données ouverts. Cette approche vise à faciliter les workflows entre différents composants de sécurité. Les différentes couches d'OXA Formats de données La première couche concerne les formats de données générés et consommés par les différentes solutions. Historiquement, le marché souffrait d'une prolifération de formats propriétaires, rendant l'intégration extrêmement complexe. OXA s'appuie sur des standards existants comme OCSF (Open Cyber Security Framework), qui définit un cadre pour les différents types de produits et leurs champs de données pertinents. L'objectif n'est pas de réinventer la roue, mais de promouvoir ce qui existe déjà et fonctionne bien. Spécifications d'API La deuxième couche aborde l'automatisation et la communication entre produits. Contrairement aux formats de données, il n'existe pas sur le marché de spécification d'API standardisée pour la cybersécurité. Chaque éditeur développe ses propres API propriétaires pour communiquer avec les EDR, firewalls ou SIEM. OXA propose une spécification d'API définissant comment les composants de sécurité devraient interagir : comment suspendre un processus sur un EDR, comment ajouter une règle de détection dans un SIEM, etc. Cette standardisation permet de gagner énormément de temps d'ingénierie. Au lieu de passer trois jours d'intégration pour chaque nouveau produit, multiplié par cent produits (soit 300 jours de travail), une API standardisée permettrait de minimiser drastiquement ces délais d'intégration, bénéficiant à l'ensemble de la communauté. Distribution de Threat Intelligence La troisième couche concerne la dissémination de la Threat Intelligence. L'idée est qu'un client ayant déjà payé pour une source de Threat Intelligence devrait pouvoir la distribuer à tous ses produits de sécurité, et non seulement à quelques-uns. Cela permet d'agir plus rapidement, plus près de la menace, en diffusant l'information directement aux équipements réseau ou endpoints avant même que les alertes n'arrivent au SIEM. L'analogie médicale et la spécialisation Nicolas établit une analogie pertinente avec la médecine pour illustrer l'évolution de la cybersécurité. Il y a 15 ans, le domaine était relativement limité et rudimentaire, comparable à la médecine générale d'il y a un siècle. Aujourd'hui, comme en médecine où personne n'accepterait qu'un généraliste pratique une neurochirurgie, la cybersécurité nécessite des spécialistes. La plateformisation ne fait plus sens dans un contexte où chaque domaine requiert une expertise pointue. Cette spécialisation se reflète également au niveau des professionnels et des entreprises. Il est désormais impossible pour une personne de maîtriser tous les aspects de la cybersécurité, tout comme une entreprise ne peut exceller dans tous les domaines simultanément. Vision future et Cyber Security Mesh Architecture David Bizeul établit un parallèle intéressant entre OXA et le concept de Cyber Security Mesh Architecture (CSMA) proposé par Gartner. Le CSMA représente une vision du marché où la cybersécurité est pensée comme un ensemble de composants travaillant en chaîne. OXA constitue une manière d'opérationnaliser cette vision, offrant aux clients la possibilité de choisir les meilleurs produits pour leur contexte spécifique tout en garantissant leur interopérabilité. Le projet intègre également un système de labels (bronze, silver, gold) permettant aux éditeurs de s'autodéclarer compatibles avec différents niveaux d'interopérabilité OXA. L'objectif est d'encourager les clients à favoriser l'interopérabilité plutôt que la plateformisation dans leurs appels d'offres et budgets. Avantages pour l'innovation Un aspect particulièrement intéressant d'OXA est son potentiel pour favoriser l'innovation. Une startup avec une simple preuve de concept peut se rendre compatible OXA et être rapidement intégrée dans des workflows matures de grands groupes. Par exemple, une startup développant une solution d'analyse de deepfakes pourrait être sollicitée dans un workflow de cybersécurité dès ses débuts, là où elle aurait dû attendre trois ans de maturation dans un modèle classique. Pour les utilisateurs, cette approche offre également une résilience accrue : si un produit ne satisfait plus ou si l'éditeur fait faillite, il peut être facilement remplacé par un autre produit compatible OXA, sans disruption majeure du workflow. Conclusion Le projet OXA, disponible sur le repository GitHub d'Open Cyber Alliance, représente une approche innovante pour repenser l'interopérabilité en cybersécurité. En promouvant les standards ouverts et en facilitant la collaboration entre solutions spécialisées, OXA offre une alternative crédible à la plateformisation dominante, au bénéfice tant des éditeurs que des utilisateurs finaux. Notes Open XDR Architecture: redefining the contours of XDR Open XDR architecture Open Cybersecurity Alliance Github opencybersecurityalliance/oxa Collaborateurs Nicolas-Loïc Fortin David Bizeul Crédits Montage par Intrasecure inc Locaux réels par Sekoia

Send us a textA neighboring Wi‑Fi, a handful of stolen credentials, and a quiet leap into a high‑value network—the kind of pivot that sounds cinematic until you realize how practical it is. We unpack that playbook and turn it into concrete defenses you can deploy across your environment, from client endpoints and browsers to databases, servers, and industrial control systems.We start at the edge, where phishing, drive‑by downloads, and man‑in‑the‑middle still win far too often. You'll get a clear blueprint for upgrading endpoint security with EDR, strict patching, and browser hardening, plus when to retire or sandbox legacy applets and how to stop sensitive data bleeding from local caches. From there we map the landscape of modern data platforms: the internal, conceptual, and external layers of databases; the resilience of distributed DBs; the interoperability and pitfalls of ODBC; and the security tradeoffs between NoSQL flexibility and relational ACID guarantees. Expect practical guardrails like TLS on every link, parameterized queries for SQLi defense, and role‑based access with tight segregation of duties.Finally, we focus on servers and ICS, where downtime costs real money and, in OT, can impact safety. Learn how to prioritize hardening and patching without breaking legacy apps, isolate critical services to reduce blast radius, centralize logging to a SIEM, and apply the Purdue model to segment OT from IT. We share tested moves for OT environments—firewalls and DMZs, constrained remote access, realistic backup and recovery plans—and explain how to integrate safety and cybersecurity so alarms, procedures, and people work as one.If you find this valuable, subscribe, share it with a teammate who owns Wi‑Fi or databases, and leave a quick review telling us the first control you'll implement this week. Your feedback helps more practitioners discover tools that actually reduce risk.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Three banks in four days isn't just a bragging right for penetration testers. It's a wake-up call showing that expensive security tools and alarm systems often fail when tested by skilled operators who understand both human behavior and technical vulnerabilities. Greg Hatcher and John Stigerwalt, co-founders of White Knight Labs, talk about their latest physical penetration tests on financial institutions, manufacturing facilities protecting COVID-19 vaccine production, and why their new Server 2025 course had to rewrite most common Active Directory tools. They share stories of armed guards, police gun draws, poison ivy reconnaissance, and a bag of chips that saved them from serious trouble. The conversation reveals why EDR alone won't stop ransomware, how offline backups remain the exception rather than the rule, and what security controls actually work when attackers bring custom tooling. Impactful Moments: 00:00 - Intro 01:00 - New training courses launched 03:00 - Server 2025 breaks standard tools 05:00 - COVID facility physical penetration 07:00 - Armed guards change the game 10:00 - Police draw guns on operators 13:00 - Bag of chips saves the day 15:00 - Nighttime versus daytime physical tests 18:00 - VIP home security assessments 20:00 - 2026 threat predictions 22:00 - Why EDR doesn't stop ransomware 27:00 - Low cost ransomware simulation ROI 29:00 - Three banks in four days 32:00 - Deepfake as the new EDR Links: Connect with our guests –  Greg Hatcher: https://www.linkedin.com/in/gregoryhatcher2/ John Stigerwalt: https://www.linkedin.com/in/john-stigerwalt-90a9b4110/ Learn more about White Knight Labs: https://www.whiteknightlabs.com Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: AI, Human Behavior & Cybersecurity's Future: Cutting Complexity and Strengthening DefensePub date: 2025-12-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe future of cybersecurity won't be won by tools alone - it will be won by people, process, and smarter use of AI. In this episode of Protect It All, host Aaron Crow sits down with cybersecurity veteran Sharad Rai to explore how IT and OT security teams can reduce complexity, fight alert fatigue, and build stronger defenses through foundational practices and intelligent automation. Sharad brings decades of real-world experience - from early firewall management to leading large-scale security programs at major financial institutions. Together, Aaron and Sharad break down what actually works in cybersecurity today: simplifying policies, understanding user behavior, strengthening basics like patching, and leveraging AI for contextual decision-making. You'll learn: Why human behavior is the root of both risk and resilience How AI can reduce complexity, noise, and alert fatigue What “good vs bad” looks like through an AI-driven, context-aware lens How policy overload cripples organizations - and how to fix it Why OT and IT security still depend on foundational hygiene The rise of browser-based security and Chrome as an endpoint What's coming next: AI-driven phishing, contextual controls, and automated response Whether you're a security leader, practitioner, or just navigating modern cyber challenges, this episode will reshape how you think about defending systems and the people using them. Tune in to discover how AI, clarity, and human-centered design are shaping cybersecurity's next chapter only on Protect It All. Key Moments:  06:21 "Cybersecurity Basics: Know the Layers" 09:49 "Defining Good to Block Bad" 13:03 Alarm Fatigue and Information Overload 14:01 Alarm Tuning and Data Utilization 19:02 RFID Tags and Process Frustration 23:03 Simplifying Cybersecurity for Success 25:18 "AI Optimizing Policy Adjustments" 27:33 "Tech Frustrations Then and Now" 31:46 Cloud Computing Transformed Everyday Work 36:05 Focus on Foundational Basics About the guest :  Sharad Rai is a cybersecurity leader and architect with over 20 years of experience securing some of the world's most complex financial institutions. As Vice President of Security and Architecture at State Street, he leads regulatory-driven initiatives and delivers enterprise-wide cybersecurity programs across cloud, infrastructure, and endpoint platforms. Sharad has held key security roles at Morgan Stanley, BNP Paribas, Jefferies, and Foundation Medicine, with deep expertise in EDR, PAM, SASE, ZTNA, and cloud-native security. He is known for simplifying complexity, reducing risk, and bridging product, engineering, and executive teams. How to connect Sharad: https://www.linkedin.com/in/sharad-rai-cissp-a951a28 Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast  To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

CISA warns that pro-Russia hacktivist groups are targeting US critical infrastructure. Google patches three new Chrome zero-day vulnerabilities. North Korean actors exploit React2Shell to deploy a new backdoor.  Researchers claim Docker Hub secret leakage is now a systemic problem. Attackers exploit an unpatched zero-day in Gogs, the self-hosted Git service. IBM patches more than 100 vulnerabilities across its product line. Storm-0249 abuses endpoint detection and response tools. The DOJ indicts a former Accenture employee for allegedly misleading federal customers about cloud security. Our guest is Kavitha Mariappan, Chief Transformation Officer at Rubrik, talking about understanding & building resilience against identity-driven threats. A malware tutor gets schooled by the law. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Kavitha Mariappan, Chief Transformation Officer at Knowledge Partner Rubrik, talking about understanding and building resilience against identity-driven threats. Tune into Kavitha's full conversation here.  New Rubrik Research Finds Identity Resilience is Imperative as AI Wave Floods the Workplace with AI Agents (Press release) The Identity Crisis: Understanding and Building Resilience Against Identity-Driven Threats (Report)  Agentic AI and Identity Sprawl (Data Security Decoded podcast episode) Host Caleb Tolin and guest ⁠Joe Hladik⁠, Head of Rubrik Zero Labs, to unpack the findings from their the report Kavitha addresses.  Resources: Rubrik's Data Security Decoded podcast airs semi-monthly on the N2K CyberWire network with host Caleb Tolin. You can catch new episodes twice a month on Tuesdays on your favorite podcast app. Selected Reading CISA: Pro-Russia Hacktivists Target US Critical Infrastructure New cybersecurity guidance paves the way for AI in critical infrastructure | CyberScoop Google Releases Critical Chrome Security Update to Address Zero-Days - Infosecurity Magazine North Korea-linked ‘EtherRAT' backdoor used in React2Shell attacks | SC Media Thousands of Exposed Secrets Found on Docker Hub - Flare Hackers exploit unpatched Gogs zero-day to breach 700 servers IBM Patches Over 100 Vulnerabilities - SecurityWeek Ransomware IAB abuses EDR for stealthy malware execution US charges former Accenture employee with misleading feds on cloud platform's security - Nextgov/FCW Man gets jail for filming malware tutorials for syndicate; 129 Singapore victims lost S$3.2m - CNA Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Compiling to Bash! How e-waste became a conference badge Overflows via underflows and reporting to CERT Users are using AI to complete mandatory infosec training! AI in your IDE is not a good idea Cybercrime is on the rise, and its the kids AI can replace humans in power plants Will AI prompt injection ever go away? To use a VPN or to not use a VPN, that is the question Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-904

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Compiling to Bash! How e-waste became a conference badge Overflows via underflows and reporting to CERT Users are using AI to complete mandatory infosec training! AI in your IDE is not a good idea Cybercrime is on the rise, and its the kids AI can replace humans in power plants Will AI prompt injection ever go away? To use a VPN or to not use a VPN, that is the question Show Notes: https://securityweekly.com/psw-904

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Compiling to Bash! How e-waste became a conference badge Overflows via underflows and reporting to CERT Users are using AI to complete mandatory infosec training! AI in your IDE is not a good idea Cybercrime is on the rise, and its the kids AI can replace humans in power plants Will AI prompt injection ever go away? To use a VPN or to not use a VPN, that is the question Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-904

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvHeadlines about eight Chrome zero days aren't just noise—they're a prompt to act with precision. We open with the fastest, most reliable steps to reduce exposure: force updates with MDM, restart browsers to trigger patches, narrow to a hardened enterprise browser, and brief your SOC to tune EDR for active exploit patterns. You'll get a focused checklist that's quick to run and easy to defend to leadership.From there, we turn the lens to CISSP Domain 8 with five questions that teach more than they test. We explain why strict schema validation for JSON beats blanket escaping, and how misuse and abuse case analysis during requirements gives you the strongest assurance that security is built into design, not bolted on. We also break down supply chain risk in CI/CD with a practical recipe: software composition analysis, cryptographic signature checks, internal artifact repositories, and policy gates that block malicious or license-violating packages before they ship.Design flaws are the silent killers. We highlight a common mistake—putting sensitive business logic in the browser—and show how to move decisions server-side, validate every request, and protect against client tampering. Finally, we get tactical about containerized microservices: image signing plus runtime verification, read-only filesystems, minimal base images, and network policies that enforce least privilege. These are the controls that turn incident response into a manageable drill, not a firestorm.If you're preparing for the CISSP or leading an engineering team, you'll leave with strategies you can apply today: browser patching that sticks, threat modeling that finds real risks, SCA that calms your pipeline, and container security that proves runtime trust. Enjoyed this conversation? Subscribe, share with a teammate, and leave a quick review to help more people find it.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Compiling to Bash! How e-waste became a conference badge Overflows via underflows and reporting to CERT Users are using AI to complete mandatory infosec training! AI in your IDE is not a good idea Cybercrime is on the rise, and its the kids AI can replace humans in power plants Will AI prompt injection ever go away? To use a VPN or to not use a VPN, that is the question Show Notes: https://securityweekly.com/psw-904

Cybersecurity Today: Google Chrome's AI Safety Plan, React2Shell Fixes, & New Ransomware Tactics In this episode of Cybersecurity Today, host Jim Love discusses Google's new security blueprint for AI-powered Chrome agents, highlighting measures against indirect prompt injections and model errors. Learn about Next JS's new tool for addressing the critical React2Shell vulnerability and the emerging threat from Storm 0249 using EDR tools for ransomware. The episode also covers new data showing manufacturers remain top ransomware targets. Sponsored by Meter. 00:00 Introduction and Sponsor Message 00:22 Google's New Security Plan for Chrome Agents 03:41 Next JS Scanner for React2Shell Vulnerability 05:41 Storm 0249: Malware Hidden in EDR Tools 07:45 Ransomware Targets Manufacturing Sector 09:34 Conclusion and Final Notes

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we delve into endpoint security—a crucial topic for anyone preparing for IT certification exams, especially CompTIA. Traditional firewalls no longer fully protect your network; attackers now exploit endpoints like laptops, phones, printers, and smart devices to breach security. We explore how threats bypass perimeter defenses by targeting users and devices directly, and explain essential controls such as hardening, segmentation, encryption, patching, behavior analytics, and access management. Whether you're studying for your CompTIA exam or seeking practical IT skills development, this episode offers critical insights and IT certification tips to strengthen your understanding of cybersecurity fundamentals. Tune in to enhance your tech exam prep and advance your technology education journey.We start with foundations that actually move risk: baseline configurations, aggressive patch management, and closing unnecessary ports and services. From there we layer modern defenses—EDR and XDR for continuous telemetry and automated containment, UEBA to surface the 3 a.m. login or odd data pulls, and the underrated duo of least privilege and application allow listing to deny unknown code a chance to run. You'll hear why full disk encryption is non‑negotiable and how policy, not heroics, sustains security over time.Mobile endpoints take center stage with clear tactics for safer travel and remote work: stronger screen locks and biometrics, MDM policies that enforce remote wipe and jailbreak detection, and connection hygiene that favors VPN and cellular over public Wi‑Fi. We break down evil twin traps, side loading risks, and permission sprawl, then pivot to IoT realities—default passwords, stale firmware, exposed admin panels—and how VLAN isolation and firmware schedules defang them. A real case of a chatty lobby printer becoming an attack pivot drives home the need for logging and outbound controls through SIEM.The takeaway is simple and urgent: if it connects, it can be attacked, and if it's hardened, segmented, encrypted, and monitored, it can be defended. Subscribe for more practical security deep dives, share this with a teammate who owns devices or networks, and leave a review to tell us which control you'll deploy first.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Send us a textAt IT Nation Connect 2025, Mike DePalma—VP of SMB Cybersecurity at OpenText—sits down with Joey Pinz to talk about rebuilding community in the MSP world, evolving vendor programs, and the tidal wave of AI reshaping security and operations.Mike shares how OpenText's new EDR rollout is simplifying life for ConnectWise partners, the surprising results of their latest MSP Report, and why most AI projects fail—hint: it's not the tech. He opens up about the Datto → Kaseya acquisition, lessons in leadership, and why discipline, presence, and family still define success more than revenue or market share.

Danny Jenkins — Founder of ThreatLocker and the Zero-Trust RevolutionDanny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny's journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/ 00:00 Introduction to Cybersecurity and ThreatLocker02:26 The Birth of ThreatLocker: A Personal Journey05:42 The Evolution of Zero Trust Security08:35 Real-World Impact of Cyber Attacks11:25 The Importance of a Hacker Mindset14:46 The Role of SOC Teams in Cybersecurity17:34 Building a Culture of Security20:23 Hiring for Passion and Skill in Cybersecurity23:44 Understanding Zero Trust: Trust No One26:32 Lifestyle Polygraph: Personal Insights and Fun29:41 Conclusion and Future of ThreatLocker

AI agents aren't just reacting anymore, they're thinking, learning, and sometimes deleting your entire production database without asking. The real question isn't if your AI agent will be hacked, it's when, and whether you'll have the right hooks in place to stop it before it happens. In this episode, Ron breaks down the ChatGPT Atlas vulnerability that shocked researchers, revealing how malicious prompts can turn AI assistants against their own users by bypassing safeguards and accessing file systems. He presents his new talk "Hooking Before Hacking," introducing a framework for applying EDR principles, prevention, detection, and response, to AI agents before they execute unauthorized commands. From pre-tool use hooks that catch malicious intent to one-time passwords that put humans back in the loop, this episode shares practical security controls you can implement today to prevent your AI agents from going rogue.   Impactful Moments: 00:00 - Introduction 02:00 - ChatGPT Atlas vulnerability exposed 04:00 - AI technology outpacing security guardrails 05:00 - Guardrail jailbreaks and prompt injection 06:00 - AI agents deleting production databases 07:00 - EDR principles for AI agents 09:00 - Pre-tool use hooks catch intention 11:00 - User prompt sanitization prevents leaks 14:00 - One-time passwords for agent workflows 16:00 - Automation mistakes across 10 years   Links: Connect with Ron on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Check out the entire article here: https://www.yahoo.com/news/articles/cybersecurity-experts-warn-openai-chatgpt-101658986.html  GitHub Repository: https://hackervalley.com/hooking-before-hacking  See Ron's "Hooking Before Hacking" presentation slides here: http://hackervalley.com/hooking-before-hacking-presentation Check out our website: https://hackervalley.com/ Upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio    

In this Security Squawk episode, Brian Horning from Xact IT is joined by guests to unpack three real ransomware incidents, the rapid rise of “The Gentlemen” gang, and how attackers bypass basic security by turning off tools like Windows Defender. You'll learn why relying only on built-in protections creates dangerous blind spots, what layered security with EDR, SOC monitoring, and log retention looks like, and the practical steps business leaders can take now to harden their defenses and reduce ransomware risk.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvSecurity programs fail when they try to do everything at once. We walk through a clear three-phase plan that keeps you focused and effective: start with a real gap assessment anchored in leadership's risk tolerance, convert findings into decisions to mitigate, accept, or transfer risk, and then implement with a balanced mix of people, process, and tools. Along the way, we share what to look for when hiring a virtual CISO and how to turn that engagement into actionable momentum instead of another shelfware report.From there, we tighten the perimeter by defining bounds that keep systems within safe lanes: role-based access control, data classification, DLP, segmentation, encryption, and change management that shrinks blast radius. We get tactical with process isolation, sandboxing, capability-based security, and application whitelisting, plus a grounded comparison of MAC vs DAC and when a hybrid model makes sense. Defense in depth ties it together with physical safeguards, network protections, EDR and patching, application security practices, and data security. We keep the human layer practical with targeted awareness training and a tested incident response plan.Resilience is the throughline. We advocate for secure defaults and least privilege by design, logging that's actually reviewed, and updates that apply on a measured cadence. When things break, fail safely: graceful degradation, clean error handling, separation of concerns, redundancy, and real-world drills that expose weak spots early. Governance keeps the program honest with separation of duties, dual control, job rotation, and change boards that prevent unilateral risk. Finally, we demystify zero trust: start small, micro-segment your crown jewels, verify continuously, and respect cloud nuances without overcomplicating your stack.If this helps you clarify your next move, follow the show, share it with a teammate, and leave a quick review so others can find it. Tell us: which phase are you tackling first?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode of 'Cybersecurity Today,' host Jim Love covers multiple pressing topics: CloudFlare's major outage affecting services like OpenAI and Discord, Microsoft's new AI feature in Windows 11 and its potential malware risks, a new red team tool that exploits cloud-based EDR systems, and a new tactic using calendar invites as a stealth attack vector. Additionally, a critical SAP vulnerability scoring a perfect 10 on the CVSS scale is discussed alongside a peculiar event where Anthropic's AI mistakenly tried to report a cybercrime to the FBI. The episode wraps up with a mention of the book 'Alyssa, A Tale of Quantum Kisses' and a thank you to Meter for sponsoring the podcast. Tune in for essential cybersecurity insights. 00:00 Introduction and Sponsor Message 00:22 CloudFlare Outage Causes Major Disruptions 02:55 Microsoft's New AI Features and Malware Risks 05:22 Silent but Deadly: New Red Team Tool 07:39 Calendar Invites as a Stealth Attack Vector 10:04 Critical SAP Vulnerability 12:11 Anthropic's AI and the FBI Incident 14:06 Conclusion and Final Thoughts

AI is accelerating ransomware attacks and reshaping the cyber threat landscape. Join Brendan Hall, Alliant Cyber, and Brad LaPorte, Morphisec, as they discuss how evolving ransomware tactics and polymorphic malware are challenging traditional cybersecurity defenses. Together they share how a preemptive approach to ransomware protection can help organizations reduce exposure, lower insurance costs and strengthen cyber resilience as AI continues to accelerate the speed and sophistication of attacks. They also highlight how Morphisec's patented technology and ransomware-free guarantee provide a powerful layer of protection that complements existing MDR and EDR tools.

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-433

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-433

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux encryptors in Windows This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Segment 2: Topic - Threat Modeling Humanoid Robots We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance... Resources https://www.unitree.com/H2 (watch the video!) China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders The big reveal: Xpeng founder unzips humanoid robot to prove it's not human Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability 100-page Paper: The Cybersecurity of a Humanoid Robot 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me Segment 3: Weekly News Finally, in the enterprise security news, A $435M venture round A $75M seed round a few acquisitions the producer of the movie Half Baked bought a spyware company AI isn't going well, or is it? maybe we just need to adopt it more slowly and deliberately? ad-blockers are enterprise best practices firewalls and VPNs are security risks, according to insurance claims could you power an entire house with disposable vapes? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-433

EDr. AJ Kolhari discusses Russia's successful test of the nuclear-powered Burevestnik cruise missile, which flew 14,000 km for 15 hours. The missile captures and compresses air, heating it over a nuclear reactor to create thrust. Kulhari emphasizes the danger because it flies low (50 to 100 m) and is hard to detect. He notes this nuclear propulsion technology, or similar ramjet designs, could revolutionize commercial travel and be applied to flight on Mars, using its CO₂ atmosphere for heating. 1958

Hackers use Windows Hyper-V to evade EDR detection Critical Cisco UCCX flaw lets attackers run commands as root The Louvre's video security password was reportedly Louvre  Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment — and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats — stop them with ThreatLocker. Find the stories behind the headlines at CISOseries.com.

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud and a recognized expert in SIEM, log management, and PCI DSS compliance, will help us cut through the buzzwords and discuss modern security operations.Join the Defender Fridays community, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals.Dr. Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. He is also a co-host of Cloud Security Podcast.Until June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics, and is credited with inventing the term "EDR." He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Ransomware detection is more complex than most organizations realize. In this episode, cybersecurity expert Mike Saylor breaks down the real-world signs of ransomware attacks—from users complaining about slow computers to smart devices acting strangely. We explore polymorphic malware that changes based on its target, the risks posed by managed service providers using shared credentials, and why milliseconds matter in ransomware detection and response. Mike explains the difference between EDR, XDR, SIEM, and SOAR tools, helping you understand which security solutions you actually need. We also discuss why 24/7 monitoring is non-negotiable and how even small businesses can afford proper ransomware detection capabilities. If you're trying to protect your organization without breaking the bank, this episode offers practical guidance on building your security stack and knowing when to call in expert help.

Three Buddy Problem (Episode 68): The buddies are trapped in timezone hell with cross-country travel this week. In this special episode, we present Juan Andres Guerrero-Saade's LABScon 2025 keynote-day presentation on the state of cybersecurity and why this phase of our collective project has failed, and how to build something smarter, more sustainable, and deeply interconnected in its place. Juanito traces the field's evolution from chaos to consolidation, weaving in cybernetics, standardization, and the dawning coexistence of human and artificial evaluative power. The result is part philosophical sermon, part rallying cry, an invitation to reject the industry's slave morality, rethink our tools, and steer the next era of defense with intention.

On this week's meeting agenda: • Aidan escaped the sub-basement and caught a showing of The Master Plan at the newly renovated Globe Theatre. • Admin has been talking for months about how they changed the city's Design Standards so that new residential roads will be wider. How did that happen? When did that happen? Why did that happen? We have the backstory on that. • Really good news from the Housing Accelerator front! Yay! • Economic Development Regina presented their 2026 budget to city council. It did not go well. • The Regina Public Library also presented their 2026 budget to city council. It didn't go great either but at least it went better than EDR's. • The Queen City Improvement Bureau's Halloween-adjacent 10th Anniversary LIVE Show is coming up October 29, 7pm at the Artesian on 13th! • The mayor made a big funding announcement for downtown. Note: Apologies for how Paul's voice sounds like a gravel quarry that's smoked a pack of cigarettes a day for 35 years. The doctors say there's nothing modern medicine can do to speed up his vocal recovery and the satanic rituals have not helped.

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-896

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A newly disclosed vulnerability in Redis, dubbed RediShell and tracked as CVE-2025-49844, affects all Redis versions and carries a maximum CVSS score of 10.0.Cisco has disclosed a critical zero-day vulnerability—CVE-2025-20352—affecting its widely deployed IOS and IOS XE software, confirming active exploitation in the wild.Researchers at NCC Group have found that voice cloning technology has reached a level where just five minutes of recorded audio is enough to generate convincing voice clones in real time.A China-linked cyber-espionage group, tracked as UNC5221, has been systematically targeting network infrastructure appliances that lack standard endpoint detection and response (EDR) support.Dutch authorities have arrested two 17-year-old boys suspected of being recruited by pro-Russian hackers to carry out surveillance activities.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: Hacking TVs Flushable wipes are not the only problem People just want to spy on their pets, except the devices can be hacked Linux EDR is for the birds What does my hat say we love exploits and hashes ESP32s in your router RF signal generator on a PI Zero Mic-E-Mouse and other things that will probably never happen, until they do Hacking with money Uninitialized variables and other things the compiler should catch Breaking out of the shell Hacking with sound, for real, not just another side channel attack Bring back 2G When the game engine gets hacked Oracle 0-days This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-895

Help Wanted: What are these odd requests about? An odd request is hitting a number of our honeypots with a somewhat unusual HTTP request header. Please let me know if you no what the request is about. https://isc.sans.edu/forums/diary/Help+Wanted+What+are+these+odd+reuqests+about/32302/ Forta GoAnywhere MFT Vulnerability Forta s GoAnywhere MFT product suffers from a critical deserialization vulnerability. Forta released an advisory disclosing the vulnerability on Thursday. https://www.fortra.com/security/advisories/product-security/fi-2025-012 EDR Freeze A new tool, EDR Freeze, allows regular users to suspend EDR processes. https://www.zerosalarium.com/2025/09/EDR-Freeze-Puts-EDRs-Antivirus-Into-Coma.html

Alright, it's time to catch up on the final round of the Enduro World Cup in Morillon and Enduro World Champs in Aletsch Arena with Morgane Charre and Greg Callaghan. Morillon was a brand new venue which the riders said featured some of the best trails they've ever raced. With the titles already decided, it was all in for those chasing the remaining overall podium places and those looking for their first taste of EDR success. Aletsch delivered a challenging sting in the season's tail to see who would take home those sought after World Champs stripes. So sit back, hit play, and enjoy this episode with Morgane Charre and Greg Callaghan. You can also watch this episode on YouTube here. Podcast Stuff Listener Offers Downtime listeners can now get 10% off of Stashed Space Rails. Stashed is the ultimate way to sort your bike storage. Their clever design means you can get way more bikes into the same space and easily access whichever one you want to ride that day. If you have 2 or more bikes in your garage, they are definitely worth checking out. Just head to stashedproducts.com/downtime and use the code DOWNTIME at the checkout for 10% off your entire order. And just so you know, we get 10% of the sale too, so it's a win win. Patreon I would love it if you were able to support the podcast via a regular Patreon donation. Donations start from as little as £3 per month. That's less than £1 per episode and less than the price of a take away coffee. Every little counts and these donations will really help me keep the podcast going and hopefully take it to the next level. To help out, head here. Merch If you want to support the podcast and represent, then my webstore is the place to head. All products are 100% organic, shipped without plastics, and made with a supply chain that's using renewable energy. We now also have local manufacture for most products in the US as well as the UK. So check it out now over at downtimepodcast.com/shop. Newsletter If you want a bit more Downtime in your life, then you can join my newsletter where I'll provide you with a bit of behind the scenes info on the podcast, interesting bits and pieces from around the mountain bike world, some mini-reviews of products that I've been using and like, partner offers and more. You can do that over at downtimepodcast.com/newsletter. Follow Us Give us a follow on Instagram @downtimepodcast or Facebook @downtimepodcast to keep up to date and chat in the comments. For everything video, including riding videos, bike checks and more, subscribe over at youtube.com/downtimemountainbikepodcast. Are you enjoying the podcast? If so, then don't forget to follow it. Episodes will get delivered to your device as soon as it's available and it's totally free. You'll find all the links you need at downtimepodcast.com/follow. You can find us on Apple Podcast, Spotify, Google and most of the podcast apps out there. Our back catalogue of amazing episodes is available at downtimepodcast.com/episodes Photo - Sven Martin

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero's major push into vulnerability management. With its new Nuclei integration, runZero is now able to get a very accurate picture of what's vulnerable in your environment, without spraying highly privileged credentials at attackers on your network. It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud. This episode is also available on Youtube. Show notes

HR software giant Workday discloses a data breach. Researchers uncover a zero-day in Elastic's EDR software. Ghost-tapping is an emerging fraud technique where cybercriminals use NFC relay attacks to exploit stolen payment card data. Germany may be on a path to ban ad blockers. A security researcher documents multiple serious flaws in McDonald's systems. There's a new open-source framework for testing 5G security flaws. New York's Attorney General sues the banks behind Zelle over fraud allegations. The DOJ charges the alleged Zeppelin ransomware operator and seizes over $2.8 million in cryptocurrency. Tim Starks from CyberScoop discusses the overlooked changes that two Trump executive orders could bring to cybersecurity. Bots build their own echo chambers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest Today we have Tim Starks from CyberScoop discussing the overlooked changes that two Trump executive orders could bring to cybersecurity. Selected Reading HR giant Workday discloses data breach after Salesforce attack (Bleeping Computer) Researchers report zero-day vulnerability in Elastic Endpoint Detection and Respons Driver that enables system compromise (Beyond Machines) Ghost-Tapping and the Chinese Cybercriminal Retail Fraud Ecosystem (Recorded Future) Is Germany on the Brink of Banning Ad Blockers? User Freedom, Privacy, and Security Is At Risk. (Open Policy & Advocacy) How I Hacked McDonald's (Their Security Contact Was Harder to Find Than Their Secret Sauce Recipe) (bobdahacker) Boffins say tool can sniff 5G traffic, launch 'attacks' without using rogue base stations (The Register) New York claims Zelle's shoddy security enabled a billion dollars in scams  (The Verge) US Seizes $2.8 Million From Zeppelin Ransomware Operator (SecurityWeek) Researchers Made a Social Media Platform Where Every User Was AI. The Bots Ended Up at War (Gizmodo) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices