Podcasts about linux security

It's Zone 103 Computer Drive Week and the Black Tech Building Show is going to rocking with a nice show discussing Linux Security and continuing the Online Weather Prediction Project. Latest Tech News.Recorded 8/26/2025

In this episode, I discuss into the security features of Talos Linux with Andrey Smirnov. Andrey explains how Talos focuses on its immutability and minimal attack surface. Discover how these enhancements fortify your systems against vulnerabilities, ensuring a secure and resilient infrastructure. Join us as we explore the security advancements that make Talos Linux not only a super easy way to run Kubernetes, but also a very secure way. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-09-talos-andrey-smirnov/

Guest: Craig H. Rowland, Founder and CEO, Sandfly Security Topics: When it comes to Linux environments – spanning on-prem, cloud, and even–gasp–hybrid setups – where are you seeing the most significant blind spots for security teams today?  There's sometimes a perception that Linux is inherently more secure or less of a malware target than Windows. Could you break down some of the fundamental differences in how malware behaves on Linux versus Windows, and why that matters for defenders in the cloud? 'Living off the Land' isn't a new concept, but on Linux, it feels like attackers have a particularly rich set of native tools at their disposal. What are some of the more subtly abused but legitimate Linux utilities you're seeing weaponized in cloud attacks, and how does that complicate detection? When you weigh agent-based versus agentless monitoring in cloud and containerized Linux environments, what are the operational trade-offs and outcome trade-offs security teams really need to consider?  SSH keys are the de facto keys to the kingdom in many Linux environments. Beyond just 'use strong passphrases,' what are the critical, often overlooked, risks associated with SSH key management, credential theft, and subsequent lateral movement that you see plaguing organizations, especially at scale in the cloud? What are the biggest operational hurdles teams face when trying to conduct incident response effectively and rapidly across such a distributed Linux environment, and what's key to overcoming them? Resources: EP194 Deep Dive into ADR - Application Detection and Response EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines  

In this episode, hackers clean house at Clorox (literally), Amazon has a bit of "AI privacy panic" and a weak password allowed hackers to sink a 158 year old company. Jay and Joao will discuss these stories - and more.

In this episode of Enterprise Linux Security, Jay and Joao discuss several recent stories, one of which is a breach involving 16 billion passwords! Also, Ubuntu users may see a performance boost, threat actors use Minecraft mods to target victims, and more!

In this episode, Jay and Joao discuss how "localhost" can be used to spy on you. Also, Windows VM's on Proxmox start encountering a BSOD after update, and more!

In this episode, Jay and Joao discuss the EUVD launch, Microsoft partnering with CrowdStrike, and more cybersecurity shenanigans.

Recently, Red Hat Enterprise Linux (RHEL) 10 was released, with some interesting new features for users of Enterprise Linux. In this episode, Jay and Joao will discuss some of the highlights of the new release.

In this episode, Danielle Tal and Thilo Fromm join us to discuss Flatcar Linux. They introduce Flatcar as a Linux operating system designed specifically for containers and Kubernetes workloads, highlighting its automation, self-healing capabilities, and security features. They emphasize how Flatcar simplifies operations for startups and large companies alike by automating OS provisioning and maintenance. We discussed contributor engagement and the project's involvement with the CNCF. They also share intriguing use cases, like a Kubernetes cluster running on a tractor fleet, and stress the importance of community contributions, not just in code but in evangelism and documentation.   00:00 Introduction 01:05 What is Flatcar? 02:01 Flatcar's Automation and Self-Healing Capabilities 04:10 User Experience and Testing 05:06 Ideal Users and Use Cases 10:36 Community and Contributions 13:38 Getting Started with Contributions 16:59 Impact and Future Directions 19:58 Conclusion and Final Thoughts   Guest: Danielle Tal is a Program Manager at Microsoft and an integral part of the team responsible for maintaining Flatcar Container Linux. The team is contributes to Linux OS distributions and Linux Security within Azure and other upstream projects. With a background in supporting diverse enterprise cloud applications as a support engineer, Danielle has transitioned into a management role, overseeing Docker EMEA support before joining the Flatcar team. Thilo Fromm is an engineering manager and works on Community Linux distributions and Linux Security at Azure. Thilo's team helps maintaining Flatcar Container Linux. He has given talks at FOSDEM, FrOSCon, KubeCon, Open Source Summit, Cloud-Native Rejekts, and various meetups like Kubernetes Community Days. Thilo started his career in embedded systems with hardware design and roll-your-own /from scratch embedded Linux, kernel and plumbing level development, and later virtualisation. After working for various cloud providers in engineering and management positions, he went full cloud native in 2019. Nowadays Thilo works on operating systems for cloud-native environments with a special focus on Flatcar Container Linux.  

In this episode, Jay and Joao discuss an important elephant in the room - what do you do when you have no power? How long will your UPS and/or generator last? Power is definitely a real challenge, and it's even worse if you're dealing with an entire location losing power! And that's exactly what happened in Portugal. Jay and Joao will discuss this blackout event, and what it means for business continuity.

What's it like within a hacking group? After 190,000 chat messages from the Black Basta group leak, we get an inside look at operations within such a group. In this episode, Jay and Joao discuss this recent development. Also, breaking news regarding CVE's literally almost becoming a thing of the past!

This time around, Jay and Joao cover several interesting stories, including an alleged Oracle breach, privacy concerns around 23andme, and more!

In this episode, Jay and Joao discuss some recent bugs in the wild, including a supply-chain attack that exposes enterprise secrets.

In this episode, Jay and Joao will discuss a couple of recent vulnerabilities, with one of them showing how unskilled threat actors can bolster their abilities with Artificial Intelligence, a trend that's sure to become very popular in the future.

The 2025 Enterprise Linux & Open-Source Landscape Report from TuxCare is here, and with it comes some surprising facts about the state of Linux security today. In this episode, Jay and Joao will discuss some of its most noteworthy findings.

Implementing an effective automation system can be an overwhelming task, one that can often fail - causing some organizations to abandon automation completely. In this video, Jay and Joao will discuss some effective strategies for implementing automation.

How does perception vs reality tie into protecting our infrastructure from threat actors? In this episode, Jay and Joao discuss how pre-concieved notions and misinformation impacts threat response (and more).

We all hate passwords, just about as much as we hate Printers and DNS. They're a nuisance - they're difficult to manage and are a major attack vector. Thankfully, technologies such as FIDO (Passkeys) have come around to make this easier for everyone. However, Jay and Joao will discuss how tech companies are ruining this for everyone.

In this video, Jay and Joao some recently security news, some of which exposes some of the dangers of misconfigured S3 buckets. Also, Volkswagen ended up in a bit of trouble, a Microsoft-related flaw in unicode poses problems, and other security shenanigans are to be expected.

In this episode, Jay and Joao discuss some unexpected consequences of AI. Also, they'll give you a "year in review", going over the most substantial security stories of 2024.

In this episode, Jay and Joao discuss a recent story where one company's WiFi was used to hack another - and other security shenanigans.

In this episode, Jay and Joao discuss recent goverment policy that will have far reaching effects - and this time it isn't coming from the USA. Also, is C and C++ too "unsafe" to use? Those stories and more during this episode!

In this episode, Jay and Joao discuss a recent decision made by VMWare, CISA security requirements, and more about how ransomware can be especially problematic in health care.

In the 100th episode, Jay and Joao discuss some stories that literally come full circle from earlier stories in the podcast - encryption back doors, the largest migration cost we've ever covered, and more!

In this day and age, we can spin up servers and entire networks in seconds. But should we? It's easy to throw resources at problems, but we'll just end up creating more work for ourselves. In this episode, Jay and Joao will discuss provisioning resources more reasonably - and the health of your entire company's network might depend on that!

In this episode, Jay and Joao discuss the "EUCREAK" vulnerability, as well as a recent story that outlines one of the many ways the industry is vulnerable to the same old tricks with outdated perimeter protection. Don't miss it!

Recently, an 18-year old bug is making new waves across the Internet, dubbed the "0.0.0.0-Day Vulnerability". What is it? Should you be concerned? Jay and Joao will discuss this and a few other stories in this episode of Enterprise Linux Security.

In DevOps, there's many great tools we appreciate - CI/CD workflows definitely being one of them. Github Workflows is one such tool, but vulnerabilities were recently found. Also, AT&T suffers a breach (and more!)

In this episode, Jay and Joao discuss several recent cybersecurity news stories, including Polyfill - which is another example of why supply chain attacks are something everyone should be paying attention to.

In this episode, Jay and Joao will discuss the recent regreSSHion vulnerability, which claims to be a path to root - although it might take a while. Also, recent developments with Teamviewer are also discussed.

In this episode, Jay and Joao discuss the recent breach suffered by Ticketmaster. Also, several new or updated news stories will be discussed.

What would you do if your organization's cloud servers were deleted? That's exactly what happened to a Singaporean company, which found their servers wiped by a disgruntled employee. Plus, the FBI distributes over 7,000 unlock keys, and Europol launches their biggest botnet operation yet.

In the last episode, we discussed a story where a company literally lost their cloud - at no fault of their own. But what is truly your responsibility when working with a cloud provider? What is their responsibility? In this episode, Jay and Joao discuss where the line is drawn between you and your cloud provider.

In this episode, Jay and Joao talk about a story that's every cloud administrator's worst nightmare - your entire environment, backups, everything - gone. That's exactly what happened to UniSuper, a customer of Google Cloud. In this cautionary tale, we'll explore the case of the missing cloud.

There's a lot for sysadmins to keep track of when it comes to security, so naturally there's going to be some misconceptions every now and then. In this episode, Jay and Joao discuss some common misconceptions when it comes to security.

In this episode, Jay and Joao discuss the 2024 Verizon Data Breach Investigations Report (DBIR), which includes some interesting finds regarding threat actor motives, how user error impacts business, and more!

Ransomware is bad enough, but when it impacts healthcare it's even worse! In this episode, Jay and Joao will discuss recent developments at Change Healthcare and their ransomware fiasco, news updates, and more!

Welcome to another episode of Category Visionaries — the show that explores GTM stories from tech's most innovative B2B founders. In today's episode, we're speaking with Austin Gadient, CTO & Co-Founder of Vali Cyber, a Linux security platform that has raised $15 Million in funding. Here are the most interesting points from our conversation: Origins in Cybersecurity: Austin's journey into cybersecurity began at the US Air Force Academy, leading to a master's in computer science at MIT focused on offensive cybersecurity tactics, specifically against Linux systems. Transition to Defense: Post-MIT, Austin's work shifted towards defense, working on satellite systems at Kirtland Air Force Base, where the limitations of existing Linux security solutions inspired the founding of Vali Cyber. Initial Product Development: The early days of Vali Cyber were dedicated to developing a prototype capable of behaviorally stopping ransomware attacks on Linux systems and introducing a rollback feature for system restoration. Challenges of Early Commercialization: Austin discusses the initial rush to market and the realization that competing against established vendors required a nearly flawless product, underscoring the importance of mature QA processes. Building Trust with Customers: Given the high stakes of Linux security, building trust was crucial. Austin leveraged his and his CEO's backgrounds in defense and created tools like securityperf to validate their product's claims transparently. Identifying the Ideal Customer Profile (ICP): Initially focusing on DoD organizations, Vali Cyber expanded its target to enterprises with significant Linux infrastructure, recognizing the importance of protecting mission-critical systems in sectors like finance.

On this podcast, Jay and Joao have discussed multiple times a situation where a threat actor submits a pull request that's more than the project bargained for. And now, we have a situation where OpenSSH was (almost) backdoored by a commit by a maintainer of the xz project. Don't miss this episode for all the details!

What goes on behind the scenes when it comes to managing a project as large as a Linux distribution? In this episode, Jay and Joao has a chat with benny Vasquez who is not only a wealth of knowledge on that very subject, she's also the Chair of the Board of Directors for AlmaLinux OS. ... Read more

You may have heard of "technical debt", but have you heard of "security debt"? In this episode, Jay and Joao will tell you all about it and why it's a major issue for organizations.

Through a joint effort, the FBI as well as NCA struck a major blow to the Lockbit ransomware group. In this episode, Jay and Joao will discuss this story as well as the state of Linux in the enterprise/open-source landscape.

When a threat actor breaks into a router and adds firewall rules that the owner didn't approve of, that's considered hacking. But when the FBI does it... ...it isn't?! In this episode Jay and Joao discuss a recent story where the FBI did exactly that, and they'll also discuss how Microsoft has become the biggest "face palm" discussed on the podcast so far.

Here we are, yet again, with an industry problem caused by the decision of just one software vendor. This time it's VMware that's causing a ruckus. In recent news, it's been reported that VMware will be killing off 56 (yes, 56) of their stand-alone products, and that's on top of the news that broke late last year regarding changes in their licensing model. In this episode, Jay and Joao discuss these recent VMware-related shenanigans.

In this episode, Jay and Joao will discuss an update on the GTA source code theft, how much threat actors are making from ransomware, and more!

In this episode, Jay and Joao will discuss a report earlier this year that reveals the "top 10 cybersecurity misconfigurations". These ten common mistakes can make it trivial for a threat actor to gain access to your infrastructure, so it's definitely a list everyone should pay close attention to.

https://youtu.be/h1XTs1ed3MY On this episode of Destination Linux (344), we're reviewing the latest release of Ubuntu, Ubuntu 23.10 or Mantic Minotaur, we'll discuss its improvements and new features. We also touch on Linux security, debunking myths and highlighting the reasons why Linux is the most secure and useful OS of them all. Plus, we have our tips, tricks and software picks for you. Let's get this show on the road toward Destination Linux! Download as MP3 (https://aphid.fireside.fm/d/1437767933/32f28071-0b08-4ea1-afcc-37af75bd83d6/1d93be59-70f9-416e-9320-11df6ddaed13.mp3) SHOW NOTES ►► https://destinationlinux.net/344 Supported by: Namecheap = https://destinationlinux.net/namecheap LINBIT = https://destinationlinux.net/linbit Hosted by: Michael Tunnell = https://tuxdigital.com Ryan (DasGeek) = https://dasgeekcommunity.com Jill Bryant = https://jilllinuxgirl.com Want to Support the Show? Become a Patron = https://tuxdigital.com/membership Store = https://tuxdigital.com/store Chapters: 00:00:00 DL 344 Intro 00:01:11 Community Feedback 00:04:59 NAMECHEAP - [ link (https://destinationlinux.net/namecheap) ] 00:07:30 Ubuntu 23.10 Review (Mantic Minotaur) - [ link (https://discourse.ubuntu.com/t/mantic-minotaur-release-notes/35534) ] 00:37:20 LINBIT - [ link (https://destinationlinux.net/linbit) ] 00:38:39 Linux Security - [ source article (https://madaidans-insecurities.github.io/linux.html) ] 00:56:25 Gaming: Crimson Trials - [ link (https://bitwixt.itch.io/crimson-trials) ] 01:02:06 Software Spotlight: AppFlowy - [ link (https://appflowy.io/) ] 01:06:28 Tips and Tricks: Ubuntu Restricted Extras 01:08:10 Events - [ Ubuntu Summit (https://events.canonical.com/event/31/), SCALE (https://www.socallinuxexpo.org/scale/21x) ] 01:12:14 Outro Tip of the Week: sudo apt install ubuntu-restricted-extras Other Links: https://destinationlinux.net/279 https://imgur.com/a/p3VaKIH SHOW NOTES ►► https://destinationlinux.net/344

Join us on this episode of the Ask A CISO podcast as we discuss how to quantify defence with Anant Shrivastava, an information security professional with over 15 yrs of corporate experience and expertise in Network, Mobile, Application, and Linux Security. Along with host Mark Fuentes, he discusses looking at the big picture, why DevSecOps as a term should not exist, and the value of investing in cybersecurity. - About Horangi Cybersecurity -- More information about the Ask A CISO podcast: https://www.horangi.com/resources/ask-a-ciso-podcast About Horangi Cyber Security: https://www.horangi.com - About the Guests -- Anant's LinkedIn: https://www.linkedin.com/in/anantshri/ Anant's Website: https://anantshri.info/

Facebook Metaverse demo receives the meme treatment. Is Linux a secure operating system for online financial activity? How to start recording podcasts with hosts in different locations? What kind of a machine can I get to run an application like AutoCAD that isn't too expensive? Why is my camera system not working with my modem/router combo device? Can you limit an iPad to run one single app? Why is my LastPass desktop application not working all of a sudden? Plus conversations with Sam Abuelsamid about the Dodge Charger Daytona SRT & Rod Pyle calling again from the arctic circle! A New York Times article about a father being flagged by Google as a criminal. Mark Zuckerberg's metaverse demo receives the meme treatment. Sam Abuelsamid and the Dodge Charger Daytona SRT. Is Linux as an operating system secure enough for online financial activity? How to record podcasts online. Can a Man in the Middle attack occur between the user & a secure connection like a bank? Using AutoCAD on Windows or Mac? And how good of a machine do I need to run an application like AutoCAD? A caller's Wink camera hub is not working with a new modem/router. What's causing the Wink system to not work with the modem/router device? How to limit an iPad to a single application? Why is my SmartTV not connecting to my WiFi network? Why is my iPhone suddenly acting like it's a new phone after the iOS 15 6.1 update? Why are certain features disappearing from newer, more modern cellphones? Rod Pyle calls from the arctic circle! He talks about his adventures in the circle the past week. Why is my desktop LastPass application not working on my Mac? Do I even need the desktop application, or is the browser plug-in more than enough? Host: Leo Laporte Guests: Sam Abuelsamid and Rod Pyle Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/the-tech-guy/episodes/1920 Download or subscribe to this show at: https://twit.tv/shows/the-tech-guy Sponsor: noom.com/twit

Facebook Metaverse demo receives the meme treatment. Is Linux a secure operating system for online financial activity? How to start recording podcasts with hosts in different locations? What kind of a machine can I get to run an application like AutoCAD that isn't too expensive? Why is my camera system not working with my modem/router combo device? Can you limit an iPad to run one single app? Why is my LastPass desktop application not working all of a sudden? Plus conversations with Sam Abuelsamid about the Dodge Charger Daytona SRT & Rod Pyle calling again from the arctic circle! A New York Times article about a father being flagged by Google as a criminal. Mark Zuckerberg's metaverse demo receives the meme treatment. Sam Abuelsamid and the Dodge Charger Daytona SRT. Is Linux as an operating system secure enough for online financial activity? How to record podcasts online. Can a Man in the Middle attack occur between the user & a secure connection like a bank? Using AutoCAD on Windows or Mac? And how good of a machine do I need to run an application like AutoCAD? A caller's Wink camera hub is not working with a new modem/router. What's causing the Wink system to not work with the modem/router device? How to limit an iPad to a single application? Why is my SmartTV not connecting to my WiFi network? Why is my iPhone suddenly acting like it's a new phone after the iOS 15 6.1 update? Why are certain features disappearing from newer, more modern cellphones? Rod Pyle calls from the arctic circle! He talks about his adventures in the circle the past week. Why is my desktop LastPass application not working on my Mac? Do I even need the desktop application, or is the browser plug-in more than enough? Host: Leo Laporte Guests: Sam Abuelsamid and Rod Pyle Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/the-tech-guy/episodes/1920 Download or subscribe to this show at: https://twit.tv/shows/all-twittv-shows Sponsor: noom.com/twit