Podcasts about Mandiant

  • 270PODCASTS
  • 650EPISODES
  • 38mAVG DURATION
  • 1EPISODE EVERY OTHER WEEK
  • Jun 3, 2026LATEST

POPULARITY

20192020202120222023202420252026


Best podcasts about Mandiant

Show all podcasts related to mandiant

Latest podcast episodes about Mandiant

Disruptive CEO Nation
Ep 336 Security Without Compromise with Dave Merkel, CEO and Co-Founder of Expel; Washington, DC, USA

Disruptive CEO Nation

Play Episode Listen Later Jun 3, 2026 29:04


Cybersecurity is no longer just an IT issue. It is a business survival issue, and every leader needs to understand where the real risks are hiding. In this episode, I had the pleasure of speaking with Dave “merk” Merkel, CEO and co-founder of Expel, about the evolving world of cybersecurity, AI, and business resilience. Dave shared the founder's journey behind Expel, how the company grew by solving cybersecurity as a technology-driven scale problem, and why businesses of every size need to think seriously about 24/7 protection.  We also explored the growing risks created by supply chains, fragmented systems, AI adoption, and increasingly sophisticated threat actors, while still keeping the conversation grounded, practical, and encouraging for business leaders. Here are the highlights: Cybersecurity matters for every business, not just large enterprises. Dave explained that even smaller companies can become targets when they are part of the supply chain for larger organizations. Expel was built to solve the scale-and-quality problem in cybersecurity. Rather than operating like a traditional services business, Expel uses software and human expertise together to deliver consistent 24/7 protection. AI is changing the speed and complexity of cyber risk. Dave emphasized that both attackers and defenders are using AI, which means businesses need security partners who understand how AI is reshaping the threat landscape. Business owners should look for outcome-focused security partners. Dave cautioned leaders to avoid fear-based selling and instead seek providers who understand their business, ask smart questions, and can clearly explain their approach. Cybersecurity professionals are doing mission-driven work. One of the most powerful moments in the conversation was Dave's reminder that cybersecurity teams are protecting companies, employees, families, and livelihoods every day. About the guest: Dave “merk” Merkel is the co-founder and CEO of Expel, a leading provider of Managed Detection and Response cybersecurity. He has been involved in the information security field for nearly 30 years, first as a federal agent pursuing cyber criminals in the era of floppy disks and 2400 baud modems, then as Chief Technology Officer and vice president of Mandiant. Following FireEye's acquisition of Mandiant, Dave served as the global CTO of FireEye. Connect with merk: LinkedIn: https://www.linkedin.com/in/davemerkel  Website: https://expel.com/  Connect with Allison: Feedspot has named Disruptive CEO Nation as one of the Top 25 CEO Podcasts on the web. LinkedIn: https://www.linkedin.com/in/allisonsummerschicago/  Website: https://www.disruptiveceonation.com/   #CEO #leadership #startup #founder #business #businesspodcast Learn more about your ad choices. Visit megaphone.fm/adchoices

PolySécure Podcast
Teknik - Sécurité des sous-stations électriques - Parce que... c'est l'épisode 0x301!

PolySécure Podcast

Play Episode Listen Later May 28, 2026 52:12


Parce que… c'est l'épisode 0x301! Shameless plug 3 au 5 juin 2026 - SSTIC 2026 24 et 25 juin 2026 - Troopers 26 et 27 juin 2026 - leHACK 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Description Dans cet épisode, Georges Badro, consultant chez Mandiant à Paris spécialisé dans les infrastructures critiques et les systèmes industriels, explique le fonctionnement et la sécurisation des sous-stations électriques. Architecture du réseau électrique Le réseau électrique se décompose en trois zones : la génération (centrales hydrauliques, nucléaires, thermiques, renouvelables), le transport et la distribution. Le réseau de transmission permet de limiter les pertes d'énergie et surtout d'équilibrer production et consommation afin de maintenir une fréquence stable. Contrairement à un réseau d'eau, un réseau électrique exige un équilibre permanent entre ce qui est produit et ce qui est consommé, sous peine de l'endommager. Les sous-stations sont les nœuds névralgiques de ce réseau de transmission : ces grands parcs clôturés que l'on aperçoit au bord des routes centralisent et redistribuent l'électricité. On y trouve des transformateurs et des disjoncteurs, ces derniers permettant d'ouvrir ou de fermer le courant. Aujourd'hui, ces équipements ne sont plus opérés manuellement mais via du contrôle numérique : interfaces homme-machine (IHM), contrôle à distance, RTU (Remote Terminal Units servant de passerelle vers le centre de contrôle), relais de protection et de contrôle (qui lisent tension, intensité et fréquence pour automatiser des décisions), postes d'ingénierie et équipements réseau. Interconnexion croissante et surface d'attaque Badro insiste sur la disparition de l'« air gap » d'autrefois. Les sous-stations sont désormais interconnectées avec les centres de contrôle, des tiers, des partenaires, parfois directement à internet, voire avec le cloud pour la maintenance prédictive. L'architecture type comprend un réseau IT, une DMZ séparant l'IT des systèmes industriels (OT), un centre de contrôle régional ou national (avec historians, serveurs SCADA, bases de données) relié aux sous-stations via VPN ou MPLS. Chaque sous-station est configurée différemment. Certaines connexions exploitent le Powerline Communication (PLC), qui utilise les câbles électriques existants pour transmettre des paquets TCP/IP. Cette multiplication des accès distants, justifiée par la difficulté d'intervenir physiquement dans des zones rurales, augmente considérablement le risque. Les protocoles courants incluent IEC 104, DNP3 et GOOSE. Scénario d'attaque en Red Team Badro détaille l'approche Red Team de Mandiant, précisant qu'un véritable attaquant ne prendrait pas les mêmes précautions. L'attaque commence généralement par un accès initial à l'IT via phishing ou exploitation de vulnérabilités. Suit une phase de reconnaissance : énumération du domaine, recherche de documentation sur les partages réseau et wikis, fichiers de configuration aux extensions spécifiques, mots de passe en clair (notamment de VPN) et schémas d'architecture. L'accès au réseau OT s'obtient ensuite via un VPN, l'exploitation de flux autorisés au firewall, ou la compromission d'hyperviseurs hébergeant des VM IT et OT. Plutôt qu'un scan NMAP destructeur, l'équipe privilégie une reconnaissance furtive : écoute passive du trafic, analyse des adresses IP et MAC, utilisation de logiciels légitimes d'opérateurs et de scripts spécialisés (Modbus, DNP3). Les vulnérabilités exploitées sont souvent basiques : mots de passe par défaut sur interfaces web, SSH ou Telnet, parfois sur des fonctionnalités cachées utilisées par les fournisseurs et inconnues des équipes. À partir d'une IHM, l'attaquant remonte vers les relais de protection, cibles plus insidieuses permettant des dégâts coûteux. Compromissions réelles Badro compare deux attaques réelles. En Ukraine en 2015, l'attaque a démarré sur l'IT par phishing (malware Black Energy via macro), récupéré des mots de passe VPN, accédé aux IHM, RTU et switchs Moxa, puis ouvert les disjoncteurs et déployé des firmwares corrompus pour empêcher la reprise de contrôle. En Pologne en décembre 2025, l'attaque a ciblé directement l'OT en exploitant une CVE connue mais non corrigée pendant plusieurs semaines sur des firewalls exposés à internet. L'attaquant s'est étendu aux RTU, relais, IHM et convertisseurs série-Ethernet via des comptes par défaut, a lancé des scans locaux, uploadé des firmwares corrompus, supprimé des fichiers système des relais et déployé des wipers sur les IHM. Le constat marquant : malgré dix ans d'écart, les mêmes vulnérabilités basiques persistent. Si l'entrée dans les réseaux IT s'est durcie, le côté OT reste comme l'IT « d'il y a très longtemps » — peu de mots de passe robustes, peu de contrôles — par préjugé d'isolement et par des pratiques de maintenance figées. Attaques avancées et défense Au-delà de la simple ouverture d'un disjoncteur, des attaques plus subtiles ciblent la logique des relais : modifier des valeurs de déclenchement, fausser une LED, ou altérer la fonction de réenclenchement automatique. Ces manipulations restent invisibles jusqu'à une condition rare (un arbre tombant sur une ligne) et sont très difficiles à diagnostiquer sans journalisation. Côté défense, Badro recommande : changer les mots de passe par défaut (et alerter si l'ancien est réutilisé), maintenir à jour les systèmes exposés à internet, restreindre les accès SSH/HTTP à des points spécifiques, contrôler les flux PLC venant des centrales, et surtout établir une visibilité réseau et événementielle à tous les niveaux. La prévisibilité des réseaux OT facilite la définition d'une baseline et la détection d'anomalies. L'approche consiste à décomposer chaque système, comprendre les fonctions et leurs interfaces internes/externes (par exemple le GPS spoofing), puis concevoir protections et détections adaptées — en protégeant avant tout le disjoncteur, élément le plus critique. Collaborateurs Nicolas-Loïc Fortin Georges Badro Crédits Montage par Intrasecure inc Locaux réels par Google Paris

The Cybersecurity Defenders Podcast
How analysts use cognitive reasoning in investigations with Chris Sanders / Defender Fridays [#325]

The Cybersecurity Defenders Podcast

Play Episode Listen Later May 22, 2026 32:43


Join us for this week's Defender Fridays as Chris Sanders, Founder at Applied Network Defense and the Rural Technology Fund, breaks down how analysts actually think through investigations and what separates high performers from the rest.At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.What We'll DiscussIn this episode, Chris Sanders draws on his background in security operations and cognitive psychology to explore how metacognition shapes investigative performance, and why understanding how you think is one of the most underleveraged skills in the SOC.Key Topics:Why high-performing analysts ask better questions instead of starting with large chunks of dataHow diagnostic inquiry (DINQ) was developed by studying senior analysts in actionWhat separates one year of experience repeated twenty times from genuinely diverse experienceWhy tacit knowledge makes it hard to train new analysts and what to do about itHow AI fits into the investigative process and where humans still need to be in the loopWhy cybersecurity education has a transfer problem and what other fields like medicine get rightWhat good SOCs have in common and why it comes down to metacognitive awarenessAbout Our GuestChris Sanders is the Founder of Applied Network Defense, a training company focused on analyst and investigative roles, and the Rural Technology Fund, an organization that supports technology education in rural and underserved communities. He holds a doctorate in education and has spent his career at the intersection of cybersecurity and cognitive psychology, including time at school districts, the federal government, and Mandiant.Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.Why LimaCharlie?Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandAccelerate response with agentic AI that acts directly within predefined workflowsTry the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieioX: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - Founder at LimaCharlieGuest: Chris Sanders - Founder at Applied Network Defense & Rural Technology Fund

The Six Five with Patrick Moorhead and Daniel Newman
Google Cloud Goes Full Stack, Amazon's $100B Anthropic Bet, Intel's Foundry Moment & More

The Six Five with Patrick Moorhead and Daniel Newman

Play Episode Listen Later Apr 25, 2026 56:20


Patrick Moorhead and Daniel Newman break down a massive week in enterprise tech, from Google Cloud Next's full-stack AI push and Amazon's $100 billion Anthropic commitment, to Apple's leadership transition and Intel's long-awaited foundry validation courtesy of Elon Musk. The handpicked topics for this week are: Google Cloud Next 2026: Full-Stack AI and New TPUs — Google Cloud Next has cemented itself as the second-biggest AI event on the calendar, with Thomas Kurian declaring the proof-of-concept era over and enterprises now in full production mode with agents. Google unveiled two next-generation TPUs (the 8i for training and the 8t for high-throughput inference) and reinforced its full-stack differentiation from infrastructure through Gemini Enterprise Workspace. (The Decode) Google's Agentic Security and MCP Push — Google made a significant move into agentic security, combining Wiz and Mandiant into what Pat calls a sleeper announcement of the show. Google also committed to placing MCP servers across all of its data surfaces, meaning even non-Google platforms can tap into Google data without full lock-in. (The Decode) Google Distributed Cloud and On-Prem Agentic Orchestration — Google took the biggest first step Patrick has seen toward a true agentic orchestrator that spans on-prem enterprise and public cloud through progress on Google Distributed Cloud. No other company has yet attempted cross-environment agent coordination at this level. (The Decode) Amazon's $100 Billion Anthropic Commitment — Amazon formalized a commitment of up to $100 billion into Anthropic, including five gigawatts of Trainium capacity, making it the largest non-NVIDIA silicon commitment in history. Anthropic's valuation crossed $1 trillion just weeks after a $350 billion raise, a pace that has left even veteran analysts searching for new language. (The Decode) Adobe Summit 2026: Enterprise Agents and Jensen's Endorsement — Jensen Huang took the stage at Adobe Summit to deepen the NVIDIA-Adobe partnership, calling agentic workflows the new front end for SaaS rather than a replacement for it. Adobe reported $250 million in Firefly ARR and 45% quarter-over-quarter growth in agentic tool usage, yet the stock continued to disappoint investors expecting hypergrowth multiples. (The Decode) Apple's New CEO: John Ternus and Tim Cook's Legacy — Apple named John Ternus as its fourth CEO, closing the book on Tim Cook's 15-year tenure marked by custom silicon success, services expansion, and operational excellence, alongside misses in Vision Pro, the abandoned car project, and Siri's failure to become the AI front end it should have been. Ternus is a continuity hardware candidate, and the most consequential decision may prove to be keeping Johny Srouji over all of hardware. (The Decode) Intel Foundry: Elon Musk, TerraFab, and 14A Validation — One day before Intel's earnings print, Elon Musk publicly confirmed TeraFab will use Intel's 14A process, delivering the first verifiable public wafer commitment on that node. Intel then reported a 23% stock surge, 22% data center growth, and EPS of $0.29 against a $0.01 street consensus. (The Decode) The Flip: TSMC vs. Semiconductor Equipment Makers — Pat and Dan take hard opposing stances on who holds more power in the AI supply chain: TSMC with its control of over 90% of advanced AI silicon and irreplaceable process expertise, or the equipment oligopoly of ASML, Applied Materials, LAM, and KLA without whom no leading-edge fab can operate. The real answer, they conclude, is deep interdependence, though TSMC's combination of talent and leading-edge control gives it outsized leverage today. (The Flip) Intel — Intel's earnings were a blowout across the board, with data center up 22%, EPS of $0.29 versus a $0.01 estimate, and guide raised, driven by CPU price increases, customer pull-ins, and packaging volume growth. Hosts discuss whether the stock at current levels is pricing in foundry revenue that has barely begun to materialize on the tape. (Bulls and Bears) GE Vernova and Vertiv — GE Vernova posted a beat on revenue and EPS with orders up 71% organically and a $163 billion backlog, while Vertiv reported sales up 30% and raised forward guidance to $14 billion. Both companies reflect the acute power infrastructure demand tied to data center buildout, with Patrick noting their growth was likely already baked into share prices heading into the print. (Bulls and Bears) ServiceNow — ServiceNow beat across the board with a Rule of 57 growth result and AI run rate up to $1.5 billion, 50% above its prior target, though margin headwinds from three acquisitions and on-prem impacts from the Middle East conflict weighed on sentiment. Daniel argues the market has not yet accepted that workflow automation at enterprise scale will not be replaced by vibe-coded alternatives. (Bulls and Bears) IBM — IBM posted a triple beat with Red Hat up 13%, software up 11%, and Z mainframe up 48%, the latter driven in part by AI-assisted COBOL modernization tools making the platform newly relevant. The stock slid after hours despite the results, continuing a pattern Patrick describes simply as silly season for enterprise infrastructure names. (Bulls and Bears) SAP — SAP beat on revenue and earnings with cloud revenue up 19%, cloud backlog up 20%, and total backlog up 25%, reinforcing that enterprise ERP customers are not moving away from core platforms. Daniel and Patrick agree this is another data point showing enterprises are building AI on top of existing software stacks, not tearing them out. (Bulls and Bears) The Decode Google Cloud Next 2026 — TPU 8 Dual-Architecture and the Agentic Enterprise Stack https://cloud.google.com/blog/topics/google-cloud-next/welcome-to-google-cloud-next26 https://oplexa.com/google-cloud-next-2026/ https://www.itpro.com/cloud/cloud-computing/google-cloud-next-2026-googles-unique-advantages https://thenextweb.com/news/google-inference-chips-nvidia-challenge-supply-chain Amazon Commits Up to $25B More in Anthropic; $100B+ AWS Commitment in Return https://www.cnbc.com/2026/04/20/amazon-invest-up-to-25-billion-in-anthropic-part-of-ai-infrastructure.html https://www.nytimes.com/2026/04/20/technology/amazon-anthropic-investment.html https://www.geekwire.com/2026/amazon-doubles-down-on-anthropic-with-25b-investment-mirroring-its-openai-cloud-deal/ https://futurumgroup.com/insights/anthropics-gigawatt-scale-tpu-deal-with-broadcom-creates-a-structural-advantage/ Adobe Summit 2026 — CX Enterprise, Creative Agent, and Jensen Huang Onstage https://www.cxtoday.com/ai-automation-in-cx/adobe-summit-2026-cx-announcements/ https://www.cmswire.com/digital-experience/nvidia-ceo-jensen-huang-told-the-saas-world-agentic-is-here-adobe-was-listening/ https://www.techradar.com/pro/live/adobe-summit-2026 https://futurumgroup.com/insights/will-adobes-brand-visibility-solution-rewrite-the-rules-of-ai-driven-customer-experience/ https://www.linkedin.com/posts/patmoorhead_adobesummit-googlecloudnext-ai-activity-7451754772128514048-0BwK Apple CEO Transition — Tim Cook to Executive Chairman, John Ternus to CEO https://www.apple.com/newsroom/2026/04/tim-cook-to-become-apple-executive-chairman-john-ternus-to-become-apple-ceo/ https://www.facebook.com/HBR/posts/on-monday-april-20-2026-apple-announced-that-tim-cook-will-step-down-as-ceo-in-s/1324436846218173/ https://www.apple.com/newsroom/2026/03/introducing-apple-business-a-new-all-in-one-platform-for-businesses-of-all-sizes/ Intel Foundry Lands Tesla for Terafab on 14A — First External 14A Customer, and a Direct Shot at the TSMC Bottleneck https://www.reuters.com/business/autos-transportation/tesla-ceo-musk-says-company-plans-use-intels-14a-process-terafab-2026-04-22/ https://www.trendforce.com/news/2026/04/23/news-intel-tapped-as-tesla-wins-first-14a-customer-spot-in-terafab-push/ https://www.benzinga.com/markets/equities/26/04/51992031/musk-bets-on-intels-14a-process-tesla-stock-falls-on-capex-plans https://www.cnbc.com/2026/04/23/intel-earnings-q1-2026.html The Flip Who has more power in the AI chip supply chain — TSMC (the fabricator) or the equipment companies (ASML, Applied Materials, Lam, KLA)? FOR: TSMC is the single choke point for every leading-edge AI chip in production https://www.cnbc.com/2026/04/16/taiwan-semi-tsm-asml-stock-earnings-ai-chips.html TSMC's pricing power shows up directly in its gross margins — and customer behavior https://leverageshares.com/en-eu/insights/why-asml-and-tsmcs-q1-2026-results-didnt-stir-markets/ TSMC is now a systems integrator — CoWoS packaging is the real moat, not just lithography https://sterlites.com/blog/ai-supply-chain-2026-tsmc-asml-asic AGAINST: ASML is the single point of failure for every advanced node on the planet  https://sterlites.com/blog/ai-supply-chain-2026-tsmc-asml-asic Applied Materials, Lam Research, and KLA control the etch, deposition, and metrology steps every fab needs https://finance.yahoo.com/markets/stocks/articles/dear-lam-research-investors-mark-154010553.html The equipment oligopoly has better margin structure and less concentration risk than TSMC https://www.cnbc.com/2026/04/16/taiwan-semi-tsm-asml-stock-earnings-ai-chips.html Bulls & Bears Intel Q1 2026 — Huge Beat and Q2 Guide Raise; Data Center +22%, Stock +16% After Hours https://www.cnbc.com/2026/04/23/intel-earnings-q1-2026.html https://seekingalpha.com/news/4578382-intel-q1-2026-beat-guidance-raise-stock-surges https://www.nasdaq.com/articles/intel-reports-net-loss-q1-2026 Veritiv & GE Vernova Q1 2026 — AI Power Trade Reports a Massive Beat https://www.investing.com/equities/ge-vernova-llc-earnings https://www.techi.com/ge-vernova-vertiv-ai-data-center/ ServiceNow Q1 2026 — Strong Beat and Raise, But Middle East Deal Delays Crater the Stock https://newsroom.servicenow.com/press-releases/details/2026/ServiceNow-Reports-First-Quarter-2026-Financial-Results/default.aspx https://www.cnbc.com/2026/04/22/servicenow-now-earnings-q1-2026.html https://www.businessinsider.com/servicenow-ceo-dismisses-ai-threats-parlor-tricks-2026-4 IBM Q1 2026 — Beat on Top and Bottom; Mainframe Surge, Guidance Unchanged Sends Stock Lower https://www.streetinsider.com/PRNewswire/IBM+RELEASES+FIRST-QUARTER+RESULTS/26351381.html https://www.briefs.co/news/ibm-q1-2026-earnings-guidance/ https://seekingalpha.com/news/4578381-ibm-signals-5-percent-2026-revenue-growth-and-about-1b-higher-free-cash-flow-while-keeping https://www.barrons.com/articles/software-stock-selloff-ibm-earnings-servicenow-salesforce-665a8f73 SAP Q1 2026 — Beat on Cloud; Backlog €21.9B (+25% cc), Operating Profit +17% https://www.prnewswire.com/news-releases/sap-quarterly-statement-q1-2026-302752280.html https://www.gurufocus.com/news/8813611/sap-se-sap-reports-strong-q1-earnings-with-revenue-growth https://www.globalbankingandfinance.com/sap-reports-17-rise-first-quarter-profit/ Want the full breakdown from the ground at Google Cloud Next? Check out our live coverage: https://www.sixfivemedia.com/our-events/google-cloud-next-2026 Be part of our community — hit that subscribe button and let us know if you'd like us to go back to Friday drops.  

Cyber Security Today
Inside The Vercel Supply Chain Exploit

Cyber Security Today

Play Episode Listen Later Apr 24, 2026 17:39


Inside the Vercel Breach: Highlighting OAuth Token Risk  In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a breach tied to OAuth grants and shadow AI. Reporting shared by Contrast Security's David Lindner describes how a Context AI employee downloaded Roblox AutoFarm scripts, got infected with an info stealer, and attackers harvested credentials, compromised Context AI, then used an over-permissioned OAuth token from a Vercel employee who had signed up to Context AI with an enterprise account and clicked "allow all," with Vercel working with Mandiant on a breach allegedly being sold for $2 million. The episode emphasizes that MFA may not mitigate OAuth abuse, urges admin-managed consent, continuous inventory and auditing of OAuth grants, and better visibility into risky third-party app access across Google Workspace and Microsoft 365. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Special Edition Intro 00:14 Sponsor Message Meter 00:33 Supply Chain Hack Setup 01:16 Breach Seen In Wild 02:36 Meet Jamie Blasko 02:56 Who Is Vercel 04:34 How The Breach Happened 05:58 Context AI And Shadow IT 07:58 OAuth Controls And Audits 09:11 Impact And Open Questions 11:24 Why MFA Falls Short 12:22 Where To Get Help 14:07 Host Takeaways OAuth Risk 14:53 What To Do Next 16:06 Wrap Up And Feedback 16:42 Sponsor Close Meter 17:24 Final Sign Off          

Cloud Wars Live with Bob Evans
Google Cloud's Next in Vegas: 3 Launch Predictions

Cloud Wars Live with Bob Evans

Play Episode Listen Later Apr 21, 2026 4:25


In today's Cloud Wars Minute, I preview Google Cloud Next and share three bold predictions around AI security, sovereignty, and Gemini Enterprise. Highlights 00:03 — We've got Google Cloud Next coming up this week in Las Vegas. The world's number one cloud and AI provider is going to, no doubt, roll out a lot of interesting technologies, partnerships, go-to-market plans, and new ways for customers to thrive in the AI Economy. 00:31 — First, I think big launches around AI security. This has been a differentiator for Google Cloud in the whole run of the hyperscaler competition, and it's distinguished itself with Mandiant and threat intelligence capabilities. And it recently closed the acquisition of Wiz. So it's got some very good foundations there to build upon in AI security and sovereignty. 01:23 — Similarly, AI sovereignty is huge now, and it's only going to get bigger here in the AI Era, as data becomes more vital, privacy becomes more vital, security becomes more vital, and a lot of nations and regions are going to become even more specific in trying to say here's what's possible with the movement of not only data, but applications, where things have to be based. 02:08 — Too many technology vendors and customers were falling into a trap of thinking there's a false choice, you can either be fully compliant or grow aggressively. Google Cloud says that's a false choice and customers can do both. 03:43 — My prediction for the third big area is Gemini Enterprise, a breakthrough product with strong customer adoption, enabling companies to build agents and integrate AI into workflows at scale. Visit Cloud Wars for more.

Eye on Security
Takeaways from the 2026 M-Trends Report

Eye on Security

Play Episode Listen Later Apr 15, 2026 27:55


Host Luke McNamara is joined by Chris Linklater, Practice Leader at Mandiant, to discuss the 2026 edition of Mandiant's M-Trends Report. Chris dives into the latest trends observed in breached throughout 2025 and into this year, noting some of the key aspects organizations should focus on in applying these insights into today's threat landscape. https://cloud.google.com/security/resources/m-trends

The Gate 15 Podcast Channel
Weekly Security Sprint EP 152. Information sharing, new cyber reporting, and weather!

The Gate 15 Podcast Channel

Play Episode Listen Later Apr 1, 2026 20:53


In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Senate confirms Markwayne Mullin to lead Homeland Security as TSA standoff deepens • Auto-ISAC 2025 Annual Report — Auto-ISAC • ISACs confront AI's promise and peril for threat intelligence-sharing — Cybersecurity Dive Podcast: What healthcare leaders face after a cyberattack — Health-ISAC• New Jersey Sign-Ups for MS-ISAC Remain Low Amid Attacks Main Topics:Cybersecurity Reports, Ransomware & Resilience• M-Trends 2026 — Google Cloud Mandiant — 24 Mar 2026. The PDF version of M-Trends 2026 shows that high tech was the most targeted industry in 2025 at 17 percent of investigations, followed by financial services at 14.6 percent, business and professional services at 13.3 percent, and healthcare at 11.9 percent. It also shows voice phishing at 11 percent of initial intrusion vectors and says ransomware appeared in 13 percent of incidents that Mandiant investigated in 2025. • M-Trends 2026 Report — Google Cloud • M-Trends 2026 reveals threat landscape shaped by faster, coordinated, and industrialized cyberattacks • High-Tech Sector Overtakes Finance as Top Target of Cyber-Attacks in 2025 • The phone call is the new phishing email • M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds • Top 50 Cybersecurity Threats — Splunk • If threat actors gave you a chance to redact the patient data they hacked before they leak it, would you take them up on the offer? Read about the Woundtech incident. • Iran-Linked Pay2Key Ransomware Group Re-Emerges • Waterfall Threat Report 2026 finds ransomware slowdown masks deeper shift toward nation-state attacks on critical infrastructure Atlantic hurricane season forecast 2026: 11-16 named storms predicted by AccuWeather — AccuWeather — 25 Mar 2026. AccuWeather forecasts a near-average Atlantic hurricane season with 11 to 16 named storms and several potential hurricanes. Target is coastal communities, emergency planners, and critical infrastructure operators preparing for seasonal storm impacts. Dig is that even an average season can produce high-impact storms that stress preparedness and response capabilities. The outlook is significant for planning purposes as organizations begin to align resources and contingency plans ahead of peak hurricane activity.• Ready.govQuick Hits:• Treasury asks whether terrorism risk insurance program should bolster cyber coverage — CyberScoop | 25 Mar 2026. Treasury is seeking public comment for a report to Congress on the effectiveness of the Terrorism Risk Insurance Program and specifically asked whether changes should better address cyber related losses arising from acts of terrorism. The notice highlights a persistent gap because even catastrophic cyber incidents may fall outside the program unless Treasury certifies them as terrorism under current law. Target: insurers, critical infrastructure operators, large enterprises, and policymakers evaluating how to manage systemic cyber loss from high consequence attacks. Dig: this is an important resilience and policy signal because it could shape future federal backstop discussions for cyber insurance ahead of the law's scheduled 2027 expiration. (CyberScoop)

Cloud Security Podcast by Google
EP268 Weaponizing the Administrative Fabric: Cloud Identity and SaaS Compromise in M Trends 2026

Cloud Security Podcast by Google

Play Episode Listen Later Mar 23, 2026 33:49


Guests: Kelli Vanderlee, Senior Manager, Threat Analysis, Mandiant, Google Cloud Scott Runnels, Mandiant Incident Response, Google Cloud  Topics: Do we need to rethink "Mean Time to Respond" entirely, or are we just in deep trouble? Why are threat groups collaborating so well, and are there actual lessons for defenders in their "business" model? What is the scalable advice for teams worried about voice phishing and GenAI cloning? What does "weaponizing the administrative fabric" actually mean in a world where identity is the perimeter? Why is identity/SaaS compromise "news" in 2026 when cloud security folks have been shouting about it for years? What actually changed? What's the latest in supply chain compromise, particularly regarding malicious open-source packages? How do we defend against malware that is "lazy" enough to use the victim's own AI tools for reconnaissance? What is the specific advice for Detection and Response (D&R) teams to handle "living off the land" (or "living off the cloud")? How do you fix the situation when IT and Security departments genuinely hate each other? Besides reading the report, what is the one book or piece of advice for a CISO to survive this year? Resources: Video version M-Trends 2026 Report EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends EP254 Escaping 1990s Vulnerability Management: From Unauthenticated Scans to AI-Driven Mitigation EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality EP147 Special: 2024 Security Forecast Report "The Evolution of Cooperation" book

Identity At The Center
#407 - Sponsor Spotlight - Rubrik

Identity At The Center

Play Episode Listen Later Mar 11, 2026 54:42


This episode features Drew Russell, Identity Resilience Platform Owner at Rubrik. Jim McDonald and Jeff Steadman explore the intersection of backup, recovery, and identity security. Drew explains how Rubrik evolved from data backup into a cyber resilience platform with identity as a core pillar. Topics include recovering Active Directory, Okta, and Entra ID after ransomware, Rubrik's "bunker in a box" appliance for immutable air-gapped recovery, proactive posture management, CrowdStrike and Defender integrations, and where AI and non-human identities fit into Rubrik's roadmap. The episode wraps with measuring success for a product you hope to never use, and a detour into watch collecting.This episode was made possible by the support of Rubrik. Learn more at rubrik.com/idacConnect with Drew: https://www.linkedin.com/in/drew-russell-3762411b/Learn more about Rubrik: https://www.rubrik.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTIMESTAMPS00:00:00 - Welcome and Introduction00:01:19 - Introducing Drew Russell00:01:36 - How Drew Got Into Identity00:02:43 - What Is Rubrik and What Sets It Apart00:03:38 - From Backup to Cyber Resilience00:05:31 - Where Rubrik Fits in the IAM Landscape00:07:08 - Rubrik's Scale: Clients and Growth00:07:51 - Primary Use Cases: Post-Incident Recovery and AD00:09:09 - Kicking Out Compromised Accounts and ADR00:10:11 - Proactive Threat Detection and Mandiant Integration00:11:28 - Scanning Backups to Find the Clean Recovery Point00:12:14 - The Bunker in a Box Explained00:13:18 - Posture Management and Upstream Tool Integration00:14:19 - AI Agent Swarms and the Future Attack Surface00:15:37 - The Taiwan Bank Case Study: Six Weeks to Rebuild AD00:17:16 - The State of Nevada Incident: $400K and 30 Days00:17:56 - What Recovery Covers: AD, Okta, and Entra ID00:19:26 - Post-Restore Change Management and Whitelisting00:20:08 - How Long Should You Store Backups?00:21:19 - Indexing Identity for Intelligent Recovery Points00:22:29 - Excluding Malicious Actions During Restore00:24:41 - Zero Trust for Rubrik's Own Backups00:26:21 - No Windows, No Virtualization Architecture00:27:49 - Proactive Posture Management00:29:00 - CrowdStrike and Defender Real-Time Integration00:30:48 - Why Tabletop Exercises Often Fall Short00:31:53 - AI Roadmap and Non-Human Identities00:34:22 - The Three Pillars: Data, Identity, and AI00:35:29 - Deployment: SaaS vs. On-Prem00:38:37 - Appliance Sizing and Redundancy00:42:23 - Measuring Success for a Product You Hope to Never Use00:43:46 - The Ludacris Rubrik Commercial00:45:31 - Watch Collecting and the Omega Speedmaster00:53:39 - Drew's Closing WordsKEYWORDSIdentity at the Center, IDAC, Jeff Steadman, Jim McDonald, Rubrik, Drew Russell, identity resilience, cyber resilience, Active Directory recovery, AD backup, Okta recovery, Entra ID recovery, identity backup, ITDR, ISPM, non-human identity, NHI, agentic AI, ransomware recovery, bunker in a box, immutable backup, CrowdStrike integration, Microsoft Defender integration, Mandiant integration, identity disaster recovery, ADR, zero trust, tabletop exercises, posture management, IAM, identity security podcast, cybersecurity podcast

Chattinn Cyber
Bridging the Cybersecurity Gap: Leadership, AI, and Real-World Strategies for 2026

Chattinn Cyber

Play Episode Listen Later Mar 10, 2026 12:09


Summary In this episode of Chattinn Cyber, Marc Schein is chattin' with Mike Armistead, a seasoned cybersecurity expert with over 40 years of experience, including more than 20 years as a vendor in the cybersecurity space. The conversation opens with a discussion about the challenges security leaders face in 2026. Mike highlights the complexity of their role, comparing it to that of a CFO managing financial risk, but notes that cybersecurity leaders often lack the comprehensive management tools that CFOs have. He emphasizes the fragmented nature of cybersecurity tools and the difficulty in stitching together disparate signals to form a coherent security posture. Mike further explains that the human element is the critical glue in cybersecurity programs. The effectiveness of security teams depends heavily on the leadership and the ability of individuals to contextualize technical signals within the business environment. This need for situational awareness is driving interest in AI technologies, particularly on the defender side, to augment human capabilities and expand the scope and depth of security operations. The chat then shifts to the role of AI in cybersecurity products. Mike observes that while AI is increasingly integrated into detection tools, the industry has largely shifted focus away from prevention. He advocates for a strategic return to prevention, where AI can play a significant role in helping security leaders develop and implement risk mitigation strategies tailored to their organizations. Mike stresses the importance of a holistic approach that goes beyond real-time detection to include employee training, access control, and disaster recovery. Addressing the challenges faced by middle-market organizations, Mike points out that these companies are often expected to meet the same cybersecurity standards as large enterprises but with far fewer resources. He advises middle-market CISOs to prioritize protecting their most critical assets—their “crown jewels”—and to have candid conversations with leadership about realistic security goals. This pragmatic approach helps ensure that limited resources are focused on the highest risks rather than attempting to cover every possible threat. Finally, Mike shares information about a community he helped start called the Security Impact Circle, which focuses on cybersecurity leadership issues such as board engagement. This community facilitates workshops that bring together CSOs and board directors to bridge the communication gap and align security priorities with business needs. Mike encourages listeners to visit securityimpactcircle.org to learn more and get involved. Five Key Points Covered Cybersecurity leaders face complex challenges similar to CFOs but lack equivalent management tools. Human expertise is essential to contextualize technical security signals within the business environment. AI is increasingly used in detection but should also be leveraged to enhance prevention strategies. Middle-market organizations must prioritize protecting their most critical assets due to limited resources. The Security Impact Circle community helps improve communication and alignment between security leaders and boards. Five Key Quotes from the Conversation “Security leaders have a tough job… it's not unlike what a CFO has to think about, right? That risk happens to be financial, and the CISOs really happens to be in cyber.” “The security teams are really bound by how good not only their leader, but the deputies, the managers, the architects, those individual contributors that really help lead it.” “I think the opportunity is to swing it back to prevention… AI can really start to help on the prevention strategy side of cybersecurity.” “Middle-market leaders are expected to do everything that the largest enterprises do, but they don't have the resources to cover all the ground.” “We bring in a director from a public company's audit committee to run workshops… it's less about what a CSO thinks they should say and more about what the director thinks they need to hear.” About Our Guest Mike Armistead brings nearly 40 years of business experience marked by a proven track record of building companies, navigating strategic acquisitions, and leading growth at every stage. As co-founder and CEO of Respond Software, acquired by Mandiant for $200 million, and co-founder of Fortify Software, acquired by HP for $285 million, Mike has played pivotal roles in multiple successful startups, including serving as SVP on the turnaround team at WhoWhere (acquired by Lycos for $133 million) and contributing to Pure Software's IPO. His post-acquisition leadership includes key roles as VP of Products & UX at Mandiant, Director at Google Cloud, and VP & GM for Fortify and ArcSight business groups at HPE, where he drove significant expansion and over $400 million in revenue impact. Alongside these successes, Mike gained valuable insights from two brief ventures, including leading InLeague through post-9/11 financial challenges and emphasizing product-market fit in another startup. Beginning his career as a Product Manager at HP in the late 1980s, Mike's multifaceted experience spans diverse industries and company sizes. Today, he remains passionate about building high-performing teams and tackling complex, noble challenges. Follow Our Guest LinkedIn About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn  

The CyberWire
Unit 42's Iran Threat Brief: What We're Seeing [Threat Vector]

The CyberWire

Play Episode Listen Later Mar 5, 2026 33:54


Unit 42 is tracking more than 60 active hacktivist groups and Iran-linked threat actors right now. What are they actually doing, what should you believe, and what should you do about it? In this episode of Threat Vector, David Moulton sits down with Justin Moore, Senior Manager of Threat Intelligence Research at Unit 42, and Andy Piazza, Senior Director of Threat Intelligence at Unit 42, to walk through the Unit 42 Iran Threat Brief and what the observed activity means for defenders. You'll learn: - What Unit 42 is actually observing from groups like Handala Hack, FAD Team, and Dark Storm, and what claims remain unverified - Why Iran's reduced internet connectivity changes the threat picture in ways that aren't obvious - What dispersed operators and proxy groups mean for organizations far outside the Middle East - Which defensive actions matter most against the TTPs and IOCs Unit 42 has documented - How to handle hacktivist claims that may be exaggerated or false Justin Moore brings nine years of intelligence officer experience plus senior threat intel roles at Mandiant, Google, and TikTok before joining Unit 42. Andy Piazza has more than 20 years in security operations and threat intelligence, including leading IBM X-Force's global threat intel team. Read the threat brief from Unit 42:  - Escalation of Cyber Risk Related to Iran (March 2026) - Escalation of Cyber Risk Related to Iran (June 2025) This episode is essential listening if you're: a CISO assessing current exposure, a threat analyst tracking Iran-linked groups, or a security leader who needs to explain the actual observed risk to your board. Related Episodes: - Inside the Mind of State-Sponsored Cyberattackers - Frenemies With Benefits - From Policy to Cyber Interference #Cybersecurity #ThreatIntelligence About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

ITSPmagazine | Technology. Cybersecurity. Society
Speaking Security with a Business Accent: Why Being Right Isn't Enough If Nobody Listens | A Redefining CyberSecurity Podcast Conversation with Josh Mason

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Mar 3, 2026 31:47


⬥EPISODE NOTES⬥ What happens when a cybersecurity professional knows exactly what's wrong but can't get anyone to act on it? It's a problem that affects security teams across every industry, and it's the central question driving Josh Mason's new book, Speaks Security with a Business Accent. In this conversation, Josh Mason joins Sean Martin to unpack why technical accuracy alone doesn't move the needle and what it takes to communicate security in terms the business actually understands. Josh Mason brings a perspective shaped by years as an Air Force pilot and cyber warfare officer, where mission-first thinking wasn't optional, it was survival. As a safety officer, he studied aircraft mishaps, analyzed black box recordings, and learned that risk awareness doesn't mean risk paralysis. The same philosophy, he argues, applies to cybersecurity: teams can acknowledge risk without letting fear of failure prevent them from supporting the mission. Drawing from books like Dale Carnegie's How to Win Friends and Influence People, The Phoenix Project, and The Goal, Josh Mason structured his own book as a narrative, telling the story of a CIO who transforms a disconnected security team into one that communicates effectively with colleagues, leadership, the board, and eventually beyond the organization. A recurring theme in this conversation is the danger of perfection as the enemy of progress. Josh Mason uses the Iron Man analogy of building an imperfect prototype, flying it, learning from the failure, and iterating, to argue that security teams need to embrace a similar mindset. DevOps teams have already adopted this approach, and security can learn from it. Inaction for perfection's sake, he warns, isn't going to get anyone anywhere. The conversation also examines whether the cybersecurity industry does enough to learn from its own incidents. Unlike aviation, where the FAA and NTSB mandate rigorous post-incident analysis, cybersecurity lacks a centralized authority enforcing that same discipline. Organizations like MITRE, Verizon, and Mandiant publish valuable trend reports, and the data is there for those willing to use it, but it ultimately comes down to individual responsibility and leadership within each organization. For anyone who has ever felt technically right but strategically sidelined, this conversation offers a practical lens on bridging the gap between what security teams know and what the business needs to hear. ⬥GUEST⬥ Josh Mason, Author of Speaks Security with a Business Accent | Air Force Veteran, Cybersecurity Professional, and Founder of Noob Village | Website: https://www.mason-sc.com | On LinkedIn: https://www.linkedin.com/in/joshuacmason/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ Speaks Security with a Business Accent by Josh Mason | https://www.mason-sc.com The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity Podcast:

Redefining CyberSecurity
Speaking Security with a Business Accent: Why Being Right Isn't Enough If Nobody Listens | A Redefining CyberSecurity Podcast Conversation with Josh Mason

Redefining CyberSecurity

Play Episode Listen Later Mar 3, 2026 31:47


⬥EPISODE NOTES⬥ What happens when a cybersecurity professional knows exactly what's wrong but can't get anyone to act on it? It's a problem that affects security teams across every industry, and it's the central question driving Josh Mason's new book, Speaks Security with a Business Accent. In this conversation, Josh Mason joins Sean Martin to unpack why technical accuracy alone doesn't move the needle and what it takes to communicate security in terms the business actually understands. Josh Mason brings a perspective shaped by years as an Air Force pilot and cyber warfare officer, where mission-first thinking wasn't optional, it was survival. As a safety officer, he studied aircraft mishaps, analyzed black box recordings, and learned that risk awareness doesn't mean risk paralysis. The same philosophy, he argues, applies to cybersecurity: teams can acknowledge risk without letting fear of failure prevent them from supporting the mission. Drawing from books like Dale Carnegie's How to Win Friends and Influence People, The Phoenix Project, and The Goal, Josh Mason structured his own book as a narrative, telling the story of a CIO who transforms a disconnected security team into one that communicates effectively with colleagues, leadership, the board, and eventually beyond the organization. A recurring theme in this conversation is the danger of perfection as the enemy of progress. Josh Mason uses the Iron Man analogy of building an imperfect prototype, flying it, learning from the failure, and iterating, to argue that security teams need to embrace a similar mindset. DevOps teams have already adopted this approach, and security can learn from it. Inaction for perfection's sake, he warns, isn't going to get anyone anywhere. The conversation also examines whether the cybersecurity industry does enough to learn from its own incidents. Unlike aviation, where the FAA and NTSB mandate rigorous post-incident analysis, cybersecurity lacks a centralized authority enforcing that same discipline. Organizations like MITRE, Verizon, and Mandiant publish valuable trend reports, and the data is there for those willing to use it, but it ultimately comes down to individual responsibility and leadership within each organization. For anyone who has ever felt technically right but strategically sidelined, this conversation offers a practical lens on bridging the gap between what security teams know and what the business needs to hear. ⬥GUEST⬥ Josh Mason, Author of Speaks Security with a Business Accent | Air Force Veteran, Cybersecurity Professional, and Founder of Noob Village | Website: https://www.mason-sc.com | On LinkedIn: https://www.linkedin.com/in/joshuacmason/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ Speaks Security with a Business Accent by Josh Mason | https://www.mason-sc.com The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity Podcast:

The Cybersecurity Defenders Podcast
#296 - How to Strengthen Cyber Resilience in an AI Era with Chris Cochran from SANS Institute

The Cybersecurity Defenders Podcast

Play Episode Listen Later Feb 25, 2026 31:15


On this episode of The Cybersecurity Defenders Podcast, we speak with Chris Cochran, Field CISO & Vice President of AI Security at SANS Institute, about how to navigate the future of AI risk and security strategyChris works at the intersection of cyber defense, AI safety, and emerging risk, where the threats are converging and the playbooks are still being written. His career has taken him from the Marine Corps to NSA, U.S. Cyber Command, the U.S. House of Representatives, Mandiant, and Netflix. Across every role, one throughline: understanding adversaries, building high-trust teams, and translating complex problems into strategies leaders can act on.Today, Chris advises organizations, governments, and research institutions on AI governance, agentic threat preparedness, and unifying safety and security into a single discipline. He contributes to global standards efforts including the EU AI Act (via OWASP AI) and leads executive education on cybersecurity and AI strategy at SANS.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io

Security Conversations
GitLab doxxes North Korea .gov hackers; fresh Ivanti zero-days; AI addiction and human purpose

Security Conversations

Play Episode Listen Later Feb 20, 2026 136:39


(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Three Buddy Problem - Episode 86: We dig into GitLab's explosive look at North Korea's “Contagious Interview” APT operation, the scale of fake IT worker infiltration, and what it means for companies chasing cheap talent. Plus, a fresh batch of already-exploited Ivanti and Dell zero-days, the return of Apple's shutdown logs, and thoughts on addictive AI coding agents affecting human purpose. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

@BEERISAC: CPS/ICS Security Podcast Playlist
Beyond Defense: Building Cyber Resilience in Autonomous and Connected Mobility

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jan 18, 2026 25:25


Podcast: Exploited: The Cyber Truth Episode: Beyond Defense: Building Cyber Resilience in Autonomous and Connected MobilityPub date: 2026-01-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAutonomous and connected vehicles are reshaping transportation, but increased software complexity and connectivity introduce serious security and safety challenges that can't be solved with traditional perimeter defenses. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and Hemanth Tadepalli, Senior Cybersecurity & Compliance SME at May Mobility, for a practical discussion on what cyber resilience looks like inside real-world autonomous vehicle programs. Hemanth draws on his experience securing mobility systems at May Mobility, as well as prior work with Mandiant, Google, and AlixPartners, to explain how automotive organizations are adapting to software-defined vehicle architectures, regulatory pressure, and expanding attack surfaces. Joe shares his perspective on why mobility companies increasingly resemble software companies and what that means for engineering, governance, and operational security. Together, they explore: How connected and autonomous vehicle architectures expand the attack surfaceWhat cyber resilience means in day-to-day engineering and fleet operationsHow governance, threat intelligence, and software validation reduce riskRegulatory pressures shaping automotive security decisionsHow teams balance detection, response, and safety in autonomous systems Whether you're building autonomous platforms, managing connected fleets, or securing safety-critical software, this episode offers a grounded look at what it takes to keep modern mobility systems trustworthy and safe.The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The CyberWire
Source code in the wild aisle.

The CyberWire

Play Episode Listen Later Jan 13, 2026 24:28


Stolen Target source code looks real. CISA pulls the plug on Gogs. SAP rushes patches for critical flaws. A suspected Russian spy emerges in Sweden, while Cloudflare threatens to walk away from Italy. Researchers flag a Wi-Fi chipset bug, a long-running Magecart skimming campaign, and a surge in browser-in-the-browser phishing against Facebook users. Mandiant releases a new Salesforce defense tool, and NIST asks how to secure agentic AI before it secures itself. Our guests are Christine Blake and Madison Farabaugh from Inside the Media Minds. Plus, a Dutch court says seven years is still the going rate for a USB-powered cocaine plot. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Christine Blake and Madison Farabaugh from W2 Communications and hosts of Inside the Media Minds podcast on their show joining the N2K CyberWire network. You can listen to the latest episode of Inside the Media Minds today and catch new installments every month on your favorite podcast app. Selected Reading Target employees confirm leaked code after ‘accelerated' Git lockdown (Bleeping Computer) Fed agencies urged to ditch Gogs as zero-day makes CISA list (The Register) SAP's January 2026 Security Updates Patch Critical Vulnerabilities (SecurityWeek) Sweden detains ex-military IT consultant suspected of spying for Russia (The Record) Cloudflare CEO threatens to pull out of Italy  (The Register) One Simple Trick to Knock Out the Wi-Fi Network (GovInfo Security) Google's Mandiant releases free Salesforce access control checker (iTnews) Global Magecart Campaign Targets Six Card Networks (Infosecurity Magazine) Facebook login thieves now using browser-in-browser trick (Bleeping Computer) NIST Calls for Public to Help Better Secure AI Agents (GovInfo Security) Appeal fails for hacker who opened port to coke smugglers (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Cam & Otis Show
Navigating the Tech Landscape: AI and Beyond with Mike Armistead | 10x Your Team Ep. #456

The Cam & Otis Show

Play Episode Listen Later Dec 19, 2025 61:49


How does a serial entrepreneur navigate the ever-evolving tech landscape? In this conversation with Mike Armistead, co-founder and CEO of Pulse Security AI, Cam and Otis explore the art of building companies that endure beyond short-term trends."Leadership is about matching strategies to people and situations," Mike explains, drawing from his extensive experience in founding and growing technology companies. From his early days at Pure Software and Lycos to co-founding Fortify Software and Respond Software, Mike shares insights into the critical role of timing, persistence, and adaptability in entrepreneurial success.What makes this episode particularly valuable is Mike's focus on the intersection of technology and business strategy. "The next major shift is artificial intelligence," he notes, discussing how Pulse Security AI is bridging the gap between technical security tools and broader business objectives. Whether you're an aspiring entrepreneur, a tech enthusiast, or a leader looking to align strategies with people, Mike's journey offers a roadmap for navigating complex challenges with clarity and purpose.More About Mike:Mike Armistead is a serial entrepreneur and corporate leader who has built and grown technology companies for more than thirty years. His career began at Pure Software, Reed Hastings' first startup before Netflix, and later at Lycos during the early internet boom. He went on to co-found Fortify Software, which grew into a category leader before being acquired by HP. Mike then co-founded Respond Software, which was acquired by FireEye for $186 million in 2020. When FireEye split into Mandiant and later became part of Google, he continued to focus on the next major shift in technology: artificial intelligence. Today, Mike is the co-founder and CEO of Pulse Security AI, where he helps organizations close the gap between technical security tools and the broader business strategies they are meant to support. A Stanford-educated engineer, he has also coached more than 500 youth sportsgames, an experience that shaped his belief that leadership is about matching strategies to people and situations. His career reflects persistence, timing, and a commitment to building companies that last beyond short-term trends.#10xyourteam #EntrepreneurialLeadership #TechLeadership #SerialEntrepreneur #BusinessStrategy #ArtificialIntelligence #AILeadership #ScalingCompanies #StartupJourney #TechInnovation #LeadershipMindsetChapter Times and Titles:From Pure Software to Lycos [00:00 - 10:00]Introduction to Mike ArmisteadEarly career at Pure Software and LycosLessons from the early internet boomCo-Founding Fortify Software [10:01 - 20:00]Building a category leader in software securityThe journey to acquisition by HPKey takeaways from scaling a tech companyRespond Software and the FireEye Acquisition [20:01 - 30:00]Co-founding Respond SoftwareThe $186 million acquisition by FireEyeNavigating the acquisition processThe Next Major Shift: Artificial Intelligence [30:01 - 40:00]Founding Pulse Security AIBridging the gap between tech tools and business strategyThe role of AI in future technology trendsLeadership Lessons from Youth Sports [40:01 - 50:00]Coaching over 500 youth sports gamesHow sports shaped Mike's leadership philosophyMatching strategies to people and situationsBuilding Companies That Last [50:01 - End]Persistence and timing in entrepreneurshipFinal thoughts on enduring business successHow to connect with Mike and Pulse Security AIMike Armistead,https://www.linkedin.com/in/mike-armistead-1164715/https://www.linkedin.com/company/pulse-security-ai-inc/https://pulsesecurity.ai/

CERIAS Security Seminar Podcast
Peter Ukhanov, From MOVEit to EBS – a Look at Mass Exploitation Extortion Campaigns

CERIAS Security Seminar Podcast

Play Episode Listen Later Dec 10, 2025 54:01


Over the past several years, CL0P has executed multiple mass exploitation campaigns using zero-day vulnerabilities in popular software products that resulted in mass data exfiltration. In this talk we'll take a look at the vulnerabilities that enabled their access, discuss ways defenders could have detected the exploits, and explore hardening recommendations to make public facing applications harder to compromise. About the speaker: Peter Ukhanov is a Principal Consultant with the Google Public Sector (Mandiant) IR team. Prior to joining Mandiant, Peter worked at Dragos focusing on OT/ICS environments. He started his career in incident response and digital forensics in 2014 at the Defense Information Systems Agency, spending almost 7 years supporting various Department of Defense entities.

Cloud Security Podcast by Google
EP254 Escaping 1990s Vulnerability Management: From Unauthenticated Scans to AI-Driven Mitigation

Cloud Security Podcast by Google

Play Episode Listen Later Dec 1, 2025 31:14


Guest: Caleb Hoch, Consulting Manager on Security Transformation Team, Mandiant, Google Cloud Topics: How has vulnerability management (VM) evolved beyond basic scanning and reporting, and what are the biggest gaps between modern practices and what organizations are actually doing? Why are so many organizations stuck with 1990s VM practices? Why mitigation planning is still hard for so many? Why do many organizations, including large ones, still rely on unauthenticated scans despite the known importance of authenticated scanning for accurate results? What constitutes a "gold standard" vulnerability prioritization process in 2025 that moves beyond CVSS scores to incorporate threat intelligence, asset criticality, and other contextual factors? What are the primary human and organizational challenges in vulnerability management, and how can issues like unclear governance, lack of accountability, and fear of system crashes be overcome? How is AI impacting vulnerability management, and does the shift to cloud environments fundamentally change VM practices? Resources: EP109 How Google Does Vulnerability Management: The Not So Secret Secrets! EP246 From Scanners to AI: 25 Years of Vulnerability Management with Qualys CEO Sumedh Thakar EP248 Cloud IR Tabletop Wins: How to Stop Playing Security Theater and Start Practicing How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends Mandiant M Trends 2025 EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators Mandiant Vulnerability Management

Cloud Security Podcast
How to Build Trust in an AI SOC for Regulated Environments

Cloud Security Podcast

Play Episode Listen Later Nov 18, 2025 42:15


How do you establish trust in an AI SOC, especially in a regulated environment? Grant Oviatt, Head of SOC at Prophet Security and a former SOC leader at Mandiant and Red Canary, tackles this head-on as a self-proclaimed "AI skeptic". Grant shared that after 15 years of being "scared to death" by high-false-positive AI, modern LLMs have changed the game .The key to trust lies in two pillars: explainability (is the decision reasonable?) and traceability (can you audit the entire data trail, including all 40-50 queries?) . Grant talks about yje critical architectural components for regulated industries, including single-tenancy , bring-your-own-cloud (BYOC) for data sovereignty , and model portability.In this episode we will be comparing AI SOC to traditional MDRs and talking about real-world "bake-off" results where an AI SOC had 99.3% agreement with a human team on 12,000 alerts but was 11x faster, with an average investigation time of just four minutes .Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠Grant's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠(00:00) Introduction(02:00) Who is Grant Oviatt?(02:30) How to Establish Trust in an AI SOC for Regulated Environments(03:45) Explainability vs. Traceability: The Two Pillars of Trust(06:00) The "Hard SOC Life": Pre-AI vs. AI SOC(09:00) From AI Skeptic to AI SOC Founder: What Changed? (10:50) The "Aha!" Moment: Breaking Problems into Bite-Sized Pieces(12:30) What Regulated Bodies Expect from an AI SOC(13:30) Data Management: The Key for Regulated Industries (PII/PHI) (14:40) Why Point-in-Time Queries are Safer than a SIEM (15:10) Bring-Your-Own-Cloud (BYOC) for Financial Services (16:20) Single-Tenant Architecture & No Training on Customer Data (17:40) Bring-Your-Own-Model: The Rise of Model Portability (19:20) AI SOC vs. MDR: Can it Replace Your Provider? (19:50) The 4-Minute Investigation: Speed & Custom Detections (21:20) The Reality of Building Your Own AI SOC (Build vs. Buy)(23:10) Managing Model Drift & Updates(24:30) Why Prophet Avoids MCPs: The Lack of Auditability (26:10) How Far Can AI SOC Go? (Analysis vs. Threat Hunting)(27:40) The Future: From "Human in the Loop" to "Manager in the Loop" (28:20) Do We Still Need a Human in the Loop? (95% Auto-Closed) (29:20) The Red Lines: What AI Shouldn't Automate (Yet) (30:20) The Problem with "Creative" AI Remediation(33:10) What AI SOC is Not Ready For (Risk Appetite)(35:00) Gaining Confidence: The 12,000 Alert Bake-Off (99.3% Agreement) (37:40) Fun Questions: Iron Mans, Texas BBQ & SeafoodThank you to Prophet Security for sponsoring this episode.

ITSPmagazine | Technology. Cybersecurity. Society
The Once and Future Rules of Cybersecurity | A Black Hat SecTor 2025 Conversation with HD Moore | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Oct 9, 2025 23:37


During his keynote at SecTor 2025, HD Moore, founder and CEO of runZero and widely recognized for creating Metasploit, invites the cybersecurity community to rethink the foundational “rules” we continue to follow—often without question. In conversation with Sean Martin and Marco Ciappelli for ITSPmagazine's on-location event coverage, Moore breaks down where our security doctrines came from, why some became obsolete, and which ones still hold water.One standout example? The rule to “change your passwords every 30 days.” Moore explains how this outdated guidance—rooted in assumptions from the early 2000s when password sharing was rampant—led to predictable patterns and frustrated users. Today, the advice has flipped: focus on strong, unique passwords per service, stored securely via password managers.But this keynote isn't just about passwords. Moore uses this lens to explore how many security “truths” were formed in response to technical limitations or outdated behaviors—things like shared network trust, brittle segmentation, and fragile authentication models. As technology matures, so too should the rules. Enter passkeys, hardware tokens, and enclave-based authentication. These aren't just new tools—they're a fundamental shift in where and how we anchor trust.Moore also calls out an uncomfortable truth: the very products we rely on to protect our systems—firewalls, endpoint managers, and security appliances—are now among the top vectors for breach, per Mandiant's latest report. That revelation struck a chord with conference attendees, who appreciated Moore's willingness to speak plainly about systemic security debt.He also discusses the inescapable vulnerabilities in AI agent flows, likening prompt injection attacks to the early days of cross-site scripting. The tech itself invites risk, he warns, and we'll need new frameworks—not just tweaks to old ones—to manage what comes next.This conversation is a must-listen for anyone questioning whether our security playbooks are still fit for purpose—or simply carried forward by habit.___________GUEST:HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comRESOURCES:Keynote: The Once and Future Rules of Cybersecurity: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-the-once-and-future-rules-of-cybersecurity-49596Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025Mandiant M-Trends Breach Report: https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/OPM Data Breach Summary: https://oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

Redefining CyberSecurity
The Once and Future Rules of Cybersecurity | A Black Hat SecTor 2025 Conversation with HD Moore | On Location Coverage with Sean Martin and Marco Ciappelli

Redefining CyberSecurity

Play Episode Listen Later Oct 9, 2025 23:37


During his keynote at SecTor 2025, HD Moore, founder and CEO of runZero and widely recognized for creating Metasploit, invites the cybersecurity community to rethink the foundational “rules” we continue to follow—often without question. In conversation with Sean Martin and Marco Ciappelli for ITSPmagazine's on-location event coverage, Moore breaks down where our security doctrines came from, why some became obsolete, and which ones still hold water.One standout example? The rule to “change your passwords every 30 days.” Moore explains how this outdated guidance—rooted in assumptions from the early 2000s when password sharing was rampant—led to predictable patterns and frustrated users. Today, the advice has flipped: focus on strong, unique passwords per service, stored securely via password managers.But this keynote isn't just about passwords. Moore uses this lens to explore how many security “truths” were formed in response to technical limitations or outdated behaviors—things like shared network trust, brittle segmentation, and fragile authentication models. As technology matures, so too should the rules. Enter passkeys, hardware tokens, and enclave-based authentication. These aren't just new tools—they're a fundamental shift in where and how we anchor trust.Moore also calls out an uncomfortable truth: the very products we rely on to protect our systems—firewalls, endpoint managers, and security appliances—are now among the top vectors for breach, per Mandiant's latest report. That revelation struck a chord with conference attendees, who appreciated Moore's willingness to speak plainly about systemic security debt.He also discusses the inescapable vulnerabilities in AI agent flows, likening prompt injection attacks to the early days of cross-site scripting. The tech itself invites risk, he warns, and we'll need new frameworks—not just tweaks to old ones—to manage what comes next.This conversation is a must-listen for anyone questioning whether our security playbooks are still fit for purpose—or simply carried forward by habit.___________GUEST:HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comRESOURCES:Keynote: The Once and Future Rules of Cybersecurity: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-the-once-and-future-rules-of-cybersecurity-49596Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025Mandiant M-Trends Breach Report: https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/OPM Data Breach Summary: https://oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

Security Conversations
Oracle cl0p ransomware crisis, EU drone sightings, Cisco bootkit fallout

Security Conversations

Play Episode Listen Later Oct 3, 2025 123:28


Three Buddy Problem - Episode 66: We discuss drone sightings that shut down airports across Europe and what they reveal about hybrid warfare and the changing nature of conflict; Oracle ransomware/extortion campaign tied to unpatched E-Business Suite vulnerabilities and the company's muted response. Plus, the TikTok–Oracle deal and the strange role Oracle now plays in U.S. national security; OpenAI's Sora 2 launch and its implications for social media and human expression; Palo Alto's “Phantom Taurus” APT report, a follow-up on Cisco's ArcaneDoor disclosures, and the impact of the U.S. government shutdown on CISA. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

The CyberWire
Critical GoAnywhere bug exposed.

The CyberWire

Play Episode Listen Later Sep 25, 2025 29:13


Fortra flags a critical flaw in its GoAnywhere Managed File Transfer (MFT) solution. Cisco patches a critical vulnerability in its IOS and IOS XE software. Cloudflare thwarts yet another record DDoS attack. Rhysida ransomware gang claims the Maryland Transit cyberattack. The new “Obscura” ransomware strain spreads via domain controllers. Retailers' use of generative AI expands attack surfaces. Researchers expose GitHub Actions misconfigurations with supply chain risk. Mandiant links the new BRICKSTORM backdoor to a China-based espionage campaign. Kansas students push back against an AI monitoring tool. Ben Yelin speaks with Michele Kellerman, Cybersecurity Engineer for Air and Missile Defense at Johns Hopkins University Applied Physics Lab, discussing Women's health apps and the legal grey zone that they create with HIPAA. Senators push the FTC to regulate your brainwaves. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin, co-host of Caveat, is speaking with Michele Kellerman, Cybersecurity Engineer for Air and Missile Defense at Johns Hopkins University Applied Physics Lab, about Women's health apps and the legal grey zone that they create with HIPAA. If you want to hear the full conversation, check it out on Caveat, here. Selected Reading Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems (HackRead) Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability (Cisco) Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack (Bleeping Computer) Ransomware gang known for government attacks claims Maryland transit incident (The Record) Obscura, an obscure new ransomware variant (Bleeping Computer) Threat Labs Report: Retail 2025 (Netskope) pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks (Orca) China-linked hackers use ‘BRICKSTORM' backdoor to steal IP (The Record) AI safety tool sparks student backlash after flagging art as porn, deleting emails (The Washington Post) Senators introduce bill directing FTC to establish standards for protecting consumers' neural data (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Security Conversations
Live at LABScon: Visi Stark shares memories of creating the APT1 report

Security Conversations

Play Episode Listen Later Sep 24, 2025 28:50


Three Buddy Problem - Episode 63: Co-founder of the Vertex Project Visi Stark joins the buddies to reminisce about his work writing Mandiant's famous APT1 report, the China-nexus threat landscape, the value of cyber threat intelligence, APT-naming schemes, and more... (Recorded at LABScon 2025) Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Visi Stark (https://x.com/Invisig0th).

@BEERISAC: CPS/ICS Security Podcast Playlist
S2 E2: Securing the Grid: Substation Security

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Aug 30, 2025 22:30


Podcast: Simply ICS CyberEpisode: S2 E2: Securing the Grid: Substation SecurityPub date: 2025-08-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Simply ICS Cyber, Don C. Weber and Tom VanNorman sit down with Chris Sistrunk to dive into the challenges and realities of Substation Security.  Chris, now a Technical Leader at ⁨Mandiant⁩ & Google Cloud Security, brings years of experience from his time at Entergy, where he specialized in Transmission & Distribution SCADA systems and cybersecurity labs. He's a recognized leader in ICS/OT security and an active contributor to the community through events like DEF CON's ⁨ICS Village⁩ and BEER-ISAC.  Join us as we discuss securing critical infrastructure, modern threats to substations, and what defenders need to know to stay ahead.  Tune in to get expert insights into protecting the grid.  Connect with Chris on LinkedIn: https://www.linkedin.com/in/chrissistrunk Episode Links: https://cloud.google.com/blog/topics/threat-intelligence/securing-protection-relays-modern-substations https://techcrunch.com/2025/07/14/mark-zuckerberg-says-meta-is-building-a-5gw-ai-data-center/ Connect with your hosts on LinkedIn:- Don https://linkedin.com/in/cutaway- Tom https://linkedin.com/in/thomasvannorman=========================Simply Cyber empowers people who want a rewarding cybersecurity career=========================Presented by Simply Cyber Media Group=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/SocialsThe podcast and artwork embedded on this page are from Simply Cyber Media Group, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

security securing grid transmission defcon listen notes mandiant substation entergy technical leader ics ot google cloud security ics village
@BEERISAC: CPS/ICS Security Podcast Playlist
Protecting the Core: Securing Protection Relays in Modern Substations

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Aug 13, 2025 43:05


Podcast: The Defender's Advantage Podcast (LS 36 · TOP 2.5% what is this?)Episode: Protecting the Core: Securing Protection Relays in Modern SubstationsPub date: 2025-07-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationHost Luke McNamara is joined by members of Mandiant Consulting's Operational Technology team (Chris Sistrunk, Seemant Bisht, and Anthony Candarini) to discuss their latest blog on securing assets in the energy grid.https://cloud.google.com/blog/topics/threat-intelligence/securing-protection-relays-modern-substationsThe podcast and artwork embedded on this page are from Mandiant, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The Cybersecurity Defenders Podcast
#224 - Intel Chat: Otter cookie, Flodrix, Water Curse & Scattered Spider

The Cybersecurity Defenders Podcast

Play Episode Listen Later Jun 24, 2025 31:45


In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A new malware strain known as OtterCookie, developed by the North Korean APT group Lazarus, has been dissected in a detailed technical analysis by offensive security expert Mauro Eldritch. Attackers are currently exploiting a critical vulnerability in the Langflow platform — an open-source Python-based web app used to build AI workflows and agents — to deliver a new botnet called Flodrix.A new campaign from an emerging threat group named Water Curse is targeting the software supply chain by leveraging GitHub repositories that masquerade as legitimate security tools. The threat actor known as Scattered Spider, also tracked as UNC3944 by Google and Mandiant, has apparently shifted its operational focus from the retail sector to the US insurance industry, according to a new alert from Google's Threat Intelligence Group.

Herbert Smith Freehills Podcasts
Cross Examining Cyber EP17: Cross Examining Google Mandiant's Karen Kukoda

Herbert Smith Freehills Podcasts

Play Episode Listen Later May 19, 2025 33:10


Karen is a genuine global leader in the cyber-legal space. She manages the relationship between Google Mandiant and its law firm and insurance partners. She has had a remarkable cyber career…think FireEye, Safeguard Cyber, Mandiant and now Google Mandiant! Karen and I caught up at the IAPP Global Conference in Washington D.C. and then again at the RSAC Conference in San Francisco. We recorded this session as some 50,000 cyber experts took over downtown San Francisco. If you want to know more about the interaction between law firms and cyber forensic firms, this podcast is for you. Karen shares her views on the current threat landscape, the role of the cyber-forensic expert, the remarkable rise of the Google Mandiant cyber team and successful engagement with law firms / legal teams. A proud Buffalonian and fierce advocate for women in cyber. This is cross-examining Karen Kukoda. Here we go…

Eye on Security
Responding to a DPRK ITW Incident

Eye on Security

Play Episode Listen Later May 19, 2025 16:35


JP Glab (Mandiant Consulting) joins host Luke to discuss responding to activity from North Korean IT workers. He walks through what initially triggered the investigation at this organization, how it progressed in parallel with an HR investigation, and ultimately what was discovered. For more on the DPRK IT workers and trends in incident response, check out Mandiant's 2025 M-Trends report. https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025

Help Me With HIPAA
Busy Broke and Breached - Ep 508

Help Me With HIPAA

Play Episode Listen Later May 9, 2025 52:50


Healthcare still has a giant “Hack Me” sign taped to its back — and the latest reports from Mandiant and Verizon are here to confirm it. These cybercrime breakdowns reveal that attackers are smarter, sneakier, and spending more time poking around your network than ever before. Waiting to secure your systems until after a breach is like installing a smoke detector after the house has already burned down — by the time you smell smoke, it's too late. From dwell times that feel more like extended Airbnb stays to small businesses learning that “we're too small to target” isn't a strategy, the findings hit hard and the lessons come wrapped in some well-placed snark. More info at HelpMeWithHIPAA.com/508

Eye on Security
UNC5221 and The Targeting of Ivanti Connect Secure VPNs

Eye on Security

Play Episode Listen Later May 5, 2025 27:55


Matt Lin (Senior Incident Response Consultant, Mandiant) and Daniel Spicer (Chief Security Officer, Ivanti) dive into the research and response of UNC5221's campaigns against Ivanti. They cover how this threat actor has evolved from earlier campaigns, the continued focus of edge infrastructure by APT actors, and the shared responsibility of security in mitigating threats like this. https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerabilityhttps://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-dayhttps://www.ivanti.com/blog/an-update-on-ivantis-ongoing-commitment-to-enhanced-product-securityhttps://www.ivanti.com/resources/secure-by-design/2024https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends?e=48754805

The Cyber Threat Perspective
Episode 132: Reviewing the Mandiant M-Trends 2025 Report

The Cyber Threat Perspective

Play Episode Listen Later May 2, 2025 42:23


In this episode Spencer and Brad review the M-Trends 2025 Report. M-Trends 2025 is Mandiant's annual report that shares frontline learnings from its global incident-response engagements—over 450 000 hours of investigations in 2024—providing sanitized, data-driven analysis of evolving attacker tactics, dwell times, industry and regional trends, and practical recommendations to help organizations improve their defenses.M-Trends 2025: Data, Insights, and Recommendations From the Frontlines | Google Cloud BlogBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

The CyberWire
AI on the offensive.

The CyberWire

Play Episode Listen Later May 1, 2025 33:08


Updates from RSAC 2025. Former NSA cyber chief Rob Joyce warns that AI is rapidly approaching the ability to develop high-level software exploits. An FBI official warns that China is the top threat to U.S. critical infrastructure. Mandiant and Google raise alarms over widespread infiltration of global companies by North Korean IT workers. France accuses Russia's Fancy Bear of targeting at least a dozen French government and institutional entities. SonicWall has issued an urgent alert about active exploitation of a high-severity vulnerability in its Secure Mobile Access appliances. A China-linked APT group known as “TheWizards” is abusing an IPv6 networking feature. Gremlin Stealer emerges as a serious threat. A 23-year-old Scottish man linked to the Scattered Spider hacking group has been extradited from Spain to the U.S. Senators urge FTC action on consumer neural data. New WordPress malware masquerades as an anti-malware plugin. Our guest is Andy Cao from ProjectDiscovery, the Winner of the 20th Annual RSAC™ Innovation Sandbox Contest. Our intern Kevin returns with some Kevin on the Street interviews from the RSAC floor.  Research reveals the risk of juice jacking isn't entirely imaginary.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Andy Cao from ProjectDiscovery, who is the Winner of the 20th Annual RSAC™ Innovation Sandbox Contest 2025 event. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Shane Harding CEO of Devicie and Nathan Ostrowski Co-Founder Petrą Security.  You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, listen and learn more here. Selected Reading Ex-NSA cyber boss: AI will soon be a great exploit dev (The Register)  AI makes China leading threat to US critical infrastructure, says FBI official (SC World) North Korean operatives have infiltrated hundreds of Fortune 500 companies (CyberScoop) France Blames Russia for Cyberattacks on Dozen Entities (SecurityWeek) SonicWall OS Command Injection Vulnerability Exploited in the Wild (Cyber Security News) Hackers abuse IPv6 networking feature to hijack software updates (Bleeping Computer)  New Gremlin Stealer Advertised on Hacker Forums Targets Credit Card Data and Login Credentials (GB Hackers) Alleged ‘Scattered Spider' Member Extradited to U.S. (Krebs on Security) Senators Urge FTC Action on Consumer Neural Data, Signaling Heightened Scrutiny (Cooley) New WordPress Malware as Anti-Malware Plugin Take Full Control of Website (Cyber Security News)  iOS and Android juice jacking defenses have been trivial to bypass for years (Ars Technica)Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacker And The Fed
Credential Theft, InfoStealers, and the Rise of Cyber Snake Oil

Hacker And The Fed

Play Episode Listen Later May 1, 2025 54:24


Chris and Hector break down the 2025 Mandiant threat report, expose rising cyberattack trends, rant about bad CISOs, and discuss a wild case of a cybersecurity CEO caught installing malware in a hospital. Join our new Patreon! ⁠https://www.patreon.com/c/hackerandthefed⁠ Send HATF your questions at ⁠questions@hackerandthefed.com

Storm⚡️Watch by GreyNoise Intelligence
2025 Cybersecurity Report Breakdown: FBI, Mandiant, GreyNoise, VulnCheck

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Apr 29, 2025 61:44


Forecast = Scattered phishing attempts with a 90% chance of encrypted clouds. ‍ In this episode of Storm⚡️Watch, the crew dissects the evolving vulnerability tracking landscape and the challenges facing defenders as they move beyond the aging CVE system. The show also highlights the rise of sophisticated bot traffic, the expansion of GreyNoise's Global Observation Grid, and fresh tools from VulnCheck and Censys that are helping security teams stay ahead of real-time threats. In our listener poll this week, we ask: what would you do if you found a USB stick? It's a classic scenario that always sparks debate about curiosity versus caution in cybersecurity. It's officially cyber report season, and we're breaking down the latest findings from some of the industry's most influential threat intelligence teams. GreyNoise's new research spotlights the growing risk from resurgent vulnerabilities-those old flaws that go quiet for years before suddenly making a comeback, often targeting edge devices like routers and VPNs. The FBI's 2024 IC3 report is out, revealing a record $16.6 billion in reported losses last year, with phishing, extortion, and business email compromise topping the charts. Mandiant's M-Trends 2025, VulnCheck's Q1 exploitation trends, and other reports all point to a relentless pace of vulnerability weaponization, with nearly a third of new CVEs being exploited within 24 hours of disclosure. We also dig into a series of ace blog posts and research from Censys, including their push to end stale indicators and their deep dives into the sharp rise in attacks targeting edge security devices. Their recent work with GreyNoise and CursorAI on botnet hunting, as well as their new threat hunting module, are changing the game for proactive defense. VulnCheck's quarterly report is raising eyebrows with the revelation that 159 vulnerabilities were exploited in Q1 2025 alone, and 28% of those were weaponized within a single day of disclosure. This underscores how quickly attackers are operationalizing new exploits and why defenders need to move faster than ever. We round out the show with the latest from runZero and a look at GreyNoise's recent findings, including a ninefold surge in Ivanti Connect Secure scanning and a spike in Git configuration crawling-both of which highlight the ongoing risk of codebase exposure and the need for continuous vigilance. Storm Watch Homepage >> Learn more about GreyNoise >>  

Cloud Security Podcast by Google
EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends

Cloud Security Podcast by Google

Play Episode Listen Later Apr 28, 2025 35:19


Guests: Kirstie Failey @ Google Threat Intelligence Group Scott Runnels @ Mandiant Incident Response   Topics: What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends? How much are the lessons and recommendations skewed by the fact that they are all “post-IR” stories? Are “IR-derived” security lessons the best way to improve security? Isn't this a bit like learning how to build safely from fires vs learning safety engineering? The report implies that F500 companies suffer from certain security issues despite their resources, does this automatically mean that smaller companies suffer from the same but more? "Dwell time" metrics sound obvious, but is there magic behind how this is done? Sometimes “dwell tie going down” is not automatically the defender's win, right? What is the expected minimum dwell time? If “it depends”, then what does it  depend on? Impactful outliers vs general trends (“by the numbers”), what teaches us more about security? Why do we seem to repeat the mistakes so much in security? Do we think it is useful to give the same advice repeatedly if the data implies that it is correct advice but people clearly do not do it? Resources: M-Trends 2025 report Mandiant Attack Lifecycle EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality EP147 Special: 2024 Security Forecast Report  

The CyberWire
Lessons from the latest breach reports.

The CyberWire

Play Episode Listen Later Apr 24, 2025 28:57


Verizon and Mandiant call for layered defenses against evolving threats. Cisco Talos describes ToyMaker and Cactus threat actors. Researchers discover a major Linux security flaw which allows rootkits to bypass traditional detection methods. Ransomware groups are experimenting with new business models. Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division shares the latest on Salt Typhoon. Global censorship takes a coffee break. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dave sits down with Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division who shares  a PSA on Salt Typhoon. Selected Reading 2025 Data Breach Investigations Report (Verizon) Mandiant M-Trends 2025 Report (Mandiant) Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs (Ciso Talos) Linux 'io_uring' security blindspot allows stealthy rootkit attacks (bleepingcomputer) Ransomware groups test new business models to hit more victims, increase profits (the record) Cloudflare: Government-backed internet shutdowns plummet to zero in first quarter (the record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloud Security Podcast by Google
EP219 Beyond the Buzzwords: Decoding Cyber Risk and Threat Actors in Asia Pacific

Cloud Security Podcast by Google

Play Episode Listen Later Apr 14, 2025 31:46


Guest: Steve Ledzian, APAC CTO, Mandiant at Google Cloud Topics: We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making? Cybersecurity is rife with jargon. If you could eliminate or redefine one overused term, which would it be and why? How does this overloaded language specifically hinder effective communication and action in the region? The Mandiant Attack Lifecycle is a well-known model. How has your experience in the East Asia region challenged or refined this model? Are there unique attack patterns or actor behaviors that necessitate adjustments? Two years post-acquisition, what's been the most surprising or unexpected benefit of the Google-Mandiant combination? M-Trends data provides valuable insights, particularly regarding dwell time. Considering the Asia Pacific region, what are the most significant factors reducing dwell time, and how do these trends differ from global averages? Given your expertise in Asia Pacific, can you share an observation about a threat actor's behavior that is often overlooked in broader cybersecurity discussions? Looking ahead, what's the single biggest cybersecurity challenge you foresee for organizations in the Asia Pacific region over the next five years, and what proactive steps should they be taking now to prepare? Resources: EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive EP191 Why Aren't More Defenders Winning? Defender's Advantage and How to Gain it!  

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Apr 4, 2025 6:16


Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive Using frequency analysis, and training the model with honeypot data as well as log data from legitimate websites allows for a fairly simple and reliable triage of web server logs to identify possible malicious activity. https://isc.sans.edu/diary/Exploring%20Statistical%20Measures%20to%20Predict%20URLs%20as%20Legitimate%20or%20Intrusive%20%5BGuest%20Diary%5D/31822 Critical Unexploitable Ivanti Vulnerability Exploited CVE-2025-22457 In February, Ivanti patched CVE-2025-22457. At the time, the vulnerability was not considered to be exploitable. Mandiant now published a blog disclosing that the vulnerability was exploited as soon as mid-march https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/ WinRAR MotW Vulnerability CVE-2025-31334 WinRAR patched a vulnerability that would not apply the Mark of the Web correctly if a compressed file included symlinks. This may make it easier to trick a victim into executing code downloaded from a website. https://nvd.nist.gov/vuln/detail/CVE-2025-31334 Microsoft Warns of Tax-Related Scam With the US personal income tax filing deadline only about a week out, Microsoft warns of commonly deployed scams that they are observing related to income tax filings https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/ Oracle Breach Update https://www.bloomberg.com/news/articles/2025-04-02/oracle-tells-clients-of-second-recent-hack-log-in-data-stolen

Security Conversations
NSA director fired, Ivanti's 0day screw-up, backdoor in robot dogs

Security Conversations

Play Episode Listen Later Apr 4, 2025 96:57


Three Buddy Problem - Episode 41: Costin and Juanito join the show from Black Hat Asia in Singapore. We discuss Bunnie Huang's keynote on hardware supply chains and a classification system to establish a grounded perspective on trust in hardware, Ivanti's misdiagnosis of a critical VPN applicance flaw and Mandiant reporting on a Chinese APT exploiting Ivanti devices. Plus, breaking news on the sudden firing of NSA director and head of Cyber Command Tim Haugh. We also discuss Microsoft touting AI's value in finding open-source bootloader bugs, Silent Push report on a RUssian APT impersonating the CIA, a backdoor in a popular Chinese robot dog, and Chinese dominance of the robotics market. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

Relating to DevSecOps
Episode #077: Is Google Eating the Cloud?

Relating to DevSecOps

Play Episode Listen Later Mar 24, 2025 31:59


Send us a textIn this episode of Relating to DevSecOps, Ken Toler and Mike McCabe dive deep into Google's blockbuster acquisition of Wiz.io for a reported $32 billion. They explore the implications for cloud security, the consolidation of the DevSecOps tooling landscape, and how this move compares to Google's previous acquisitions like Mandiant and Chronicle. The duo debates the future of multi-cloud strategies, platform fatigue, and whether Wiz will remain the darling of the security community—or get lost in the labyrinth of Google Cloud products. With sharp insights and a dash of hot takes, they paint a picture of a cloud security ecosystem at a pivotal turning point

Security Conversations
A half-dozen Microsoft zero-days, Juniper router backdoors, advanced bootkit hunting

Security Conversations

Play Episode Listen Later Mar 14, 2025 125:43


Three Buddy Problem - Episode 38: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek. Plus, discussion on a Binarly technical paper with new approach to finding UEFI bootkits, Mandiant flagging custom backdoors on Juniper routers, and MEV 'sandwich attacks' front-running cryptocurrency transactions. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

Security Conversations
Inside the DeepSeek AI existential crisis, Chinese 'backdoor' in medical devices

Security Conversations

Play Episode Listen Later Jan 31, 2025 139:44


Three Buddy Problem - Episode 32: In this episode, we rummage through the DeepSeek hype and break down what makes it different from OpenAI's models, why it's stirring up existential controversies, and what it means for the broader tech landscape. We get into the privacy concerns, the geo-political implications, how AI models handle data, the ongoing debate over IP theft and innovation, and the challenges that come with a Chinese company shipping an open-source alternative. Beyond AI, we dig into some of the latest headlines; from a Chinese ‘backdoor' in medical devices, problems with CISA's backdoor bulletin, the risks of insecure IoT, phishing attacks on influencers, and ongoing battles over censorship in the VPN space. We also touch on WhatsApp catching spyware vendor Paragon Solutions and potential shifts in U.S. government policy on commercial mercenary hacking and surveillance companies. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

Security Conversations
Hijacking .gov backdoors, Ivanti 0days and a Samsung 0-click vuln

Security Conversations

Play Episode Listen Later Jan 10, 2025 108:21


Three Buddy Problem - Episode 29: Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors and Ukrainian hacktivists wiping a major Russian ISP. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

The CyberWire
Router security in jeopardy.

The CyberWire

Play Episode Listen Later Dec 9, 2024 33:57


A critical zero-day is confirmed by a Japanese router maker. Romania annuls the first round of its 2024 presidential election over concerns of Russian interference. A sophisticated malware campaign targets macOS users. Mandiant uncovers a method to bypass browser isolation using QR codes. Belgian and Dutch authorities arrest eight individuals linked to online fraud schemes. A medical device company discloses a ransomware attack. A community hospital in Massachusetts confirms a ransomware attack affecting over three hundred thousand. The Termite ransomware gang claims responsibility for the attack on Blue Yonder. Synology patches multiple vulnerabilities in its Router Manager (SRM) software. The head of U.S. Cyber Command outlines the challenges of keeping decision makers up to date. Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future. Robot rats join the mischief.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future.  Selected Reading I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending (SecurityWeek) Romania's top court annuls presidential election result (CNN) MacOS Passwords Alert—New Malware Targets Keychain, Chrome, Brave, Opera (Forbes) QR codes bypass browser isolation for malicious C2 communication (Bleeping Computer) Eight Suspected Phishers Arrested in Belgium, Netherlands (SecurityWeek) Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack (SecurityWeek) Anna Jaques Hospital ransomware breach exposed data of 300K patients (Bleeping Computer) Blue Yonder SaaS giant breached by Termite ransomware gang (Bleeping Computer) Synology Router Vulnerabilities Let Attackers Inject Arbitrary Web Script (Cyber Security News) Cyber Command Chief Discusses Challenges of Getting Intel to Users (Defense.gov) Robot Rodents: How AI Learned To Squeak And Play (Hackaday) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
Cyberattack cripples major American chipmaker.

The CyberWire

Play Episode Listen Later Aug 21, 2024 34:26


A major American chipmaker discloses a cyberattack. Cybercriminals exploit Progressive Web Applications (PWAs) to bypass iOS and Android defenses. Mandiant uncovers a privilege escalation vulnerability in Microsoft Azure Kubernetes Services. ALBeast hits ALB. Microsoft's latest security update has caused significant issues for dual-boot systems. The DOE's new SolarSnitch program aims to sure up solar panel security. Researchers uncover LLM poisoning techniques. An Iranian-linked group uses a fake podcast to lure a target. Our guest is Parya Lotfi, CEO of DuckDuckGoose, discussing the increasing problem of deepfakes in the cybersecurity landscape. Return to sender - AirTag edition.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Parya Lotfi, CEO of DuckDuckGoose, discusses the increasing relevance of deepfakes in the cybersecurity landscape. Selected Reading Microchip Technology discloses cyberattack impacting operations (Bleeping Computer) Android and iOS users targeted with novel banking app phishing campaign (Cybernews) Azure Kubernetes Services Vulnerability Exposed Sensitive Information (SecurityWeek) ALBeast: Misconfiguration Flaw Exposes 15,000 AWS Load Balancers to Risk (HACKREAD) Microsoft's latest security update has ruined dual-boot Windows and Linux PCs (The Verge) DOE debuts SolarSnitch technology to boost cybersecurity in solar energy systems (Industrial Cyber) Researchers Highlight How Poisoned LLMs Can Suggest Vulnerable Code (Dark Reading) Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset | Proofpoint US (Proofpoint) Serial mail thieves thwarted when victim sends herself an AirTag (Apple Insider)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
The current state of Cyber Threat Intelligence.

The CyberWire

Play Episode Listen Later Jul 22, 2024 17:31


Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Cyber Threat Intelligence with CyberWire Hash Table guest John Hultquist, Mandiant's Chief Analyst. References: Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads. Josephine Wolff, October 2023. How Hackers Swindled Vegas [Explainer]. Slate. Rick Howard, 2023. Cybersecurity First Principles Book Appendix [Book Support Page]. N2K Cyberwire. Staff, September 2023. mWISE Conference 2023 [Conference Website]. Mandiant. Staff, n.d. VirusTotal Submissions Page [Landing Zone]. VirusTotal. Learn more about your ad choices. Visit megaphone.fm/adchoices