Podcasts about LastPass

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

Fraudsters are increasingly using deepfake videos of CEOs and other company executives to trick firms out of millions of dollars. And with the evolution of AI, these videos are becoming ever-more sophisticated and convincing. We speak to two CEOs who have been deepfaked: the head of the Bombay stock exchange and the boss of password security company LastPass. And we hear how criminals used deepfake videos to trick British engineering firm Arup into handing over $25 million. How easy is it to make these videos? Ed Butler visits a cybersecurity company which shows him how it can be done, using readily available software. Ed's hosts make a deepfake of him and we compare the real Ed to the fake Ed. We also put figures on the size of this problem and explain how much it's costing businesses.If you'd like to get in touch with the team, our email address is businessdaily@bbc.co.ukPresenter: Ed Butler Producer: Gideon Long Sound Mix: Toby JamesBusiness Daily is the home of in-depth audio journalism devoted to the world of money and work. From small startup stories to big corporate takeovers, global economic shifts to trends in technology, we look at the key figures, ideas and events shaping business.Each episode is a 17-minute deep dive into a single topic, featuring expert analysis and the people at the heart of the story.Recent episodes explore the weight-loss drug revolution, the growth in AI, the cost of living, why bond markets are so powerful, China's property bubble, and Gen Z's experience of the current job market.We also feature in-depth interviews with company founders and some of the world's most prominent CEOs. These include Google's Sundar Pichai, Wikipedia founder Jimmy Wales, and the CEO of Starbucks, Brian Niccol.(Picture: An image of a man in a cap being deepfaked. Credit: Getty Images)

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

Meatbags, AI Soul Harvest, DNS, LastPass, GS7, OpenClaw, MYSQL, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-556

Meatbags, AI Soul Harvest, DNS, LastPass, GS7, OpenClaw, MYSQL, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-556

Meatbags, AI Soul Harvest, DNS, LastPass, GS7, OpenClaw, MYSQL, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-556

Meatbags, AI Soul Harvest, DNS, LastPass, GS7, OpenClaw, MYSQL, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-556

The cryptolocker virus was the attack that turned ransomware from a nuisance into a full-blown criminal industry — and in this episode of The Backup Wrap-up, we break down exactly how that happened. W. Curtis Preston (Mr. Backup) sits down with co-host Prasanna Malaiyandi and cybersecurity expert Dr. Mike Saylor to trace the full evolution of ransomware and explain why CryptoLocker was the turning point.If you've ever wondered how ransomware went from fake pop-up messages to billion-dollar criminal enterprises, this is the episode for you. We start with the earliest days — scareware attacks that did nothing more than frighten you into paying — and walk through the progression of encryption methods that made ransomware increasingly dangerous. Dr. Mike Saylor breaks down the difference between symmetric and asymmetric encryption in plain language, and explains why the move to public-private key pairs made it so much harder for victims to recover without paying up.Then we get into the cryptolocker virus itself: how it spread through fake FedEx emails, why it kick-started phishing awareness training, what Operation Tovar did to shut it down, and — just as interesting — what the bad guys learned from its failures. We cover the role of the Zeus botnet, how Bitcoin became the payment method of choice, and why ransoms started out at just a few hundred bucks. We also talk about what happened next: the rise of data exfiltration, double extortion, and even triple extortion where attackers go after the victims of the victims.Plus, we take a side trip into the LastPass breach and pour one out for the guy who lost his crypto fortune in a landfill.Whether you're in IT, security, or just want to understand how ransomware works, this episode gives you the full picture.Chapters:00:00:00 — Intro00:01:22 — Welcome and Introductions00:04:11 — The Three Generations of Ransomware00:05:01 — Scareware: Fake Attacks That Did Nothing00:05:42 — Ciphers and Decoder Ring Encryption00:06:38 — Symmetric Encryption Explained00:09:25 — Asymmetric (Public-Private Key) Encryption00:12:46 — Why Asymmetric Encryption Made Ransomware Stronger00:15:44 — What Was the CryptoLocker Virus?00:16:25 — Lessons CryptoLocker Taught Victims and Criminals00:18:03 — Operation Tovar Takes Down CryptoLocker00:19:54 — Bitcoin, Ransom Amounts, and Getting Paid00:23:20 — Botnets Explained: Networks of Zombie Computers00:26:22 — Recap: Three Phases of Ransomware00:27:09 — Double Extortion and Data Exfiltration00:28:01 — The LastPass Connection00:28:47 — The Lost Crypto Hard Drive

Is the browser quietly becoming the most powerful and dangerous interface in modern work? In this episode of Tech Talks Daily, I sat down with Karim Toubba, CEO of LastPass, to unpack a shift that many people feel every day but rarely stop to question. The browser is no longer just a window to the internet. It has become the place where work happens, where SaaS lives, and increasingly, where humans and AI agents meet data, credentials, and decisions. From AI-native browsers to prompt-based navigation and headless agents acting on our behalf, the way we access information is changing fast, and so are the risks. Karim shares why this moment feels different from earlier waves like SaaS adoption or remote work. Today, more than ever, productivity, identity, and security collide inside the browser.  Shadow AI is spreading faster than most organizations can track, personal accounts are being used to access powerful AI tools, and sensitive data is being uploaded with little visibility or control. At the same time, attackers have noticed that the browser has become the soft underbelly of the enterprise, with a growing share of malware and breaches originating there. We also explore the rise of agentic AI and what happens when software, not people, starts logging into systems. When an agent books travel, pulls data, or completes workflows on a user's behalf, traditional authentication and access models start to break down. Karim explains why identity, visibility, and control must evolve together, and why secure browser extensions are emerging as a practical foundation for this next phase of computing. The conversation goes deep into what users do not see when AI browsers ask for access to email, calendars, and internal apps, and why convenience often masks long-term exposure. Throughout the discussion, Karim brings a grounded perspective shaped by decades in cybersecurity, from risk-based vulnerability management to enterprise threat intelligence. Rather than pushing fear, he focuses on realistic steps organizations and individuals can take, from understanding what data is being shared, to treating security teams as partners, to using tools that bring passwords, passkeys, and authentication into one trusted place as browsing evolves. As AI reshapes how we search, work, and make decisions, the question is no longer whether the browser matters. It is whether we are ready for it to act as the front door to both our productivity and our risk, so are you securing your browser for the future you are already using today? Connect with Karim Toubba LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team page Phish Bowl Podcast    

This week, while ⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) is out at a conference, hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ are joined by friend of the show Michele Kellerman, as they are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Our hosts start with some follow-up on Joe's egg story, including his latest update and a brief detour into unexpected “big chicken news.” Joe's story is on a massive USDA loan fraud scheme where Nikesh Patel fabricated fake government-backed farm loans, duped investment firms out of hundreds of millions of dollars, and continued running similar scams under aliases and even from prison, ultimately earning decades more in sentencing. Michele's story is on a breaking report about the ShinyHunters group using targeted voice phishing and custom phishing kits to abuse Okta SSO, steal MFA credentials, and gain privileged access for data theft and extortion. Dave's story is on LastPass warning users about an active phishing campaign impersonating the company, designed to steal master passwords and potentially expose all credentials stored in affected vaults. Our catch of the day comes from the Reddit, where two people we're approached by scammers through text messaging and both dealt with their scammers in different ways. Resources and links to stories: Sticky Fingers: USDA Fraudster Steals $200M in Stunning Scam Formerly Married Couple Sentenced For Multi-Million Dollar Fraud Schemes A new wave of ‘vishing' attacks is breaking into SSO accounts in real time LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Alan Perry is joined by Ron Fraser, retired Sidney tech enthusiast, for a wide-ranging look at security and privacy news. This week's show covers urgent Apple and Microsoft updates, new online scams targeting Booking.com, LastPass, Under Armour, and Canada Computers customers, and what to do if your data may be compromised. They also break down major tech stories, including Apple's new AirTags, Sony's surprise TV deal with TCL, social media lawsuits and bans, Meta's upcoming paid features, and big changes to Air Miles. Plus, the best tech deals of the weekend and a new dinosaur discovery from Patagonia. 

AI Cage Match, Fortinet, Cisco, DVWA, Polonium, Small Town AIs, LastPass, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-549

AI Cage Match, Fortinet, Cisco, DVWA, Polonium, Small Town AIs, LastPass, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-549

AI Cage Match, Fortinet, Cisco, DVWA, Polonium, Small Town AIs, LastPass, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-549

AI Cage Match, Fortinet, Cisco, DVWA, Polonium, Small Town AIs, LastPass, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-549

CISA's acting director assures Congress the agency has “stabilized”. Google and Cisco patch critical vulnerabilities. Fortinet firewalls are being hit by automated attacks that create rogue accounts. A global spam campaign leverages unsecured Zendesk support systems. LastPass warns of attempted account takeovers. Greek authorities make arrests in a sophisticated fake cell tower scam. Executives at Davos express concerns over AI. Pwn2Own Automotive proves profitable. Our guest is Kaushik Devireddy, AI data scientist at Fable Security, with insights on a fake ChatGPT installer. New password, same as the old password.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kaushik Devireddy, AI data scientist at Fable Security, discussing their work on "How a fake ChatGPT installer tried to steal my password". Selected Reading CISA Is 'Trying to Get Back on Its Mission' After Trump Cuts (CISA) Google Patches High-Severity V8 Race Condition in Chrome 144 published: today (Beyond Machines) Cisco Patches Actively Exploited Flaw in Unified Communications Products (Beyond Machines) Hackers breach Fortinet FortiGate devices, steal firewall configs (Bleeping Computer) Zendesk ticket systems hijacked in massive global spam wave (Bleeping Computer) LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords (Infosecurity Magazine) Greek Police Arrest Scammers in Athens Using Fake Cell Tower for SMS Phishing Operation (TechNadu) Execs at Davos say AI's biggest problem isn't hype — it's security (Business Insider) Hackers exploit 29 zero-days on second day of Pwn2Own Automotive (Bleeping Computer) Analysis of 6 Billion Passwords Shows Stagnant User Behavior (SecurityWeek) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ever wonder which third-party tools you actually need—and which ones you can skip? This week, I'm breaking down my recommended Etsy seller tools, from free options to need-to-haves, best-to-haves, and nice-to-haves, so you can choose what makes sense for your stage of selling. If you love efficiency and smart systems, you're going to love this tool list. **"How to Sell Your Stuff on Etsy" is not affiliated with or endorsed by Etsy.com   STUFF I MENTIONED:  ⭐"How to Blow Up Your Etsy Shop" free training: https://www.howtosellyourstuff.com/interested-in-blow-up-shop  ⭐" How to Earn your first $10k on Etsy" Ebook Waitlist: https://www.howtosellyourstuff.com/interested-in-ebook ⭐Scaling Society: https://www.howtosellyourstuff.com/scaling-society   ➡️ 40 listings free with my link (save $8): https://etsy.me/4jy41Js     ➡️ Canva (free) does not allow you to export with transparent background or remove background, no magic studio (erase pixels, grab text, remove elements) https://www.canva.com/   ➡️ Profittree (data, calculator, research, keywords)--- one time fee for lifetime access $67  https://lifetime.profittree.io/?via=lizzie87 Tutorial: https://www.youtube.com/watch?v=VO7Ra18ZPTw&t=1s   ➡️ Free Chatgpt account (listing descriptions, ideas – product picker, customer responses, etc) ➡️ Try my free product picker tool: https://www.howtosellyourstuff.com/what-to-sell-on-etsy   ➡️ AI image generator tool: Ideogram is best for beginners:  https://ideogram.cello.so/9T2aVq0TKWv   BEST TO HAVE: ➡️Trendspotting $37 per month (KEEP20 for month 1 at $17) https://www.howtosellyourstuff.com/offers/JxNYgLnw   ➡️ Canva pro (paid) $15/month https://www.canva.com/   ➡️ Everbee: https://www.everbee.io/?via=lizzie (free version, $29, $99) Tutorial: https://youtu.be/MucPFkvC8sk?si=iyaD0RbMbIp3echw   ➡️ Chatgpt (or other LLM like Grok/Gemini) free to $20/month https://chatgpt.com/   ➡️ Professional mockups: $3-7 each—get started for $20-$50 Request my free resource of high converting mockups: https://www.howtosellyourstuff.com/request-mockups-resource   ➡️ Legal Topics: https://www.howtosellyourstuff.com/legal-topics   ➡️ LLC Setup depends on state and varies widely.   Operating agreement template (Paige Hulse $475) Use code SMILEY10 for 10% off: ➡️ Single Person LLC Agreement: https://www.shopcreativelaw.com/shop/the-single-person-llc-operating-agreement   ➡️ Multi-Member LLC Agreement: https://www.shopcreativelaw.com/shop/multi-member-llc-operating-agreement   ➡️ Quickbooks: go through your Etsy shop Finances tab $10-57/month   ➡️  Chase Credit Card I use and recommend for Print on Demand (we both get bonus points with this link): https://www.referyourchasecard.com/19u/I9FKMHYBEE   ➡️ Printify (print on demand supplier): https://printify.com/   ➡️  My Favorite Cost Effective Shipping Tools from Amazon: —Boxes—search by the size you need: https://amzn.to/48P2BDS -Cost Effective Shipping tape: https://amzn.to/3wvpXw9 -Label printer: https://amzn.to/3HhKuJV -Labels rolls: https://amzn.to/3wv9kRm -Normal printer label sticker sheets: https://amzn.to/48rW4zf -Fragile stickers: https://amzn.to/3ovCzjB -Scale for weighing packages: https://amzn.to/30cfcTT   NICE TO HAVE: ➡️ Scaling Society (my all inclusive membership): https://www.howtosellyourstuff.com/scaling-society   ➡️ Gaming Laptop (for a lot of AI or visuals) https://amzn.to/3Yq6vzO   ➡️ Kittl: https://www.kittl.com/   ➡️ Midjourney (AI image generator): https://www.midjourney.com/   ➡️ Lastpass- password saver: https://lastpass.com   ➡️Creative Fabrica: https://www.creativefabrica.com/promo/7088/0P693-FGHIJKLMNO/ref/2877703 One month free (up to 10 downloads), Then $9.99/month for  All Access Subscription   ➡️ Simply Listed—mockup tool (14 day free trial, then $15-30/month): https://simplylisted.io/?via=lizzie ➡️ Hello Custom—personalized POD listings (one time fee $67): https://offer.hellocustom.io/lifetime-offer?affiliate_id=4273827  

Rainbow Six Siege suffers breach, gamers go shopping Diesel generators and aircraft engines in high demand to power AI LastPass 2022 breach reverberates through crypto world  Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. Find the stories behind the headlines at CISOseries.com.  

LastPass, SoundCloud, Pornhub, a lot of credit unions and so much more are all part of this week's mess!

If you like what you hear, please subscribe, leave us a review and tell a friend!

A new executive order targets states' AI regulations, while the White House shifts course on an NSA deputy director pick. The UK fines LastPass over inadequate security measures. Researchers warn of active attacks against Gladinet CentreStack instances. OpenAI outlines future cybersecurity plans. MITRE ranks the top 25 vulnerabilities of 2025. CISA orders U.S. federal agencies to urgently patch a critical GeoServer vulnerability. An anti-piracy coalition shuts down one of India's most popular illegal streaming services. Our guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, unpacks purple team table top exercises to prepare for AI-generated attacks. Hackers set their sights on DNA. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, is discussing purple team table top exercises to prepare for AI-generated attacks. Selected Reading Trump Signs Executive Order to Block State AI Regulations (SecurityWeek) Announced pick for No. 2 at NSA won't get the job as another candidate surfaces (The Record) LastPass Data Breach — Insufficient Security Exposed 1.6 Million Users (Forbes) Gladinet CentreStack Flaw Exploited to Hack Organizations (SecurityWeek) OpenAI lays out its plan for major advances in AI cybersecurity features (SC Media) MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities (SecurityWeek) CISA orders feds to patch actively exploited Geoserver flaw (Bleeping Computer) MKVCinemas streaming piracy service with 142M visits shuts down (Bleeping Computer) The Unseen Threat: DNA as Malware (BankInfoSecurity) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

'DroidLock' malware demands ransom Google fixes secret Chrome 0-day UK fines LastPass over 2022 breach Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Security training fails when it's generic. Adaptive's platform personalizes training and runs deepfake simulations across email, SMS, voice, and video. And with Adaptive's AI Content Creator, you can drop in a breaking threat or compliance doc and instantly turn it into interactive, multilingual training – no designers, no delays. Learn more at adaptivesecurity.com.  

Today we're joined by the brilliant Michelle Pughe-Parry de Klerk, founder of The Women's Chapter, the UK's first network for women in business to achieve B Corp certification.Michelle's journey is an extraordinary example of how a passion project, started on a shoestring as a side hustle, can evolve into a thriving, impact-led portfolio career. Since launching in 2014, The Women's Chapter has reached more than 30,000 women through events, thought leadership, membership and pro bono initiatives. Michelle also champions women and girls beyond the community through her work as an ambassador for The King's Trust Women Supporting Women, a UN Women UK delegate and a council member for Founders4Schools and Maths4Girls.In this episode you'll learn:• Why a portfolio career is an asset, not a failing, and how to recognise the skills you've built across different areas of work • How to decide whether your passion project should stay a passion or become a commercial venture • Why community isn't a “nice to have” but a biological, emotional and strategic necessity • How small businesses can use sustainability frameworks to drive meaningful impact, even without formal certification • What Michelle learned from becoming unexpectedly financially exposed and how founders can protect themselves • Practical ways to combat imposter syndrome using evidence-based techniques • Why connection lowers cortisol, boosts leadership ability and helps founders make better decisions • How niching down and staying in your lane creates focus, momentum and clarity • The role of conversation as a catalyst for collaboration and change • Networking is a form of self careFF&M enables you to own your own PR & produces podcasts.Recorded, edited & published by Juliet Fallowfield, 2024 MD & Founder of PR & Communications consultancy for startups Fallow, Field & Mason.  Email us at hello@fallowfieldmason.com or DM us on instagram @fallowfieldmason. FF&M recommends: LastPass the password-keeping site that syncs between devices.Google Workspace is brilliant for small businessesBuzzsprout podcast 'how to' & hosting directoryCanva has proved invaluable for creating all the social media assets and audio bites.MUSIC CREDIT Funk Game Loop by Kevin MacLeod.  Link &  LicenceText us your questions for future founders. Plus we'd love to get your feedback, text in via Fan MailSupport the show

In today's episode, we're joined by Siff Haider one part of the co-founders due behind Arrae - the wellness brand that's redefining the supplement space with elegant, effective, natural solutions for issues like bloating, anxiety and sleep. Since launching in 2020, Arrae has gained a cult following thanks to its minimalist aesthetic, loyal community, and commitment to solving real, everyday problems - all while standing out in a saturated and often sceptical market.Stay tuned to hear how Siff and Nish approached brand-building with intention from day one, why storytelling and science go hand-in-hand and what it takes to grow in a crowded category.Siff's advice: Founder mindset tip: Have faith in yourself and trust your abilities.Leadership advice: Don't be ruled by ego; stay flexible and be prepared to change direction if necessary.Motivation lesson: Take one step at a time, steady progress is sustainable progress.Resilience insight: There will always be challenges; this is normal, and you can cope with them.Growth advice: Learn from your mistakes, apply the lessons, and keep moving forward.Perspective shift: Don't take challenges personally, they're all part of evolving and growing.Purpose-driven business tip: Think about your primary driver, which hopefully isn't just profit; purpose will motivate you to keep going.Lifestyle principle: Make personal rules about your life, your fitness, and your happiness and stick to them.Customer connection advice: Communicating with customers will always be worthwhile and deeply satisfying.Workplace culture tip: Create an environment that others will appreciate and thrive in.Branding advice: Be honest and clear in your branding, and always stay relevant to the customer.Inspiration insight: Look for motivation and new ideas in the world around you.Entrepreneurship lesson: If you're not making some mistakes, you're not truly pushing yourself or innovating.FF&M enables you to own your own PR & produces podcasts.Recorded, edited & published by Juliet Fallowfield, 2024 MD & Founder of PR & Communications consultancy for startups Fallow, Field & Mason.  Email us at hello@fallowfieldmason.com or DM us on instagram @fallowfieldmason. FF&M recommends: LastPass the password-keeping site that syncs between devices.Google Workspace is brilliant for small businessesBuzzsprout podcast 'how to' & hosting directoryCanva has proved invaluable for creating all the social media assets and audio bites.MUSIC CREDIT Funk Game Loop by Kevin MacLeod.  Link &  LicenceText us your questions for future founders. Plus we'd love to get your feedback, text in via Fan MailSupport the show

On this episode of Embracing Erosion, Devon sits down with Evan Goldberg, the Vice President of Product Marketing at LastPass. Evan's spent over 20 years leading go-to-market and product marketing teams across cybersecurity and SaaS.In their conversation, they discuss how cybersecurity marketing is evolving in an AI-driven world, including the tension between productivity and protection, and how AI is reshaping both attack and defense. They also explored emerging trends like digital risk protection, compliance automation, and the future of executive cyber defense.Evan shared his perspective on what makes for a great PMM leader, how to diagnose the health of a GTM org, and why curiosity and candor are critical to developing world-class teams. Enjoy the conversation!

In today's episode, we're joined by Ella McKay, founder of FATSO, the unapologetically bold, brilliant and beautiful chocolate brand shaking up the confectionery world.Launched in 2022 after being dreamt up in lockdown, FATSO is on a mission to make chocolate fun again - big, chunky, and full of life - while doing things ethically and with integrity. Behind the humour and bold branding is a founder navigating motherhood, lean budgets, and the ever-shifting culture of work.Stay tuned to hear how Ella has managed imposter thoughts, turned limited resources into major visibility, and learned to prioritise both sales and operations without burning out in the process.Ella's advice:Imposter experience insight: be aware of your weaknesses (not insecurities) and accept that sometimes you just have to work on themAccept your vulnerabilities, don't be overwhelmed by themSupport-network lesson: Have a good mentor network and ask for help.  You can usually overcome self doubt by talking something through with someone.  But spend time first thinking it over, deciding who best to share withThere's a fine balance between sharing a problem and being swamped with too much adviceBudget-friendly growth tip: Be honest about what you can afford. Approach partners transparently and find people who want to grow with you.Sales-first strategy: Sales always come first. Everyone in the business should think like a salesperson — you can't build operations without revenue.Hiring advice for startups: Trust your gut. Look for energy, passion, curiosity, and the willingness to get hands-on. Not everyone is built for startup life.Motherhood and entrepreneurship: There's no maternity cover when you're the founder. Embrace help, drop the guilt, and remember — your child benefits from seeing you strive.Mindset for founders: Don't chase perfection. Start, iterate, and learn as you go. Values-driven business tip: FATSO wasn't started to make piles of money — it's about building a brand with purpose, humour, and integrity. Stay true to why you began.FF&M enables you to own your own PR & produces podcasts.Recorded, edited & published by Juliet Fallowfield, 2024 MD & Founder of PR & Communications consultancy for startups Fallow, Field & Mason.  Email us at hello@fallowfieldmason.com or DM us on instagram @fallowfieldmason. FF&M recommends: LastPass the password-keeping site that syncs between devices.Google Workspace is brilliant for small businessesBuzzsprout podcast 'how to' & hosting directoryCanva has proved invaluable for creating all the social media assets and audio bites.MUSIC CREDIT Funk Game Loop by Kevin MacLeod.  Link &  LicenceText us your questions for future founders. Plus we'd love to get your feedback, text in via Fan MailSupport the show

If you like what you hear, please subscribe, leave us a review and tell a friend!

Microsoft WSUS vulnerability could allow for remote code execution Fake LastPass death claims used to breach password vaults New CoPhish attack steals OAuth tokens via Copilot Studio agents Huge thanks to our sponsor, Conveyor If security questionnaires make you feel like you're drowning in chaos, you're not alone. Endless spreadsheets, portals, and questions—always when you least expect them. Conveyor brings calm to the storm. With AI that auto-fills questionnaires and a trust center that shares all your docs in one place, you'll feel peace where there used to be panic. Find your security review zen at www.conveyor.com. Find the stories behind the headlines at CISOseries.com.

What if the fastest way to grow isn't doing more, but letting go—carefully? We pull back the curtain on how we hired and trained two very different assistants, one in Texas and one in the Philippines, and the systems that make those partnerships smooth, secure, and genuinely business-changing. From the first grading task to a multi-role teammate, and from a five-hour bookkeeping trial to dashboards, course ops, and content workflows, this is a real-world blueprint for delegating without losing your mind.We walk through the decisions that matter: how to choose between 1099 and W‑2, where to source talent (and what marketplace reviews actually tell you), and how to set pay based on skill, scope, and outcomes. Security and ethics are baked in—NDAs, HIPAA training when needed, and password managers like LastPass so you can grant access without giving away the keys. You'll hear how simple, living SOPs turn chaos into consistency: short Loom or Camtasia videos, Trello checklists, and clear definitions of “done” that make handoffs clean and quality predictable.Communication is the backbone. We explain why one primary channel and a weekly check-in beat scattered pings and why screenshots with specific notes eliminate rework. We also share candid red flags—vanishing act replies, task-dumping without initiative, and hidden subcontracting—and the green flags that signal a pro: proactive problem-solving, honest updates, and resilience when life or weather hits across time zones. Most of all, we make the case that delegation is an investment, not a cost. Start with five to ten hours, document one process, ship it, and use the time you get back for higher-leverage work—or real rest.Ready to turn overwhelm into a system that scales? Listen now, subscribe for more practical playbooks, and leave a review with the first task you plan to delegate.Get your step by step guide to private practice. Because you are too important to lose to not knowing the rules, going broke, burning out, and giving up. #counselorsdontquit.

Erotic Chats, UEFI, F5, Cisco, Doug Sings, Insiders, Lastpass, Sora, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-521

F5 discloses long-term breach tied to nation-state actors. PowerSchool hacker receives a four-year prison sentence. Senator scrutinizes Cisco critical firewall vulnerabilities. Phishing campaign impersonates LastPass and Bitwarden. Credential phishing with Google Careers. Reduce effort, reuse past breaches, recycle into new breach. Qilin announces new victims. Manoj Nair, from Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. And AI faces the facts. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Manoj Nair, Chief Innovation Officer at Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. In light of the recent high-severity vulnerability in Cursor, Manoj discusses how threats like tool poisoning, toxic flows, and MCP vulnerabilities are redefining what secure AI-driven development means—and why organizations must move faster to keep up. Selected Reading F5 disclosures breach tied to nation-state threat actor (CyberScoop) CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices (CISA) ED 26-01: Mitigate Vulnerabilities in F5 Devices (CISA)  PowerSchool hacker sentenced to 4 years in prison (The Record)  Cisco faces Senate scrutiny over firewall flaws (The Register) Fake LastPass, Bitwarden breach alerts lead to PC hijacks (Bleeping Computer)  Google Careers impersonation credential phishing scam with endless variation (Sublime Security)  Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches (HackRead)  Qilin Ransomware announced new victims (Security Affairs)  When Face Recognition Doesn't Know Your Face Is a Face (WIRED) Semperis Announces Midnight in the War Room: A Groundbreaking Cyberwar Documentary Featuring the World's Leading Defenders and Reformed Hackers (PR Newswire) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

I sat down with Karim Toubba, CEO of LastPass, to discuss the challenges and triumphs of navigating cybersecurity in today's digital landscape, especially the issues we face when we have been breached. This is a masterclass in how to handle #cybersecurity crisis!In this episode, Karim shares insights into LastPass's response to significant security breaches, the importance of authentic #leadership, and the evolving role of password management in a networkless world. Tune in for a candid conversation about resilience, change, and the future of cybersecurity.Takeaways: Leadership in Crisis: Karim Toubba emphasizes the importance of authentic leadership and taking responsibility, even when new to a role, as a key factor in navigating crises effectively.Security as a Priority: LastPass has made significant investments in security infrastructure and culture, highlighting the necessity of a sustained commitment to cybersecurity at all organizational levels.Cultural Shift: The implementation of security measures like Yubikeys and the focus on changing employee mindsets underscore the need for a cultural shift in cybersecurity practices.Challenges of Attribution: The difficulty in attributing cyberattacks to specific actors is discussed, with an acknowledgment of the sophisticated nature of the threats faced.Evolving Cyber Landscape: The conversation touches on the evolving nature of cybersecurity threats and the need for continuous adaptation and investment to stay ahead.Product Innovation: LastPass's expansion beyond password management to include products like SAS Monitor and SAS Protect demonstrates their commitment to addressing broader security challenges.User-Centric Security: The importance of making security measures user-friendly and front-and-center is highlighted as a critical factor in improving overall cybersecurity.

Broadcom, LastPass, Brickstone, SEO Poisoning, QR codes, H1B visas, Distributed Computing, and More... Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-893

The Secret Service dismantles an illegal network. Jaguar Land Rover (JLR) extends the shutdown production plants. The EU probes tech giants over online scams. Iranian APT Nimbus Manticore expands operations in Europe. North Korean Kimsuky deploys a shortcut-based espionage campaign. Github and Ruby Central roll out supply-chain security upgrades. Lastpass warns of macOS ClickFix campaign using fake GitHub repos. AT&T's CISO warns hackers mimic Salt Typhoon's unconventional tactics. CISO Perspectives host Kim Jones previews the upcoming season. An attorney pays $10K for AI hallucinations. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest CISO Perspectives host Kim Jones previews the upcoming season, sharing what's ahead for listeners. From leadership challenges to the evolving role of the CISO, Kim highlights the conversations and insights you can expect this season.You can check out the season opener here. Selected Reading Cache of Devices Capable of Crashing Cell Network Is Found Near U.N. (The New York Times) Secret Service Disrupts Threat Network Near UN General Assembly (YouTube) JLR extends shutdown – again – as toll on workers laid bare (The Register) The EU is scrutinizing how Apple, Google, and Microsoft tackle online scams (The Verge) Nimbus Manticore Deploys New Malware Targeting Europe (Check Point Research) Kimsuky attack disguised as sex offender notice information (Logpresso) GitHub tightens npm security with mandatory 2FA, access tokens (Bleeping Computer) NPM package caught using QR Code to fetch cookie-stealing malware (Bleeping Computer) LastPass: Fake password managers infect Mac users with malware (Bleeping Computer) Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques (CyberScoop) Attorney Slapped With Hefty Fine for Citing 21 Fake, AI-Generated Cases (PCMag) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Reports Ivanti EPMM Exploit Sightings Two different organizations submitted backdoors to CISA, which are believed to have been installed using Ivanti vulnerabilities patched in May. https://www.cisa.gov/news-events/analysis-reports/ar25-261a Lastpass Observes Impersonation on GitHub Lastpass noted a number of companies being impersonated via fake GitHub repositories in order to trick victims to download Mac malware. https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages Oracle Scheduler Ransomware Ransomware has been discovered that gained access to systems via an exposed Oracle Database Scheduler service. https://labs.yarix.com/2025/09/elons-proxima-black-shadow-related-ransomware-attack-via-oracle-dbs-external-jobs/

Alarm bells are ringing over a supposed browser zero-day, but is the threat as bad as it sounds? Steve reveals why "clickjacking" might be more whac-a-mole than breaking news, and what that really means for your passwords. • Germany may soon outlaw ad blockers • What's happening in the courts over AI • The U.K. drops its demands of Apple • New Microsoft 365 tenants being throttled • Is Russia preparing to block Google Meet? • Bluesky suspends its service in Mississippi • How to throttle AI • A tricky SSH-busting Go library • Here comes the Linux desktop malware • Apple just patched a doozy of a vulnerability • A trivial Docker escape was found and fixed • Why the recent browser 0-day clickjacking is really just whac-a-mole Show Notes - https://www.grc.com/sn/sn-1040-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow zscaler.com/security bigid.com/securitynow uscloud.com