POPULARITY
Categories
In this episode, we discuss the alarming financial situation of the US as it spends more on debt interest than on national defense, and the implications for the US dollar. We outline two possible futures for the dollar – a slow decline or an overnight collapse – and describe strategies for safeguarding and growing wealth during these uncertain times. Key strategies include hedging with gold and Bitcoin, using creative financing to acquire income-producing real estate, and leveraging inflation to reduce debt and increase asset values. The episode emphasizes preparation and strategic positioning to not just survive, but thrive in an economic downturn. BUT BEFORE THAT, hear how Matt bought 55 homes without a bank! Want my exact “Rejection Letter” that closed 55 extra deals? Grab your free copy here: https://3optionloi.com/ About that thing we're doing in Vegas this month: https://intensive2025.com/ Exploit and Escape Strategy: https://drive.google.com/file/d/16EZMfOM_JYXbqs7t3OZ_fGXDqrWo0sdQ/view Learn more about your ad choices. Visit megaphone.fm/adchoices
REDIFF - Les évadés d'Alcatraz, c'est le titre d'un film mais c'est surtout une histoire vraie. L'histoire de la plus spectaculaire des évasions et de la plus mystérieuses des cavales. Un tour de passe-passe qui s'est joué à l'intérieur d'une prison forteresse. Celle d'Alcatraz, un rocher posé dans la baie de San Francisco, un pénitencier dont jamais personne n'avait réussi à s'enfuir. Trois hommes vont pourtant réussir cet exploit. Exploit qui, malgré une enquête qui n'a jamais été refermée, demeure une pure énigme. Retrouvez tous les jours en podcast le décryptage d'un faits divers, d'un crime ou d'une énigme judiciaire par Jean-Alphonse Richard, entouré de spécialistes, et de témoins d'affaires criminelles.Distribué par Audiomeans. Visitez audiomeans.fr/politique-de-confidentialite pour plus d'informations.
REDIFF - Les évadés d'Alcatraz, c'est le titre d'un film mais c'est surtout une histoire vraie. L'histoire de la plus spectaculaire des évasions et de la plus mystérieuse des cavales. Un tour de passe-passe qui s'est joué à l'intérieur d'une prison forteresse. Celle d'Alcatraz, un rocher posé dans la baie de San Francisco, un pénitencier dont jamais personne n'avait réussi à s'enfuir. Trois hommes vont pourtant réussir cet exploit. Exploit qui, malgré une enquête qui n'a jamais été refermée, demeure une pure énigme. Retrouvez tous les jours en podcast le décryptage d'un faits divers, d'un crime ou d'une énigme judiciaire par Jean-Alphonse Richard, entouré de spécialistes, et de témoins d'affaires criminelles.Distribué par Audiomeans. Visitez audiomeans.fr/politique-de-confidentialite pour plus d'informations.
Mike Johnson, Beau Morgan, and Ali Mac talk about some of the biggest storylines that came out of the first day of the SEC meetings yesterday, let you hear Kirby Smart give his thoughts on the transfer portal, react to what Coach Smart had to say, and talk about how Kirby is figuring out how to exploit transfer portal and transfer portal windows.
The episode discusses Moody's recent downgrade of the US credit rating from AAA to AA1, outlining the potential impacts on rent, savings, and jobs. Matt explores the reasons behind the downgrade, previous downgrades by Standard & Poor's and Fitch, and the broader economic implications. It criticizes the US government's handling of its debt and highlights contrasting views from President Trump and major financial entities. The episode also provides a 'five-step exploit and escape strategy' to protect oneself, focusing on hedging with gold and Bitcoin, leveraging debt, securing cheap loans, investing in income-producing real estate, and using inflation to one's advantage. BUT BEFORE THAT, hear why Costco is acting like a central bank! About the "EXPLOIT & ESCAPE" strategy: https://drive.google.com/file/d/16EZMfOM_JYXbqs7t3OZ_fGXDqrWo0sdQ/view?pli=1 Learn more about your ad choices. Visit megaphone.fm/adchoices
On today's episode, Vince welcomes back investigative journalist Katarina Szulc for a conversation on the evolving dynamics of U.S.-Mexico relations and cartel activity across North America. They discuss Mexico's refusal to accept U.S. assistance in the fight against organized crime, the growing presence of cartels in Canada, and the challenges posed by Canada's legal system in addressing transnational threats. Katarina also shares details about her new work in investigative journalism, focused on exposing organized crime and cartel operations. Borderland is an IRONCLAD Original Watch Borderland: DISPATCHES everywhere you get your podcasts and on Youtube @thisisironclad starting May 20th. SPONSORS: 1stPhorm visit: https://www.1stphorm.com/borderland Free shipping through this link on any orders over $75 Free 30 days in the app for new customers (offer comes via email after the purchase) 110% money back guarantee on all of our products. We believe fully in our products. If you don't love the product or you aren't getting the results you hoped for, let us know and we'll give you your money back … plus 10%! Learn more about your ad choices. Visit megaphone.fm/adchoices
Bienvenue dans Radio Foot 16h10-21h10 T.U. À la Une de cette 1ère émission de la semaine : - Le Cameroun perd un de ses plus grands joueurs. Emmanuel Kundé, ancien capitaine des Lions Indomptables, disparu vendredi à l'âge de 68 ans. ; - Angleterre, la révolution de Palace ! ; - Ligue 1, fin de saison et clubs historiques à la peine. Saint-Étienne à peine remonté, finalement rétrogradé après avoir échoué à domicile face à Toulouse. - Le Cameroun perd un de ses plus grands joueurs. Emmanuel Kundé, ancien capitaine des Lions Indomptables, disparu vendredi à l'âge de 68 ans. Passé par le Canon de Yaoundé, Laval et Reims, le défenseur aux 127 sélections avait remporté la CAN à 2 reprises (1984 et 1988) et disputé 2 Coupes du Monde (1982 et 90). On se souvient notamment d'un penalty crucial inscrit face à l'Angleterre en ¼ de finale, contribuant au magnifique parcours camerounais en Italie. La disparition d'un « baobab », a réagi Rigobert Song. Son ancien coéquipier, André Kana Biyik évoque un « Monstre Sacré ». Un leader silencieux qui a marqué ses coéquipiers par ses exploits mais aussi par son humanité, on l'évoquera avec Joseph-Antoine Bell.- Angleterre, la révolution de Palace ! Crystal Palace a remporté la 144è édition de la FA Cup à Wembley. En battant les Cityzens 1-0, les Eagles s'adjugent pour le 1er trophée majeur de leur longue histoire. Une année sans pour l'équipe de Pep Guardiola, qui doit encore assurer sa place en C1.- Ligue 1, fin de saison et clubs historiques à la peine. Saint-Étienne à peine remonté, finalement rétrogradé après avoir échoué à domicile face à Toulouse. Montpellier était déjà assuré de la relégation en L2. Mauvaise affaire pour Reims, battu 2-1 à Lille, qui termine 16è et devra concentrer ses efforts sur le barrage aller-retour face à Metz. - Exploit du Havre qui arrache une victoire 3-2 à Strasbourg et le maintien, grâce au capitaine Abdoulaye Touré. L'international guinéen auteur de 2 penaltys, dont une « Panenka » pleine de sang froid à la 90è+9, dont les Ciel et Marine se souviendront longtemps !Avec Hugo Moissonnier : Hervé Penot, Éric Rabesandratana et Bruno Constant. Technique/réalisation : Laurent Salerno - Pierre Guérin.
Bienvenue dans Radio Foot 16h10-21h10 T.U. À la Une de cette 1ère émission de la semaine : - Le Cameroun perd un de ses plus grands joueurs. Emmanuel Kundé, ancien capitaine des Lions Indomptables, disparu vendredi à l'âge de 68 ans. ; - Angleterre, la révolution de Palace ! ; - Ligue 1, fin de saison et clubs historiques à la peine. Saint-Étienne à peine remonté, finalement rétrogradé après avoir échoué à domicile face à Toulouse. - Le Cameroun perd un de ses plus grands joueurs. Emmanuel Kundé, ancien capitaine des Lions Indomptables, disparu vendredi à l'âge de 68 ans. Passé par le Canon de Yaoundé, Laval et Reims, le défenseur aux 127 sélections avait remporté la CAN à 2 reprises (1984 et 1988) et disputé 2 Coupes du Monde (1982 et 90). On se souvient notamment d'un penalty crucial inscrit face à l'Angleterre en ¼ de finale, contribuant au magnifique parcours camerounais en Italie. La disparition d'un « baobab », a réagi Rigobert Song. Son ancien coéquipier, André Kana Biyik évoque un « Monstre Sacré ». Un leader silencieux qui a marqué ses coéquipiers par ses exploits mais aussi par son humanité, on l'évoquera avec Joseph-Antoine Bell.- Angleterre, la révolution de Palace ! Crystal Palace a remporté la 144è édition de la FA Cup à Wembley. En battant les Cityzens 1-0, les Eagles s'adjugent pour le 1er trophée majeur de leur longue histoire. Une année sans pour l'équipe de Pep Guardiola, qui doit encore assurer sa place en C1.- Ligue 1, fin de saison et clubs historiques à la peine. Saint-Étienne à peine remonté, finalement rétrogradé après avoir échoué à domicile face à Toulouse. Montpellier était déjà assuré de la relégation en L2. Mauvaise affaire pour Reims, battu 2-1 à Lille, qui termine 16è et devra concentrer ses efforts sur le barrage aller-retour face à Metz. - Exploit du Havre qui arrache une victoire 3-2 à Strasbourg et le maintien, grâce au capitaine Abdoulaye Touré. L'international guinéen auteur de 2 penaltys, dont une « Panenka » pleine de sang froid à la 90è+9, dont les Ciel et Marine se souviendront longtemps !Avec Hugo Moissonnier : Hervé Penot, Éric Rabesandratana et Bruno Constant. Technique/réalisation : Laurent Salerno - Pierre Guérin.
A ton of awesome releases and advancements in this month's ModChat! First comes the release of the Lapse Kernel Exploit for both PS4 12.02 and PS5 10.05 firmwares. BadHTAB for the PS3 evolves into BadWDSD, a separate but better and more exciting development for PS3 owners allowing further access now on Super Slim variants! The original Xbox revision 1.6 gets a huge development as well, now with the ability to reflash the on-board BIOS for the first time. We touch up on some Switch news for the first time in a while, with a new Atmosphere CFW update for the latest Switch firmware, but not all good news when we discuss the EULA changes. However, some reverse engineering efforts towards the WaveBird receiver, Mario Party 4, Mario Kart 64, and even Dinosaur Planet have all released this month!
Today I'm joined by Derek Hansen, VP of Operations at Cox Automotive. We get into how AI is reshaping inventory pricing, pro tips for navigating vehicle tariffs, where vAuto is innovating next—and more. If your dealership is interested in learning more, reach out to Derek by email: derek.hansen@coxautoinc.com This episode is brought to you by: 1, Toma – If your BDC or Service Advisors are buried in calls, it's time for a smarter solution. Toma builds custom AI agents that answer 100% of your dealership's inbound calls and handle tasks like booking service, checking recalls, and scheduling test drives—without tying up your team. Dealers using Toma are saving 30–40 staff hours a week and booking 100+ extra appointments every month. Exclusive for CDG Listeners: Start your no-risk, 1-month free trial @ toma.com/cdg 2. Experian Automotive - Like most Car Dealership Guy Listeners, you're constantly looking for the inside edge on the auto industry. So if you're ready to step up your game to the next level – outpacing the competition and building customer loyalty – there's only one place to go from here: Experian Automotive. They're the only ones with exclusive data across vehicles, consumers, and credit—plus expert data scientists who connect the dots to uncover the insights you need. Get the industry-leading insights from Experian Automotive today! Learn more by visiting @ https://carguymedia.com/4cfcLjZ Need help finding top automotive talent? Get started here: https://www.cdgrecruiting.com/ Interested in advertising with Car Dealership Guy? Drop us a line here: https://cdgpartner.com Interested in being considered as a guest on the podcast? Add your name here: https://bit.ly/3Suismu Topics: 00:15 Biggest inventory challenges today? 00:34 What shaped your career path? 01:08 How is AI changing auto? 03:38 Current market trends to watch? 07:11 Best dealer strategies now? 09:37 How to improve appraisals? 15:45 Global car sourcing tips? 21:39 How predictive analytics helps sales? 33:09 Future car inventory predictions? Check out Car Dealership Guy's stuff: CDG News ➤ https://news.dealershipguy.com/ CDG Jobs ➤ https://jobs.dealershipguy.com/ CDG Recruiting ➤ https://www.cdgrecruiting.com/ My Socials: X ➤ x.com/GuyDealership Instagram ➤ instagram.com/cardealershipguy/ TikTok ➤ tiktok.com/@guydealership LinkedIn ➤ linkedin.com/company/cardealershipguy Threads ➤ threads.net/@cardealershipguy Facebook ➤ facebook.com/profile.php?id=100077402857683 Everything else ➤ dealershipguy.com This podcast is for informational purposes only and should not be relied upon as a basis for investment decisions.
Scammers aren't just phishing your inbox anymore—they're impersonating your voice, your face, and even your coworkers. Deep fakes and social engineering have moved beyond clever tricks and become powerful tools that bad actors are using to infiltrate businesses, breach accounts, and dismantle trust at scale. What used to take a hacker hours and expensive tools can now be done in minutes by anyone with a Wi-Fi connection and a little malicious intent. Our guest today is Aaron Painter, CEO of Nametag, a company leading the charge in next-generation identity verification. Aaron's background includes 14 years at Microsoft and executive roles in cloud tech across Europe and Asia. After witnessing firsthand how easily identity theft could unravel lives—especially during the shift to remote everything—he founded Nametag to answer a critical question: how can we know who's really behind the screen? With Nametag, Aaron is building real-time, high-security ID checks that are already reshaping how help desks and businesses protect users. In this conversation, we unpack the difference between authentication and identity, why traditional methods like security questions are dangerously outdated, and how mobile tech and biometrics are changing the game. Aaron also shares practical tips on protecting your most valuable digital asset—your email—and what consumers and companies alike can do to stay ahead of evolving threats. This one's packed with insight, and more relevant than ever. Show Notes: [00:54] Aaron is the CEO of Nametag. A company he started 5 years ago that focuses on identity verification at high-risk moments. [01:37] He spent 14 years at Microsoft working on product including at Microsoft China. He also ran a cloud computing company that was AWS's largest partner in Europe. [02:12] When everything went remote in 2020, he discovered that there were identity verification issues over phone lines. [03:03] He began building technology that will help accurately identify people when they call in to support or help desks. [04:22] Most of what we think of as identity is really just authentication. [07:41] A common new challenge is the rise of remote work and people having to connect remotely. The rise of technologies that make it easier to impersonate someone is also a problem. [10:38] Knowing who you hire and who you're working with matters. [11:03] Deep fakes and voice cloning has become so much easier. [15:47] How platforms have a responsibility to know their users. [18:11] How deep fakes are being exploited in the corporate world. [19:30] The vulnerability is often the human processes. Back doors and side doors are deleting ways that companies are breached. [23:53] High value accounts and companies that know they have something to protect our early adopters of Aaron's technology. [24:50] Identity verification methods including using mobile phones. The device has cryptography. [27:07] Behavioral biometrics include the way we walk or the way we type. [29:56] If you're working with a company that offers additional security tools, take them up on it. [34:04] Dating sites are starting to do verification profiles. [43:07] We all need to push for more secure ways to protect our accounts. [43:48] The importance of protecting your email. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Aaron Painter - LinkedIn Nametag Aaron Painter - Facebook LOYAL: A Leader's Guide to Winning Customer and Employee Loyalty
On commence évidemment avec la nomination du nouveau Pape, Robert Francis Prevost renommé Léon 14, 70 ans américain originaire de Chicago
On commence évidemment avec la nomination du nouveau Pape, Robert Francis Prevost renommé Léon 14, 70 ans américain originaire de Chicago
durée : 00:03:07 - L'info d'ici, ici Maine - C'est une journée historique dont les fans de MotoGP se souviendront pendant longtemps. Le pilote français Johann Zarco a remporté le Grand Prix de France Moto au Mans ce dimanche 11 mai 2025, sous la pluie, devant plus de 120.000 spectateurs.
Today, Hunter spoke with Julie Ciccolini, the CEO of Techtivist. When she was working as a paralegal at the NY Legal Aid Society, Julie, like so many in a Public Defender Office, realized that there was immense amounts of data on police misconduct that was going un-used. So, Julie helped to set up a database that allowed Public Defenders to track and use this data in their cases. Realizing that this issue extended far beyond New York, Julie founded Techtivist as a way to help Public Defenders set up and utilize databases that keep track of police misconduct. Guest Julie Ciccolini, CEO, Techtivist Resources: Check out Techtivist Here https://www.techtivist.com/ Read the Blue Wall of Silence Report Here https://www.nacdl.org/Document/DismantlingtheBlueWallofSilenceTrackLawEnfMiscond Contact Hunter Parnell: Publicdefenseless@gmail.com Instagram @PublicDefenselessPodcast Twitter @PDefenselessPod www.publicdefenseless.com Subscribe to the Patron www.patreon.com/PublicDefenselessPodcast Donate on PayPal https://www.paypal.com/donate/?hosted_button_id=5KW7WMJWEXTAJ Donate on Stripe https://donate.stripe.com/7sI01tb2v3dwaM8cMN Trying to find a specific part of an episode? Use this link to search transcripts of every episode of the show! https://app.reduct.video/o/eca54fbf9f/p/d543070e6a/share/c34e85194394723d4131/home
SAP zero-day vulnerability under widespread active exploitation Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts Cybersecurity firm CEO charged with installing malware on hospital systems Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
We've all heard of the Robbie Williams Monkey Movie, right? It's all fun and games in the world of the movie, but what if you actually had a little ape son? How would that even work? Super ape sperm? Maybe a super ape egg? So many questions, but as always, the most important seems to be how we can exploit him for money.Links to everything at https://linktr.ee/plumbingthedeathstar including our terrible merch, social media garbage and where to become a subscriber to Bad Brain Boys+Support Jarren's Outpost on Kickstarter: https://www.kickstarter.com/projects/dndnerds/jarrens-outpost Hosted on Acast. See acast.com/privacy for more information.
Tous les dimanches à minuit, Daniel Riolo propose une heure de show en direct avec Moundir Zoughari pour les passionnés de poker. Conseils d'un joueur professionnel, actualité, tournois... Votre rendez-vous poker, sur RMC !
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Attacks against Teltonika Networks SMS Gateways Attackers are actively scanning for SMS Gateways. These attacks take advantage of default passwords and other commonly used passwords. https://isc.sans.edu/diary/Attacks%20against%20Teltonika%20Networks%20SMS%20Gateways/31888 Commvault Vulnerability CVE-2205-34028 Commvault, about a week ago, published an advisory and a fix for a vulnerability in its backup software. watchTowr now released a detailed writeup and exploit for the vulnerability https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/ Exploitation Trends Q1 2025 Vulncheck published a summary of exploitation trends, pointing out that about a quarter of vulnerabilities are exploited a day after a patch is made available. https://vulncheck.com/blog/exploitation-trends-q1-2025 inetpub directory issues The inetpub directory introduced by Microsoft in its April patch may lead to a denial of service against applying patches on Windows if an attacker can create a junction for that location pointing to an existing system binary like Notepad. https://doublepulsar.com/microsofts-patch-for-cve-2025-21204-symlink-vulnerability-introduces-another-symlink-vulnerability-9ea085537741
Alex Golden and Rohan Katti from The Gyro Step Podcast dive into everything Game 3 has in store. What adjustments will the Bucks make? How dominate Indiana has been this series in Games 1 & 2, what winning or losing this first round series means for the future of the Bucks, why the Bucks can still win this, why Indiana is the better overall team, what to expect from Milwaukee's crowd, lineup changes and more!
IBM has released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. The 2025 report tracks new and existing trends and attack patterns - pulling from incident response engagements, dark web and other threat intelligence sources. Some key findings in the 2025 report include: Critical infrastructure organizations accounted for 70% of all attacks that IBM X-Force responded to last year, with more than one quarter of these attacks caused by vulnerability exploitation. More cybercriminals opted to steal data (18%) than encrypt it (11%) as advanced detection technologies and increased law enforcement efforts pressure cybercriminals to adopt faster exit paths. Nearly one in three incidents observed in 2024 resulted in credential theft, as attackers invest in multiple pathways to quickly access, exfiltrate and monetize login information. "Cybercriminals are most often breaking in without breaking anything - capitalizing on identity gaps overflowing from complex hybrid cloud environments that offer attackers multiple access points" said Mark Hughes, Global Managing Partner of Cybersecurity Services at IBM. "Businesses need to shift away from an ad-hoc prevention mindset and focus on proactive measures such as modernizing authentication management, plugging multi-factor authentication holes and conducting real-time threat hunting to uncover hidden threats before they expose sensitive data." Patching Challenges Expose Critical Infrastructure Sectors to Sophisticated Threats Reliance on legacy technology and slow patching cycles prove to be an enduring challenge for critical infrastructure organizations as cybercriminals exploited vulnerabilities in more than one-quarter of incidents that IBM X-Force responded to in this sector last year. In reviewing the common vulnerabilities and exposures (CVEs) most mentioned on dark web forums, IBM X-Force found that four out of the top ten have been linked to sophisticated threat actor groups, including nation-state adversaries, escalating the risk of disruption, espionage and financial extortion. Exploit codes for these CVEs were openly traded on numerous forums - fueling a growing market for attacks against power grids, health networks and industrial systems. This sharing of information between financially motivated and nation-state adversaries highlights the increasing need for dark web monitoring to help inform patch management strategies and detect potential threats before they are exploited. Automated Credential Theft Sparks Chain Reaction In 2024, IBM X-Force observed an uptick in phishing emails delivering infostealers and early data for 2025 reveals an even greater increase of 180% compared to 2023. This upward trend fueling follow-on account takeovers may be attributed to attackers leveraging AI to create phishing emails at scale. Credential phishing and infostealers have made identity attacks cheap, scalable and highly profitable for threat actors. Infostealers enable the quick exfiltration of data, reducing their time on target and leaving little forensic residue behind. In 2024, the top five infostealers alone had more than eight million advertisements on the dark web and each listing can contain hundreds of credentials. Threat actors are also selling adversary-in-the-middle (AITM) phishing kits and custom AITM attack services on the dark web to circumvent multi-factor authentication (MFA). The rampant availability of compromised credentials and MFA bypass methods indicates a high-demand economy for unauthorized access that shows no signs of slowing down. Ransomware Operators Shift to Lower-Risk Models While ransomware made up the largest share of malwa...
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Microsoft Entra User Lockout Multiple organizations reported widespread alerts and account lockouts this weekend from Microsoft Entra. The issue is caused by a new feature Microsoft enabled. This feature will lock accounts if Microsoft believes that the password for the account was compromised. https://www.bleepingcomputer.com/news/microsoft/widespread-microsoft-entra-lockouts-tied-to-new-security-feature-rollout/ https://learn.microsoft.com/en-us/entra/identity/authentication/feature-availability Erlang/OTP SSH Exploit An exploit was published for the Erlang/OTP SSH vulnerability. The vulnerability is easy to exploit, and the exploit and a Metasploit module allow for easy remote code execution. https://github.com/exa-offsec/ssh_erlangotp_rce/blob/main/ssh_erlangotp_rce.rb Sonicwall Exploited An older command injection vulnerability is now exploited on Sonicwall devices after initially gaining access by brute-forcing credentials. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022 Unpatched Vulnerability in Bubble.io An unpatched vulnerability in the no-code platform bubble.io can be used to access any project hosted on the site. https://github.com/demon-i386/pop_n_bubble
Jérôme Rothen se chauffe contre un autre consultant, un éditorialiste ou un acteur du foot.
A whole lot has happened since the last episode of ModChat, and there's still been a few topics not covered within this episode! For the ones we do go into, the first is covering some major progress on the PlayStation Home revival project Home Laboratory, which is now available by default on the XMB for the latest PS3HEN and Evilnat CFW users on PS3! The PS3 also gets some renewed Hypervisor related interest in the form of BadHTAB, which is based on old HTAB related work from geohot and has been worked on here again in 2025. The Xbox 360 side of house gets more love, with Sonic Unleashed being ported to PC thanks to XenonRecomp, both of which have been released. The OG Xbox gets a fancy new payload in the form of Skeleton Key which serves as a Swiss Army Knife for stock OG Xbox users to run and quickly have several powerful tools available on their screen with minimal effort. Finally, a new FATXplorer tool releases in the form of XDON, allowing for easy Xbox and Xbox 360 drive mounting over a network.
On the show this week - Guy wants to know what video game we would create if we had a time machine and could release any game we want at any point in time. One idea was normal, one was a little kooky, and one felt wrong to say out loud. Which one of the three games do you think would make the most money on release?Follow us here - https://linktr.ee/extremelycasualgamers Hosted on Acast. See acast.com/privacy for more information.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Network Infraxploit Our undergraduate intern, Matthew Gorman, wrote up a walk through of CVE-2018-0171, an older Cisco vulnerability, that is still actively being exploited. For example, VOLT TYPHOON recently exploited this problem. https://isc.sans.edu/diary/Network+Infraxploit+Guest+Diary/31844 Windows Update Issues / Windows 10 Update Microsoft updated its "Release Health" notes with details regarding issues users experiences with Windows Hello, Citrix, and Roblox. Microsoft also released an emergency update for Office 2016 which has stability problems after applying the most recent update. https://support.microsoft.com/en-us/topic/april-8-2025-kb5055523-os-build-26100-3775-277a9d11-6ebf-410c-99f7-8c61957461eb https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3521 https://support.microsoft.com/en-us/topic/april-10-2025-update-for-office-2016-kb5002623-d60c1f31-bb7c-4426-b8f4-69186d7fc1e5 Dell Updates Dell releases critical updates for it's Powerscale One FS product. In particular, it fixes a default password problem. https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities Langflow Vulnerablity (possible exploit scans sighted) CVE-2025-3248 Langflow addressed a critical vulnerability end of March. This writeup by Horizon3 demonstrates how the issue is possibly exploited. We have so far seen one "hit" in our honeypot logs for the vulnerable API endpoint URL. https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
In this episode of Breaking Badness, host Kali Fencl is joined by DomainTools' Daniel Schwabe and disinformation expert Scot Terban to uncover how modern Russian disinformation campaigns are using domain registrars, homoglyph attacks, and generative AI to mimic legitimate news outlets and manipulate public perception. From the eerie sophistication of Doppelganger operations to the exploitation of domain infrastructure, this episode sheds light on how truth is being weaponized in the digital era. We also explore how AI is accelerating the speed and scale of these attacks, and the limited levers defenders have to push back.
Ligue des champions quart de finale aller suite et fin. Unai Emery retrouve Paris... Et Luis Enrique. Le Basque, désormais entraîneur d'Aston Villa, opposé à l'Asturien, homme de la remontada du Barça, face au PSG il y a huit ans. L'heure de la revanche ? Les Parisiens sans Marquinhos, les Claret & Blue avec deux anciens de la capitale : Lucas Digne et Marco Asensio, redoutables en sortie de banc. Va-t-il lui briller contre son ex ? Le gardien champion du monde, showman provocateur, Dibu Martinez, va recroiser Ousmane Dembélé dont on attend beaucoup.Paris sacré en Ligue 1, les Villans visent le Big 4 dans leur championnatDes atouts offensifs. Outre Asensio : Malen, Rogers, Watkins, Rashford. Le physique des Anglais, adeptes du pressing haut, face à la fougue des jeunes Rouge et Bleu. Paris va-t-il répondre aux attentes ? Barcelone/Dortmund, retrouvailles du premier tour, et autre face à face entre coaches compatriotesNouvelle confrontation spectaculaire ? Des Blaugranas invaincus en 2025 et favoris, Lewandowski en réussite face à un de ses anciens clubs. Les Borussen, finalistes de la dernière édition, privés de Schlotterbeck et Sabitzer, compteront notamment sur Guirassy (10 buts en 12 matches de C1).Deux mastodontes K.O.Les Merengues foudroyés par les Gunners à Londres. Deux pétards signés Declan Rice, Mikel Merino pour conclure le feu d'artifice. La machine à gagner des expérimentés madrilènes s'est enrayée. Exploit possible au Bernabeu la semaine prochaine ?Le Bayern battu après 22 matches d'invincibilité à domicile dans la compétition. Kompany et les sextuples vainqueurs pensent pouvoir renverser l'Inter à Milan, où les Bavarois se sont déjà imposés par le passé. Arteta et Inzagui, émergence de coachs quadragénaires bientôt au sommet de l'Europe ? Ancelotti proche de la sortie ? Le « Mister » sait renverser des situations compliquées, mais semble à court de solutions.Avec Annie Gasnier : Éric Rabesandratana, Ludovic Duchesne, Jean-Philippe BouchardTechnique/réalisation Laurent Salerno – David Fintzel/Pierre Guérin
Ligue des champions quart de finale aller suite et fin. Unai Emery retrouve Paris... Et Luis Enrique. Le Basque, désormais entraîneur d'Aston Villa, opposé à l'Asturien, homme de la remontada du Barça, face au PSG il y a huit ans. L'heure de la revanche ? Les Parisiens sans Marquinhos, les Claret & Blue avec deux anciens de la capitale : Lucas Digne et Marco Asensio, redoutables en sortie de banc. Va-t-il lui briller contre son ex ? Le gardien champion du monde, showman provocateur, Dibu Martinez, va recroiser Ousmane Dembélé dont on attend beaucoup.Paris sacré en Ligue 1, les Villans visent le Big 4 dans leur championnatDes atouts offensifs. Outre Asensio : Malen, Rogers, Watkins, Rashford. Le physique des Anglais, adeptes du pressing haut, face à la fougue des jeunes Rouge et Bleu. Paris va-t-il répondre aux attentes ? Barcelone/Dortmund, retrouvailles du premier tour, et autre face à face entre coaches compatriotesNouvelle confrontation spectaculaire ? Des Blaugranas invaincus en 2025 et favoris, Lewandowski en réussite face à un de ses anciens clubs. Les Borussen, finalistes de la dernière édition, privés de Schlotterbeck et Sabitzer, compteront notamment sur Guirassy (10 buts en 12 matches de C1).Deux mastodontes K.O.Les Merengues foudroyés par les Gunners à Londres. Deux pétards signés Declan Rice, Mikel Merino pour conclure le feu d'artifice. La machine à gagner des expérimentés madrilènes s'est enrayée. Exploit possible au Bernabeu la semaine prochaine ?Le Bayern battu après 22 matches d'invincibilité à domicile dans la compétition. Kompany et les sextuples vainqueurs pensent pouvoir renverser l'Inter à Milan, où les Bavarois se sont déjà imposés par le passé. Arteta et Inzagui, émergence de coachs quadragénaires bientôt au sommet de l'Europe ? Ancelotti proche de la sortie ? Le « Mister » sait renverser des situations compliquées, mais semble à court de solutions.Avec Annie Gasnier : Éric Rabesandratana, Ludovic Duchesne, Jean-Philippe BouchardTechnique/réalisation Laurent Salerno – David Fintzel/Pierre Guérin
In this episode of the Risk Management Show podcast, we expose AI scams with insights from Dmitri Vellikok, VP of Embedded Security at F-Secure. Discover how hackers exploit automation and AI to refine their tactics, craft convincing scams, and target victims with precision. Dmitri shares his 20+ years of expertise in cyber security, offering unique perspectives on hacker psychology, attack automation, and advanced threats like deepfakes and impersonation scams. We also discuss the importance of proactive protection through education, digital spring cleaning, and layered cyber security measures. If you're interested in being a guest or suggesting a guest, send your email to info@globalriskconsult.com with "Podcast Guest" in the subject line. Stay tuned to the Global Risk Community for expert insights on risk management, cyber security, and sustainability challenges.
You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs Show Notes: https://securityweekly.com/esw-401
You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs Show Notes: https://securityweekly.com/esw-401
Exploit technologique en même temps que tour de force politique, l'avion supersonique Concorde a incarné les rêves d'une génération. Mention légales : Vos données de connexion, dont votre adresse IP, sont traités par Radio Classique, responsable de traitement, sur la base de son intérêt légitime, par l'intermédiaire de son sous-traitant Ausha, à des fins de réalisation de statistiques agréées et de lutte contre la fraude. Ces données sont supprimées en temps réel pour la finalité statistique et sous cinq mois à compter de la collecte à des fins de lutte contre la fraude. Pour plus d'informations sur les traitements réalisés par Radio Classique et exercer vos droits, consultez notre Politique de confidentialité.Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.
Les footballeurs parlent aux footballeurs ! « Rothen s'enflamme », le rendez-vous des passionnés du ballon rond revient pour une deuxième saison !
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
XWiki Search Vulnerablity Exploit Attempts (CVE-2024-3721) Our honeypot detected an increase in exploit attempts for an XWiki command injection vulnerablity. The vulnerability was patched last April, but appears to be exploited more these last couple days. The vulnerability affects the search feature and allows the attacker to inject Groovy code templates. https://isc.sans.edu/diary/X-Wiki%20Search%20Vulnerability%20exploit%20attempts%20%28CVE-2024-3721%29/31800 Correction: FBI Image Converter Warning The FBI's Denver office warned of online file converters, not downloadable conversion tools https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam VMWare Vulnerability Broadcom released a fix for a VMWare Tools vulnerability. The vulnerability allows users of a Windows virtual machine to escalate privileges within the machine. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518 Draytek Reboots Over the weekend, users started reporting Draytek routers rebooting and getting stuck in a reboot loop. Draytek now published advise as to how to fix the problem. https://faq.draytek.com.au/docs/draytek-routers-rebooting-how-to-solve-this-issue/ Microsoft Managemnt Console Exploit CVE-2025-26633 TrendMicro released details showing how the MMC vulnerability Microsoft patched as part of its patch tuesday this month was exploited. https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html
EncryptHub linked to Microsoft Management Console exploit Security Copilot gets AI agents A call for more PETs in government Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Rob Henderson is a developmental psychologist, author of the New York Times bestseller Troubled and columnist for the Free Press and the Boston Globe.In this episode of World of DaaS, Rob and Auren discuss:How elites exploit the poor with luxury beliefsThe vital importance of marriage for upward mobilityThe conspiracy behind useless college degreesThe “late bloomers” phenomenonLooking for more tech, data and venture capital intel? Head to worldofdaas.com for our podcast, newsletter and events, and follow us on X @worldofdaas. You can find Auren Hoffman on X at @auren and on X at @robkhenderson. Editing and post-production work for this episode was provided by The Podcast Consultant (https://thepodcastconsultant.com)
When men were lured into the attractive Sheila LaBarre's web of deceit, her desire for control over them would lead to domestic disputes, insane abuse, and eventually a path so destructive, it would turn into murder. Control Body Odor ANYWHERE with @lumedeodorant and get 15% off with promo code SINISTER at https://Lumepodcast.com/SINISTER #lumepod Check out https://www.squarespace.com/SINISTER to save 10% off your first purchase of a website or domain using code SINISTER. Main channel: https://www.youtube.com/@bozevstheworld 2nd true crime channel: https://www.youtube.com/@bozebutshorter 3rd non-true crime channel: https://www.youtube.com/@bozesbreakroom Learn more about your ad choices. Visit podcastchoices.com/adchoices
Retour sur l'élection hier jeudi de Kirsty Coventry à la tête du Comité international olympique. La double championne olympique de natation zimbabwéenne l'a emporté dès le premier tour (avec un total de 49 voix sur 97 votes exprimés) et s'est imposée face à six autres candidats. Comment a-t-elle été élue, pourquoi, et qu'est-ce que cela signifie pour l'Afrique ? Jean-Loup Chappelet est professeur émérite à l'Université de Lausanne. Grand spécialiste du mouvement olympique, il répond aux questions de Christophe Jousset. RFI : Vous observez la vie du mouvement olympique depuis plus de 50 ans. Quelle a été votre réaction en apprenant la victoire de Kirsty Coventry ? Jean-Loup Chappelet : Ça a été un peu une surprise, effectivement, parce qu'avec sept candidats, tout le monde attendait plusieurs tours de scrutin et elle a gagné au premier tour au-delà de la majorité absolue, c'est quand même un exploit. Et c'est une très bonne nouvelle, je trouve, pour le CIO, pour toutes sortes de raisons.On citait deux favoris supposés Juan Antonio Samaranch Junior, qui obtient 28 voix, Sebastian Coe se contente de huit voix… La surprise est effectivement considérable ?Oui, Sebastian Coe était vu comme un favori surtout par les médias et les médias britanniques, en particulier, parce qu'il a fait une campagne orientée sur les médias et sur les réseaux sociaux. Mais ceux qui votent, ce ne sont pas les journalistes, ce ne sont pas les gens qui regardent les réseaux sociaux, ce sont les membres du CIO. Et il y a la moitié des membres qui sont des femmes aussi. Et il y a une incontestable poussée des athlètes parmi les membres et des personnes assez jeunes aussi. Je pense que l'âge a joué un rôle. Autrefois, pour être président du CIO, il fallait avoir environ 60 ans. Aujourd'hui, Kirsty Coventry a 41 ans.On continue de voir le CIO comme un mouvement plutôt conservateur. On se trompe ? Oui, je pense que depuis longtemps, le CIO a évolué. On n'est plus au temps de Coubertin, on est au XXIᵉ siècle et au XXIᵉ siècle, le pouvoir des athlètes est de plus en plus important. Kirsty Coventry a quand même gagné sept médailles, dont deux d'or, ce qui fait d'elle la première présidente du CIO qui est autant médaillée.Quel a été le poids du soutien du président sortant Thomas Bach dans la victoire de Kirsty Coventry, selon vous ? Je pense qu'il a été essentiel. Je pense qu'il a déjà incité Kirsty Coventry à être candidate, en tant qu'athlète, en tant que présidente de la Commission des athlètes à un moment donné, en tant qu'africaine aussi. Je pense qu'il a favorisé cette candidature parce qu'il y a vu un plus pour le CIO, un coup de jeune, si j'ose dire, pour le CIO.On dit que Kirsty Coventry avait le programme le moins concret des sept candidats, elle a été habile ?Je ne crois pas que ce soit vrai. Il y a des choses très intéressantes dans ces manifestes. C'est sûr que présider le CIO doit tenir compte des évolutions de la société et des changements. Et on ne peut pas prendre de position absolue sans tenir compte de ce qui se passe dans le monde. Par exemple, l'élection de Donald Trump aux États-Unis, parce que le premier défi de la présidente du CIO, ça sera d'avoir des Jeux olympiques en 2028 à Los Angeles et de gérer la question des athlètes féminines. Le président des États-Unis tient à ce que, à juste titre d'ailleurs, des femmes puissent participer à la catégorie féminine.À propos de l'accès des athlètes transgenres aux Jeux olympiques de Los Angeles, Kirsty Coventry a dit « Nous ne dérogerons pas à nos valeurs de solidarité ». C'est un bras de fer qui s'annonce avec Donald Trump ?Je ne pense pas. La solidarité, elle doit être avec les athlètes qui sont femmes, c'est-à-dire qui sont biologiquement avec le chromosome X X. Et ça, c'est quand même la première solidarité pour que ces athlètes puissent concourir de façon sûre et avoir une chance de gagner une médaille.C'est la première fois que l'Afrique se retrouve à la tête du Comité international olympique. Est-ce que pour 2036, qui sont les prochains Jeux d'été à attribuer, ça peut être décisif ? Ça peut être une première pour l'Afrique ?Ça peut l'être, mais c'est loin d'être certain parce qu'il n'y a pas pour l'instant de candidature africaine aux Jeux de 2036. Alors peut être la décision d'aujourd'hui créera des candidatures, par exemple en Afrique du Sud, par exemple au Maroc ou ailleurs en Afrique. Mais il y a aussi des candidatures en Asie et il y a une rotation des continents. Après donc l'Europe avec Paris 2024, les Etats-Unis avec Los Angeles 2028, l'Australie avec Brisbane 2032, ça peut être aussi le tour de l'Asie ou de l'Afrique.À lire aussiKirsty Coventry, une vie consacrée au sport
03/20/25: Joel Heitkamp is joined on "News and Views" by the host of "Afternoons Live," Tyler Axness. They discuss the sentencing memorandum that was posted Wednesday by Acting U.S. Attorney Jennifer Klemetsrud Puhl regarding former State Senator Ray Holmberg's sentencing next Wednesday. She describes Holmberg’s pattern of sexual exploitation that investigators uncovered, including more than 14 trips to Prague for the purpose of having sex with underage boys between 2011 and 2021. Read the full story and memorandum at KFGO.com. (Joel Heitkamp is a talk show host on the Mighty 790 KFGO in Fargo-Moorhead. His award-winning program, “News & Views,” can be heard weekdays from 8 – 11 a.m. Follow Joel on X/Twitter @JoelKFGO.)See omnystudio.com/listener for privacy information.
Microsoft has discovered StilachiRAT, a new remote access trojan specifically targeting cryptocurrency wallets and credentials. The malware focuses on stealing data from 20 cryptocurrency wallet extensions on Google Chrome, including Metamask and Trust Wallet. However, Avalanche native wallet "Core" seems safe from the exploit.Guest: Tess Nekvasil, Product Marketing Manager at Ava LabsCore Wallet ➜ https://bit.ly/CoreWalletAVAX~This episode is sponsored by Tangem~Tangem ➜ https://bit.ly/TangemPBNUse Code: "PBN" for Additional Discounts!00:00 intro00:13 Sponsor: Tangem00:43 Microsoft Warns of New Threat01:19 Core Wallet is Safe02:10 Core App Criticisms04:31 Onboarding Problems06:12 Upgrade Roadmap07:24 Metamask Joins TikTok Bid09:40 Why is Core Not on MeWe? 11:24 C-Chain Upgrade12:44 Cross-Chain UI Upgrades14:09 USDC Upgrade on Avalanche16:21 Robinhood Connect17:20 Bank Wallets Incoming20:54 outro#Crypto #AVAX #bitcoin~Crypto Wallets At Risk!
Don't Fall for This! Learn how the ‘frailty factor' blindsides you every time. Here's how cons and scammers break your heart (and bank account)— and how realizing this dynamic shuts it down. #healthydating #scammers #onlinescams #romancescams #datinggames Human beings are built to love and be loved. It's our natural desire. But in the hopes of being loved, we're also vulnerable to those who'd prey upon us. Awareness of our internal weakness will assist us in filtering out the scammers from truly interested partners. What Is The ‘Frailty Factor' Identifying its Hallmarks Self-Correction, Boundaries, Reassessment Work with Me: Consultation: Books: Breakup Triage; The Cure for Heartache Audible Allowing Magnificence; Living the Expanded Version of Your Life - Book and Audiobook: Connect with Me! Website: susanwinter.net YouTube: YouTube Channel Instagram: Instagram Profile Twitter: Twitter Profile Facebook: Facebook Page LinkedIn: LinkedIn Profile TikTok: TikTok Profile
23,000 repositories targeted in popular GitHub action Apache Tomcat RCE exploit hits servers—no authentication required Microsoft 365 users targeted in new BEC campaigns Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout.
« C'était le meilleur match de foot que je n'ai jamais vu », a lancé mardi soir Arne Slot, le coach de Liverpool. Malgré la défaite de son équipe face au Paris Saint-Germain (PSG) après une étouffante séance de tirs au but en huitième de finale de la Ligue des champions, l'entraîneur néerlandais a réaffirmé avoir été bluffé par le niveau de jeu parisien. Cette qualification est une surprise pour le club qui était encore très fragile il y a un mois et demi au moment d'affronter Manchester City au Parc des Princes. Le match aller contre Liverpool, défaite 1-0 pour le PSG le 5 mars, avait laissé entrevoir une chance pour l'équipe de Luis Enrique de marquer l'histoire du club. Elle s'est confirmée par un exploit qui a qualifié le club parisien pour les quarts de finale de la Ligue des champions, devenant un prétendant au sacre final.Dans cet épisode de Code Source, Dominique Sévérac et Stéphane Bianchi, journalistes au service sport du Parisien et spécialistes du PSG, reviennent sur la remontée exceptionnelle du PSG ces dernières semaines. Écoutez Code source sur toutes les plates-formes audio : Apple Podcast (iPhone, iPad), Amazon Music, Podcast Addict ou Castbox, Deezer, Spotify.Crédits. Direction de la rédaction : Pierre Chausse - Rédacteur en chef : Jules Lavie - Reporter : Barbara Gouy - Production : Pénélope Gualchierotti et Clara Grouzis - Réalisation et mixage : Julien Montcouquiol - Musiques : François Clos, Audio Network - Archives : Canal +. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Mark of the Web: Some Technical Details Windows implements the "Mark of the Web" (MotW) as an alternate data stream that contains not just the "zoneid" of where the file came from, but may include other data like the exact URL and referrer. https://isc.sans.edu/diary/Mark%20of%20the%20Web%3A%20Some%20Technical%20Details/31732 Havoc Sharepoint with Microsoft Graph API A recent phishing attack observed by Fortinet uses a simple HTML email to trick a user into copy pasting powershell into their system to execute additional code. Most of the malware interaction uses a Sharepoint site via Microsoft's Graph API futher hiding the malicious traffic https://www.fortinet.com/blog/threat-research/havoc-sharepoint-with-microsoft-graph-api-turns-into-fud-c2 Paragon Partition Manager Exploit A vulnerable Paragon Partition Manager has been user recently to escalate privileges for ransomware deployment. Even if you to not have PAragon installed: An attacker may just "bring the vulnerable driver" to your system. https://kb.cert.org/vuls/id/726882
Jen Psaki delves into the fiasco that transpired in the Oval Office on Friday, revealing an ominous sign that foreshadowed the spectacle of Donald Trump and JD Vance teaming up before the cameras to belittle and denigrate President Zelenskyy of Ukraine. She's joined by David Remnick of The New Yorker and Michael McFaul, the former US Ambassador to Russia, to discuss the administration's attempt exploit Zelenskyy on false pretenses in a confrontation that had all the hallmarks of an ambush. Next, Jen shows how the principles that Secretary Marco Rubio once claimed to believe as a Senator offer a clear rebuttal to the administration's current posture toward Russia. She's joined by Senator Mark Kelly, who reacts to the GOP's stunning about face on Ukraine just hours after meeting personally with President Zelenskyy. Finally, Jen delves into the ways Elon Musk is fleecing the Federal Government while claiming to be fighting "waste." Check out our social pages below:https://twitter.com/InsideWithPsakihttps://www.instagram.com/InsideWithPsaki/https://www.tiktok.com/@insidewithpsakihttps://www.msnbc.com/jen-psakihttps://bsky.app/profile/insidewithpsaki.msnbc.com
Recorded during ThreatLocker Zero Trust World 2025 in Orlando, this episode of the On Location series features an engaging conversation with Alex Benton, Special Projects at ThreatLocker. Benton shares insights from his Metasploit lab, a beginner-friendly session that demonstrates the power of tools like Metasploit and Nmap in cybersecurity. The lab's objective is clear: to illustrate how easily unpatched systems can be exploited and reinforce the critical need for consistent patch management.Understanding the Metasploit LabBenton explains how participants in the lab learned to execute a hack manually before leveraging Metasploit's streamlined capabilities. The manual process involves identifying vulnerable machines, gathering IP addresses, examining open ports, and assessing software vulnerabilities. With Metasploit, these steps become as simple as selecting an exploit and running it, underscoring the tool's efficiency.A key demonstration in the lab involved Eternal Blue, the exploit associated with the WannaCry virus in 2017. Benton emphasizes how Metasploit simplifies this complex attack, highlighting the importance of maintaining patched systems to prevent similar vulnerabilities.The Real-World Implications of Unpatched SystemsThe discussion dives into the risks posed by cybercriminals who use tools like Metasploit to automate attacks. Benton points out that malicious actors often analyze patch notes to identify potential vulnerabilities and create scripts to exploit unpatched systems quickly. The conversation touches on the dark web's role in providing detailed information about exposed systems, making it even easier for attackers to target vulnerable machines.Lessons from WannaCryThe episode revisits the WannaCry incident, where a vulnerability in Windows systems led to a global cybersecurity crisis. Benton recounts how outdated systems and the absence of a strong security culture created an environment ripe for exploitation. He also shares the story of cybersecurity researchers, including Marcus Hutchins, who played pivotal roles in mitigating the virus's impact by identifying and activating its kill switch.Tune in to Learn MoreThis episode offers valuable insights into cybersecurity practices, the dangers of unpatched environments, and the tools that both ethical hackers and cybercriminals use. Listen in to gain a deeper understanding of how to secure your systems and why proactive security measures are more crucial than ever.Guest: Alex Benton, Special Projects at ThreatLocker | On LinkedIn: https://www.linkedin.com/in/alex-benton-b805065/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Today's blockchain and cryptocurrency news Bitcoin is up half a percent at $96,807 Eth is up slightly at $2,735 XRP, is up slightly at $2.59 Bybit suffers $1.4B exploit Learn more about your ad choices. Visit megaphone.fm/adchoices
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
My Very Personal Guidance and Strategies to Protect Network Edge Devices A quick summary to help you secure edge devices. This may be a bit opinionated, but these are the strategies that I find work and are actionable. https://isc.sans.edu/diary/My%20Very%20Personal%20Guidance%20and%20Strategies%20to%20Protect%20Network%20Edge%20Devices/31660 PostgreSQL SQL Injection A followup to yesterday's segment about the PostgreSQL vulnerability. Rapid7 released a Metasploit module to exploit the vulnerability. https://github.com/rapid7/metasploit-framework/pull/19877 Ivanti Connect Secure Exploited The Japanese CERT observed exploitation of January's Connect Secure vulnerability https://blogs.jpcert.or.jp/ja/2025/02/spawnchimera.html WinZip Vulnerability WinZip patched a buffer overflow vulenrability that may be triggered by malicious 7Z files https://www.zerodayinitiative.com/advisories/ZDI-25-047/ Xerox Printer Patch Xerox patched two vulnerabililites in its enterprise multifunction printers that may be exploited for lateral movement. https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox-VersaLinkPhaser-and-WorkCentre.pdf