Podcasts about knowbe4

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Christina Shannon, CIO, KIK Consumer Products. Joining them is Jim Bowie, CISO, Tampa General Hospital. In this episode: A journey, not a destination The difference between pressure and stress Fighting commodity deepfakes Getting leadership on the same page HUGE thanks to our sponsors, Proofpoint, Cofense, & KnowBe4 With an integrated suite of cloud-based cybersecurity and compliance solutions, Proofpoint helps organizations around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Discover cutting-edge security insights and industry trends from leading experts at Proofpoint Power Series—a monthly virtual event designed to empower the security community. Learn more at proofpoint.com Powered by 35 million trained employee reporters, the exclusive Cofense® PhishMe® Email Security Awareness Training with Risk Validation and Phishing Threat Detection and Response Platforms combine robust training with advanced tools for phishing identification and remediation. Together, our solutions empower organizations to identify, combat, and eliminate phishing threats in real-time. Learn more at cofense.com KnowBe4's PhishER Plus is a lightweight SOAR platform that streamlines threat response for high-volume, potentially malicious emails reported by users. It automatically prioritizes messages, helping InfoSec and Security Operations teams quickly address the most critical threats, reducing inbox clutter and enhancing overall security efficiency. Learn more at knowbe4.com

James Maude chats with Roger Grimes, a 36-year cyber veteran and KnowBe4's Defense Evangelist. From hacking DOS viruses for John McAfee to catching Chinese APT hackers red-handed, Roger's war stories are unforgettable. But he's not just here for the drama—he lays out a bold plan to fix Internet security and reveals why social engineering remains our biggest blind spot. Don't miss this episode—it's a masterclass in cyber warfare, deception, and the battle for a safer digital future!

In this episode of the Skin in the Game podcast, we sit down with Stu Sjouwerman, founder and CEO of KnowBe4, to discuss how he built one of the world's most successful cybersecurity startups from the ground up.KnowBe4, headquartered in Clearwater, Florida, is a cybersecurity training company focused on mitigating human risk through simulated phishing, user training, and real-time alerts. Today, it generates over $500 million in annual recurring revenue (ARR)—but it started in a 10x10 office, with no external funding.Stu breaks down how he identified a massive market gap: most cyberattacks aren't due to software vulnerabilities—they're the result of social engineering and human error.He shares how ransomware attacks in 2013 created a turning point for KnowBe4, propelling the startup into hypergrowth. His strategy? Move fast, market smart, and keep the product simple and sticky.Stu also dives into:The future of SaaS in the age of AIHow KnowBe4 is evolving into a platform companyWhy AI and quantum computing will trigger “company extinction events”His belief that LLMs are already a commodity, and the future lies in vertical AI agentsFor founders and VCs alike, the episode offers a wealth of insights on startup scaling, product-market fit, and what investors should look for in repeat entrepreneurs.Whether you're a founder, cybersecurity professional, or angel investor, this conversation with Stu Sjouwerman is a must-listen. Hosted on Acast. See acast.com/privacy for more information.

In our latest podcast episode, we delve into the evolving landscape of cybersecurity threats, uncovering how sophisticated attacks are crippling industries and government institutions. We examine how the Black Basta ransomware gang is leveraging brute-force attacks against edge devices, enabling them to infiltrate networks with alarming efficiency. This highlights the growing need for businesses to fortify their perimeter defenses. Additionally, we discuss the Cleveland Municipal Court cyberattack, which has left operations crippled for over three weeks, shedding light on the prolonged impact of cyber incidents on the judicial system. Similarly, we explore the Atchison County government shutdown, where a cyberattack forced local offices to close, emphasizing the vulnerabilities in public sector cybersecurity. We also analyze a recent KnowBe4 report, which warns that the education sector remains dangerously unprepared for escalating cyberattacks, leaving schools and universities at high risk. Finally, we examine a newly discovered Microsoft365 exploit, where attackers are bypassing traditional email security measures, prompting an FBI warning for Gmail, Outlook, and VPN users to take immediate action. Cyber threats are evolving rapidly—are organizations prepared to defend against them? Tune in as we break down these incidents and discuss proactive security measures to mitigate risks.

Are your staff as ready as they can be for the next attack?Our cybersecurity training team manages hundreds of clients and shares our knowledge on what works to keep your staff prepared, not just scared.Matt Eshleman, our CTO and cybersecurity expert answers your questions on how to manage frequent, timely, and engaging training.Part 1 covers the cybersecurity landscape and types of threats facing nonprofits, our framework for how to think about cybersecurity and where staff training fits in your strategy, and the basic philosophy of security awareness training. Pt 2 gets into the details and examples of a typical cybersecurity training program, and Matt answers audience Q&A.Cybersecurity Awareness Training TipsWe often say that staff training is a foundation for cybersecurity protections. As the risks are always evolving, your training needs to be current too. Gone are the days when your staff could be adequately protected by watching an hour long video with a quiz once a year. But managing more frequent training is difficult. We will discuss the tool we use, KnowBe4, which makes it easy to stay up to date and administer training to all staff. There are other training tools out there that work for nonprofit staff – the most important tip is to commit to training and to prioritize it as a team. Your staff and leadership are your best defense of the organization you care about.In addition, with new auditing requirements SAS145 your auditor must assess IT risks to your financial processes – and it will be necessary to demonstrate staff cybersecurity training in your audits. Learn about these issues and more with our experts! If you've been putting off implementing a comprehensive cybersecurity awareness training regime, don't wait any longer. Join CTO Matthew Eshleman and host Carolyn Woodard to learn how to implement an up-to-date and flexible cybersecurity awareness training program this year.As with all our webinars, this presentation is appropriate for an audience of varied IT experience.Community IT is proudly vendor-agnostic and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community. There are multiple cybersecurity awareness training vendors with products that work for nonprofits. We will be discussing the tool we have selected and use, KnowBe4, which offers nonprofit discounts, but our insights and tips will be useful no matter what training program you are using, or if you want to create and run cybersecurity awareness training in house.Many questions asked at registration or live at the virtual event will be answered in the transcript. Check back after the webinar for additional resources. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Are your staff as ready as they can be for the next attack?Our cybersecurity training team manages hundreds of clients and shares our knowledge on what works to keep your staff prepared, not just scared.Matt Eshleman, our CTO and cybersecurity expert answers your questions on how to manage frequent, timely, and engaging training.Part 1 covers the cybersecurity landscape and types of threats facing nonprofits, our framework for how to think about cybersecurity and where staff training fits in your strategy, and the basic philosophy of security awareness training. Pt 2 gets into the details and examples of a typical cybersecurity training program, and Matt answers audience Q&A.Cybersecurity Awareness Training TipsWe often say that staff training is a foundation for cybersecurity protections. As the risks are always evolving, your training needs to be current too. Gone are the days when your staff could be adequately protected by watching an hour long video with a quiz once a year. But managing more frequent training is difficult. We will discuss the tool we use, KnowBe4, which makes it easy to stay up to date and administer training to all staff. There are other training tools out there that work for nonprofit staff – the most important tip is to commit to training and to prioritize it as a team. Your staff and leadership are your best defense of the organization you care about.In addition, with new auditing requirements SAS145 your auditor must assess IT risks to your financial processes – and it will be necessary to demonstrate staff cybersecurity training in your audits. Learn about these issues and more with our experts! If you've been putting off implementing a comprehensive cybersecurity awareness training regime, don't wait any longer. Join CTO Matthew Eshleman and host Carolyn Woodard to learn how to implement an up-to-date and flexible cybersecurity awareness training program this year.As with all our webinars, this presentation is appropriate for an audience of varied IT experience.Community IT is proudly vendor-agnostic and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community. There are multiple cybersecurity awareness training vendors with products that work for nonprofits. We will be discussing the tool we have selected and use, KnowBe4, which offers nonprofit discounts, but our insights and tips will be useful no matter what training program you are using, or if you want to create and run cybersecurity awareness training in house.Many questions asked at registration or live at the virtual event will be answered in the transcript. Check back after the webinar for additional resources. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Torque is the force that keeps a system stable and in motion—just like cybersecurity, where constant pressure, precision, and adaptability are critical to staying ahead of threats. Curt Vincent knows this well, having transitioned from troubleshooting turbine engines in the Army to leading cybersecurity at the highest levels of Wall Street. A retired U.S. Army Lieutenant Colonel with tech-heavy deployments in Desert Storm and post-9/11 cyber warfare, Curt went on to build and lead Morgan Stanley's 400-person Cyber Security Division, later holding executive roles at Bank of America and Goldman Sachs. Now a trusted advisor to C-suites and boards, Curt shares how the lessons of engineering, military strategy, and high-stakes cyber defense all come down to maintaining control under pressure.TIMESTAMPS:00:00 Curt Vincent's Journey to Cybersecurity14:40 Building Cybersecurity at Morgan Stanley28:39 Cultural Shifts in Cybersecurity Practices29:24 The Disconnect Between Cybersecurity and Business32:13 Accountability and Consequences in Cybersecurity35:12 Communication and Leadership in Cybersecurity38:40 Connecting with the Audience: The Role of Analogies39:14 Unique Experiences and Cultural PerspectivesSYMLINKS:Curt Vincent's Website - https://curtvincent.comCurt Vincent's speaker website where he shares insights on cybersecurity, leadership, and consulting.KnowBe4 - https://www.knowbe4.comA cybersecurity awareness training platform that specializes in phishing simulation and security education to help organizations mitigate human-related risks.Proofpoint - https://www.proofpoint.comA cybersecurity company providing threat intelligence, email security, and phishing prevention solutions to protect organizations from cyber threats.Morgan Stanley Cybersecurity - https://www.morganstanley.com/Morgan Stanley's approach to cybersecurity includes best practices and risk management strategies for businesses and individuals.Widener University - https://www.widener.eduThe university where Curt Vincent pursued his degree before re-entering the military and advancing in his cybersecurity career.CONNECT WITH USwww.barcodesecurity.comBecome a SponsorFollow us on LinkedInTweet us at @BarCodeSecurityEmail us at info@barcodesecurity.com

Guest:Jaqueline (JJ) JayneJJ has worked with people and technology for over 25 years, wearing multiple hats, resulting in an enviable breadth and depth of experience, insights and knowledge. She successfully led a security awareness and training program that resulted in a strong security culture and observable behaviour change. Over the last 5-years, JJ worked at KnowBe4, where she quickly established herself as a trusted voice in the region. Now, JJ consults and advises organisations, appears at conferences and events with her thought leadership, and provides insights across all forms of media.On LinkedIn: https://www.linkedin.com/in/jacquelinejayne/Website: https://www.jacquelinejayne.com.au_____________________________Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society & Technology PodcastVisit Marco's website

John and Glen connect with noted security expert Roger Grimes to untangle the recent developments in quantum computing and discuss why Roger believes the big encryption-obliterating breakthrough will come sooner rather than later - if it hasn't already.    Links related to this episode:   Roger's recent LinkedIn post on why a 2035 Quantum prep date is “insane”: https://www.linkedin.com/pulse/i-think-2035-post-quantum-preparation-date-insane-roger-grimes-yotee/ KnowBe4: https://www.knowbe4.com/ Roger's book “Cryptography Apocalypse”: https://www.amazon.com/Cryptography-Apocalypse-Preparing-Quantum-Computing-ebook/dp/B07Z837R86/ Roger's latest release, “Fighting Phishing”: https://www.amazon.com/Fighting-Phishing-Everything-Social-Engineering-ebook/dp/B0CSX1JC9B/   Join us for our next CU Town Hall - Wednesday January 29 at 3pm ET/Noon PT- for a live and lively interactive conversation tackling the major issues facing credit unions today. Industry developments keep coming fast and furious- how many of us had China's DeepSeek AI bombshell on their Bingo card? The CU Town Hall is the place to make sense of these items together. It's free to attend, but advance registration is required:  https://www.cutownhall.com/  Find us on BlueSky at @bigfintech, @jbfintech and @154Advisors You can also follow us on LinkedIn: https://www.linkedin.com/company/best-innovation-group/   https://www.linkedin.com/in/jbfintech/ https://www.linkedin.com/in/glensarvady/

Continuing its global expansion plan, Integrity360 has acquired Nclose, a well-established and highly regarded cyber security services company operating out of both Cape Town and Johannesburg in South Africa. The terms of the transaction were not disclosed. The acquisition comes on the back of the previously announced acquisition of Cape Town headquartered Grove Group in August 2024. Together with Nclose, Integrity360 resources in South Africa now total over 180 employees and will operate as a significant regional hub and global SOC (Security Operations Centre) location for the group serving both local and international customers. With the addition of Integrity360's new SOC in Madrid, which is coming on line during Q1 2025, the group will operate across six SOC locations, enabling the group to provide an ever-expanding multi lingual 24/7 capability for its comprehensive suite of managed services, including EDR (Endpoint Detection and Response), XDR (Extended Detection and Response), and MDR (Managed Detection and Response) solutions. Founded in 2006, Nclose has developed a reputation for service excellence amongst its customer base, which includes multiple leading South African and international businesses. Nclose provides a range of cyber security solutions, including consulting, a full suite of managed services for cyber infrastructure, MDR services and a select range of technology solutions from leading international cyber security vendors including CrowdStrike, Netskope, Tenable, McAfee, KnowBe4, Forcepoint and Sentinel One - all of which build on and are complementary to the group's existing relationships. Nclose adds approx. 150 customers, circa €18m to group revenues and approx. 125 employees, bringing the group on a 2024 pro forma basis to global revenues exceeding €150m, operating with a team of approx. 675 dedicated cyber security professionals. Continued innovation and demand for its services across EMEA will expand group revenues in 2025 across all territories. Significantly, Nclose also brings to the group "Cyberfire", an internally developed, innovative and complementary MDR platform which is ideally positioned for SME and mid-market organisations. Cyberfire will complement Integrity360's existing Gartner-recognised MDR service, which allows integration from multiple SIEM (Security Information and Event Management) platforms, network and end-point technologies. Cyberfire focuses on identifying "the real alerts that matter" and doesn't require a third-party SIEM as the platform contains over 1,300 AI-enhanced individual detections to identify malicious activity. These detections are continuously expanded month on month, by an in-house detection engineering team, and which add to and are complementary to the group's existing capability. Cyberfire is also priced based on the number of end points and not data consumed, making it more attractive than many other solutions where costs can depend on volumes of data, something that is not always predictable and can present budgeting issues for organisations. Integrity360 will invest further in the CyberFire platform and make it available to its wider set of international customers across all territories over the coming months. Nclose customers will benefit from access to Integrity360's extensive and complementary cyber services portfolio encapsulating cyber risk and assurance, cyber security testing, incident response, infrastructure, PCI compliance, and a highly comprehensive range of cyber security managed services, including innovative XDR/MDR solutions. Integrity360's innovative range of services have been recognised four times in a Gartner market guide most recently as a Representative Vendor for the second year running in the Gartner guide for Managed Detection and Response services. Ian Brown, Executive Chairman at Integrity360 commented: "We are very excited to be welcoming the Nclose team to Integrity360. The journey they have been on since their formation in ...

It's the last week before Christmas but while everyone else may be winding up for the festive season, the news never sleeps. In this episode of the ITPro Podcast, Jane is joined by news and analysis editor Ross Kelly to look back at some of the biggest stories from the month of December.Included in this episode:The US charges 14 members of a North Korean IT worker scamIreland has become a ‘data dumping ground', says Friends of the EarthIs virtual reality the next frontier in software development?Read more:Cyber firm KnowBe4 unknowingly hired a North Korean hacker – and it went exactly as you might thinkLawmakers clash over Irish data center industry growth amid environmental concernsUK warned about data center need, again“Significant concerns” raised over impact of data center growth on regional energy gridsWWDC 2023: Will Apple's Vision Pro be a VR game changer?Why 2024 won't be the year of AR, VR or any kind of immersive tech

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First we start off with some follow up, our hosts share some more information on VIN swapping, and a clarification on bank participation in FinCEN. Maria shares a telling tale about a Bethesda couple loosing $367,000 in gold bars to a sophisticated scam involving fake officials and elaborate deceptions, but a police sting led to the arrest of a suspect, highlighting a growing nationwide trend of elderly victims targeted by gold bar fraud. Joe's story comes from KnowBe4 and is on DavidB, their VP of Asia Pacific, thwarting a sophisticated social engineering attack via WhatsApp by recognizing inconsistencies in the impersonator's behavior and verifying directly with the colleague they claimed to be. Dave's story comes from the FBI on how criminals are exploiting generative AI to enhance fraud schemes, including using AI-generated text, images, audio, and video to create convincing social engineering attacks, phishing scams, and identity fraud, while offering tips to protect against these threats. Our catch of the day comes from a listener who received an urgent email from someone claiming to be an FBI agent with a rather dramatic tale about intercepted consignment boxes, missing documents, and a ticking clock—but let's just say this "agent" might need some better training in both law enforcement and grammar. Resources and links to stories: “VIN swap scam costs Las Vegas man $50K, new truck" FinCEN Gold bar scammers claimed hackers could fund Russian missiles, police say Real Social Engineering Attack on KnowBe4 Employee Foiled Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

CONSUMER INSIGHTS Topic: Hidden privacy risks of fitness apps Guest: Anna Collard, SVP of Content Strategy at KnowBe4

Creating habits of healthy skepticism when receiving texts or emails can prevent you from clicking on phishing links. Everybody is vulnerable online, especially when distracted or in a hurry. But cultivating critical thinking and self-awareness can enhance protection against manipulation. Today's guest is Perry Carpenter. Perry is an award-winning author, podcaster, and speaker with over two decades in cybersecurity, focusing on how cyber criminals exploit human behavior. As the Chief Human Risk Management Strategist at KnowBe4, Perry helps build robust, human-centric defenses against social engineering-based threats. His latest book FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions, tackles AI's role in deception. Show Notes: [1:02] - Perry shares his background and what his career has entailed. [4:01] - Regardless of how much people say, spend, or do on security-related issues, the people side of things is hard to control. [5:25] - Perry has always been interested in deception and misdirection. [6:59] - Even as a security professional, Perry has experienced enough distraction to click a phishing email. [9:43] - It is easier to be distracted and not follow usual healthy security habits than being on a computer. [12:24] - We fall into habits easily, especially when the behavior is simple and easy. [16:00] - Technology based deception is more available to anybody than in any other time in history. [18:10] - Security professionals and often pushed in the roles of giving advice. [19:40] - Reflection questions like “Why is this in front of me?” might prevent someone from falling victim to a scam. [26:58] - Everybody is vulnerable. Even though cybersecurity professionals know more on the topic than some others, it is still possible for them as well. [30:40] - Pig butchering and crypto scammers sometimes actually do send money back as a tactic to earn trust and increase hope. [34:42] - We have to have a healthy skepticism of the information environment that we live in. [36:39] - There are very few situations in life where you won't benefit from slowing down and thinking things through. [38:41] - Perry suggests a family activity that will help boost understanding of pressure tactics. [40:17] - The narratives or tells that work for someone might raise a red flag to others. [43:25] - As a society, we've gotten to a point where we don't like to introspect. [45:59] - Perry discusses the content of his most recent book and how it is information without the “easy way out”. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions by Perry Carpenter Perry Carpenter on LinkedIn

This Cybersecurity Awareness Month, tune into The ERP Advisor podcast where James McQuiggan, Cybersecurity Expert from KnowBe4, joins us for the fifth year straight. This year, he will tackle AI's evolving impact on organizational cybersecurity strategies. In this special episode, we will explore the cybersecurity risks of AI while understanding the real benefits of implementing AI tools throughout your organization. Connect with us!https://www.erpadvisorsgroup.com866-499-8550LinkedIn:https://www.linkedin.com/company/erp-advisors-groupTwitter:https://twitter.com/erpadvisorsgrpFacebook:https://www.facebook.com/erpadvisorsInstagram:https://www.instagram.com/erpadvisorsgroupPinterest:https://www.pinterest.com/erpadvisorsgroupMedium:https://medium.com/@erpadvisorsgroup

Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, turns over hosting duties to William MacMillan, the Chief Product Officer at Andesite, to discuss the Cybersecurity First Principle of automation: current state and what happens now with AI as it applies to SOC Operations. For a complete reading list and even more information, check out Rick's more detailed essay on the topic. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Bob Violino, 2022. 7 top challenges of security tool integration [Analysis]. CSO Online. Bruce Japsen, 2024. UnitedHealth Group Cyberattack Costs To Hit $2.3 Billion This Year [News]. Forbes. Clay Chun, 2019. JOHN BOYD AND THE “OODA” LOOP (GREAT STRATEGISTS) [Explainer]. War Room - U.S. Army War College. Michael Cobb, 2023. The history, evolution and current state of SIEM [Explainer]. TechTarget. Rick Howard, 2022. History of Infosec: a primer. [Podcast and essay]. The CyberWire - CSO Perspectives. Rick Howard, 2020. Security operations centers: a first principle idea. [Podcast and Essay]. The CyberWire. Rick Howard, 2020. SOAR – a first principle idea. [Podcast and Essay]. The CyberWire - CSO Perspectives. Rick Howard, 2021. XDR: from the Rick the Toolman Series. [Podcast and Essay]. The CyberWire - CSO Perspectives. Robert Lemos, 2024. SOAR Is Dead, Long Live SOAR [Analysis]. Dark Reading. Timbuk 3, 1986. The Future's So Bright, I Gotta Wear Shades [Song]. Genius. Timbuk3VEVO, 2009. Timbuk 3 - The Future's So Bright [Music Video]. YouTube. Learn more about your ad choices. Visit megaphone.fm/adchoices

Students: this is a hybrid event. You are strongly encouraged to attend in-person. Location:  STEW G52 (Suite 050B) WL Campus.  Everyone knows that multi-factor authentication (MFA) is more secure than a simple login name and password, but too many people think that MFA is a perfect, unhackable solution. It isn't! I can send you a regular phishing email and completely take control of your account even if you use a super-duper MFA token or smartphone app. I can hack ANY MFA solution at least a handful of different ways, although some forms of MFA are more resilient than others. Attend this presentation and learn the 12+ ways hackers can and do get around your favorite MFA solution. The presentation will include a (pre-filmed) hacking demo and real-life successful examples of every attack type. It will end by telling you how to better defend your MFA solution so that you get maximum benefit and security. About the speaker: Roger A. Grimes, CPA, CISSP, CEH, MCSE, CISA, CISM, CNE, yada, yada, Data-Driven Defense Evangelist for KnowBe4, Inc., is the author of 14 books and over 1400 articles on computer security, specializing in host security and preventing hacker and malware attacks. Roger is a frequent speaker at national computer security conferences and was the weekly security columnist at InfoWorld and CSO magazines between 2005 - 2019. He has worked at some of the world's largest computer security companies, including, Foundstone, McAfee, and Microsoft. Roger is frequently interviewed and quoted in the media including Newsweek, CNN, NPR, and WSJ. His presentations are fast-paced and filled with useful facts and recommendations.

Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, turns over hosting duties to Dr. Rebecca Wynn, the Click Solutions Group Global Chief Security Strategist & CISO. She interviews Justin Daniels, a Baker Donelson lawyer and podcast host with expertise in cyber operations, M&A, and investment capital transactions, on the current state of cyber law and compliance. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Tatiana Rice, Keir Lamont, Jordan Francis, 2024. The Colorado Artificial Intelligence Act: An FPF U.S. Legislation Policy Brief [Explainer]. Colorado General Assembly. Dr Rebecca Wynn. Soulful CXO [Podcast]. Soulful CXO. Jodi Daniels, Justin Daniels. She Said Privacy/He Said Security [Podcast]. Apple Podcasts. Learn more about your ad choices. Visit megaphone.fm/adchoices

Perry Carpenter is chief human risk management strategist at KnowBe4, and author of "FAIK: A Practical Guide to Living in a World of Deefakes, Disinformation, and AI-Generated Deceptions." He speaks with Host Llewellyn King and Co-host Adam Clayton Powell III about the mechanics behind deepfakes, disinformation, and other cognitive security threats, and how to survive in the ever more tangled digital jungle.

Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, turns over hosting responsibilities to Kim Jones, the Managing Director at Ursus Security Consulting. He takes a first principles look at the idea of identity. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Olivia Gulin, Tomberry., Peter Steiner, Alan David Perkins, 2012. On the Internet, Nobody Knows You're a Dog [History]. Know Your Meme. Staff, 2019. US Patent for Mutual authentication of computer systems over an insecure network Patent Patent]. Justia Patents Search. Staff, 2023. Federal Bureau of Investigation: Internet Crime Report [Report]. Internet Crime Complaint Center (IC3). Staff, 2024. Data Breach Investigations Report [Report]. Verizon Business. Learn more about your ad choices. Visit megaphone.fm/adchoices

Season 23 of the Building Better Developers podcast kicks off with a focus on building better habits. The first episode covers a critical topic for developers and tech enthusiasts: security awareness. Hosted by Rob Broadhead and Michael Meloche, the episode stresses the need for vigilance. In today's rapidly evolving digital world, staying aware is more important than ever. A Shift Toward Actionable Advice The hosts emphasize that this season will be more actionable than ever. Unlike the last season that focused on the developer journey, Season 23 targets building better habits. These habits promote more effective and responsible development practices. Each episode will cover specific skills, tools, or behaviors. Developers will learn how to integrate these into their daily routines. Security awareness, the focus of this episode, is a vital habit. It directly impacts both personal and professional data security. Action Item: schedule at least 30 minutes to explore security awareness. Use a search engine to find security awareness tools or vendors, many of which offer free content or trial periods. This will help you stay updated on the latest scams and security threats. Why Security Awareness is Crucial Security threats are more common than ever. Phishing scams and social engineering are just a few hacker tactics. Hackers have many methods to exploit vulnerabilities. Rob explains that developers may feel confident spotting threats. However, even tech-savvy individuals can fall for well-executed scams. Security awareness isn't just for IT professionals; it's for everyone. Those in technical fields may assume they're immune, but they're not. Rob shares a story to illustrate the importance of security awareness. He received a suspicious email from what appeared to be a legitimate state tax office. At first, it seemed like a scam. After thorough research and contacting the organization, it turned out to be a valid notice. This example shows that, even when cautious, it's crucial to verify suspicious communications before taking action. Taking Security Awareness Seriously Instead of a daily habit challenge, Rob suggests scheduling regular security check-ins. He recommends doing this throughout the year. Set aside time every few months to review your security posture. This includes both personal and organizational security. These check-ins could involve: Updating passwords Reviewing email security alerts Exploring the latest security awareness tools or vendors Rob notes that many security awareness vendors offer free resources or trial periods. These vendors frequently update their content with the latest scam and threat information, making it easier to stay informed. He mentions well-known providers like KnowBe4, Mimecast, and INFOSEC. All of these offer accessible programs to help individuals and organizations stay current on emerging threats. Key Steps for Developers Michael offers valuable insights by suggesting developers use secure password managers like KeePass or LastPass. These tools help store credentials safely. He stresses the importance of regularly reviewing and updating passwords, especially for financial accounts. Michael warns against reusing passwords across different platforms. This common mistake can lead to widespread vulnerability if one account is compromised. Another key security tip is to use multi-factor authentication (MFA) whenever possible. Rob and Michael both agree that MFA provides an essential layer of protection. It helps prevent unauthorized access, even if login credentials are compromised. For businesses, Michael advises checking industry-specific security requirements to ensure compliance with regulations. This is especially important in sectors like healthcare and finance, where security breaches can have legal and financial consequences. The Role of Technology in Building Better Security Awareness Habits Developers are uniquely positioned to integrate security into their daily work. Whether implementing MFA in an app or securing dependencies with tools like OWASP, security should be a habit—not an afterthought. Rob emphasizes that even if security isn't your main focus, regular check-ins are essential. Ongoing education can help prevent security vulnerabilities from becoming serious issues. Rob shares additional resources for developers looking to improve their security practices. Tools like OWASP help developers identify and fix vulnerabilities in third-party dependencies, integrating security into the development process. For more structured programs, vendors like INFOSEC and NinjaO offer comprehensive security awareness training tailored for both businesses and developers. Final Thoughts The episode encourages developers to adopt security habits as part of their routine. Rob and Michael suggest starting with simple steps. Subscribe to security awareness vendors and set regular reminders for security reviews. Security awareness is an ongoing responsibility. Staying informed and vigilant protects both personal data and organizational systems. As Season 23 progresses, more practical advice will be shared. This guidance will help you build essential habits to enhance your career and safeguard your future. Stay Connected: Join the Developreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Contact us at info@develpreneur.com with your questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources Cybersecurity Best Practices Improve Security Awareness – Interview With Tyler Ward Organization Security Tips and Tricks Security Assessments – Find Your Vulnerabilities The Developer Journey Videos – With Bonus Content

Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1 & 2! Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Rick Howard, 2024. Election Propaganda Part 1: How does election propaganda work? [3 Part Podcast Series]. The CyberWire. Rick Howard, 2024. Election Propaganda: Part 2: Modern propaganda efforts. [3 Part Podcast Series]. The CyberWire. Christopher Chabris, Daniel Simons, 2010. The Invisible Gorilla: And Other Ways Our Intuitions Deceive Us [Book]. Goodreads. Chris Palmer, 2010. TFL Viral - Awareness Test (Moonwalking Bear) [Explainer]. YouTube. David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Eli Pariser, 2011. The Filter Bubble: What the Internet is Hiding From You [Book]. Goodreads. Kara Swisher, Julia Davis, Alex Stamos, Brandy Zadrozny, 2024. Useful Idiots? How Right-Wing Influencers Got $ to Spread Russian Propaganda [Podcast]. On with Kara Swisher. Nate Silver, 2024. What's behind Trump's surge in prediction markets? [Analysis]. Silver Bulletin. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference' [News]. The Washington Post. Nilay Patel, 2024. The AI election deepfakes have arrived [Podcast]. Decoder. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Perry Carpenter, 2024. FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions [Book]. Goodreads. Perry Carpenter, 2021. Meatloaf Recipes Cookbook: Easy Recipes For Preparing Tasty Meals For Weight Loss And Healthy Lifestyle All Year Round [Book]. Goodreads. Perry Carpenter, n.d. 8th Layer Insights [Podcast]. N2K CyberWire. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk's misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, n.d. Overview: Coalition for Content Provenance and Authenticity [Website]. C2PA. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, n.d. Project Origin [Website]. OriginProject. URL https://www.originproject.info/ Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis] The New York Times. Learn more about your ad choices. Visit megaphone.fm/adchoices

Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1 & 2! Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Rick Howard, 2024. Election Propaganda Part 1: How does election propaganda work? [3 Part Podcast Series]. The CyberWire. Rick Howard, 2024. Election Propaganda: Part 2: Modern propaganda efforts. [3 Part Podcast Series]. The CyberWire. Christopher Chabris, Daniel Simons, 2010. The Invisible Gorilla: And Other Ways Our Intuitions Deceive Us [Book]. Goodreads. Chris Palmer, 2010. TFL Viral - Awareness Test (Moonwalking Bear) [Explainer]. YouTube. David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Eli Pariser, 2011. The Filter Bubble: What the Internet is Hiding From You [Book]. Goodreads. Kara Swisher, Julia Davis, Alex Stamos, Brandy Zadrozny, 2024. Useful Idiots? How Right-Wing Influencers Got $ to Spread Russian Propaganda [Podcast]. On with Kara Swisher. Nate Silver, 2024. What's behind Trump's surge in prediction markets? [Analysis]. Silver Bulletin. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference' [News]. The Washington Post. Nilay Patel, 2024. The AI election deepfakes have arrived [Podcast]. Decoder. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Perry Carpenter, 2024. FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions [Book]. Goodreads. Perry Carpenter, 2021. Meatloaf Recipes Cookbook: Easy Recipes For Preparing Tasty Meals For Weight Loss And Healthy Lifestyle All Year Round [Book]. Goodreads. Perry Carpenter, n.d. 8th Layer Insights [Podcast]. N2K CyberWire. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk's misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, n.d. Overview: Coalition for Content Provenance and Authenticity [Website]. C2PA. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, n.d. Project Origin [Website]. OriginProject. URL https://www.originproject.info/ Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis] The New York Times.

Perry Carpenter is the chief human risk management strategist at KnowBe4, one of the world's leading cybersecurity experts, an author, and content creator specializing in awareness, behavior, culture, and human risk management. He is also featured on our list of cybersecurity pundits. In this episode, Carpenter joins host Heather Engel to discuss AI vishing attacks, how to protect unsuspecting call recipients, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

All links and images for this episode can be found on CISO Series. This week's episode was recorded in front of a live audience in Seattle as part of the National Cybersecurity Alliance's event Convene. Recording is hosted by me, David Spark (@dspark), producer of CISO Series and Nicole Ford, SVP and CISO, Nordstrom. Joining us is guest, Varsha Agrawal, head of information security, Prosper Marketplace. In this episode: Who guards the AI guardrails? What should security awareness training look like? The authentication point of failure Uncommon sense Thanks to our podcast sponsors, KnowBe4, Proofpoint, and Vanta! KnowBe4's PhishER Plus is a lightweight SOAR platform that streamlines threat response for high-volume, potentially malicious emails reported by users. It automatically prioritizes messages, helping InfoSec and Security Operations teams quickly address the most critical threats, reducing inbox clutter and enhancing overall security efficiency. Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations' greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber-attacks. Whether you're starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.

Cybersecurity teams face a constant battle of ensuring their company is shored up in the right places. Facing down increasingly sophisticated and persistent threat actors, there's every reason to focus on one's perimeter to shield oneself against external threats.But insider threats – attacks carried out from within an organization's environment – must also be part of any business's security strategy. When the call is coming from inside the house, either via a hacker who's secretly gained access or in the form of a disgruntled employee, security teams need to be ready to clamp down hard.In this episode, Jane and Rory welcome back Ross Kelly, ITPro's news and analysis editor, to discuss the scale of these insider threats.Read more:Why you should always be wary of insider threatsNorth Korean insider attacks are skyrocketing – dozens of US firms didn't spot the hacker in their midstCyber firm KnowBe4 unknowingly hired a North Korean hacker – and it went exactly as you might thinkShould your business worry about North Korean cyber attacks?State-sponsored cyber attacks: The new frontierThe Verizon data breach that exposed 63,000 employees is a reminder of how a simple mistake can have costly implicationsPreventing deepfake attacks: How businesses can stay protectedHow Intel's FakeCatcher hopes to eradicate real-time deepfakesAI threats: The importance of a concrete strategy in fighting novel attacksWhy I think the Scarlett Johansson OpenAI scandal shows the danger of AI-generated voice content

KnowBe4 accidentally hired a North Korean state actor who tried to install info-stealing malware on their devices. They caught it in time, but it shows how good North Korean hackers are at pretending to be IT staff. | Bill Toulas | MORE Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

In episode 98 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4.Together, they embrace transparency as a vehicle for the cybersecurity industry to better defend against insider threats.Here are some highlights from our episode:01:28. How KnowBe4 detected an insider threat from North Korea09:09. How the Center for Internet Security® (CIS®) responded to news of this incident21:02. The role of technical controls in detecting these types of threats23:56. Common signs you can use to detect fake employees in your hiring process29:22. How cybersecurity companies can use this incident to improve their defensesResourcesHow a North Korean Fake IT Worker Tried to Infiltrate UsNorth Korean Fake IT Worker FAQEpisode 77: Data's Value to Decision-Making in CybersecurityDefense-in-Depth: A Necessary Approach to Cloud SecurityeBook: A CISO's Guide to Bolstering Cybersecurity PostureIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Zehnte Folge, das ging schnell! Aber statt die Korken zum Mini-Jubiläum knallen zu lassen, machen Christopher und Sylvester mit ihren Hörern einen Ausflug nach Asien, genauer gesagt nach Nordkorea. Dort arbeiten unter der Führung des Militärgeheimdiensts tausende Cybersoldaten für das Kim-Regime. Sie spionieren, infiltrieren, sabotieren - und erbeuten hunderte Millionen Dollar fürs nordkoreanische Rüstungsprogramm. Wer die Gruppen mit Namen wie Andariel, Lazarus oder BlueNorOff sind und was sie mit einer mittelmäßigen Filmsatire zu tun haben, erfahrt Ihr im Podcast. * Die Killswitch-Domain von WannaCry sieht aus wie auf dem Keyboard ausgerutscht: iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com * Knowbe4 von nordkoreanischem Fake-Mitarbeiter infiltriert: https://www.heise.de/news/l-f-IT-Sicherheitsunternehmen-stellt-unbeabsichtigt-Cyberkriminellen-ein-9814563.html * Advisory internationaler Sicherheitsbehörden zu gefährdeten Branchen: https://www.ic3.gov/Media/News/2024/240725.pdf

How well do you really know your remote workers? With remote work increasingly becoming the norm, the complexities of securing devices and monitoring access have skyrocketed. The challenges of providing robust security measures for an increasingly dispersed workforce are immense. Real-world examples like the KnowBe4 incident, where a remote worker used a stolen identity to infiltrate company systems, highlight the necessity of layered security and proactive monitoring. Our discussion today, highlights the crucial need to grasp the subtle threats from cyber attackers, especially when dealing with sensitive patient data and HIPAA compliance. More info at HelpMeWithHIPAA.com/470

Get ready for another episode of some jaw-dropping cybersecurity stories that you won't believe! We'll chat about how attackers found a way to trick Windows Hello, Microsoft's facial recognition system, and what that means for all of us. A North Korean agent pretended to be a U.S. citizen and got a job at KnowBe4, a top cybersecurity training company. We'll tell you how they pulled it off and what happened next. And of course, we'll talk about when CrowdStrike, a big name in cybersecurity, had a bit of a "hiccup." We'll break down what went wrong, how they handled it, and what it means for the future of keeping our data safe. Tune in as we uncover these crazy stories and shed some light on the darker side of the digital world. Whether you're a security professional or just curious, this episode is packed with cool insights and stories you won't want to miss. Hosts: Ryan Hamrick & Chris DeBrunner Editor & Producer: Lance Hart Executive Producers: Gabby Scott & Jana Korfhagen Contact email: nmspod@protonmail.com

Let's talk about two stories this week. First we'll dive into the CrowdStrike fiasco from a few weeks ago and then we'll see what happens when a company accidentally hires a North Korean spy.  Discord: https://discord.gg/bJauPBBhHn  Website: https://whattheshellpod.com  Instagram: https://instagram.com/shell_pod 

Cybersecurity expert Roger Grimes demystifies the changing ransomware landscape- how much money do criminals usually demand? How often are they paid, and how much? What is “dwell time,” how do ransomware and wiperware differ, and what constitutes offline backup? Also- the first HODL President?   Links related to this episode:   Our full CU Town Hall session with Roger Grimes: https://www.big-fintech.com/Media?p=cu-town-hall-episode-120 Roger's Ransomware Protection Playbook: https://www.amazon.com/Ransomware-Protection-Playbook-Roger-Grimes/dp/1119849128 KnowBe4: https://www.knowbe4.com/ CU Today's continuing coverage of the Patelco ransomware incident: https://www.cutoday.info/Fresh-Today/Following-Ransomware-Attack-Patelco-Has-Restored-Many-Services-But-Others-Remain-Unavailable Forbes' onsite coverage of Bitcoin 2024: https://www.forbes.com/sites/digital-assets/2024/07/31/bitcoin-2024-when-rage-became-the-machine/  Reuters' comments on Trump's crypto conversion: https://www.reuters.com/business/finance/trump-cites-china-competition-vowing-create-bitcoin-stockpile-2024-07-27/  Our October interview with Doug Brown, President of Digital Banking for NCR Voyix: https://www.big-fintech.com/Media?p=a-digital-first-twin-takes-flight Join us for the next CU Town Hall on Wednesday August 7 at 3pm ET/Noon PT for a live and lively interactive conversation tackling the major issues facing CUs today. This session will focus on whether the notion of a Primary Financial Institution is myth or reality. It's free to attend (you might even win a door prize!), but advance registration is required:  https://www.cutownhall.com/  Find us on X and BlueSky at @bigfintech, @jbfintech and @154Advisors You can also follow us on LinkedIn: https://www.linkedin.com/company/best-innovation-group/   https://www.linkedin.com/in/jbfintech/ https://www.linkedin.com/in/glensarvady/  

    Episode 358 of the Transatlantic Cable Podcast kicks off with news of American Cybersecurity firm KnowBe4 getting duped by a North Korean hacker who successfully when through their HR checks and secured employment!  Deepfake bullying being used by children on Snapchat.  X/Twitter's AI bot Grok is now reading your tweets, however there is a fix and we show you how to protect yourself.  We close out the episode with news of a data breach at HealthEquity affecting 4.3 million people.   If you liked what you heard, please consider subscribing.     ·      North Korean hacker gets employed at US Cybersecurity firm ·      Deepfake bullying ·      Grok AI reading public tweets ·      HealthEquity data breach

On this week's show, Patrick Gray and Adam Boileau discuss the week's security news, including: The insurance industry's reaction to CrowdStrike's mess Google's Workspace email validation flaw and its consequences for OAuth'd applications Is the VMWare ESX group membership feature a CVE or an FYI? Secureboot continues to under-deliver North Korea's revenue neutral intelligence services And much, much more This episode is sponsored by allowlisting software vendor Airlock Digital. Airlock uses a kernel driver on Windows, so Chief Executive David Cottingham joined to discuss what the CrowdStrike kernel driver bug drama means for security vendors. This episode is also available on Youtube. If you want to ruin the magic of radio and see the faces behind the show, well, now you can! Show notes Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption | Cybersecurity Dive Delta hires David Boies to seek damages from CrowdStrike, Microsoft CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds | Cybersecurity Dive (1145) Why CrowdStrike's Baffling BSOD Disaster Was Avoidable - YouTube CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch Crooks Bypassed Google's Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security Hackers exploit VMware vulnerability that gives them hypervisor admin | Ars Technica Microsoft calls out apparent ESXi vulnerability that some researchers say is a ‘nothing burger' | CyberScoop AMI Platform Key leak undermines Secure Boot on 800+ PC models Chrome will now prompt some users to send passwords for suspicious files | Ars Technica Google Online Security Blog: Improving the security of Chrome cookies on Windows A Senate Bill Would Radically Improve Voting Machine Security | WIRED U.S. told Philippines it made ‘missteps' in secret anti-vax propaganda effort | Reuters Cyber firm KnowBe4 hired a fake IT worker from North Korea | CyberScoop North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime's Military and Nuclear Programs North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop ServiceNow spots sales opportunities post-CrowdStrike outage | Cybersecurity Dive Chaining Three Bugs to Access All Your ServiceNow Data Cyber Supply Chain Risk Management Conference (CySCRM) 2024 | Conference | PNNL

https://youtu.be/AMwgW11DT1c This week on the episode, we walk through CrowdStrike's preliminary post incident report to understand exactly what happened during the July 19th outage and what all software vendors can learn from the event. After that, we cover a clever plot that lead to KnowBe4 hiring a North Korean threat actor. We end with some research from Wiz on Artificial Intelligence tenant isolation.

This week on Cyber Matters, Tanner Wilburn, Katherine Kennelly, and Zach Smith begin with Google's decision to end its plans to ban third-party cookies, discussing the implications for user privacy and online advertising. They then explore recent developments in the cybersecurity industry, including Google's failed acquisition of Israeli cybersecurity company Wiz and Mimecast's successful acquisition of Code 42. They also discuss Apple's warnings to Indian iPhone users about potential "mercenary spyware" attacks and the legal brief filed by major tech firms supporting a journalist targeted by NSO Group's spyware. They cover KnowBe4's inadvertent hiring of a North Korean hacker and the potential reporting obligations for companies following the recent Crowdstrike outages. The podcast also touches on the FTC's  not-so-new guidance on hashing and anonymization, as well as their investigation into "surveillance pricing" practices. State privacy laws are discussed, with a focus on Colorado's universal opt-out shortlist and a recent BIPA decision regarding Samsung's face-scanning feature. The hosts also cover recent fines and settlements involving Meta, Oracle, and TracFone related to various privacy and data protection violations. If you enjoy the show, share and leave us 5 stars! Links from the show: https://www.linkedin.com/company/cyber-matters-podcast/ https://www.cooley.com/news/insight/2024/2024-07-22-sec-reporting-implications-for-publicly-traded-companies-impacted-by-crowdstrike-defective-software-update https://www.techtarget.com/whatis/feature/AI-lawsuits-explained-Whos-getting-sued https://www.lawfaremedia.org/article/lawfare-podcast-orin-kerr-and-asaf-lubin-apple-v-nso-group

In this episode, Shannon, Chris, and Daniel discuss an article about a North Korean fake IT worker who duped, KnowBe4, a security firm. The person used AI and facial recognition to pretend to be someone else and successfully got hired as a software engineer. The hosts discuss the sophistication of the attack and the importance of verification measures in the hiring process. They also speculate on the motives behind the attack and the potential implications for cybersecurity. Article: North Korean Fake IT Worker Dupes Security Firm: A Wake-Up Call For Employers https://www.forbes.com/sites/alonzomartinez/2024/07/25/north-korean-fake-it-worker-dupes-security-firm-a-wake-up-call-for-employers/?fbclid=IwZXh0bgNhZW0CMTAAAR2f0LSX0stfWQpJ5FAmW5co8e4zaeKqAEMA9ZO0PCs-17J9B9TRfv_O_Bc_aem_3MuheIO-NDbRqvupTRk8cQ Please LISTEN

KnowBe4 di not know before they hired a North Korean Hacker!, AL Models are collapsing because they are using their own output, Crowdstrike mess with Delta, Secure Boot broken, My new Mac PC missing my music, Crowdstrike mess we need to improve, Norton 360 and Malwarebytes at the same time, What is the best internet for me?  

Three Buddy Problem - Episode 6: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike's preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid infinite BSOD loops, risks of deploying EDR agents on critical systems, and how an EU settlement is being blamed for EDR vendors having access to the Windows kernel. Other topics on the show include Mandiant's attribution capabilities, North Korea's gov-backed hacking teams launching ransomware on hospitals, KnowBe4 hiring a fake North Korean IT worker, and new developments in the NSO Group surveillance-ware lawsuit. Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)

North Korean State Actor Infiltrates US Security Firm | Cybersecurity Today In this episode of Cybersecurity Today, host Jim Love covers two major incidents. The first is an American firm, KnowBe4, inadvertently hiring a North Korean state actor posing as a software engineer, leading to an attempted malware installation. He discusses the techniques used by the threat actor and the broader implications for cybersecurity. The second story involves CrowdStrike's post-incident review of a system crash, detailing the causes, the company's response, and criticisms of their crisis communication strategy. Tune in to learn about these pressing cybersecurity challenges and how companies are handling them. 00:00 A Shocking Cybersecurity Incident 00:20 North Korean State Actor Infiltration 01:59 CrowdStrike's Post Incident Review 05:07 CrowdStrike's Crisis Communication Failure 06:31 Conclusion and Upcoming Shows

OpenAI heeft een zoekmachine-functie voor ChatGPT aangekonidgd, SearchGPT. De functie is nog in prototype en wordt in kleine kring getest. Het doel is dat de functie uiteindelijk geintegreerd wordt in de AI-chatbot van OpenAI. Google-beleggers vrezen al jaren voor de komst van deze functie.  SearchGPT geeft gebruikers een AI-overzicht van de resultaten bij een zoekopdracht. De functie kan bijvoorbeeld weergrafieken of afbeeldingen tonen, maar biedt ook zoals Google linkjes naar originele websites. Wanneer SearchGPT in ChatGPT verschijnt is nog niet bekend. Andere concurrent Perplexity AI biedt een vergelijkbare functie, maar is nog niet zo populair. Ook Google zelf zet AI in met AI-overview in Amerika. Die AI-functie wordt nog niet warm onthaald, mede doordat er foutieve antwoorden gegeven worden door de AI van Google.  Verder in deze Tech Update: Runaway AI traint AI-videogenerator of duizenden YouTube-video's Epic Game gaat Fortnite aanbieden in alternatieve App Stores op iOS in de EU Cybersecurity-awareness bedrijf KnowBe4 zelf gehacked door geinfiltreerde Noord-Koreaanse hacker Zometeen in de Schaal van Hebben de FORM Goggles 2, slimme zwembril.See omnystudio.com/listener for privacy information.

In today's episode, we discuss Google Chrome's new download warnings for risky password-protected archives, the incident involving KnowBe4 mistakenly hiring a North Korean hacker leading to an infostealer attack, and CrowdStrike's software crash attributed to an undetected error in their testing infrastructure. Video Episode: https://youtu.be/G5tlyuMPFVw 00:00 - Intro 01:28 - CrowdStrike Testing Errors 04:17 - KnowBe4 Hires North Korean Spy 06:19 - Chrome's New AI-Powered Download Warnings Original URLs: https://www.bleepingcomputer.com/news/google/google-chrome-now-warns-about-risky-password-protected-archives/ https://www.bleepingcomputer.com/news/security/knowbe4-mistakenly-hires-north-korean-hacker-faces-infostealer-attack/ https://www.cybersecuritydive.com/news/crowdstrike-software-crash-undetected-error/722258/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Google Chrome, AI-powered, warning system, online security, KnowBe4, North Korean hacker, Infostealer, AI, CrowdStrike, software crash, bugs, testing infrastructure Search Phrases: What are today's top cybersecurity news stories? How is Google Chrome's new AI-powered warning system enhancing online security? Ways to protect against malicious password-protected downloads Latest updates in cybersecurity technology Techniques North Korean hackers use to infiltrate companies Real-life examples of cyber attacks using stolen identities Impact of CrowdStrike software crash on global systems Best practices for testing infrastructure in software development Case study on KnowBe4's encounter with North Korean hackers How AI is being used in cyberattacks and security measures

Senior VP of Cyber Operations at KnowBe4, Rosa Smothers, talks about her career as an early cybersecurity professional in what she describes as the Wild, Wild West to her path through government intelligence work. Rosa shares how she always knew she wanted to be involved with computers and how being a big Star Trek nerd and fan particularly of Spock and Uhura helped shape her direction. Following 9/11, Rosa wanted to work for the government and pursue the bad guys and she did just that completing her bachelor's degree and starting in the Defense Intelligence Agency as a cyber threat analyst focusing on extremist groups. She joined the CIA and worked on things you see in the movies, things that are science fictionesque. Rosa recommends talking with people to get your feet wet to find your passion. We thank Rosa for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Senior VP of Cyber Operations at KnowBe4, Rosa Smothers, talks about her career as an early cybersecurity professional in what she describes as the Wild, Wild West to her path through government intelligence work. Rosa shares how she always knew she wanted to be involved with computers and how being a big Star Trek nerd and fan particularly of Spock and Uhura helped shape her direction. Following 9/11, Rosa wanted to work for the government and pursue the bad guys and she did just that completing her bachelor's degree and starting in the Defense Intelligence Agency as a cyber threat analyst focusing on extremist groups. She joined the CIA and worked on things you see in the movies, things that are science fictionesque. Rosa recommends talking with people to get your feet wet to find your passion. We thank Rosa for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by host of 8th Layer Insights, Perry Carpenter from KnowBe4 and Dr. Jessica Barker from Cygenta to discuss human risk: awareness, behavior and beyond. Joe and Dave share some listener follow up, the first being from Richard, who writes in to share some tips and tricks regarding relationship scams mentioned in a previous show. The second is from Michael, who writes in with some thoughts on social engineering to compromise open source projects from episode 288. Dave shares a story on researchers observing millions of daily emails from "Jenny Green," facilitated by the Phorpiex botnet, distributing LockBit 3.0 ransomware that has affected millions of people. Joe share's Paul Raffile's story, a gentleman who got fired from Facebook before he even started. Our catch of the day comes from listener Gordy who shared an email with us regarding his "McAfee security." Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Security Experts Issue Jenny Green Email Warning For Millions LinkedIn Paul Raffile (Part 1) LinkedIn Paul Raffile (Part 2) Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Cybercrime Magazine attended the 2024 RSA Conference in San Francisco, California, where we spoke with top executives from some of the hottest companies in cybersecurity. During these discussions, one topic consistently rose to the forefront: artificial intelligence. Featured speakers include Ryan Munsch, Principal Program Manager at Microsoft; Tim Gallo, Head of Global Solutions Architects at Google; Yotam Segev, Co-Founder and CEO at Cyera; Stacy Leidwinger, VP of Marketing at Secureworks; Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4; Debbie Gordon, Founder and CEO at Cloud Range; and Seemant Sehgal, Founder and CEO at Breachlock. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Roger Grimes, a Data Driven Defense Evangelist from KnowBe4 and author is discussing his new book, "Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing." Dave and Joe share some listener follow up, the first being from listener Tim, who shares a story of him almost falling for a scam involving some of his investment assets. Lastly, Dave and Joe share a story from an anonymous listener who wrote in to share about a LinkedIn imposter nightmare. Dave's story focuses on a how the LabHost PhaaS platform was disrupted by a year-long global law enforcement operation, resulting in the arrest of 37 suspects, including the original developer. Joe shares the story of an 81 year old Ohio man, who was arrested after shooting a woman after both of them got wrapped up in a phone call scam. Our catch of the day comes from Robert, who writes in with what he believes is a email scam from a Chinese company called "Infoonity." Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: LabHost phishing service with 40,000 domains disrupted, 37 arrested Ohio Man - Daily Mail Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

On today's episode of The Business of Tech, we delve into Intel's vision of the AI PC as the future of computing, exploring the components that define it and how it will shape PCs moving forward. Additionally, we discuss key moves by tech giants like Solix, Raga AI, Salesforce, and Microsoft, as well as the PAX 8 event in New Zealand focusing on professional services post-divestiture. The episode also highlights technological advancements in accessibility, from speech assistance to hearing support, showcasing how tech is making strides in this area. Four things to know today 00:00 Intel's Strategy: 'AI PC' Not a Spec, But a Forecast of Computing's AI-Driven Future02:42 KnowBe4, Solix, RagaAI, Salesforce and Microsoft moves05:38 Pax8 in New Zealand: Focuses on Professional Services and Channel Purity Post-Divestiture07:35 From Speech Assistance to Hearing Support: How Tech is Making Strides in Accessibility Supported by:  https://huntress.com/mspradio/    Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftech

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Brett Conlon, CISO, American Century Investments. Joining me is our guest, Mical Solomon, CISO, Port Authority of NY and NJ. In this episode: Does the hype around generative AI tools make it seem like these are a totally new technological challenge for cybersecurity? Are many of the challenges with securing them the same that we've seen from the rise of SaaS and proliferation of shadow IT? What lessons from that transition can we apply to AI? Thanks to our podcast sponsors, Living Security & KnowBe4 Living Security is the global leader in human risk management. Our HRM platform Unify transforms human risk into proactive defense by quantifying human risk and engaging the workforce with relevant training and communications proven to change human behavior. Living Security is trusted by security-minded organizations, including Mastercard, Verizon, Biogen, AmerisourceBergen, and Hewlett-Packard. Learn more at www.livingsecurity.com. KnowBe4's SecurityCoach enables real-time security coaching of your users in response to risky behavior. Based on the rules in your existing security software stack, you can configure your real-time coaching campaign to determine the frequency and type of SecurityTip that is sent to users at the moment risky behavior is detected.