Podcasts about kaspersky

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.For for more information about Cybersecurity Cares, visit cybersecurity-cares.comThe Tomiris cyber-espionage group, which has been under Kaspersky's watch since 2021, has evolved its tactics in a new wave of attacks observed in early 2025. Article #2.CISA has recently added CVE-2021-26829 to its known exploited vulnerabilities, or KEV catalog, marking it as a confirmed threat based on real world exploitation. Researchers at KOI Security have identified a malicious NPM package, which not only performs typical credential stealing behavior, but also includes a new, subtle tactic attempting to manipulate AI-driven security scanners via embedded prompt engineering. Article #2.Iranian state sponsored threat group MuddyWater has launched a new wave of cyber espionage attacks targeting Israeli organizations across sectors including academia, civil infrastructure, engineering, technology and utilities.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

#Podcast #Starlink #IA #StrangerThings Más información de Asus:b2b_mx@asus.comhttps://www.asus.com/mx/Kaspersky: https://kas.pr/619nCupón: NosotrosClonesPLAYLIST Rolones: https://acortar.link/syEyR7

Matt from Linux Out Loud guest hosts with Jill and Ryan to dive into major internet events and Linux news! We tackle Ryan's "disappointing" take according to a listerner on EU censorship and free speech, discuss the massive Cloudflare outage that took half the internet down, debate if antivirus is necessary on Linux, and look at ProtonDB and the Steam Survey to see if Linux gaming has already won. Plus, we highlight Rclone as the Software Pick. 00:00:00 Intro 00:01:54 Community Feedback: “Disappointed in Ryan” (EU Censorship & Free Speech) 00:31:10 Sandfly Security – Agentless Defense for Linux 00:33:48 Cloudflare Falls Over: When Half the Internet Trips 00:34:38 Game Preservation: Keeping Delisted Classics Alive 00:47:03 Kaspersky on Linux: Do We Even Need Antivirus? 00:54:28 ProtonDB & Steam Survey: Has Linux Gaming Already Won? 01:04:15 Software Pick: Rclone – RSync for All Your Clouds 01:06:29 Outro Hosted by: Ryan (DasGeek) = dasgeek.net Jill Bryant = jilllinuxgirl.com Special Guest = Matt (Linux Out Loud)

Podcast: ICS Arabia PodcastEpisode: Conversations on OT Cybersecurity with Anton Shipullin | 17Pub date: 2025-11-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationJoin Dr Sulaiman Alhasawi for an interesting conversation as he sits down with Anton Shipullin. In this interview, we delve into Anton's extensive experience and invaluable contributions to the community of ICS/OT cybersecurity. From his insights on OT cybersecurity in Russia to Dubai , we explore the multifaceted aspects of his journey.Anton has confounded BEERISAC podcast and RUSCADASEC.com and he has worked with international OT Cybersecurity companies , such as Kaspersky and Nozomi Networks. We touch upon his evangelism efforts, shedding light on how he spreads awareness about the significance of ICS/OT cybersecuritThe podcast and artwork embedded on this page are from ICS ARABIA PODCAST, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

This week Steve and Noah talk about the things you didn't know you knew about Linux. Scott Jenson joins the program to talk about principals of UX/UI design. -- During The Show -- 00:52 Self Hosting After Death - Michael Steve's thought process Important things Home Assistant (https://www.home-assistant.io/) Mealie (https://docs.mealie.io/) Frigate (https://frigate.video/) Steve's plan Draw.io LLMs No desire to be trained Open Source Documentation Noah's plan Self hosted vs Cloud Techie Friends 12:21 Scott Jenson - UX/UI Design Product Strategist For Home Assistant and Mastodon Scott's Website (https://jenson.org/) Coloring outside the lines Mobile vs Desktop Desktop UI shortcomings UX in Audacity and Penpot (https://penpot.app/) Where can UX designers grow? Articulating the business use case Ink & Switch (https://www.inkandswitch.com/) 18:23 News Wire Nano 8.7 - gnu.org (https://lists.gnu.org/archive/html/info-gnu/2025-11/msg00002.html) Thunderbird 145 - thunderbird.net (https://www.thunderbird.net/en-US/thunderbird/145.0/releasenotes) Firefox 145 - firefox.com (https://www.firefox.com/en-US/firefox/145.0/releasenotes) Wine 10.19 - webpronews.com (https://www.webpronews.com/wine-10-19-ushers-in-linuxs-next-leap-for-windows-app-mastery) Proton 10.0 - phoronix.com (https://www.phoronix.com/news/Proton-10.0-3-Released) KDE Frameworks 6.20.0 - kde.org (https://kde.org/announcements/frameworks/6/6.20.0) SparkyLinux 8.1 - sparkylinux.org (https://sparkylinux.org/sparky-8-1) Debian 13.2 - debian.org (https://www.debian.org/News/2025/20251115) Tails 7.2 - torproject.org (https://blog.torproject.org/new-release-tails-7_2) Nitrix 5.0 - itsfoss.com (https://itsfoss.com/news/nitrux-5-release) Kaspersky for Linux - tomshardware.com (https://www.tomshardware.com/software/antivirus/banned-russian-antivirus-maker-kaspersky-rolls-out-new-products-basic-plan-for-linux-starts-at-usd59-99-a-year) Avahi Logic Flaw - zeropath.com (https://zeropath.com/blog/avahi-simple-protocol-server-dos-cve-2025-59529) ImunifyAV Flaw - bleepingcomputer.com (https://www.bleepingcomputer.com/news/security/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk) Akira Targets Nutanix VMs - bleepingcomputer.com (https://www.bleepingcomputer.com/news/security/cisa-warns-of-akira-ransomware-linux-encryptor-targeting-nutanix-vms) Kraken Expands - cyberpress.org (https://cyberpress.org/kraken-ransomware) VibeThinker-1.5B - venturebeat.com (https://venturebeat.com/ai/weibos-new-open-source-ai-model-vibethinker-1-5b-outperforms-deepseek-r1-on) Worry Over Chinese AI - businessinsider.com (https://www.businessinsider.com/eric-schmidt-worried-governments-use-chinese-ai-open-source-models-2025-11) US Must Go Open Source - techbuzz.ai (https://www.techbuzz.ai/articles/databricks-co-founder-us-must-go-open-source-to-beat-china-in-ai) Linux Knowledge The "Mythical New User" People use all sorts of UI/UX today Knowledge we take for granted Teaching is the highest form of learning See one, do one, teach one Talk radio principle: Watering plants that are already there Linux and Windows architectures are different 39:50 Source Command How it works Variables Environment Variable What the source command does Getting started with source and python 48:00 Know your short comings Know what you don't know Know how to explain it simply Keeping things simple -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/467) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Special Guest: Scott Jenson.

El programa de esta semana se realiza durante la jornada del ISMS Forum celebrada en el Estadio Metropolitano de Madrid.Como invitados tenemos a Óscar Sánchez (CISO de PUIG), Antonio Cerezo (CISO de SANITAS) y Jaime Perea (CARREFOUR). También contamos con la asistencia de Women4Cyber, representadas por Ana Gómez (BBVA) y Elena García (Microsoft).Con: Mar Sánchez. Dirige: Carlos Lillo. Producción: ClickRadioTV. Gracias a: Semperis, Cyber Guru, Cato Networks, V-Valley, Kaspersky, Cybertix

El programa de esta semana se realiza durante la jornada del ISMS Forum celebrada en el Estadio Metropolitano de Madrid. Como invitados tenemos a Óscar Sánchez (CISO de PUIG), Antonio Cerezo (CISO de SANITAS) Y Jaime Perea (CARREFOUR). También contamos con la asistencia de Women4Cyber, representadas por Ana Gómez (BBVA) y Elena García (Microsoft). Con: Mar Sánchez. Dirige: Carlos Lillo. Producción: ClickRadioTV. Gracias a: Semperis, Cyber Guru, Cato Networks, V-Valley, Kaspersky, Cybertix

#Podcast #Tecnología #IA #Apple #Samsung #Noticias #buenfinEn este episodio revisamos las noticias más importantes del día: una posible MacBook con pantalla táctil, la escuela mexicana especializada en inteligencia artificial, y la integración de Gemini en la nueva Siri. También hablamos de las ofertas de Samsung por el Buen Fin, los polémicos anuncios de Meta y el debate sobre si la IA superará a los humanos. Cerramos con recomendaciones de cine y series, además de una entrevista para poner a prueba a Jimmy.Kaspersky: https://kas.pr/619nCupón: NosotrosClonesPLAYLIST Rolones: https://acortar.link/syEyR7www.samsung.com/mx

#Podcast #BuenFin2025 #Kaspersky Kaspersky: https://kas.pr/619nCupón: NosotrosClonesEn este episodio de Los Clones viajamos, reímos y analizamos todo lo que está pasando en el mundo de la tecnología, entre China, Oaxaca y el Buen Fin… Te contamos cómo Kaspersky nos salvó en China, la experiencia con GM en Oaxaca, y ya llegó en Buen Fin.Además, hablamos del adiós de Movistar, las novedades de Apple y, claro, del fenómeno Dr. Simi y los clones ya tienen stickers.

Hoy nos acompañan dos invitados al programa. En primer lugar tendremos a Davis Artuñedo, CTO de Ravenloop a hablarnos de los AGENTES INTELIGENTES y para acabar Claudia Corcobado de CYBER GURU a incidir en la importancia de la Concienciación en Ciberseguridad. Además de las noticias destacamos el AI GATEWAY, que es la verdadera Torre de Control para las distintas IA que pueda haber en una empresa. Con: Rubén Carrasco y Carlos Lillo. Patrocinan: V-VALLEY, CYBERTIX, KASPERSKY, SEMPERIS, CYBER GURU, CATO NETWORKS

Hoy nos acompañan dos invitados al programa. En primer lugar tendremos a Davis Artuñedo, CTO de Ravenloop a hablarnos de los AGENTES INTELIGENTES y para acabar Claudia Corcobado de CYBER GURU a incidir en la importancia de la Concienciación en Ciberseguridad. Además de las noticias destacamos el AI GATEWAY, que es la verdadera Torre de Control para las distintas IA que pueda haber en una empresa.Con: Rubén Carrasco y Carlos Lillo.Patrocinan: V-VALLEY, CYBERTIX, KASPERSKY, SEMPERIS, CYBER GURU, CATO NETWORKS

Hoy nos acompaña JOSÉ CARLOS MOLINA, responsable de Desarrollo de Negocio de Ciberseguridad en V-VALLEY.Además vemos como puede ayudar la IA a personas que viven en soledad no deseada.Con: Rubén Carrasco, Alfonso Calvo.Dirige: Carlos Lillo. Producción: ClickRadioTV. Gracias a: Semperis, Cyber Guru, Cato Networks, V-Valley, Kaspersky, Cybertix

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.The UK Information Commissioner's Office (ICO) recently released a comprehensive 136-page report detailing the BlackBasta ransomware attack on Capita in March 2023.Kaspersky researchers have detailed two active campaigns from North Korean APT group BlueNoroff, which continue the group's long-running SnatchCrypto operation targeting individuals in financial and tech sectors.The exploitation of the first Chrome zero-day of 2025 has been attributed to a state-sponsored threat actor involved in Operation ForumTroll, a cyber-espionage campaign targeting Russian entities across sectors like education, finance, media, and government.Netscout has identified a newly emerging Internet of Things (IoT) botnet, Aisuru, which has already launched distributed denial-of-service (DDoS) attacks exceeding 20 Tbps, placing it among the most powerful botnets observed to date.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Three Buddy Problem - Episode 70: Dave Aitel from OpenAI's technical staff joins the buddies to discuss the just-launched Aardvark, OpenAI's agentic “security researcher” that claims to read code, finds bugs, validates exploits, and ships patches. We press him on where LLMs beat fuzzers, privacy boundaries, human-in-the-loop realities, SDLC budgets, pen-test cadence, and the zero-day economy. Plus, L3 Harris/Trenchant exec pleads guilty to selling exploits to Russian brokers, Kaspersky catches the return of HackingTeam using Chrome zero-day exploit chain, and news of a proposed law in Russia to force researchers to report vulnerabilities first to goverment agencies. Cast: Dave Aitel (https://www.linkedin.com/in/daveaitel/) (Technical Staff, OpenAI), Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

We don't do holiday themed episodes in this house, so no tricks, but we have some treats for you. First we discuss the problem of shadow AI (1:00) and how it seems like we're just repeating the mistakes of previous tech waves in ignoring security until it's too late. Then we dig into a new report from Kaspersky about a crazy exploit they discovered for a Chrome sandbox escape that led them to identify the new version of Hacking Team's spyware called Dante (23:00). Finally, we provide some important updates on our respective wildlife encounters (33:00).Kaspersky report: https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/ Support the show

Edição de 28 de outubro 2025

Referências do EpisódioMem3nt0 mori – The Hacking Team is back!Stable Channel Update for Desktop - Tuesday, March 25, 2025Crypto wasted: BlueNoroff's ghost mirage of funding and jobsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

El corte del hiperescalar AWS ha marcado notablemente los últimos días de esta semana de octubre. ¿Sabes qué es un Cybermentalista? Escúchanos y te lo contará Antonio Martínez. Como invitado hemos tenido a Javier Sánchez, CISO de Engie España. Equipo: Rubén Carrasco, Pedro Montes, Carlos Lillo (D). Sponsor: Cyber Guru, Cato Networks, Semperis, V-Valley, Kaspersky, Cybertix. Producción: ClickRadioTV.

El corte del hiperescalar AWS ha marcado notablemente los últimos días de esta semana de octubre. ¿Sabes qué es un Cybermentalista? Escúchanos y te lo contará Antonio Martínez. Como invitado hemos tenido a Javier Sánchez, CISO de Engie España. Equipo: Rubén Carrasco, Pedro Montes, Carlos Lillo (D). Sponsor: Cyber Guru, Cato Networks, Semperis, V-Valley, Kaspersky, Cybertix. Producción: ClickRadioTV.

ETRMS El Valle de Arán y Ciberseguridad. Un robot domótico barato. Noticias. Concurso. Gracias a SEMPERIS, V-VALLEY, CYBER GURU, CYBERTIX, CATO NETWORKS, KASPERSKY.

La firma de seguridad Kaspersky alertó sobre una nueva estafa llamada “toque fantasma”, con la que delincuentes interceptan pagos sin contacto para hacer compras como si tuvieran la tarjeta física del comprador.

Una introducción a los Kubernetes, esas ayudas a los desarrolladores. La Biomimética ayuda a la tecnologia. Los sesgos en el modelo educativo de la IA. Y las habituales secciones de noticias, tecnoefemérides, concurso... Con: Silvia Roldán, Alfonso Calvo y Rubén Carrasco. Patrocinan: Cyber Guru, Cybertix, V-Valley, Cato Networks, Kaspersky. Producción: ClickRadioTV. Dirige: Carlos Lillo.

Una introducción a los Kubernetes, esas ayudas a los desarrolladores. La Biomimética ayuda a la tecnologia. Los sesgos en el modelo educativo de la IA. Diseño de proteínas con IA. Y las habituales secciones de noticias, tecnoefemérides, concurso...Con: Silvia Roldán, Alfonso Calvo y Rubén Carrasco. Patrocinan: Cyber Guru, Cybertix, V-Valley, Cato Networks, Kaspersky. Producción: ClickRadioTV. Dirige: Carlos Lillo.

La Computación Olfativa, CyberMadrid y las secciones habituales son los protagonistas de esta cuarta edición de la temporada 15. Invitados: Virginia Vicente y Agustín Muñoz-Grandes de CyberMadrid. Con: Sergio Lillo, Rafa López. Gracias a: Cato Networks, V-Valley, Cyber Guru, Kaspersky y Cybertix. Producción: ClickRadioTV. Dirige: Carlos Lillo.

La Computación Olfativa, CyberMadrid y las secciones habituales son los protagonistas de esta cuarta edición de la temporada 15.Invitados: Virginia Vicente y Agustín Muñoz-Grandes de CyberMadrid. Con: Sergio Lillo, Rafa López. Gracias a: Cato Networks, V-Valley, Cyber Guru, Kaspersky y Cybertix. Producción: ClickRadioTV. Dirige: Carlos Lillo.

On today's Technology Podcast, sponsored by Elbit America, Justin Sherman, the founder of Global Cyber Strategies advisory firm and a nonresident fellow at the Atlantic Council's Cyber Statecraft Initiative, joins Defense & Aerospace Report Editor Vago Muradian to discuss his new report for the Center for Naval Analyses — “Hacking and Firewalls Under Siege: Russia's Cyber Industry During the War on Ukraine (https://www.cna.org/reports/2025/08/Hacking-and-Firewalls-Under-Seige.pdf)” — the nature of the cyber war between Russia and Ukraine; the role of Russian state, corporate and general public actors in advancing Moscow's tactical and strategic aims from offensive cyber actions to hacking and information operations; the government's role in controlling these actors; how many have been sanctioned; the impact of Kaspersky's role in support of the Russian government and how that's impacting the company's global business; analysis of Russia's “Secret Blizzard” operation against foreign embassies by exploiting a Microsoft vulnerability; cyber lessons from Ukraine as it defends itself against Russia; and  happens to efforts to counter Russian in cyberspace when Washington normalizes relations with Moscow.

Send us a textSergey Novikov shares his fascinating journey from early days at Kaspersky Lab through his evolution as a malware analyst and cybersecurity expert, offering unique insights into the changing threat landscape and ethical considerations of security research.• Started at Kaspersky in 2002 when it was a small startup with fewer than 100 employees• Applied mathematics background led to research correlating human epidemic models with computer virus propagation• Worked as a "woodpecker" malware analyst detecting threats 24/7• Became part of Kaspersky's elite Global Research and Analysis Team (GREAT)• Team took pride in identifying APTs regardless of national origin to protect customers worldwide• Described security researchers as "paleontologists" uncovering complex digital threats• Participated in analysis of sophisticated threats like Stuxnet requiring specialized knowledge• Left Kaspersky in 2022 after Russia-Ukraine conflict began• Transitioned to pharmaceutical industry cybersecurity before joining CyberProof• Observes modern threats have blurred lines between nation-state actors, cybercriminals and hacktivists• Believes cybersecurity professionals must maintain perpetual learning mindset• Recommends self-learning and hands-on experience for aspiring security researchers• Notes AI is enabling more agile, automated attacks rather than quantum computing threatsConnect with Sergey on LinkedIn or visit cyberproof.com to learn more about their security services and research blog.Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast

1. Scrutiny of the "Tea" Dating AppThe women-focused dating app "Tea" faces backlash after two data breaches exposed 72,000 sensitive images and 1.1 million private messages. Though security upgrades were promised, past data remained exposed, and the app lacks end-to-end encryption. Additionally, anonymous features enabling posts about men have sparked defamation lawsuits. Critics argue Tea prioritized rapid growth over user safety, exemplifying the danger of neglecting cybersecurity in pursuit of scale.2. North Korean Remote Work InfiltrationCrowdStrike has flagged a 220% surge in North Korean IT operatives posing as remote workers—over 320 cases in the past year. These operatives use stolen/fake identities, aided by generative AI to craft résumés, deepfake interviews, and juggle multiple jobs. Their earnings fund Pyongyang's weapons programs. The tactic reveals the limits of traditional vetting and the need for advanced hiring security.3. Airportr's Data ExposureUK luggage service Airportr suffered a major security lapse exposing passport photos, boarding passes, and flight details—including those of diplomats. CyberX9 found it possible to reset accounts with just an email and no limits on login attempts. Attackers could gain admin access, reroute luggage, or cancel flights. Although patched, the incident underscores risks of convenience services with poor security hygiene.4. Risks of AI-Generated CodeVeracode's "2025 GenAI Code Security Report" found that nearly 45% of AI-generated code across 80 tasks had security flaws—many severe. This highlights the need for human oversight and thorough reviews. While AI speeds development, it also increases vulnerability if unchecked, making secure coding a human responsibility.5. Microsoft's SharePoint Hack ControversyChinese state hackers exploited flaws in SharePoint, breaching hundreds of U.S. entities. A key concern: China-based Microsoft engineers maintained the hacked software, potentially enabling earlier access. Microsoft also shared vulnerability data with Chinese firms through its MAPP program, while Chinese law requires such data be reported to the state. This raises alarms about outsourcing sensitive software to geopolitical rivals.6. Russian Embassy Surveillance AttackRussia's "Secret Blizzard" hackers used ISP-level surveillance to deliver fake Kaspersky updates to embassies. These updates installed malware and rogue certificates enabling adversary-in-the-middle attacks—allowing full decryption of traffic. The attack shows the threat of state-level manipulation of software updates and underscores the need for update authenticity verification.7. Signal's Threat to Exit AustraliaSignal may pull out of Australia if forced to weaken encryption. ASIO's push for access contradicts Signal's end-to-end encryption model, which can't accommodate backdoors without global compromise. This standoff underscores a broader debate: encryption must be secure for all or none. Signal's resistance reflects the rising tension between privacy advocates and governments demanding access.8. Los Alamos Turns to AILos Alamos National Laboratory has launched a National Security AI Office, signaling a pivot from nuclear to AI capabilities. With massive GPU infrastructure and university partnerships, the lab sees AI as the next frontier in scientific and national defense. This reflects a shift in global security dynamics—where large language models may be as strategically vital as missiles.

EP 254. In this week's update:Despite back-to-back data breaches and legal blowback, women are still queuing up by the millions for Tea.  This is one hot dating app that's apparently more viral than secure.North Korean IT operatives are clocking into remote jobs worldwide. Fueled by GenAI and fake identities in what CrowdStrike calls a daily cybersecurity crisis.A British luggage startup managed to lose more than just bags. Airportr briefly exposed diplomatic travel data and full backend access to anyone with a browser and curiosity.According to Veracode, nearly half of all AI-generated code is insecure. And that should leave you feeling insecure, especially if your code reviews have been neglectedMicrosoft confirmed Chinese engineers have long supported the same SharePoint software recently hacked by Beijing.  The breach hit hundreds of U.S. institutions—including nuclear and homeland security.Russian state hackers tricked foreign embassies into installing fake updates from “Kaspersky.”  The malware came with a rogue root certificate—and full surveillance capabilities.Signal's president warned it might pull out of Australia over demands to weaken encryption. The country's privacy pushback continues—and secure apps are packing their bags.Los Alamos is pouring resources into AI research—because in 2025, the most powerful weapon might be a large language model, rather than a missile.Finish that cuppa, we have a lot to cover!Find the full transcript to this podcast here.

Une enquête publiée par Microsoft révèle une vaste opération d'espionnage informatique visant plusieurs ambassades étrangères à Moscou. En cause : un groupe de hackers lié au FSB, les services de renseignement russes. Le groupe, connu sous le nom de Secret Blizzard, mais aussi sous les alias Turla, Snake ou encore Venomous Bear, sévit depuis la fin des années 1990. Leur dernière trouvaille ? Un malware baptisé ApolloShadow, capable de s'installer discrètement sur les ordinateurs diplomatiques… à partir même des connexions Internet locales.Comment ça fonctionne ? L'attaque débute dès qu'un appareil se connecte à un fournisseur d'accès russe. Les hackers redirigent alors le trafic vers une fausse page de connexion, similaire à celles des réseaux Wi-Fi publics. En coulisses, une requête Windows censée contacter Microsoft est détournée vers un domaine frauduleux. Le piège se referme : le logiciel espion s'installe sans que l'utilisateur ne clique sur quoi que ce soit. ApolloShadow se fait ensuite passer pour un banal installateur Kaspersky, affichant une fenêtre système qui semble légitime. Une fois les droits administrateur accordés, il installe deux certificats racine pour intercepter les connexions sécurisées. Résultat : même les échanges diplomatiques cryptés peuvent être espionnés. Le malware modifie les règles du pare-feu, redéfinit le réseau comme privé, et crée un compte système fantôme, “UpdatusUser”, qui permet aux attaquants de conserver l'accès.L'activité a été détectée en février 2025, mais le malware circulait déjà depuis l'an dernier. Microsoft a fourni aux ambassades les outils pour détecter les infections, et recommande désormais l'usage de VPN ou de connexions satellites pour contourner les infrastructures russes. Un rappel sévère : la diplomatie moderne ne se joue plus seulement autour d'une table… mais aussi dans les câbles. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.

Noite bizarra na TV brasileira: o sinal da Record News é invadido e exibe um vídeo de creepypasta misterioso, teve vazamento da Apple com imagens que revelam a linha completa do iPhone 17 antes da hora. No campo da segurança, idosos estão sendo enganados com pedidos de fotos na rua e caindo em fraudes bancárias. Um estudo aponta que o sistema de reconhecimento facial em São Paulo não reduziu os crimes. Do lado da ciência, pesquisadores brasileiros criam uma IA capaz de detectar a agressividade do câncer e o YouTube usará IA para diferenciar contas de menores de idade e adultos.

Mais de 11 milhões de brasileiros têm dados bancários expostos em falha grave no sistema do Judiciário! ‘Lei Elon Mais de 11 milhões de brasileiros têm dados bancários expostos em falha grave no sistema do Judiciário! ‘Lei Elon Musk': Guilherme Boulos apresenta projeto audacioso que pode fazer as big techs PAGAREM os usuários!? Trump muda radicalmente de ideia e desiste de dividir a Nvidia após conversa surpreendente com CEO. One UI 8 e Android 16 estão chegando: descubra AGORA se seu Galaxy vai receber a atualização. YouTube revoluciona comentários com sistema inspirado no Reddit.

In this episode, I address listener feedback and corrections regarding use of public Wi-Fi, MAC addresses, and aliases. I dive deep into the nuances of MAC address randomization on GrapheneOS versus Apple's private Wi-Fi addresses, explaining why GrapheneOS offers superior privacy protection. I discuss the real threats of public Wi-Fi in 2025 (hint: it's not hackers with Wireshark), and share my approach with aliases.I also cover the rising threat of infostealers like Atomic Info Stealer for macOS, the dangerous intersection of gaming cheats and malware, and why I avoid third-party antivirus software. Most importantly, I address the GrapheneOS controversy: the loss of a senior developer to military conscription, Google's strategic pivot that threatens custom ROMs, and why claims of GrapheneOS “dying” are misinformation spread by those with competing agendas.In this week's episode:Clarifications and Corrections: Public Wi-Fi, MAC addresses, and alias managementMAC address randomization: GrapheneOS vs Apple's implementationThe real threats of public Wi-Fi in 2025Info stealers and video games can be a privacy nightmareGrapheneOS controversy: Developer conscription, Google's lockdown, and the future of custom ROMsWhy antivirus software might be the malware you're trying to avoidMatrix Community RoomsMatrix Community Space - https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links:https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links:MAC Address Lookup - https://maclookup.app/OUI Lookup - https://oui.is/33mail - https://www.33mail.com/OpenSnitch - https://github.com/evilsocket/opensnitchPrivacy.com - https://privacy.comLithic - https://lithic.comKaspersky and Russian Government - https://en.wikipedia.org/wiki/Kaspersky_and_the_Russian_governmentGoogle Not Killing AOSP - https://www.androidauthority.com/google-not-killing-aosp-3566882/GrapheneOS on Developer Conscription - https://grapheneos.social/@GrapheneOS/114359660453627718GrapheneOS on OEM Partnerships (June 19) - https://grapheneos.social/@GrapheneOS/114671100848024807GrapheneOS Response to Misinformation - https://grapheneos.social/@GrapheneOS/114825492698412916GrapheneOS on iPhone Security - https://grapheneos.social/@GrapheneOS/114824816120139544“Social engineering bypasses all technologies, including firewalls.”- Kevin Mitnick ★ Support this podcast on Patreon ★

Joining the podcast this week is Dmitry Bestuzhev, senior director of cyber threat intelligence (CTI) at Blackberry. He gives Petko an inside look into the key types of CTI and how the insights can be used to build context and determine response in specific circumstances, such as in the recent case of attempted targets at NATO. Dmitry also turns our attention to the risks posed by public charging stations - a ploy dubbed “Juice Jacking.”   Dmitry Bestuzhev, Senior Director CTI at BlackBerry Dmitry Bestuzhev is Senior Director, CTI (Cyber Threat Intelligence) at BlackBerry. Prior to BlackBerry, Dmitry was Head of Kaspersky's Global Research and Analysis Team for Latin America, where he oversaw the company's experts' anti-malware development work in the region. Dmitry has more than 20 years of experience in IT security across a wide variety of roles. His field of expertise covers everything from traditional online fraud to targeted high-profile attacks on financial and governmental institutions. His main focus in research is on producing Threat Intelligence reports on financially motivated targeted attacks. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e341

Bénéficiez de l'offre Kaspersky Small Office Security en cliquant ici https://kas.pr/39xiUtilisez le code promo ESOA20 C'est le bon plan ESOA ✌

Joining the podcast this week is Dmitry Bestuzhev, senior director of cyber threat intelligence (CTI) at Blackberry. He gives Petko an inside look into the key types of CTI and how the insights can be used to build context and determine response in specific circumstances, such as in the recent case of attempted targets at NATO. Dmitry also turns our attention to the risks posed by public charging stations - a ploy dubbed “Juice Jacking.”   Dmitry Bestuzhev, Senior Director CTI at BlackBerry Dmitry Bestuzhev is Senior Director, CTI (Cyber Threat Intelligence) at BlackBerry. Prior to BlackBerry, Dmitry was Head of Kaspersky's Global Research and Analysis Team for Latin America, where he oversaw the company's experts' anti-malware development work in the region. Dmitry has more than 20 years of experience in IT security across a wide variety of roles. His field of expertise covers everything from traditional online fraud to targeted high-profile attacks on financial and governmental institutions. His main focus in research is on producing Threat Intelligence reports on financially motivated targeted attacks. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e340

Researchers uncover a major privacy violation involving tracking scripts from Meta and Yandex. A compliance automation firm discloses a data breach. PumaBot stalks vulnerable IoT devices. The Ramnit banking trojan gets repurposed for ICS intrusions. The North Face suffers a credential stuffing attack. Kaspersky says the Black Owl team is a cyber threat to Russia. CISA releases ISC advisories. An Indian grocery delivery startup suffers a devastating data wiping attack. The UK welcomes their new Cyber and Electromagnetic (CyberEM) Command. Our guest is Rohan Pinto, CTO of 1Kosmos, discussing the implications of AI deepfakes for biometric security. The cybersecurity sleuths at Sophos unravel a curious caper. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Rohan Pinto, CTO of 1Kosmos, and he is discussing the implications of AI deepfakes for biometric security. Selected Reading Meta and Yandex are de-anonymizing Android users' web browsing identifiers (Ars Technica) Vanta leaks customer data due to product code change (Beyond Machines) New Linux PumaBot Attacking IoT Devices by Brute-Forcing SSH Credentials (Cyber Security News) Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift (SecurityWeek) The North Face warns customers of April credential stuffing attack (Bleeping Computer) Pro-Ukraine hacker group Black Owl poses ‘major threat' to Russia, Kaspersky says (The Record) CISA Releases ICS Advisories Covering Vulnerabilities & Exploits (Cyber Security News) Indian grocery startup KiranaPro was hacked and its servers deleted, CEO confirms (TechCrunch) UK CyberEM Command to spearhead new era of armed conflict (The Register) Widespread Campaign Targets Cybercriminals and Gamers  (Infosecurity Magazine) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

04 Jun 2025. Airfares are reportedly down 40% from a year ago with airlines making just $7 per flight. We get a reaction from aviation lawyer Nick Humphrey. Plus, RAK Bank surveys SMEs about their outlook, we get the results from Dhiraj Kunwar. And Kaspersky’s Maher Yamout breaks down the latest cyber threat targeting fintech and trading apps.See omnystudio.com/listener for privacy information.

Spionage-Verdacht rund um den Schweizer Geheimdienst: Mitarbeitende haben mit russischen Kontakten kooperiert, zeigt eine Recherche von SRF Investigativ. Dabei sollen auch hochsensible Daten abgeflossen und bei russischen Geheimdiensten gelandet sein. Eine Geheimdienstexpertin ist perplex. Mitarbeitende des Schweizer Geheimdienstes sollen über Jahre eng mit russischen Kontakten kooperiert haben. Das erstaune sie sehr, sagt Geheimdienstexpertin Aviva Guttmann. Der Nachrichtendienst des Bundes NDB müsse häufig mit anderen Geheimdiensten zusammenarbeiten, aber Russland sei da sicher kein guter Partner. Wir sprechen mit ihr darüber, wie der Schweizer Geheimdienst arbeitet und wie sie die Enthüllungen von SRF Investigativ einordnet. Hinweis: Im Podcast sprechen wir fälschlicherweise von Kapersky statt Kaspersky. Wir entschuldigen uns für diesen Versprecher. ____________________ Habt Ihr Fragen oder Themen-Inputs? Schreibt uns gerne per Mail an newsplus@srf.ch oder sendet uns eine Sprachnachricht an 076 320 10 37. ____________________ In dieser Episode zu hören - Aviva Guttmann, Geheimdienstexpertin, Dozentin und Forscherin an der Universität Aberystwyth in Wales - Christo Grozev, Investigativjournalist, der sich seit Jahren mit russischen Geheimdiensten befasst - Bundesrat Martin Pfister, der als Verteidigungsminister für den Nachrichtendienst des Bundes zuständig ist - Balthasar Glättli, Sicherheitspolitiker Grüne - Thomas Hurter, Sicherheitspolitiker SVP ____________________ Links - Die Recherche zur Russland-Affäre im Schweizer Geheimdienst: https://www.srf.ch/news/schweiz/russland-affaere-im-ndb-liess-sich-der-schweizer-geheimdienst-von-russland-beeinflussen - Hörtipp: Die neue Serie von News Plus Hintergrunde mit dem Titel «Die Spritze - zwischen Hype und Hoffnung»: https://www.srf.ch/audio/news-plus-hintergruende/die-spritze-zwischen-hype-und-hoffnung-1-4-der-erste-shot?id=AUDI20250603_NR_0002 ____________________ Team - Moderation: Raphaël Günther - Produktion: Martina Koch - Mitarbeit: Peter Hanselmann ____________________ Das ist «News Plus»: In einer Viertelstunde die Welt besser verstehen – ein Thema, neue Perspektiven und Antworten auf eure Fragen. Unsere Korrespondenten und Expertinnen aus der Schweiz und der Welt erklären, analysieren und erzählen, was sie bewegt. «News Plus» von SRF erscheint immer von Montag bis Freitag um 16 Uhr rechtzeitig zum Feierabend.

xorsearch Update Diedier updated his "xorsearch" tool. It is now a python script, not a compiled binary, and supports Yara signatures. With Yara support also comes support for regular expressions. https://isc.sans.edu/diary/xorsearch.py%3A%20Searching%20With%20Regexes/31854 Shorter Lived Certificates The CA/Brower Forum passed an update to reduce the maximum livetime of certificates. The reduction will be implemented over the next four years. EFF also released an update to certbot introducing profiles that can be used to request shorter lived certificates. https://www.eff.org/deeplinks/2025/04/certbot-40-long-live-short-lived-certs https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/bvWh5RN6tYI New Malware Harvesting Data from USB drives and infecting them. Kaspersky is reporting that they identified new malware that not only harvests data from USB drives, but also spread via USB drives by replacing existing documents with malicious files. https://securelist.com/goffee-apt-new-attacks/116139/

Three Buddy Problem - Episode 40: On the show this week, we look at the technical deficiencies and opsec concerns around the use of Signal for ultra-sensitive communications. Plus, some speculation on who's behind Kaspersky's ‘Operation Forum Troll' report, Chinese discussion on NSA/CIA mobile networks exploitation, and the return of ‘Lab Dookhtegan' hack-and-leak exposures. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

Firefox amends their privacy policy -- the world melts down. Signal threatens to leave Sweden. Aftermath of the massive $1.5 billion Bybit ETH heist. It turns out that it wasn't actually Bybit's fault. "The Lazarus Bounty" monitoring and management site. Mozilla's commitment to Manifest V2 (and the uBlock Origin). What does the ACM's plea for memory-safe languages mean for developers? What exactly are memory-safe languages? Australia joins the Kaspersky ban. Gmail plans to switch from SMS to QR code authentication. A SpinRite success and some fun feedback. An astonishing new technology for targeted radio jamming Show Notes - https://www.grc.com/sn/SN-1015-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com bitwarden.com/twit veeam.com threatlocker.com for Security Now

Firefox amends their privacy policy -- the world melts down. Signal threatens to leave Sweden. Aftermath of the massive $1.5 billion Bybit ETH heist. It turns out that it wasn't actually Bybit's fault. "The Lazarus Bounty" monitoring and management site. Mozilla's commitment to Manifest V2 (and the uBlock Origin). What does the ACM's plea for memory-safe languages mean for developers? What exactly are memory-safe languages? Australia joins the Kaspersky ban. Gmail plans to switch from SMS to QR code authentication. A SpinRite success and some fun feedback. An astonishing new technology for targeted radio jamming Show Notes - https://www.grc.com/sn/SN-1015-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com bitwarden.com/twit veeam.com threatlocker.com for Security Now

Firefox amends their privacy policy -- the world melts down. Signal threatens to leave Sweden. Aftermath of the massive $1.5 billion Bybit ETH heist. It turns out that it wasn't actually Bybit's fault. "The Lazarus Bounty" monitoring and management site. Mozilla's commitment to Manifest V2 (and the uBlock Origin). What does the ACM's plea for memory-safe languages mean for developers? What exactly are memory-safe languages? Australia joins the Kaspersky ban. Gmail plans to switch from SMS to QR code authentication. A SpinRite success and some fun feedback. An astonishing new technology for targeted radio jamming Show Notes - https://www.grc.com/sn/SN-1015-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com bitwarden.com/twit veeam.com threatlocker.com for Security Now

Firefox amends their privacy policy -- the world melts down. Signal threatens to leave Sweden. Aftermath of the massive $1.5 billion Bybit ETH heist. It turns out that it wasn't actually Bybit's fault. "The Lazarus Bounty" monitoring and management site. Mozilla's commitment to Manifest V2 (and the uBlock Origin). What does the ACM's plea for memory-safe languages mean for developers? What exactly are memory-safe languages? Australia joins the Kaspersky ban. Gmail plans to switch from SMS to QR code authentication. A SpinRite success and some fun feedback. An astonishing new technology for targeted radio jamming Show Notes - https://www.grc.com/sn/SN-1015-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com bitwarden.com/twit veeam.com threatlocker.com for Security Now

Firefox amends their privacy policy -- the world melts down. Signal threatens to leave Sweden. Aftermath of the massive $1.5 billion Bybit ETH heist. It turns out that it wasn't actually Bybit's fault. "The Lazarus Bounty" monitoring and management site. Mozilla's commitment to Manifest V2 (and the uBlock Origin). What does the ACM's plea for memory-safe languages mean for developers? What exactly are memory-safe languages? Australia joins the Kaspersky ban. Gmail plans to switch from SMS to QR code authentication. A SpinRite success and some fun feedback. An astonishing new technology for targeted radio jamming Show Notes - https://www.grc.com/sn/SN-1015-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com bitwarden.com/twit veeam.com threatlocker.com for Security Now

Apple, the UK, and data protection, you can get pwned really fast, Australia says no Kaspersky for you!, the default password is on the Internet, topological qubits, dangerous AI tools, old software is not just old but vulnerable too, tearing down Sonic Walls, CWE is good but could be great, updating your pi-hole, should you watch "Zero Day"? my non-spoiler review will tell you, no more DBX hellow SBAT!, and I love it when chat logs of secret not-so-secret ransomware groups are leaked! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-863

Cronenbergs, Dangling Twitchbots, Crypto, Kaspersky, SMS, OT, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-454

Retired Gen. Paul Nakasone warns the U.S. is falling behind in cyberspace. Australia orders government entities to remove and ban Kaspersky products. FatalRAT targets industrial organizations in the APAC region. A major cryptocurrency exchange reports the theft of $1.5 billion in digital assets. Apple removes end-to-end encryption (E2EE) for iCloud in the UK. Researchers uncover a LockBit ransomware attack exploiting a Windows Confluence server. Researchers uncover zero-day vulnerabilities in a widely used cloud logging utility.A PayPal email scam is tricking users into calling scammers. Republican leaders in the House request public input on national data privacy standards. A Michigan man faces charges for his use of the Genesis cybercrime marketplace. Our guest is  Karl Sigler, Senior Security Research Manager from Trustwave SpiderLabs, explaining the domino effect of a cyberattack on the power grid. Meta sues an Insta Extortionist. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Dave speaks with Karl Sigler, Senior Security Research Manager from Trustwave SpiderLabs, about the domino effect of a cyberattack on the power grid. You can dig into the details in their report.  Selected Reading Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace (CyberScoop) Kaspersky Banned on Australian Government Systems (SecurityWeek) Chinese Hackers Attacking Industrial Organizations With Sophisticated FatalRAT (Cyber Security News) Bybit Hack Drains $1.5 Billion From Cryptocurrency Exchange (SecurityWeek) Experts Slam Government After “Disastrous” Apple Encryption Move (Infosecurity Magazine) Confluence Exploit Leads to LockBit Ransomware (The DFIR Report) Fluent Bit 0-day Vulnerabilities Exposes Billions of Production Environments to Cyber Attacks (Cyber Security News) Beware: PayPal "New Address" feature abused to send phishing emails (Bleeping Computer) Top House E&C Republicans query public for ideas on data privacy law (CyberScoop) US Charges Genesis Market User (SecurityWeek) Meta Sues Alleged Instagram Extortionist (404 Media)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

President Trump rolls back AI regulations and throws TikTok a lifeline. Attackers pose as Ukraine's CERT-UA tech support. A critical vulnerability is found in the Brave browser. Sophos observes hacking groups abusing Microsoft 365 services and exploiting default Microsoft Teams settings. Researchers uncover critical flaws in tunneling protocols. A breach exposes personal information of thousands of students and educators. Oracle patches 320 security vulnerabilities. Kaspersky reveals over a dozen vulnerabilities in a Mercedes-Benz infotainment system. Tim Starks from CyberScoop discusses executive orders on cybersecurity and the future of CISA. We preview coming episodes of Threat Vector.  Honesty isn't always the best policy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector podcast preview today:  IoT devices are everywhere, with billions deployed globally in industries like healthcare, manufacturing, and critical infrastructure. But this explosion of connectivity brings unprecedented security challenges. Host David Moulton speaks with Dr. May Wang, CTO of IoT Security at Palo Alto Networks, about how AI is transforming IoT security. Stay tuned for the full conversation this Thursday.  CyberWire Guest Our guest is Tim Starks from CyberScoop discussing executive orders on cybersecurity and the future of CISA. You can read Tim's article on the recent Biden EO here.   Selected Reading Trump revokes Biden executive order on addressing AI risks (Reuters) TikTok is back up in the US after Trump says he will extend deadline (Bleeping Computer) Hackers impersonate Ukraine's CERT to trick people into allowing computer access (The Record)  Brave Browser Vulnerability Let Malicious Website Mimic as Legitimate One (Cyber Security News)  Ransomware Groups Abuse Microsoft Services for Initial Access (SecurityWeek) Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally (Hackread) Students, Educators Impacted by PowerSchool Data Breach (SecurityWeek) Oracle To Address 320 Vulnerabilities in January Patch Update (Infosecurity Magazine) Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities (SecurityWeek) Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices