Podcasts about Fortinet

  • 489PODCASTS
  • 1,878EPISODES
  • 33mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jun 12, 2025LATEST

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about Fortinet

Show all podcasts related to fortinet

Latest podcast episodes about Fortinet

Paul's Security Weekly
UEFI Vulnerabilities Galore - PSW #878

Paul's Security Weekly

Play Episode Listen Later Jun 12, 2025 130:48


This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878

Paul's Security Weekly (Podcast-Only)
UEFI Vulnerabilities Galore - PSW #878

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Jun 12, 2025 130:48


This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878

Paul's Security Weekly (Video-Only)
UEFI Vulnerabilities Galore - PSW #878

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Jun 12, 2025 130:48


This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Show Notes: https://securityweekly.com/psw-878

Cyber Morning Call
800 - Ransomware Qlin tem atacado dispositivos Fortinet

Cyber Morning Call

Play Episode Listen Later Jun 9, 2025 6:17


Referências do EpisódioTuring Day 2025 – 5º edição - 17/06SOC Tempest com Google SecOpsCritical Fortinet flaws now exploited in Qilin ransomware attacksAnalysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions GloballyBlitz Malware: A Tale of Game Cheats and Code RepositoriesBadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warnsRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

The Platform Journey
31. Andrew Casey, Amplitude

The Platform Journey

Play Episode Listen Later Jun 5, 2025 39:21


In this episode, Avanish and Andrew discuss:Andrew's journey as an "operational CFO" from Sun Microsystems through ServiceNow, WalkMe, Lacework, and now Amplitude, being part of the team that built ServiceNow from $400M to $4.5B ARRWhy CFOs must "play chess, not checkers" - thinking several moves ahead about decision implications and making strategic investment pivots for anticipated future growthThe critical difference between multi-product and platform strategies: true platforms have definite customer adoption journeys where products aren't sold independentlyRecognizing platform readiness signals: when customers organically create their own workflows and use cases you never conceived, like hospitals using Amplitude for emergency room optimizationBuilding effective teams by mixing "veterans with rookies" to solve problems rather than just "admire problems," and driving focused execution around single key investmentsThe "fair exchange of value" approach to pricing and partnerships that emphasizes customer adoption, transparency, and simplicity over complexityAbout Avanish Sahai:Avanish Sahai is a Tidemark Fellow and served as a Board Member of Hubspot from 2018 to 2023; he currently serves on the boards of Birdie.ai, Flywl.com and Meta.com.br as well as a few non-profits end educational boards. Previously, Avanish served as the vice president, ISV and Apps partner ecosystem of Google from 2019 until 2021. From 2016 to 2019, he served as the global vice president, ISV and Technology alliances at ServiceNow.  From 2014 to 2015, he was the senior vice president and chief product officer at Demandbase.  Prior to Demandbase, Avanish built and led the Appexchange platform ecosystem team at Salesforce, and was an executive at Oracle and McKinsey & Company, as well as various early-to-mid stage startups in Silicon Valley.About Andrew Casey: Andrew Casey is Chief Financial Officer at Amplitude, where he leads Amplitude's General & Administrative organization, which includes finance, accounting, and legal. With more than 25 years of enterprise software experience, Casey brings deep financial expertise combined with extensive go-to-market strategy and business operations experience.Casey joined Amplitude from Lacework, where he served as CFO and oversaw its successful acquisition by Fortinet. Prior to that, he was the CFO of WalkMe, where he led its Initial Public Offering (IPO) and transformed its enterprise sales motion. Casey's career also includes senior finance roles with ServiceNow, Hewlett-Packard, NortonLifeLock Inc. (formerly Symantec), Oracle, and Sun Microsystems.About TidemarkTidemark is a venture capital firm, foundation, and community built to serve category-leading technology companies as they scale.  Tidemark was founded in 2021 by David Yuan, who has been investing, advising, and building technology companies for over 20 years.  Learn more at www.tidemarkcap.com.LinksFollow our guest, Andrew CaseyFollow our host, Avanish SahaiLearn more about Tidemark

Capital
Radar Empresarial: la previsión de ingresos de CrowdStrike decepcionan

Capital

Play Episode Listen Later Jun 4, 2025 4:17


En el Radar Empresarial de hoy analizamos las cuentas de Crowdstrike, la compañía de software que protagonizó los fallos de seguridad que provocaron miles de retrasos en vuelos de todo el mundo. La compañía, después de esto, parece que empieza a ver la luz. Crowdstrike presenta unos ingresos de 1.100 millones de dólares, en línea con lo esperado por los analistas. Además, su beneficio por acción de 0,73 centavos supera en 7 centavos la previsión del mercado. Todo esto hizo que las acciones de la compañía llegaran a subir un 2% aunque las malas noticias llegarían después del cierre. Sus títulos caen en after hours más de un 6% después de una mala previsión de ingresos para lo que queda de año. La empresa cree que estos llegarán a 4.740 millones de dólares, 50 millones menos de lo que dicta el consenso de mercado. A pesar de esto, George Kurtz, CEO de la empresa, destaca el momento de fortaleza que para él vive Crowdstrike. Aunque dicha fortaleza puede verse afectada por los planes del Departamento de Eficiencia Gubernamental de la Administración de Donald Trump. Entre los objetivos de DOGE, se encuentra el recorte masivo de cualquier gasto que se considere superfluo y aquí también se ha visto afectada la ciberseguridad. DOGE ha despedido a más de 130 empleados de la Agencia de Ciberseguridad y Seguridad de Infraestructura. Además, ha eliminado iniciativas críticas como el Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) y el Continuous Diagnostics and Mitigation (CDM), esenciales para la detección y mitigación de amenazas cibernéticas en tiempo real. Aún así Kurtz confía en el producto estrella de la compañía: Falcon Flex. Falcon Flex es un modelo de licencia flexible para la plataforma de ciberseguridad CrowdStrike Falcon. Lo más destacado de la herramienta es que permite adaptar los módulos que mejor vienen a la empresa que los contrata y se adapta mejor a las necesidades de seguridad de dicha compañía. Su éxito ha sido todo un éxito, sobre todo entre las empresas más pequeñas debido a la adaptabilidad de la herramienta. En este trimestre las suscripciones han aumentado un 31%. De hecho, George Kurtz ha asegurado que una empresa tecnológica perteneciente a la lista Fortune 100 está suscrita a este servicio. CrowdStrike, como tantas otras empresas, no es ajena al momento de inflación que vive Estados Unidos. De hecho, esto según Reuters, provocará que haya un descenso del gasto en ciberseguridad a pesar de que según la web especialista Tecnet One, los ciberataques han aumentado un 150% comparado con el año pasado. Además, CrowdStrike se enfrenta a la feroz competencia de otras empresas similares como Palo Alto o Fortinet.

Audio News
FORTINET PREMIA A LOS SOCIOS MÁS DESTACADOS DE LATAM Y EL CARIBE

Audio News

Play Episode Listen Later Jun 3, 2025 4:01


La transformación digital y el auge de las redes híbridas han elevado la complejidad de la ciberseguridad en Latinoamérica y El Caribe. Fortinet reconoce a quienes lideran este desafío, premiando a los socios que impulsan la innovación, la protección y el crecimiento en un entorno de amenazas cada vez más sofisticado.

The Government Huddle with Brian Chidester
185: The One with the Fortinet Global CISO

The Government Huddle with Brian Chidester

Play Episode Listen Later Jun 2, 2025 31:49


Jim Richberg, Head of Cyber Policy and Global Field CISO at Fortinet rejoins the show for a timely discussion on the fast-evolving landscape of artificial intelligence and we unpack AI's unprecedented energy demands, its implications on national infrastructure, and the critical cybersecurity considerations government agencies must navigate in this new era. Jim also shares his "Three Rules for Government Technology Transformation," and we explore why education and clear procurement strategies are vital to responsible AI rollout in public sector programs.

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Tuesday, May 27th 2025: SVG Steganography; Fortinet PoC; GitLab Duo Prompt Injection

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later May 27, 2025 7:13


SVG Steganography Steganography is not only limited to pixel-based images but can be used to embed messages into vector-based formats like SVG. https://isc.sans.edu/diary/SVG%20Steganography/31978 Fortinet Vulnerability Details CVE-2025-32756 Horizon3.ai shows how it was able to find the vulnerability in Fortinet s products, and how to possibly exploit this issue. The vulnerability is already being exploited in the wild and was patched May 13th https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/ Remote Prompt Injection in GitLab Duo Leads to Source Code Theft An attacker may leave instructions (prompts) for GitLab Duo embedded in the source code. This could be used to exfiltrate source code and secrets or to inject malicious code into an application. https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo

Chip Stock Investor Podcast
Episode 308: Fortinet: Still A Top Cybersecurity Investment For 2025 (FTNT Stock Analysis)

Chip Stock Investor Podcast

Play Episode Listen Later May 19, 2025 11:42


Fortinet (FTNT stock) has been a top-performing cybersecurity and networking hardware business so far in 2025. In this episode of Chip Stock Investor, Nick and Kasey discuss what Fortinet is working on in cybersecurity, including the growing importance of network security hardware. They also discuss Fortinet's recent financial performance and where the company is at in the sales cycle. Sign Up For Our Newsletter: https://mailchi.mp/b1228c12f284/sign-up-landing-page-short-formJoin us on Discord with Semiconductor Insider: https://ko-fi.com/chipstockinvestor/tiersSupercharge your analysis with AI! Get 15% of your membership with our special link here: https://finchat.io/csi/Safeguard your personal information with Aura's monitoring service – try it free for two weeks and see where your data might be lurking: https://aura.com/chipstockinvestor

Security Conversations
A Coinbase breach with bribes, rogue contractors and a $20M ransom demand

Security Conversations

Play Episode Listen Later May 16, 2025 143:34


Three Buddy Problem - Episode 46: We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demand. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability database and software vendor secure-coding pledge. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Wednesday, May 14th: Microsoft Patch Tuesday; 0-Days patched for Ivanti Endpoint Manager and Fortinet Products

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later May 14, 2025 6:38


Microsoft Patch Tuesday Microsoft patched 70-78 vulnerabilities (depending on how you count them). Five of these vulnerabilities are already being exploited. In particular, a remote code execution vulnerability in the scripting engine should be taken seriously. It requires the Microsoft Edge browser to run in Internet Explorer mode. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20May%202025/31946 Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428) Ivanti patched an authentication bypass vulnerability and a remote code execution vulnerability. The authentication bypass can exploit the remote code execution vulnerability without authenticating first. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US Fortinet Patches Exploited Vulnerability in API (CVE-2025-32756) Fortinet patched an already exploited stack-based buffer overflow vulnerability in the API of multiple Fortinet products. The vulnerability is exploited via crafted HTTP requests. https://fortiguard.fortinet.com/psirt/FG-IR-25-254

Risky Business
Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys

Risky Business

Play Episode Listen Later May 14, 2025 57:52


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back! The ransomware ecosystem is finding life a bit tough lately SAP Netweaver bug being used by Chinese APT crew Academics keep just keep finding CPU side-channel attacks And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF? This week's episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future. This episode is also available on Youtube. Show notes Exploiting Copilot AI for SharePoint | Pen Test Partners MrBruh's Epic Blog Ransomware group Lockbit appears to have been hacked, analysts say | Reuters "CONTI LEAK: Video they tried to bury! 6+ Conti members on a private jet. TARGET's birthday — $10M bounty on his head. Filmed by TARGET himself. Original erased — we kept a copy." Mysterious hackers who targeted Marks and Spencer's computer systems hint at political allegiance as they warn other tech criminals not to attack former Soviet states The organizational structure of ransomware groups is evolving rapidly. SAP NetWeaver exploitation enters second wave of threat activity China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures DOGE software engineer's computer infected by info-stealing malware Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades FBI and Dutch police seize and shut down botnet of hacked routers Poland arrests four in global DDoS-for-hire takedown School districts hit with extortion attempts after PowerSchool breach EU launches vulnerability database to tackle cybersecurity threats Training Solo - vusec Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet PSIRT | FortiGuard Labs EPMM Security Update | Ivanti

Paul's Security Weekly
CISO Communication and Hiring, as they Combat Threat and Penetration Testing Trends - Gunter Ollmann, Derek Manky - BSW #395

Paul's Security Weekly

Play Episode Listen Later May 14, 2025 66:28


In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-395

Cyber Security Today
Mark's and Spencer Data Breach, Vulnerable Routers, Fortinet Exploits, and New Ransomware Threats

Cyber Security Today

Play Episode Listen Later May 14, 2025 8:38 Transcription Available


In this episode of Cybersecurity Today, host Jim Love covers recent cybersecurity incidents including a data breach at Mark's and Spencer, the FBI's alert on outdated routers being exploited, and critical Fortinet vulnerabilities actively used in attacks. Additionally, the episode discusses a researcher's proof of concept showing how ransomware can be embedded directly into a CPU, bypassing traditional security measures. Listeners are urged to stay vigilant and implement necessary security patches and updates. 00:00 Breaking News: Marks and Spencer Data Breach 01:37 FBI Alert: Outdated Routers at Risk 03:43 Fortinet Zero-Day Vulnerability 05:46 Ransomware Embedded in CPUs: A New Threat 08:13 Conclusion and Contact Information

Business Security Weekly (Audio)
CISO Communication and Hiring, as they Combat Threat and Penetration Testing Trends - Gunter Ollmann, Derek Manky - BSW #395

Business Security Weekly (Audio)

Play Episode Listen Later May 14, 2025 66:28


In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-395

Business Security Weekly (Video)
CISO Communication and Hiring, as they Combat Threat and Penetration Testing Trends - Derek Manky, Gunter Ollmann - BSW #395

Business Security Weekly (Video)

Play Episode Listen Later May 14, 2025 66:28


In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Show Notes: https://securityweekly.com/bsw-395

Fortinet Cybersecurity Podcast
Fortinet ON AIR #3 - GenAI Isn't Just a Tool—It's a New Attack Surface

Fortinet Cybersecurity Podcast

Play Episode Listen Later May 12, 2025 16:43


Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. In each episode, we dive into the evolving cybersecurity landscape—exploring how telcos and service providers can stay secure, resilient, and competitive in a fast-changing digital world. In this episode, host Ronen Shpirer speaks with Muninder Singh Sambi from Google Cloud to explore how AI and GenAI are reshaping both sides of the cybersecurity battlefield. From threat detection to prompt injection risks, learn how telcos and enterprises can leverage AI to protect their infrastructure—while staying one step ahead of attackers. Whether you're a security decision-maker or business leader, Fortinet ON AIR brings you frontline perspectives on protecting critical infrastructure, building digital trust, and unlocking innovation—securely. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true

Fortinet Cybersecurity Podcast
Fortinet ON AIR #4 - Key Insights from WEF's Global Cybersecurity Outlook with Accenture

Fortinet Cybersecurity Podcast

Play Episode Listen Later May 12, 2025 17:33


Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. In each episode, we dive into the evolving cybersecurity landscape—exploring how telcos and service providers can stay secure, resilient, and competitive in a fast-changing digital world. In this episode, Ganesh Devarajan from Accenture unpacks insights from the WEF's Global Cybersecurity Outlook—exploring AI-driven threats, shifting attack surfaces, and the urgency of a security-first mindset. Learn how telcos can stay resilient and protect critical infrastructure in an increasingly digital world. Tune in for more expert insights. Whether you're a security decision-maker or business leader, Fortinet ON AIR brings you frontline perspectives on protecting critical infrastructure, building digital trust, and unlocking innovation—securely. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true

Fortinet Cybersecurity Podcast
Fortinet ON AIR #5 - Navigating AI, Misinformation & Cyber Resilience with Orange Cyberdefense

Fortinet Cybersecurity Podcast

Play Episode Listen Later May 12, 2025 21:56


Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. In each episode, we dive into the evolving cybersecurity landscape—exploring how telcos and service providers can stay secure, resilient, and competitive in a fast-changing digital world. In this episode, host Jonas Walker sat down with Vivien Mura, Group CTO at Orange Cyberdefense, to explore the dual role of AI in today's evolving threat landscape. Drawing on insights from the Security Navigator 2025 report, they discuss everything from generative AI and deepfakes to misinformation and automation—highlighting the urgent need for AI-aware, security-first strategies across the telco ecosystem. Whether you're a security decision-maker or business leader, Fortinet ON AIR brings you frontline perspectives on protecting critical infrastructure, building digital trust, and unlocking innovation—securely. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true

Fortinet Cybersecurity Podcast
Fortinet ON AIR #2 - How NEC Approaches Strategic Cybersecurity Blueprints for Telcos

Fortinet Cybersecurity Podcast

Play Episode Listen Later May 12, 2025 13:11


Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. In each episode, we dive into the evolving cybersecurity landscape—exploring how telcos and service providers can stay secure, resilient, and competitive in a fast-changing digital world. In this episode, host Ronen Shpirer is joined by Tamer Bdran, SVP at NEC. Together, they explore how telcos can tackle today's toughest cybersecurity challenges—from AI threats to cloud adoption—by embedding security into every phase of service delivery. Discover why a blueprint-driven, strategic approach is essential to protect critical infrastructure and support digital transformation. Whether you're a security decision-maker or business leader, Fortinet ON AIR brings you frontline perspectives on protecting critical infrastructure, building digital trust, and unlocking innovation—securely. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true

Fortinet Cybersecurity Podcast

Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. Hear from leaders at Accenture, NEC, Orange Cyberdefense, Cirion Technologies, and Google Cloud as they tackle the biggest challenges facing telcos—from AI-powered attacks and SecOps complexity to securing cloud infrastructure and building a security-first mindset. Tune in and stay ahead of the threat curve. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true

Fortinet Cybersecurity Podcast
Fortinet ON AIR #1 - Building Simplicity, Security, and Scale into the Future of Networking

Fortinet Cybersecurity Podcast

Play Episode Listen Later May 12, 2025 13:04


Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. In each episode, we dive into the evolving cybersecurity landscape—exploring how telcos and service providers can stay secure, resilient, and competitive in a fast-changing digital world. In this episode, host Ronen Shpirer connects with Cirion Technologies to explore how service providers can simplify secure networking, automate operations, reduce costs, and deliver value—while building trusted technology partnerships to stay ahead in a fast-changing cyber landscape. Whether you're a security decision-maker or business leader, Fortinet ON AIR brings you frontline perspectives on protecting critical infrastructure, building digital trust, and unlocking innovation—securely. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true

Campus Technology Insider
Identity Security, Meta AI App, Data Privacy & AI: Campus Technology News of the Week (5/9/25)

Campus Technology Insider

Play Episode Listen Later May 9, 2025 2:13


In this episode of Campus Technology Insider Podcast Shorts, host Rhea Kelly covers the key tech stories in higher education. Highlights include Fortinet's report on the critical role of identity in cloud security, Meta's launch of a standalone AI app featuring Llama 4, and a Cloudera survey revealing data privacy as a top concern for AI adoption. Tune in for more insights on these stories and their implications for the education sector. 00:00 Introduction and Host Welcome 00:17 Critical Security Perimeter in Cloud Services 00:48 Meta Platforms Launches Standalone AI App 01:21 Cloudera Survey on AI Agents and Data Privacy 01:57 Conclusion and Further Resources Source links: Report: Identity Has Become a Critical Security Perimeter for Cloud Services Meta Launches Stand-Alone AI App Study: Data Privacy a Top Concern as Orgs Scale Up AI Agents Campus Technology Insider Podcast Shorts are curated by humans and narrated by AI.

Packet Pushers - Full Podcast Feed
PP059: News Roundup – Oracle Plays Breach Word Games, Fast Flux Worries CISA, AI Package Hallucinations, and More

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Apr 22, 2025 34:09


Once a month, the Packet Protector podcast likes to see what’s going on out there via our news roundup. There’s a lot happening! Today we discuss Fortinet warning that a threat actor has found a way to maintain read-only access on Fortinet devices even if you’ve applied the patch for the original threat. Avanti VPNs... Read more »

Packet Pushers - Fat Pipe
PP059: News Roundup – Oracle Plays Breach Word Games, Fast Flux Worries CISA, AI Package Hallucinations, and More

Packet Pushers - Fat Pipe

Play Episode Listen Later Apr 22, 2025 34:09


Once a month, the Packet Protector podcast likes to see what’s going on out there via our news roundup. There’s a lot happening! Today we discuss Fortinet warning that a threat actor has found a way to maintain read-only access on Fortinet devices even if you’ve applied the patch for the original threat. Avanti VPNs... Read more »

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Apr 14, 2025 7:07


Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248) After spotting individaul attempts to exploit the recent Langflow vulnerability late last weeks, we now see more systematic internet wide scans attempting to verify the vulnerability. https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Recent+Langflow+AI+Vulnerability+CVE20253248/31850/ Fortinet Analysis of Threat Actor Activity Fortinet oberved recent vulnerablities in its devices being used to add a symlink to ease future compromise. The symlink is not removed by prior patches, and Fortinet released additional updates to detect and remove this attack artifact. https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity MSFT Inetpub Microsoft clarrified that its April patches created the inetpub directory on purpose. Users should not remove it. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204#exploitability SANSFIRE https://isc.sans.edu/j/sansfire

Packet Pushers - Full Podcast Feed
NB522: Git Turns 20, An iPhone Airlift, Cybersec Silence Speaks Volumes

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Apr 14, 2025 53:43


Take a Network Break! Guest co-host Ned Bellavance steps in for Johna this week. We start with a Fortinet vulnerability, and then opine on a memo from Shopify’s CEO on the company requiring and measuring AI use by employees. Git celebrates 20 years, DARPA names 15 companies to participate in a Quantum Benchmarking Initiative to... Read more »

Packet Pushers - Network Break
NB522: Git Turns 20, An iPhone Airlift, Cybersec Silence Speaks Volumes

Packet Pushers - Network Break

Play Episode Listen Later Apr 14, 2025 53:43


Take a Network Break! Guest co-host Ned Bellavance steps in for Johna this week. We start with a Fortinet vulnerability, and then opine on a memo from Shopify’s CEO on the company requiring and measuring AI use by employees. Git celebrates 20 years, DARPA names 15 companies to participate in a Quantum Benchmarking Initiative to... Read more »

Packet Pushers - Fat Pipe
NB522: Git Turns 20, An iPhone Airlift, Cybersec Silence Speaks Volumes

Packet Pushers - Fat Pipe

Play Episode Listen Later Apr 14, 2025 53:43


Take a Network Break! Guest co-host Ned Bellavance steps in for Johna this week. We start with a Fortinet vulnerability, and then opine on a memo from Shopify’s CEO on the company requiring and measuring AI use by employees. Git celebrates 20 years, DARPA names 15 companies to participate in a Quantum Benchmarking Initiative to... Read more »

Cyber Security Today
Fortinet Exploits, Windows INET Folder, and AI Code Risks: Cyber Security Today for April 14

Cyber Security Today

Play Episode Listen Later Apr 14, 2025 6:46 Transcription Available


In this episode of Cybersecurity Today, host David Shipley discusses several pressing concerns in the cybersecurity landscape. Attackers have been exploiting Fortinet VPN devices to maintain access even after patches were applied; administrators are urged to upgrade and follow recovery guidance. Microsoft has created a new INET Pub folder through its latest Windows update, advising users not to delete it due to a linked security flaw. Lastly, AI-generated code dependencies are becoming a serious supply chain risk, with attackers creating malicious packages based on AI hallucinations. Users are advised to thoroughly review AI-generated code to avoid 'slop squatting'. 00:00 Introduction and Fortinet VPN Exploits 02:46 Microsoft's INET Pub Folder Issue 04:57 AI Hallucinations and Code Dependencies 06:22 Conclusion and Contact Information

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Tuesday, April 8th: Microsoft Patch Tuesday; Adobe Patches; OpenSSL 3.5 with PQC; Fortinet

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Apr 9, 2025 7:19


Microsoft Patch Tuesday Microsoft patched over 120 vulnerabilities this month. 11 of these were rated critical, and one vulnerability is already being exploited. https://isc.sans.edu/diary/Microsoft%20April%202025%20Patch%20Tuesday/31838 Adobe Updates Adobe released patches for 12 different products. In particular important are patches for Coldfusion addressing several remote code execution vulnerabilities. Adobe Commercse got patches as well, but none of the vulnerabilities are rated critical. https://helpx.adobe.com/security/security-bulletin.html OpenSSL 3.5 Released OpenSSL 3.5 was released with support to post quantum ciphers. This is a long term support release. https://groups.google.com/a/openssl.org/g/openssl-project/c/9ZYdIaExmIA Fortiswitch Update Fortinet released an update for Fortiswitch addressing a vulnerability that may be used to reset a password without verification. https://fortiguard.fortinet.com/psirt/FG-IR-24-435

The Cyberman Show
March 2025 Cybersecurity Recap EP 94

The Cyberman Show

Play Episode Listen Later Apr 6, 2025 17:43


Send us a textGet up to speed with everything that mattered in cybersecurity this month. In this episode of The Cyberman Show, we break down March 2025's top cyber incidents, threat actor tactics, security product launches, and vulnerabilities actively exploited in the wild.Here's what we cover:

K12 Tech Talk
Episode 208 - Live from CoSN 2025!

K12 Tech Talk

Play Episode Listen Later Apr 4, 2025 56:54


We travel to the Emerald City this week to hang out with the great folks at CoSN! This podcast episode, recorded live at the CoSN conference in Seattle, offers interviews with participants, organizers, and presenters. Topics centered around the human aspect of AI, cybersecurity, and some amazing innovations from school districts around the county! 00:00:00-Introduction 00:02:00-Edward McKaveney 00:09:15-Adam Garry 00:15:04-Dr. Richard Charles 00:23:19-Pete Just 00:30:25-CTL 00:35:20-Jason Eyre 00:43:05-Lightspeed 00:45:16-Keith Krueger CoSN AI Readiness Lightspeed Signal -------------------- A special thanks to our sponsors... NTP, Lightspeed, ClassLink, VIZOR, Fortinet, PowerGistics -------------------- Email us at k12techtalk@gmail.com OR info@k12techtalkpodcast.com Call us at 314-329-0363 Join the K12TechPro Community Buy some swag X @k12techtalkpod Facebook Visit our LinkedIn Music by Colt Ball Disclaimer: The views and work done by Josh, Chris, and Mark are solely their own and do not reflect the opinions or positions of sponsors or any respective employers or organizations associated with the guys. K12 Tech Talk itself does not endorse or validate the ideas, views, or statements expressed by Josh, Chris, and Mark's individual views and opinions are not representative of K12 Tech Talk. Furthermore, any references or mention of products, services, organizations, or individuals on K12 Tech Talk should not be considered as endorsements related to any employer or organization associated with the guys.

Packet Pushers - Heavy Networking
HN774: Who Put These OT Risks In My IT Ops? Fortinet Has Answers (Sponsored)

Packet Pushers - Heavy Networking

Play Episode Listen Later Mar 28, 2025 46:53


IT and infosec professionals are used to operating and protecting mission-critical infrastructure; servers, databases, load balancers, and so on. But what about valves that control the flow of gas or oil in a refinery? Temperature and vibration sensors that monitor industrial manufacturing processes? If you're thinking “That's not my problem” think again. There's a whole... Read more »

Packet Pushers - Full Podcast Feed
HN774: Who Put These OT Risks In My IT Ops? Fortinet Has Answers (Sponsored)

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Mar 28, 2025 46:53


IT and infosec professionals are used to operating and protecting mission-critical infrastructure; servers, databases, load balancers, and so on. But what about valves that control the flow of gas or oil in a refinery? Temperature and vibration sensors that monitor industrial manufacturing processes? If you're thinking “That's not my problem” think again. There's a whole... Read more »

Packet Pushers - Fat Pipe
HN774: Who Put These OT Risks In My IT Ops? Fortinet Has Answers (Sponsored)

Packet Pushers - Fat Pipe

Play Episode Listen Later Mar 28, 2025 46:53


IT and infosec professionals are used to operating and protecting mission-critical infrastructure; servers, databases, load balancers, and so on. But what about valves that control the flow of gas or oil in a refinery? Temperature and vibration sensors that monitor industrial manufacturing processes? If you're thinking “That's not my problem” think again. There's a whole... Read more »

Risky Business
Soap Box: Knocknoc glues your SSO to your firewalls for Just-in-Time network access

Risky Business

Play Episode Listen Later Mar 26, 2025 30:46


In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on service to your network controls. Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers?? You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure. Knocknoc is a bit of a “Risky Business special”, too. Pat helped Knocknoc to raise a seed round through Decibel Partners where he's a founder advisor. He also serves on Knocknoc's board of directors. This episode is also available on Youtube. Show notes

Packet Pushers - Full Podcast Feed
PP055: News Roundup – BotNet Targets TP-Link, Threat Hunting In the Electric Grid, Apple Vs. UK Snoops, and More

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Mar 25, 2025 38:28


This week we dive into security headlines including a botnet bonanza that includes TP-Link routers, Chinese attackers targeting Juniper and Fortinet, and a case study of nation-state actors penetrating the operator of a small US electric utility. We also discuss ransomware attacks targeting critical infrastructure, a backdoor in an Android variant used in streaming devices,... Read more »

Packet Pushers - Fat Pipe
PP055: News Roundup – BotNet Targets TP-Link, Threat Hunting In the Electric Grid, Apple Vs. UK Snoops, and More

Packet Pushers - Fat Pipe

Play Episode Listen Later Mar 25, 2025 38:28


This week we dive into security headlines including a botnet bonanza that includes TP-Link routers, Chinese attackers targeting Juniper and Fortinet, and a case study of nation-state actors penetrating the operator of a small US electric utility. We also discuss ransomware attacks targeting critical infrastructure, a backdoor in an Android variant used in streaming devices,... Read more »

Packet Pushers - Full Podcast Feed
0324 Tech Byte: Tech Bytes: How Fortinet Unified SASE Secures Hybrid Workers for Customer Liquid Networx (Sponsored)

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Mar 24, 2025 18:29


Today on the Tech Bytes podcast, sponsored by Fortinet, we get a customer view of Fortinet's SASE offering from Liquid Networx. Liquid Networx isn't just a Fortinet customer; it also provides professional services for other customers of FortiSASE. We'll talk about why Liquid Networx decided to adopt SASE, its evolution from on-prem to cloud-based security,... Read more »

Packet Pushers - Briefings In Brief
0324 Tech Byte: Tech Bytes: How Fortinet Unified SASE Secures Hybrid Workers for Customer Liquid Networx (Sponsored)

Packet Pushers - Briefings In Brief

Play Episode Listen Later Mar 24, 2025 18:29


Today on the Tech Bytes podcast, sponsored by Fortinet, we get a customer view of Fortinet's SASE offering from Liquid Networx. Liquid Networx isn't just a Fortinet customer; it also provides professional services for other customers of FortiSASE. We'll talk about why Liquid Networx decided to adopt SASE, its evolution from on-prem to cloud-based security,... Read more »

The CyberWire
Remote hijacking at your fingertips.

The CyberWire

Play Episode Listen Later Mar 19, 2025 32:03


A critical vulnerability could let attackers hijack and potentially disable vulnerable servers. Europol warns of a “shadow alliance” between state-backed threat actors and cybercriminals. Sekoia examines ClearFake. A critical PHP vulnerability is under active exploitation. A sophisticated scareware phishing campaign has shifted its focus to macOS users. Phishing as a service attacks are on the rise. A new jailbreak technique bypasses security controls in popular LLMs. Microsoft has uncovered StilachiRAT. CISA confirms active exploitation of a critical Fortinet vulnerability. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. AI coding assistants get all judgy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources. This week, Chris is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. Today's question comes from N2K's ISACA® Certified Information Security Manager® (CISM®) Practice Test. The CISM exam helps to affirm your ability to assess risks, implement effective governance, proactively respond to incidents and is the preferred credential for IT managers, according to ISACA.To learn more about this and other related topics under this objective, please refer to the following resource: CISM Review Manual, 15th Edition, 1.0, Information Security Governance, Introduction. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isaca.org/credentialing/cism#1 Selected Reading Critical AMI MegaRAC bug can let attackers hijack, brick servers (bleepingcomputer) Europol Warns of “Shadow Alliance” Between States and Criminals (Infosecurity Magazine) ClearFake's New Widespread Variant: Increased Web3 Exploitation for Malware Delivery (Sekoia.io Blog) PHP RCE Vulnerability Actively Exploited in Wild to Attack Windows-based Systems (cybersecuritynews) Scareware Combined With Phishing in Attacks Targeting macOS Users (securityweek) Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge (Infosecurity Magazine) New Jailbreak Technique Bypasses DeepSeek, Copilot, and ChatGPT to Generate Chrome Malware (gbhackers) Microsoft Warns of New StilachiRAT Malware (SecurityWeek) Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns (Infosecurity Magazine) AI coding assistant Cursor reportedly tells a 'vibe coder' to write his own damn code (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Risky Business
Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects

Risky Business

Play Episode Listen Later Mar 19, 2025 56:58


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Github Actions supply chain attack loots keys and secrets from 23k projects Why a VC fund now owns a minority stake in Risky Business Media (!?!?) China doxes Taiwanese military hackers Microsoft thinks .lnk file whitespace trick isn't worth patching but APTs sure love it CISA delivers government efficiency by re-hiring fired staff… to put them on paid leave …and Google acquires Wiz for $32bn This week's show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience. Aaron Steinke is Head of Infrastructure at La Trobe Financial, an asset management firm in Australia. Aaron talks through bringing modern zero-trust goodness to the reality of a technology environment that's been around 40 years. This episode is also available on Youtube. Show notes Risky Bulletin: GitHub supply chain attack prints everyone's secrets in build logs - Risky Business Media China says Taiwan's military is behind PoisonIvy APT China identifies Taiwanese hackers allegedly behind cyberattacks and espionage | The Record from Recorded Future News Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds | The Record from Recorded Future News Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop Poisoned Windows shortcuts found to be a favorite of Chinese, Russian, N. Korean state hackers | The Record from Recorded Future News 'Mora_001' ransomware gang exploiting Fortinet bug spotlighted by CISA in January | The Record from Recorded Future News Black Basta uses brute-forcing tool to attack edge devices | Cybersecurity Dive Alleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future News CISA works to contact probationary employees for reinstatement after court order - Nextgov/FCW ‘People Are Scared': Inside CISA as It Reels From Trump's Purge | WIRED The Wiretap: CISA Staff Are Cautiously Optimistic About Trump's Pick For Director White House instructs agencies to avoid firing cybersecurity staff, email says | Reuters Signal no longer cooperating with Ukraine on Russian cyberthreats, official says | The Record from Recorded Future News Telegram CEO Pavel Durov allowed to leave France amid investigation Appellate court upholds sentence for former Uber cyber executive Joe Sullivan | The Record from Recorded Future News Google buys cloud security provider Wiz for $32 billion | The Record from Recorded Future News Pat Gray, Founder of Risky Business, Joins Decibel as Founder Advisor - Decibel

Packet Pushers - Full Podcast Feed
NB518: Clock Starts For New Intel CEO; Arista Load Balancing Targets AI Infrastructure

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Mar 17, 2025 38:16


Take a Network Break! We start with warnings about an Apple Webkit zero day and ransonware exploits against known Fortinet vulnerabilites, and discuss attribution issues with the X DDoS attack. Intel names Lip-Bu Tan as Chief Resurrection Officer, but how long does he have before investors get antsy? HPE plans to lay off thousands of... Read more »

Packet Pushers - Network Break
NB518: Clock Starts For New Intel CEO; Arista Load Balancing Targets AI Infrastructure

Packet Pushers - Network Break

Play Episode Listen Later Mar 17, 2025 38:16


Take a Network Break! We start with warnings about an Apple Webkit zero day and ransonware exploits against known Fortinet vulnerabilites, and discuss attribution issues with the X DDoS attack. Intel names Lip-Bu Tan as Chief Resurrection Officer, but how long does he have before investors get antsy? HPE plans to lay off thousands of... Read more »

Packet Pushers - Fat Pipe
NB518: Clock Starts For New Intel CEO; Arista Load Balancing Targets AI Infrastructure

Packet Pushers - Fat Pipe

Play Episode Listen Later Mar 17, 2025 38:16


Take a Network Break! We start with warnings about an Apple Webkit zero day and ransonware exploits against known Fortinet vulnerabilites, and discuss attribution issues with the X DDoS attack. Intel names Lip-Bu Tan as Chief Resurrection Officer, but how long does he have before investors get antsy? HPE plans to lay off thousands of... Read more »

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Tuesday Mar 4th: Mark of the Web Details; Sharepint and Click-Fix Phishing; Paragon Partionmanager BYOVD Exploit

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Mar 4, 2025 6:17


Mark of the Web: Some Technical Details Windows implements the "Mark of the Web" (MotW) as an alternate data stream that contains not just the "zoneid" of where the file came from, but may include other data like the exact URL and referrer. https://isc.sans.edu/diary/Mark%20of%20the%20Web%3A%20Some%20Technical%20Details/31732 Havoc Sharepoint with Microsoft Graph API A recent phishing attack observed by Fortinet uses a simple HTML email to trick a user into copy pasting powershell into their system to execute additional code. Most of the malware interaction uses a Sharepoint site via Microsoft's Graph API futher hiding the malicious traffic https://www.fortinet.com/blog/threat-research/havoc-sharepoint-with-microsoft-graph-api-turns-into-fud-c2 Paragon Partition Manager Exploit A vulnerable Paragon Partition Manager has been user recently to escalate privileges for ransomware deployment. Even if you to not have PAragon installed: An attacker may just "bring the vulnerable driver" to your system. https://kb.cert.org/vuls/id/726882

The CyberWire
Salt in the wound.

The CyberWire

Play Episode Listen Later Feb 13, 2025 34:41


Salt Typhoon is still at it. Russian cyber-actor Seashell Blizzard expands its reach. The EFF sues DOGE to protect federal workers' data. House Republicans pursue a comprehensive data privacy bill. Fortinet patches a critical vulnerability. Google views cybercrime as a national security threat. Palo Alto Networks issues 10 new security advisories. Symantec suspects a Chinese APT sidehustle. Guest Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware. A massive IoT data breach exposes 2.7 billion records. Here come the AI agents.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest, Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware. Selected Reading China's Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers (WIRED) Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops (Infosecurity Magazine) EFF Leads Fight Against DOGE and Musk's Access to US Federal Workers' Data (Infosecurity Magazine) Elon Musk and the Right Are Recasting Reporting as ‘Doxxing' (New York Times) FortiOS Vulnerability Allows Super-Admin Privilege Escalation – Patch Now! (Hackread) Cybercrime evolving into national security threat: Google (The Record) House Republicans launch group for comprehensive data privacy legislation (The Record) Palo Alto Networks Patches Potentially Serious Firewall Vulnerability (SecurityWeek) Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job (SecurityWeek) Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords (Cyber Security News) Are You Ready to Let an AI Agent Use Your Computer? (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Feb 12th 2025: MSFT Patch Tuesday; Adobe Patches; FortiNet Acknowledges Exploitation of FortiOS

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Feb 12, 2025 5:53


Microsoft Patch Tuesday Microsoft released patches for 55 vulnerabilities. Three of them are actagorized as critical, two are already exploited and another two have been publicly disclosed. The LDAP server vulnerability could become a huge deal, but it is not clear if an exploit will appear. https://isc.sans.edu/diary/Microsoft%20February%202025%20Patch%20Tuesday/31674 Adobe Patches Adobe released patches for seven products. Watch out in particular for the Adobe Commerce issues https://helpx.adobe.com/security/security-bulletin.html Fortinet Acknowledges Exploitation of Vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-24-535