Podcasts about linux security

In DevOps, there's many great tools we appreciate - CI/CD workflows definitely being one of them. Github Workflows is one such tool, but vulnerabilities were recently found. Also, AT&T suffers a breach (and more!)

In this episode, Jay and Joao discuss several recent cybersecurity news stories, including Polyfill - which is another example of why supply chain attacks are something everyone should be paying attention to.

In this episode, Jay and Joao will discuss the recent regreSSHion vulnerability, which claims to be a path to root - although it might take a while. Also, recent developments with Teamviewer are also discussed.

In this episode, Jay and Joao discuss the recent breach suffered by Ticketmaster. Also, several new or updated news stories will be discussed.

What would you do if your organization's cloud servers were deleted? That's exactly what happened to a Singaporean company, which found their servers wiped by a disgruntled employee. Plus, the FBI distributes over 7,000 unlock keys, and Europol launches their biggest botnet operation yet.

In the last episode, we discussed a story where a company literally lost their cloud - at no fault of their own. But what is truly your responsibility when working with a cloud provider? What is their responsibility? In this episode, Jay and Joao discuss where the line is drawn between you and your cloud provider.

In this episode, Jay and Joao talk about a story that's every cloud administrator's worst nightmare - your entire environment, backups, everything - gone. That's exactly what happened to UniSuper, a customer of Google Cloud. In this cautionary tale, we'll explore the case of the missing cloud.

There's a lot for sysadmins to keep track of when it comes to security, so naturally there's going to be some misconceptions every now and then. In this episode, Jay and Joao discuss some common misconceptions when it comes to security.

In this episode, Jay and Joao discuss the 2024 Verizon Data Breach Investigations Report (DBIR), which includes some interesting finds regarding threat actor motives, how user error impacts business, and more!

Ransomware is bad enough, but when it impacts healthcare it's even worse! In this episode, Jay and Joao will discuss recent developments at Change Healthcare and their ransomware fiasco, news updates, and more!

Welcome to another episode of Category Visionaries — the show that explores GTM stories from tech's most innovative B2B founders. In today's episode, we're speaking with Austin Gadient, CTO & Co-Founder of Vali Cyber, a Linux security platform that has raised $15 Million in funding. Here are the most interesting points from our conversation: Origins in Cybersecurity: Austin's journey into cybersecurity began at the US Air Force Academy, leading to a master's in computer science at MIT focused on offensive cybersecurity tactics, specifically against Linux systems. Transition to Defense: Post-MIT, Austin's work shifted towards defense, working on satellite systems at Kirtland Air Force Base, where the limitations of existing Linux security solutions inspired the founding of Vali Cyber. Initial Product Development: The early days of Vali Cyber were dedicated to developing a prototype capable of behaviorally stopping ransomware attacks on Linux systems and introducing a rollback feature for system restoration. Challenges of Early Commercialization: Austin discusses the initial rush to market and the realization that competing against established vendors required a nearly flawless product, underscoring the importance of mature QA processes. Building Trust with Customers: Given the high stakes of Linux security, building trust was crucial. Austin leveraged his and his CEO's backgrounds in defense and created tools like securityperf to validate their product's claims transparently. Identifying the Ideal Customer Profile (ICP): Initially focusing on DoD organizations, Vali Cyber expanded its target to enterprises with significant Linux infrastructure, recognizing the importance of protecting mission-critical systems in sectors like finance.

On this podcast, Jay and Joao have discussed multiple times a situation where a threat actor submits a pull request that's more than the project bargained for. And now, we have a situation where OpenSSH was (almost) backdoored by a commit by a maintainer of the xz project. Don't miss this episode for all the details!

What goes on behind the scenes when it comes to managing a project as large as a Linux distribution? In this episode, Jay and Joao has a chat with benny Vasquez who is not only a wealth of knowledge on that very subject, she's also the Chair of the Board of Directors for AlmaLinux OS. ... Read more

You may have heard of "technical debt", but have you heard of "security debt"? In this episode, Jay and Joao will tell you all about it and why it's a major issue for organizations.

Through a joint effort, the FBI as well as NCA struck a major blow to the Lockbit ransomware group. In this episode, Jay and Joao will discuss this story as well as the state of Linux in the enterprise/open-source landscape.

When a threat actor breaks into a router and adds firewall rules that the owner didn't approve of, that's considered hacking. But when the FBI does it... ...it isn't?! In this episode Jay and Joao discuss a recent story where the FBI did exactly that, and they'll also discuss how Microsoft has become the biggest "face palm" discussed on the podcast so far.

Here we are, yet again, with an industry problem caused by the decision of just one software vendor. This time it's VMware that's causing a ruckus. In recent news, it's been reported that VMware will be killing off 56 (yes, 56) of their stand-alone products, and that's on top of the news that broke late last year regarding changes in their licensing model. In this episode, Jay and Joao discuss these recent VMware-related shenanigans.

In this episode, Jay and Joao will discuss an update on the GTA source code theft, how much threat actors are making from ransomware, and more!

In this episode, Jay and Joao will discuss a report earlier this year that reveals the "top 10 cybersecurity misconfigurations". These ten common mistakes can make it trivial for a threat actor to gain access to your infrastructure, so it's definitely a list everyone should pay close attention to.

The Mirai botnet brought the entirety of the internet to its breaking point back in 2016, taking down many prominent web sites. Now, an article from Wired has emerged that reveals the full story behind the scenes - how the threat actors got started, how the events played out, as well as what they're up to these days. Join Jay and Joao as they discuss this very interesting story!

In this episode, Jay and Joao catch up on recent stories. Among the topics they'll discuss another version of CentOS going end of life (and why upgrading isn't so straight-forward), the recent curl vulnerability, and more!

https://youtu.be/h1XTs1ed3MY On this episode of Destination Linux (344), we're reviewing the latest release of Ubuntu, Ubuntu 23.10 or Mantic Minotaur, we'll discuss its improvements and new features. We also touch on Linux security, debunking myths and highlighting the reasons why Linux is the most secure and useful OS of them all. Plus, we have our tips, tricks and software picks for you. Let's get this show on the road toward Destination Linux! Download as MP3 (https://aphid.fireside.fm/d/1437767933/32f28071-0b08-4ea1-afcc-37af75bd83d6/1d93be59-70f9-416e-9320-11df6ddaed13.mp3) SHOW NOTES ►► https://destinationlinux.net/344 Supported by: Namecheap = https://destinationlinux.net/namecheap LINBIT = https://destinationlinux.net/linbit Hosted by: Michael Tunnell = https://tuxdigital.com Ryan (DasGeek) = https://dasgeekcommunity.com Jill Bryant = https://jilllinuxgirl.com Want to Support the Show? Become a Patron = https://tuxdigital.com/membership Store = https://tuxdigital.com/store Chapters: 00:00:00 DL 344 Intro 00:01:11 Community Feedback 00:04:59 NAMECHEAP - [ link (https://destinationlinux.net/namecheap) ] 00:07:30 Ubuntu 23.10 Review (Mantic Minotaur) - [ link (https://discourse.ubuntu.com/t/mantic-minotaur-release-notes/35534) ] 00:37:20 LINBIT - [ link (https://destinationlinux.net/linbit) ] 00:38:39 Linux Security - [ source article (https://madaidans-insecurities.github.io/linux.html) ] 00:56:25 Gaming: Crimson Trials - [ link (https://bitwixt.itch.io/crimson-trials) ] 01:02:06 Software Spotlight: AppFlowy - [ link (https://appflowy.io/) ] 01:06:28 Tips and Tricks: Ubuntu Restricted Extras 01:08:10 Events - [ Ubuntu Summit (https://events.canonical.com/event/31/), SCALE (https://www.socallinuxexpo.org/scale/21x) ] 01:12:14 Outro Tip of the Week: sudo apt install ubuntu-restricted-extras Other Links: https://destinationlinux.net/279 https://imgur.com/a/p3VaKIH SHOW NOTES ►► https://destinationlinux.net/344

In this episode, Jay and Joao discuss the recent Exim news, which consists of several CVE's. Also, they'll discuss why it's a good idea to make sure you audit the services that are running on your Linux server, and remove the ones you're not using.

We've talked about Supply Chain Attacks on this podcast before, and in this episode Jay and Joao discuss another form of this popular attack vector - RepoJacking! RepoJacking occurs when a repository (such as one hosted on Github) changes information, and due to a link between the old repository info and the new - threat actors can take advantage of this. Join Jay and Joao for a discussion on this attack vector.

There's a multitude of ways you can lose money in Las Vegas, but this time it's not from gambling. In this episode, Jay and Joao will discuss a recent and still developing story where MGM was the target of what appears to be a ransomware attack.

In this episode, Jay and Joao will discuss a recent discovery by Truffle Security that has found 4,500 websites that have exposed a very critical directory. In addition, the upcoming Common Vulnerability Scoring System (CVSS) update, which will bring to version 4.0 - along with some important changes you'll need to understand.

Imagine needing to ask your government permission in order to perform tasks such as installing a security patch, implementing an Intrusion Detection System, updating firmware or upgrading your operating system? If this sounds too ridiculous to be true, then you're right - it is ridiculous, but unfortunately it's a real proposal. In the U.K., Investigatory Powers Act 2016 (IPA) has had an adjustment proposed that could potentially make securing your systems more difficult than it's ever been. In this episode, Jay and Joao discuss how these potential changes will complicate pretty much everything.

In this episode, Jay and Joao talk about two recent news developments that may have important implications on the overall industry. First, In response to Microsoft's recent Azure debacle, a US Senator calls for a probe to look into the matter. Second, our main story is yet another facepalm worthy idea from Google that aims to add "integrity" to our browsers, but it's oddly lacking in said integrity and almost completely devoid of common sense. Google's "Web Integrity Protection" seems to protect only their ad dollars while making browsing more tedious for the end-user. Will it pass? What is it exactly? Jay and Joao have all the answers in this episode!

The ongoing saga with Red Hat continues, and now that some time has passed since their controversial announcement, we now have statements from other distributions, including (but not limited to) Oracle and SUSE. In this episode, Jay and Joao talk about the recent developments on this story, and also touch on some trouble that Fortigate has been having nowadays.

When it comes to Linux in the Enterprise, we have quite a few challenges we have to overcome on a day to day basis to ensure we can depend on our technology. We never thought Red Hat themselves would some day become our opponent, but here we are. In this episode, Jay and Joao will discuss discuss the latest impulsive and irresponsible decision Red Hat has made - as well as how that decision results in the company undermining their own customer base, while alienating the Linux Community at the same time.

Don't you just love e-mail? It's the gift that keeps on giving, and this time managing e-mail is even more annoying for Barracuda's customers, with CVE-2023-2868. This isn't just any CVE, this is a complete system own by the threat actors. In fact, it's so bad that the situation isn't as simple as installing a patch. In this episode, Jay and Joao discuss this vulnerability and just how big of a deal it is.

We've all heard the cloud referred to as "Someone Else's Computer", but what do you do if you find your data is on No One Else's Computer? In this example, there was a happy ending (data was restored) but it's still an important consideration all the same. What do you do if your cloud provider all of a sudden doesn't have your data? In this episode, Jay and Joao discuss a recent situation in which Azure customers found themselves in a bit of a bad situation.

In this episode, Jay and Joao discuss another form of security, job security! Throughout the series, we've advised and educated on enhancing the security of your enterprise network, but in this episode the focus is on YOU. Specifically, how to safeguard yourself from turnover, raise awareness of your importance to your organization, and how to navigate potential "awkward" conversations that System Administrators may find themselves having with their boss. Don't miss this episode!

Open Source Intelligence is a very interesting topic - it's all about the things that might get unknowingly leaked, and this leaked information is perfectly legal to know and possess! The IP address that points to a domain, vacation photos on twitter, or even what you had for lunch can be used against you in order to build a profile. In this episode, Jay and Joao discuss OSINT and some tools that are commonly used to find it.

There are many security certifications that an organization can utilize to prove compliance with one or more standards, and being in compliance can bring additional benefits and opportunities. Federal Information Processing Standard (FIPS) is one of these certifications, and in this episode, Jay and Joao are joined by Nikos from Tuxcare to discuss FIPS and why your organization might consider it.

According to several sources, and confirmed by Western Digital themselves, there's been a breach regarding the company's cloud related offerings, such as "My Cloud" and various cloud-enabled storage products. Many of the details have yet to be revealed, but considering that Western Digital filed a 10-K form with the SEC, it's very possible that it could be serious. In this episode, Jay and Joao discuss this story so far, with more specific details sure to come.

A multi-national effort took down a leading market for ill-gotten credentials, resulting in well over 100 arrests. This initiative was dubbed "Operation: Cookie Monster", and while that certainly sounds like satire - it's totally not. Genesis, the marketplace in question, was seized by a law enforcement team consisting of personnel from multiple countries. In this episode, Jay and Joao discuss this story. But not only that, what are some of the ramifications of this? Could this have lasting impacts on the industry in general? Definitely don't miss this episode!

Join us on this episode of the Ask A CISO podcast as we discuss how to quantify defence with Anant Shrivastava, an information security professional with over 15 yrs of corporate experience and expertise in Network, Mobile, Application, and Linux Security. Along with host Mark Fuentes, he discusses looking at the big picture, why DevSecOps as a term should not exist, and the value of investing in cybersecurity. - About Horangi Cybersecurity -- More information about the Ask A CISO podcast: https://www.horangi.com/resources/ask-a-ciso-podcast About Horangi Cyber Security: https://www.horangi.com - About the Guests -- Anant's LinkedIn: https://www.linkedin.com/in/anantshri/ Anant's Website: https://anantshri.info/

With the recent takeover of the "Linus Tech Tips" YouTube channel, what can we learn? In this episode, Jay and Joao will discuss some of the ways you can prevent such an event from happening to you (and it's not just YouTube that's a target).

When it comes to Enterprise IT (and especially the security sector) we have our work cut out for us. As the workload increases, we look for tools and utilities to help us keep up with the demand. But what about artificial intelligence? As we discussed in a previous episode, AI is here to stay and will be making waves in security. In this episode, Jay and Joao dive in to just a few of the ways this tech might transform the security field and those that work within it (directly or indirectly).

AlmaLinux OS was created around the time of "that big CentOS" announcement, and has been a worthy solution for enterprises that wish to continue with Enterprise Linux, but without the fear of the distribution being changed into something else entirely. As a drop-in replacement for Red Hat, AlmaLinux OS continues to tackle new ground and builds a strong community. In this video, Jay and Joao are joined by Atalay Kelestemur who works on the project to discuss this distribution - and there may even be some surprises in store.

Tasks that penetration testers and security analysis perform in order to expose security weaknesses may seem like a mysterious and complicated art. Most of the time, these tasks are considered "secret sauce" and unless you work for a red team, you may not be aware of what it may look like while someone attempts to gain access from the outside. In this episode, Jay and Joao discuss a report released by CISA, that provides a very detailed account at what goes into this type of work. This report is definitely a must-read, and this episode is a must-listen!

In this episode of the We Hack Purple podcast host Tanya Janca met with Anant Shrivastava! We talked about securing the entire software supply chain (including your CI/CD and where you get your packages from), and how it is more than just buying a software composition analysis (SCA) tool. He explained the new and very different risks of securing a mobile app versus a regular web app or an API, that's he's more of an ops than a dev person, and how the risks are all coming together now that many of us are doing DevOps. He shared his numerous open source projects, such as: Code vigilant: https://codevigilant.com/, TamerPlatform : https://tamerplatform.com/ and HackingArchivesOfIndia https://hackingarchivesofindia.com/.  Anant's Bio:Anant Shrivastava is an experienced information security professional with over 15 years of corporate experience. He has expertise in Network, Mobile, Application and Linux Security. He is the founder of Cyfinoid Research, a cyber security research firm and has previously served as Technical Director at NotSoSecure Global Services, a boutique cyber security consultancy. He is a frequent speaker and trainer at international conferences such as BlackHat, Nullcon, and c0c0n. Additionally, Anant leads the open source projects Tamer Platform and CodeVigilant and maintains the Hacking Archives of India. He also participates in open communities targeted towards spreading information security knowledge such as null (null.community). His work can be found at anantshri.info and his blog is here  https://blog.anantshri.info/!Very special thanks to our sponsor: The Diana Initiative!The Diana Initiative is seeking sponsors for their annual event happening Monday August 7, 2023 in Las Vegas - https://www.dianainitiative.org/sponsor/ for more informationThe Diana Initiative Call For Presentations opens on March 1, if you have a topic you want to share submit at tdi.The Diana Initiative Is: A diversity-driven conference committed to helping all underrepresented people in Information Security. This year the theme is “Lead the Change.” You can submit to be a speaker at tdi . mobi / CFP or if your company would like to support the event by sponsoring check out https://www.dianainitiative.org/sponsor/Join We Hack Purple!Join us in the We Hack Purple Community:  A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!

Facebook Metaverse demo receives the meme treatment. Is Linux a secure operating system for online financial activity? How to start recording podcasts with hosts in different locations? What kind of a machine can I get to run an application like AutoCAD that isn't too expensive? Why is my camera system not working with my modem/router combo device? Can you limit an iPad to run one single app? Why is my LastPass desktop application not working all of a sudden? Plus conversations with Sam Abuelsamid about the Dodge Charger Daytona SRT & Rod Pyle calling again from the arctic circle! A New York Times article about a father being flagged by Google as a criminal. Mark Zuckerberg's metaverse demo receives the meme treatment. Sam Abuelsamid and the Dodge Charger Daytona SRT. Is Linux as an operating system secure enough for online financial activity? How to record podcasts online. Can a Man in the Middle attack occur between the user & a secure connection like a bank? Using AutoCAD on Windows or Mac? And how good of a machine do I need to run an application like AutoCAD? A caller's Wink camera hub is not working with a new modem/router. What's causing the Wink system to not work with the modem/router device? How to limit an iPad to a single application? Why is my SmartTV not connecting to my WiFi network? Why is my iPhone suddenly acting like it's a new phone after the iOS 15 6.1 update? Why are certain features disappearing from newer, more modern cellphones? Rod Pyle calls from the arctic circle! He talks about his adventures in the circle the past week. Why is my desktop LastPass application not working on my Mac? Do I even need the desktop application, or is the browser plug-in more than enough? Host: Leo Laporte Guests: Sam Abuelsamid and Rod Pyle Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/the-tech-guy/episodes/1920 Download or subscribe to this show at: https://twit.tv/shows/the-tech-guy Sponsor: noom.com/twit

Facebook Metaverse demo receives the meme treatment. Is Linux a secure operating system for online financial activity? How to start recording podcasts with hosts in different locations? What kind of a machine can I get to run an application like AutoCAD that isn't too expensive? Why is my camera system not working with my modem/router combo device? Can you limit an iPad to run one single app? Why is my LastPass desktop application not working all of a sudden? Plus conversations with Sam Abuelsamid about the Dodge Charger Daytona SRT & Rod Pyle calling again from the arctic circle! A New York Times article about a father being flagged by Google as a criminal. Mark Zuckerberg's metaverse demo receives the meme treatment. Sam Abuelsamid and the Dodge Charger Daytona SRT. Is Linux as an operating system secure enough for online financial activity? How to record podcasts online. Can a Man in the Middle attack occur between the user & a secure connection like a bank? Using AutoCAD on Windows or Mac? And how good of a machine do I need to run an application like AutoCAD? A caller's Wink camera hub is not working with a new modem/router. What's causing the Wink system to not work with the modem/router device? How to limit an iPad to a single application? Why is my SmartTV not connecting to my WiFi network? Why is my iPhone suddenly acting like it's a new phone after the iOS 15 6.1 update? Why are certain features disappearing from newer, more modern cellphones? Rod Pyle calls from the arctic circle! He talks about his adventures in the circle the past week. Why is my desktop LastPass application not working on my Mac? Do I even need the desktop application, or is the browser plug-in more than enough? Host: Leo Laporte Guests: Sam Abuelsamid and Rod Pyle Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/the-tech-guy/episodes/1920 Download or subscribe to this show at: https://twit.tv/shows/all-twittv-shows Sponsor: noom.com/twit

Facebook Metaverse demo receives the meme treatment. Is Linux a secure operating system for online financial activity? How to start recording podcasts with hosts in different locations? What kind of a machine can I get to run an application like AutoCAD that isn't too expensive? Why is my camera system not working with my modem/router combo device? Can you limit an iPad to run one single app? Why is my LastPass desktop application not working all of a sudden? Plus conversations with Sam Abuelsamid about the Dodge Charger Daytona SRT & Rod Pyle calling again from the arctic circle! A New York Times article about a father being flagged by Google as a criminal. Mark Zuckerberg's metaverse demo receives the meme treatment. Sam Abuelsamid and the Dodge Charger Daytona SRT. Is Linux as an operating system secure enough for online financial activity? How to record podcasts online. Can a Man in the Middle attack occur between the user & a secure connection like a bank? Using AutoCAD on Windows or Mac? And how good of a machine do I need to run an application like AutoCAD? A caller's Wink camera hub is not working with a new modem/router. What's causing the Wink system to not work with the modem/router device? How to limit an iPad to a single application? Why is my SmartTV not connecting to my WiFi network? Why is my iPhone suddenly acting like it's a new phone after the iOS 15 6.1 update? Why are certain features disappearing from newer, more modern cellphones? Rod Pyle calls from the arctic circle! He talks about his adventures in the circle the past week. Why is my desktop LastPass application not working on my Mac? Do I even need the desktop application, or is the browser plug-in more than enough? Host: Leo Laporte Guests: Sam Abuelsamid and Rod Pyle Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/the-tech-guy/episodes/1920 Download or subscribe to this show at: https://twit.tv/shows/total-leo Sponsor: noom.com/twit

Facebook Metaverse demo receives the meme treatment. Is Linux a secure operating system for online financial activity? How to start recording podcasts with hosts in different locations? What kind of a machine can I get to run an application like AutoCAD that isn't too expensive? Why is my camera system not working with my modem/router combo device? Can you limit an iPad to run one single app? Why is my LastPass desktop application not working all of a sudden? Plus conversations with Sam Abuelsamid about the Dodge Charger Daytona SRT & Rod Pyle calling again from the arctic circle! A New York Times article about a father being flagged by Google as a criminal. Mark Zuckerberg's metaverse demo receives the meme treatment. Sam Abuelsamid and the Dodge Charger Daytona SRT. Is Linux as an operating system secure enough for online financial activity? How to record podcasts online. Can a Man in the Middle attack occur between the user & a secure connection like a bank? Using AutoCAD on Windows or Mac? And how good of a machine do I need to run an application like AutoCAD? A caller's Wink camera hub is not working with a new modem/router. What's causing the Wink system to not work with the modem/router device? How to limit an iPad to a single application? Why is my SmartTV not connecting to my WiFi network? Why is my iPhone suddenly acting like it's a new phone after the iOS 15 6.1 update? Why are certain features disappearing from newer, more modern cellphones? Rod Pyle calls from the arctic circle! He talks about his adventures in the circle the past week. Why is my desktop LastPass application not working on my Mac? Do I even need the desktop application, or is the browser plug-in more than enough? Host: Leo Laporte Guests: Sam Abuelsamid and Rod Pyle Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/the-tech-guy/episodes/1920 Download or subscribe to this show at: https://twit.tv/shows/the-tech-guy Sponsor: noom.com/twit

Facebook Metaverse demo receives the meme treatment. Is Linux a secure operating system for online financial activity? How to start recording podcasts with hosts in different locations? What kind of a machine can I get to run an application like AutoCAD that isn't too expensive? Why is my camera system not working with my modem/router combo device? Can you limit an iPad to run one single app? Why is my LastPass desktop application not working all of a sudden? Plus conversations with Sam Abuelsamid about the Dodge Charger Daytona SRT & Rod Pyle calling again from the arctic circle! A New York Times article about a father being flagged by Google as a criminal. Mark Zuckerberg's metaverse demo receives the meme treatment. Sam Abuelsamid and the Dodge Charger Daytona SRT. Is Linux as an operating system secure enough for online financial activity? How to record podcasts online. Can a Man in the Middle attack occur between the user & a secure connection like a bank? Using AutoCAD on Windows or Mac? And how good of a machine do I need to run an application like AutoCAD? A caller's Wink camera hub is not working with a new modem/router. What's causing the Wink system to not work with the modem/router device? How to limit an iPad to a single application? Why is my SmartTV not connecting to my WiFi network? Why is my iPhone suddenly acting like it's a new phone after the iOS 15 6.1 update? Why are certain features disappearing from newer, more modern cellphones? Rod Pyle calls from the arctic circle! He talks about his adventures in the circle the past week. Why is my desktop LastPass application not working on my Mac? Do I even need the desktop application, or is the browser plug-in more than enough? Host: Leo Laporte Guests: Sam Abuelsamid and Rod Pyle Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/the-tech-guy/episodes/1920 Download or subscribe to this show at: https://twit.tv/shows/all-twittv-shows Sponsor: noom.com/twit

Ever wonder why there's so little information regarding macOS and Linux-oriented attacks? In this episode, we get the answer from  the multi-talented Cat Self - an Adversary Emulation Engineer at MITRE, Cyber Threat Intelligence Team Leader on ATT&CK Evaluations and macOS/ Lead on MITRE ATT&CK Enterprise. We discuss defense tools,  attacker TTPs, and what to consider when approaching defense for a macOS and Linux environment, and what trends we can expect in the future for these operating systems. Check out the resources below for links mentioned during this enlightening conversation!Our Guest: Cat SelfCat Self is the CTI Lead for MITRE ATT&CK® Evaluations, macOS/Linux Lead for ATT&CK® and serves as a leader of people at MITRE. Cat started her cyber security career at Target and has worked as a developer, internal red team operator, and Threat Hunter. Cat is a former military intelligence veteran and pays it forward through mentorship, technical macOS hunting workshops, and public speaking. Outside of work, she is often planning an epic adventure or climbing mountains in foreign lands. Follow Cat on Social MediaTwitter: @coolestcatiknowLinkedIn: Cat SelfResources mentioned in this episode:A highlight of new security changes in macOS Ventura:https://www.sentinelone.com/blog/apples-macos-ventura-7-new-security-changes-to-be-aware-of/ For securing a macOS device, I highly recommend installing Patrick Wardle's endpoint tools. https://objective-see.org/tools.html My favorites are BlockBlock, KnockKnock, Lulu, & Netiquette.  Cat's “GoTo” blogsPatrick Wardle Objective-SeeJaron Bradley The Mitten MacHoward Oakley The Eclectic Light CompanyCody Thomas MediumSarah Edwards mac4n6Leo Pitt MediumChristopher Ross MediumCsaba Fitzl THEEVILBIT Blog Open Source ProjectsPlaybooks with Datasets to practice OTRFCode snippets aligned to MITRE ATT&CK Atomic Red TeamJupyter notebook environment setup by Anna PastushkoVirtual environment setup Hold My BeerSponsor's Note:Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team membeJoin us in Scottsdale, AZ or virtually for the 2022 SANS Institute Blue Team Summit & Training. At the SANS Blue Team Summit, enhance your current skill set and become even better at defending your organization and hear the latest ways to mitigate the most recent attacks!

Why Dirty Pipe is a dirty dog, the explosive adoption of Linux at AMD, and an important update on elementary OS.