Podcasts about Mitre

HR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-469

Drex covers three critical security stories: the government's reversal of its decision to defund Mitre's Common Vulnerability and Exposure (CVE) program, a ransomware attack on DaVita's 3,100+ dialysis facilities across 14 countries, and former CISA Assistant Director Chris Krebs' resignation from Sentinel One following an executive order targeting him.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

HR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-469

HR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-469

Apple Updates Apple released updates for iOS, iPadOS, macOS, and VisionOS. The updates fix two vulnerabilities which had already been exploited against iOS. https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/31866 Oracle Updates Oracle released it quarterly critical patch update. The update addresses 378 security vulnerabilities. Many of the critical updates are already known vulnerabilities in open-source software like Apache and Nginx ingress. https://www.oracle.com/security-alerts/cpuapr2025.html Oracle Breach Guidance CISA released guidance for users affected by the recent Oracle cloud breach. The guidance focuses on the likely loss of passwords. https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise Google Chrome Update A Google Chrome update released today fixes two security vulnerabilities. One of the vulnerabilities is rated as critical. https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html CVE Updates CISA extended MITRE s funding to operate the CVE numbering scheme. However, a number of other organizations announced that they may start alternative vulnerability registers. https://euvd.enisa.europa.eu/ https://gcve.eu/ https://www.thecvefoundation.org/

Three Buddy Problem - Episode 42: We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days. Plus, the effectiveness of Lockdown Mode, the rising costs of mobile exploits, Chris Krebs' exit from SentinelOne after a presidential executive order, and the value and effectiveness of security clearances. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

The CVE program gets a last-minute reprieve. A federal whistleblower alleges a security breach at the NLRB. Texas votes to spin up their very own Cyber Command. BreachForums suffers another takedown. A watchdog group sues the federal government over SignalGate allegations. The SEC Chair reveals a 2016 hack. ResolverRAT targets the healthcare and pharmaceutical sectors worldwide. Microsoft warns of blue screen crashes following recent updates. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. 4chan gets Soyjacked.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. Today's question comes from N2K's EC-Council Certified Ethical Hacker CEH (312-50) Practice Test. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading Funding Expires for Key Cyber Vulnerability Database (Krebs on Security) CISA extends funding to ensure 'no lapse in critical CVE services' (Bleeping Computer) CVE Foundation (CVE Foundation) NoVa govcon firm Mitre to lay off 442 employees after DOGE cuts contracts (Virginia Business) Federal employee alleges DOGE activity resulted in data breach at labor board (NBC News) Whistleblower claims DOGE took sensitive data - now he's being hounded by threatening notes (CNN via YouTube) New state agency to deal with cyber threats advances in Texas House (Texarkana Gazette) BreachForums taken down by the FBI? Dark Storm hackers say they did it “for fun” (Cybernews) Here's What Happened to Those SignalGate Messages (WIRED) After breach, SEC says hackers used stolen data to buy stocks (CNET) New ResolverRAT malware targets pharma and healthcare orgs worldwide (Bleeping Computer) Microsoft warns of blue screen crashes caused by April updates (Bleeping Computer) Infamous message board 4chan taken down following major hack (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Online Services Again Abused to Exfiltrate Data Attackers like to abuse free online services that can be used to exfiltrate data. From the originals , like pastebin, to past favorites like anonfiles.com. The latest example is gofile.io. As a defender, it is important to track these services to detect exfiltration early https://isc.sans.edu/diary/Online%20Services%20Again%20Abused%20to%20Exfiltrate%20Data/31862 OpenSSH 10.0 Released OpenSSH 10.0 was released. This release adds quantum-safe ciphers and the separation of authentication services into a separate binary to reduce the authentication attack surface. https://www.openssh.com/releasenotes.html#10.0p1 Apache Roller Vulnerability Apache Roller addressed a vulnerability. Its CVSS score of 10.0 appears inflated, but it is still a vulnerability you probably want to address. https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f CVE Funding Changes Mitre s government contract to operate the CVE system may run out tomorrow. This could lead to a temporary disruption of services, but the system is backed by a diverse board of directors representing many large companies. It is possible that non-government funding sources may keep the system afloat for now. https://www.cve.org/

On this week's show Patrick Gray talks to former NSA Cybersecurity Director Rob Joyce about Donald Trump's unprecedented, unwarranted and completely bonkers political persecution of Chris Krebs and his employer SentinelOne. They also talk through the week's cybersecurity news, covering: Mitre's stewardship of the CVE database gets its funding DOGE'd The US signs on to the Pall Mall anti-spyware agreement China tries to play the nationstate cyber-attribution game, but comedically badly Hackers run their malware inside the Windows sandbox, for security against EDR This week's episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins to talk through the increasing sprawl of the identity ecosystem. This episode is also available on Youtube. Show notes Cybersecurity industry falls silent as Trump turns ire on SentinelOne | Reuters U.S. cyber defenders shaken by Trump's attack on their former boss Trump Revenge Tour Targets Cyber Leaders, Elections – Krebs on Security Wyden to block Trump's CISA nominee until agency releases report on telecoms' ‘negligent cybersecurity' | The Record from Recorded Future News Gabbard sets up DOGE-style team to cut costs, uncover intel ‘weaponization' MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty US to sign Pall Mall pact aimed at countering spyware abuses | The Record from Recorded Future News Court document reveals locations of WhatsApp victims targeted by NSO spyware | TechCrunch Spyware Maker NSO Group Is Paving a Path Back Into Trump's America | WIRED NCSC shares technical details of spyware targeting Uyghur, Tibetan and Taiwanese groups | The Record from Recorded Future News Risky Bulletin: Chinese APT abuses Windows Sandbox to go invisible on infected hosts China escalates cyber fight with U.S., names alleged NSA hackers Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs - Ars Technica China-based SMS Phishing Triad Pivots to Banks – Krebs on Security Risky Bulletin: CA/B Forum approves 47-days TLS certs Ransomware in het mkb: Cybercriminelen verhogen losgeld bij cyberverzekering 4chan Is Down Following What Looks to Be a Major Hack Spurred By Meme War

Nvidia announces a $5.5 billion charge tied to exports of H20 AI chips, Meta reportedly offered FTC $1B to settle current case, Grok AI chatbot now includes Grok Studio for docs, code, and apps. MP3 Please SUBSCRIBE HERE for free or get DTNS Live ad-free. A special thanks to all our supporters–without you, none ofContinue reading "CISA Will Extend Funding to Mitre For the CVE Program – DTH"

Explore actionable strategies for building a robust cyber resilience posture in this insightful episode. From strengthening defenses to improving recovery agility and anticipating future cybersecurity trends, this conversation delivers practical insights to help you stay a step ahead in protecting your digital landscape.

El trauma es ineludible. Cuando el dolor se encarna en la mente (y se ensaña especialmente con la de los niños) es casi imposible expulsarlo. Por eso la narradora de este cuento, una mujer ya adulta, ve al padre y su presente se desacomoda: vuelve a tener ocho años, a chocar de frente con la herida aún abierta. La perra, de la escritora mexicana Socorro Venegas, fue presentado en el marco del festival Benengeli, la Semana internacional de las letras en español 2023, organizado por el Instituto Cervantes. +++++++++++++++++++++++++++ Pre producción y voz: CECILIA BONA Editó este episodio: DANY FERNÁNDEZ (@danyrap.f) para @activandoproducciones.proyecto ⚙️ Producción: XIMENA GONZALEZ @ximegonzal3z ++++++++++++++++++++++++++++++++++ ¿Te gustaría patrocinar POR QUÉ LEER? Conocé cómo en https://porqueleer.com/patrocina ++++++++++++++++++++++++++++++++++ Soy Cecilia Bona y creé Por qué leer para promover el placer por la lectura. ¿Ya me seguís en redes? ⚡https://instagram.com/porqueleerok ⚡https://twitter.com/porqueleerok ⚡https://www.facebook.com/porqueleerok/ Qué es POR QUÉ LEER Por qué leer es un proyecto multiplataforma que promueve el placer por la lectura. La idea es contagiar las ganas de leer mediante recomendaciones, reseñas y debates. ¡Cada vez somos más! CECILIA BONA Soy periodista, productora y creadora de contenidos. Trabajé en radios como MITRE, VORTERIX y CLUB OCTUBRE. Amo leer desde pequeña, incentivada especialmente por mi mamá. En Por qué leer confluyen muchas de mis pasiones -la radio, la edición de video, la comunicación- y por eso digo que está hecho con muchísimo amor.

Deborah Youmans, CIO at MITRE Corp., joins host Maryfran Johnson for this CIO Leadership Live interview. They discuss cyber incidents, enterprise data governance and GenAI success, leveraging 'outsider' CIO status to encourage more IT innovation, coping with nonstop federal regulatory requirements and more.

⬥GUEST⬥Allie Mellen, Principal Analyst,  Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.The Role of MITRE ATT&CK EvaluationsMITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.Mellen emphasizes that MITRE's evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.Alert Volume and the Cost of Security DataOne key insight from this year's evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.Forrester's analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.The Shift Toward Detection and Response EngineeringMellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.Detection and response should also be tightly integrated. Forrester's research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.Vendor Claims and the Reality of Security ToolsWhile many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE's raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

⬥GUEST⬥Allie Mellen, Principal Analyst,  Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.The Role of MITRE ATT&CK EvaluationsMITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.Mellen emphasizes that MITRE's evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.Alert Volume and the Cost of Security DataOne key insight from this year's evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.Forrester's analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.The Shift Toward Detection and Response EngineeringMellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.Detection and response should also be tightly integrated. Forrester's research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.Vendor Claims and the Reality of Security ToolsWhile many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE's raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Hay mucha ilusión en Quilmes con su plantel A de Damas que, tras un 2024 irregular en el cual culminó octavo, apunta a dar vuelta la página en este Metropolitano para volver a ser protagonistas y meterse nuevamente en los Play Offs. En la previa del arranque del torneo, en el cual debutará este sábado recibiendo a Italiano, Marco Riccardi, su experimentado DT que arribó el año pasado tras ser multicampeón en Caballeros con Mitre, detalló en DQ Radio, el programa del diario Deportes En Quilmes, el arduo trabajo realizado durante la pretemporada, explicó el método de entrenamiento, adelantó que se cambió el sistema de juego y se mostró confiado para dar pelea con un plantel de jerarquía que tendrá a la goleadora Guadalupe Adorno y a Lucía Da Grava como capitanas. Una entrevista sin desperdicio. ¡Dale Play!.

Common Crawl includes Common Leaks The "Common Crawl" dataset, a large dataset created by spidering website, contains as expected many API keys and other secrets. This data is often used to train large language models https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data Github Repositories Exposed by Copilot As it is well known, Github's Copilot is using data from public GitHub repositories to train it's model. However, it appears that repositories who were briefly left open and later made private have been included as well, allowing Copilot users to retrieve files from these repositories. https://www.lasso.security/blog/lasso-major-vulnerability-in-microsoft-copilot MITRE Caldera Framework Allows Unauthenticated Code Execution The MITRE Caldera adversary emulation framework allows for unauthenticted code execution by allowing attackers to specify compiler options https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e modsecurity Rule Bypass Attackers may bypass the modsecurity web application firewall by prepending encoded characters with 0. https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j

In this insightful episode, we delve into the unique journey of Dan Ward, a Senior Principal Systems Engineer at MITRE, former Air Force Lieutenant Colonel, and author of four books, including The Simplicity Cycle and Fire. Dan reflects on his innovative career, spanning military service, systems engineering, and prolific writing, sharing lessons on catalyzing change and simplifying complexity.Dan's anecdotes illuminate key ideas: the transformative power of collaboration—“a catalyst by themselves is just powder in a jar”—and the importance of fostering a culture that celebrates learning from failure. He introduces the concept of “failure cake,” a practice his team developed to destigmatize failure by celebrating attempts and extracting lessons with humor and camaraderie.A firm believer in the power of writing, Dan calls on professionals to contribute to their fields, using his own journey as a guidepost. With practical insights and humor, he explains how writing a book is not just achievable but transformative, offering “book math” as a framework for aspiring authors.Whether it's through his viral article Build Droids, Not Death Stars, his “Green Pen Squad” initiative, or MITRE's free innovation toolkit, Dan exemplifies how leaders can simplify, inspire, and innovate. Tune in for actionable wisdom on leadership, storytelling, and building teams that thrive on collaboration and resilience.Check out "Build Droids Not Death Stars", an articule that Dan wrote that went viral and led to his first book, was inspired by his daughters.Check out The MITRE Innovation Toolkit to support innovation created by a group of Catalysts that Dan brought together.Original music by ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Lynz Floren⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

A major employee screening provider discloses a data breach affecting over 3.3 million people. Signal considers exiting Sweden over a proposed law that would give police access to encrypted messages. House Democrats call out DOGE's negligent cybersecurity practices. Critical vulnerabilities in Rsync allow attackers to execute remote code. A class action lawsuit claims Amazon violates Washington State's privacy laws. CISA warns that attackers are exploiting Microsoft's Partner Center platform. A researcher discovers a critical remote code execution vulnerability in MITRE's Caldera security training platform. An analysis of  CISA's JCDC AI Cybersecurity Collaboration Playbook. Ben Yelin explains Apple pulling iCloud end-to-end encryption in response to the UK Government. A Disney employee's cautionary tale.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Caveat podcast co-host Ben Yelin to discuss Apple pulling iCloud end-to-end encryption in response to the UK Government. You can read the article from Bleeping Computer here. Ben is the Program Director for Public Policy & External Affairs at University of Maryland Center for Health and Homeland Security. You can catch Caveat every Thursday here on the N2K CyberWire network and on your favorite podcast app.  Selected Reading 3.3 Million People Impacted by DISA Data Breach (SecurityWeek) DOGE must halt all ‘negligent cybersecurity practices,' House Democrats tell Trump (The Record) Signal May Exit Sweden If Government Imposes Encryption Backdoor (Infosecurity Magazine) Rsync Vulnerabilities Let Hackers Gain Full Control of Servers - PoC Released (Cyber Security News) Lawsuit: Amazon Violates Washington State Health Data Law (BankInfo Security) CISA Warns of Microsoft Partner Center Access Control Vulnerability Exploited in Wild (Cyber Security News) MITRE Caldera security suite scores perfect 10 for insecurity (The Register) CISA's AI cybersecurity playbook calls for greater collaboration, but trust is key to successful execution (CyberScoop) A Disney Worker Downloaded an AI Tool. It Led to a Hack That Ruined His Life. (Wall Street Journal)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Chief Teriyaki Officer Willy Wonka and Charlie Choccie PhD (Business) destroy beloved childhood memories. LINKS Buy tickets to our DREM World Tour https://tour.auntydonna.com/ Follow @theauntydonnagallery on Instagram https://bit.ly/auntydonna-ig Become a Patreon supporter at http://auntydonnaclub.com/ CREDITS  Hosts: Broden Kelly, Zachary Ruane, & Mark Bonanno   Producer: Lindsey Green Digital Producers: Nick Barrett, Jim Cruse & Tanya Zerek Managing Producer: Sam Cavanagh   Join The Aunty Donna Club: https://www.patreon.com/auntydonnaSee omnystudio.com/listener for privacy information.

SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the ongoing battle between governments and tech companies over encryption, focusing on Apple's recent response to the UK government's demands for access to iCloud data. They explore the implications of Apple's decision to disable advanced data protection for UK users and the broader context of encryption in cybersecurity. The conversation then shifts to the latest MITRE evaluation of endpoint protection platforms, highlighting Microsoft's performance and the challenges of the evaluation methodology. In this conversation, Andy Jaw and Adam Brewer delve into the complexities of cybersecurity, focusing on the limitations of current testing methods, the importance of realistic evaluations, and the need for a shared responsibility culture within organizations. They critique the MITRE evaluation process, discuss the shortcomings of phishing simulations, and emphasize the necessity of integrating security into the organizational culture to foster collaboration rather than hostility between security teams and users.----------------------------------------------------YouTube Video Link:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠https://youtu.be/TL_cu-vnu58----------------------------------------------------Documentation:https://www.theverge.com/policy/612136/uk-icloud-investigatory-powers-act-war-on-encryptionhttps://arstechnica.com/tech-policy/2025/02/apple-pulls-data-protection-tool-instead-of-caving-to-uk-demand-for-a-backdoor/https://www.microsoft.com/en-us/security/blog/2024/12/11/microsoft-defender-xdr-demonstrates-100-detection-coverage-across-all-cyberattack-stages-in-the-2024-mitre-attck-evaluations-enterprise/https://www.wsj.com/tech/cybersecurity/phishing-tests-the-bane-of-work-life-are-getting-meaner-76f30173----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

Our guest today is Jacques Sabrie, a Principal at MITRE, a non-profit organization that operates federally funded research and development centers, which power advances in national defense and security. Mr. Sabrie has been instrumental in coordinating efforts with the National Geospatial-Intelligence Agency (NGA), leveraging his extensive experience in systems engineering and global intelligence, surveillance, and reconnaissance (ISR). Listen as Mr. Sabrie discusses how technology affects great power competition, how we balance innovation with security concerns, and the skills needed to work in national security and intelligence.  What role does technology play in this shifting landscape? How do we balance innovation with security concerns, especially when dealing with emerging technologies? What are the key skills that young professionals should develop if they want to work in national security and intelligence?  Learn all this, and more, in this episode of In the Interest of National Security.  

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-394

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-394

About Dr. Brian Anderson:Dr. Brian Anderson is a leading voice in health AI as CEO and Co-Founder of the Coalition for Health AI (CHAI), guiding the development of national standards for safe and effective AI in healthcare. Formerly Chief Digital Health Physician at MITRE, he spearheaded crucial research initiatives, including advancements in clinical trials and oncology. An internationally recognized expert, Dr. Anderson speaks frequently on digital health, AI assurance, and interoperability. A Harvard Medical School graduate with an MD (honors) and a BA (cum laude), Dr. Anderson trained at Mass General, practiced at Greater Lawrence Family Health Center, and lives in Boston with his family.Things You'll Learn:A significant gap exists in the lack of independent labs to evaluate health AI, as these are already standard practice in other sectors with regulated technologies. The proposed national network of certified labs will fill this gap by providing independent assessments of AI models, promoting trust in their use.AI model cards are crucial for transparency because they detail the training methodologies and ingredients of AI models. This information helps users, such as physicians, make informed decisions about the tool's appropriateness for their patients.Clinicians need upskilling to critically evaluate AI tools and make informed decisions about their use in patient care.Generative AI applications like ambient scribes have the potential to greatly mitigate physician burnout by streamlining administrative tasks. This can give them more time to focus on their patients and improve their work-life balance.The creation of quality assurance labs will be a critical first step in AI regulation, helping to bridge the gap between rapidly evolving technology and established safety standards.Resources:Connect with and follow Dr. Brian Anderson on LinkedIn.Discover more about Coalition for Health AI (CHAI) on their LinkedIn and website.

We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes Show Notes: https://securityweekly.com/esw-394

We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes Show Notes: https://securityweekly.com/esw-394

In this episode of "Insights into Technology," host Joseph Whalen delves into the escalating world of cybersecurity threats with a focus on the alarming rise in credential theft. The discussion covers the intricate details of sneak thief malware and its implications for enterprise environments, as security teams brace for the top 10 MITRE attack techniques. The episode also delves into the evolving role of artificial intelligence in particle physics, exploring how AI is transforming research at the Large Hadron Collider and its potential to unlock the universe's deepest mysteries. Additionally, it touches on the ethical considerations and security challenges posed by AI in espionage activities. Finally, the episode examines Microsoft's strategic push towards Windows 11, highlighting the hardware requirements and the broader implications for users and organizations facing a significant tech upgrade.

In this episode of "Insights into Technology," host Joseph Whalen delves into the escalating world of cybersecurity threats with a focus on the alarming rise in credential theft. The discussion covers the intricate details of sneak thief malware and its implications for enterprise environments, as security teams brace for the top 10 MITRE attack techniques. The episode also delves into the evolving role of artificial intelligence in particle physics, exploring how AI is transforming research at the Large Hadron Collider and its potential to unlock the universe's deepest mysteries. Additionally, it touches on the ethical considerations and security challenges posed by AI in espionage activities. Finally, the episode examines Microsoft's strategic push towards Windows 11, highlighting the hardware requirements and the broader implications for users and organizations facing a significant tech upgrade.

Andy Jaquith joins us to discuss how to prioritize vulnerabilities and remmediation in the real-world, including asset management and more! In the security news: ESP32s in the wild and security, Google oAuth flaw, DDoS targets, Ban on auto components, Bambu firmware updates, Silk Road founder is free, one last cybersecurity executive order, US Treasury hack update, Mitre launches a new program to deal with naming things, and educational content on Pornhub? (not what you think, its SFW!) Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-858

Andy Jaquith joins us to discuss how to prioritize vulnerabilities and remmediation in the real-world, including asset management and more! In the security news: ESP32s in the wild and security, Google oAuth flaw, DDoS targets, Ban on auto components, Bambu firmware updates, Silk Road founder is free, one last cybersecurity executive order, US Treasury hack update, Mitre launches a new program to deal with naming things, and educational content on Pornhub? (not what you think, its SFW!) Show Notes: https://securityweekly.com/psw-858

Andy Jaquith joins us to discuss how to prioritize vulnerabilities and remmediation in the real-world, including asset management and more! In the security news: ESP32s in the wild and security, Google oAuth flaw, DDoS targets, Ban on auto components, Bambu firmware updates, Silk Road founder is free, one last cybersecurity executive order, US Treasury hack update, Mitre launches a new program to deal with naming things, and educational content on Pornhub? (not what you think, its SFW!) Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-858

Andy Jaquith joins us to discuss how to prioritize vulnerabilities and remmediation in the real-world, including asset management and more! In the security news: ESP32s in the wild and security, Google oAuth flaw, DDoS targets, Ban on auto components, Bambu firmware updates, Silk Road founder is free, one last cybersecurity executive order, US Treasury hack update, Mitre launches a new program to deal with naming things, and educational content on Pornhub? (not what you think, its SFW!) Show Notes: https://securityweekly.com/psw-858

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it. Segment Resources: Tidal Cyber website Tidal Cyber Community Edition We're a fan of hacker lore and history here at Security Weekly. In fact, Paul's Security Weekly has interviewed some of the most notable (and notorious) personalities from both the business side of the industry and the hacker community. We're very excited to share this new effort to document hacker history through in-person interviews. The series is called "Where Warlocks Stay Up Late", and is the creation of Nathan Sportsman and other folks at Praetorian. The timing is crucial, as a lot of the original hackers and tech innovators are getting older, and we've already lost a few. References: Check out the Where the Warlocks Stay Up Late website and subscribe to get notified of each episode as it is released Check out the anthropological hacker map and relive your misspent youth! In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode's acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding. A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight. We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-389

We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it. Segment Resources: Tidal Cyber website Tidal Cyber Community Edition We're a fan of hacker lore and history here at Security Weekly. In fact, Paul's Security Weekly has interviewed some of the most notable (and notorious) personalities from both the business side of the industry and the hacker community. We're very excited to share this new effort to document hacker history through in-person interviews. The series is called "Where Warlocks Stay Up Late", and is the creation of Nathan Sportsman and other folks at Praetorian. The timing is crucial, as a lot of the original hackers and tech innovators are getting older, and we've already lost a few. References: Check out the Where the Warlocks Stay Up Late website and subscribe to get notified of each episode as it is released Check out the anthropological hacker map and relive your misspent youth! In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode's acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding. A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight. We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-389

We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it. Segment Resources: Tidal Cyber website Tidal Cyber Community Edition Show Notes: https://securityweekly.com/esw-389

We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it. Segment Resources: Tidal Cyber website Tidal Cyber Community Edition Show Notes: https://securityweekly.com/esw-389

MILEI HABLÓ SOBRE EL PRESIDENTE ELECTO DE VENEZUELA Entrevista al presidente Javier Milei en Radio Mitre 04 de Enero de 2025 ¡¡¡Bienvenidos a las fuerzas del cielo!!! Ayuda a la continuidad de este canal dándole al botón "APOYAR" en IVOOX https://go.ivoox.com/sq/873492 ¡Muchas gracias! ¡¡¡VIVA LA LIBERTAD CARAJO!!! ──────────────────────────────────────────────── ℹ️ Este programa forma parte de Free Cuban Podcasts : https://www.ivoox.com/escuchar-free-cuban-podcasts_nq_593331_1.html Un proyecto independiente y personal que nace con la intención de difundir las ideas de la libertad ℹ️ Puedes ayudar a su continuidad a través de BIZUM: 692/163/601 ──────────────────────────────────────────────── Otros programas del canal Audios Juan Ramón Rallo: https://go.ivoox.com/sq/869461 Audios Miguel Anxo Bastos: https://go.ivoox.com/sq/1348569 Audios Javier Milei: https://go.ivoox.com/sq/873492 Audios Daniel Lacalle: https://go.ivoox.com/sq/1529184 Lecciones de Economía con Huerta de Soto: https://go.ivoox.com/sq/2035575 Audios Liberal - Libertarios: https://go.ivoox.com/sq/847011 ¡¡¡Muchas gracias!!!

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Complex environments exist in commercial organizations and the federal government. In a typical fashion, humans resist change until an incident force restructuring. In this case, the change of design will be costly. During today's interview, Nick Pesce says that today's systems are burdened to such an extent that structural change should start now, when it is easy and less expensive, and then wait for an incident that will cause change. Both guests, Nick Pesce and Don Lamb, have experience in federal government change management. They work for the well-respected MITRE, home of the ATT&CK framework. As a result, they can look at a systemic problem and see the solution. Their report, Recommendations for Creating Cross-Agency Enterprise Design Specifications, details ways to make this change. They also detail user stories and use cases and how to manage requirements and proofs of concept. Their argument goes that when combined with understanding mission objectives, the existing information silos in the federal government can be overcome.  

Since D3FEND was founded to fill a gap created by the MITRE ATT&CK Matrix, it has come a long way. We discuss the details of the 1.0 release of D3FEND with Peter in this episode, along with some of the new tools they've built to go along with this milestone. To use MITRE's own words to describe the gap this project fills: "it is necessary that practitioners know not only what threats a capability claims to address, but specifically how those threats are addressed from an engineering perspective, and under what circumstances the solution would work" Segment Resources: https://d3fend.mitre.org In the enterprise security news, a final few fundings before the year closes out Arctic Wolf buys Cylance from Blackberry for cheap, a sentence that feels very weird to say the quiet HTTPS revolution passkeys are REALLY catching on resilience keeps showing up in the titles of news items Apple Intelligence insults the BBC's intelligence MITRE ATT&CK evals drama Lastpass breach drama continues All that and more, on this episode of Enterprise Security Weekly As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-388

Since D3FEND was founded to fill a gap created by the MITRE ATT&CK Matrix, it has come a long way. We discuss the details of the 1.0 release of D3FEND with Peter in this episode, along with some of the new tools they've built to go along with this milestone. To use MITRE's own words to describe the gap this project fills: "it is necessary that practitioners know not only what threats a capability claims to address, but specifically how those threats are addressed from an engineering perspective, and under what circumstances the solution would work" Segment Resources: https://d3fend.mitre.org In the enterprise security news, a final few fundings before the year closes out Arctic Wolf buys Cylance from Blackberry for cheap, a sentence that feels very weird to say the quiet HTTPS revolution passkeys are REALLY catching on resilience keeps showing up in the titles of news items Apple Intelligence insults the BBC's intelligence MITRE ATT&CK evals drama Lastpass breach drama continues All that and more, on this episode of Enterprise Security Weekly As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-388

Since D3FEND was founded to fill a gap created by the MITRE ATT&CK Matrix, it has come a long way. We discuss the details of the 1.0 release of D3FEND with Peter in this episode, along with some of the new tools they've built to go along with this milestone. To use MITRE's own words to describe the gap this project fills: "it is necessary that practitioners know not only what threats a capability claims to address, but specifically how those threats are addressed from an engineering perspective, and under what circumstances the solution would work" Segment Resources: https://d3fend.mitre.org Show Notes: https://securityweekly.com/esw-388

Josh and Kurt talk about a CWE Top 25 list from MITRE. The list itself is fine, but we discuss why the list looks the way it does (it's because of WordPress). We also discuss why Josh hates lists like this (because they never create any actions). We finish up running through the whole list with a few comments about the findings. Show Notes 2024 CWE Top 25 Most Dangerous Software Weaknesses Set of 9 Unusual Odd Sided dice - D3, D5, D7, D9, D11, D13, D15, D17 & D19

SUSCRÍBETE A LA VERSIÓN DE PAGO DE LA NEWSLETTER Y RECIBE CONTENIDO EXCLUSIVO SUSCRIBETE A LA VERSIÓN EN ABIERTO DE LA NEWSLETTER A MICRÓFONO CERRADONOTAS DEL EPISODIO: WWW.CRISTINAMITRE.COMLa menopausia es una etapa natural, pero no debe ser ignorada. Su correcto manejo puede mejorar significativamente la calidad de vida y prevenir complicaciones. Clotilde Vázquez aborda diversos aspectos de la menopausia, desde los cambios hormonales y sus síntomas, hasta los riesgos y beneficios de los tratamientos hormonales de reemplazo.Desde el 1 de diciembre al 6 de enero de 2025 con el código de descuento MITRE 10 en la web de gh obtendréis un 10% de descuento en mis productos con gh. Aprovechad para probarlos, reponerlos o encargar regalos de Reyes. Loción exfoliante 5 Azelaic-SEmulsión limpiadora KireEsencia hidratante 4FNHLos tres, juntos o separados, pueden formar parte de rutinas para todos los tipos de piel: grasa, madura, seca, adolescente, tras el afeitado, incluso con rosácea. En este enlace a mi web encontraréis la información completa sobre cada producto y cómo integrarlos en una rutina según tu piel.Instagram @thebeautymailTwitter @cristinamitreYouTube https://www.youtube.com/c/CristinaMitreLinkedIn Cristina Mitre ArandaFacebook https://www.facebook.com/Crismitre Hosted on Acast. See acast.com/privacy for more information.

Mary Kitson, the founder and director of Mentor HR®, as well as the senior program manager at MITRE explores the pivotal role mentorship plays in career development, particularly within the HR profession. Kitson highlights the long-term benefits of mentorship for individuals and organizations alike. Discover how beyond skill development, mentorship fosters emotional well-being, job satisfaction, and a sense of community. It also touches all aspects of a mentee's life, often creating a ripple effect of positive change.Rate/review All Things Work on Apple Podcasts and Spotify.

SUSCRÍBETE A LA VERSIÓN DE PAGO DE LA NEWSLETTER Y RECIBE CONTENIDO EXCLUSIVO SUSCRIBETE A LA VERSIÓN EN ABIERTO DE LA NEWSLETTER A MICRÓFONO CERRADONOTAS DEL EPISODIO: WWW.CRISTINAMITRE.COMCharlamos con el subdirector de Hoy por Hoy, columnista en El País, podcaster y novelista, José Luis Sastre, un mes después de la dana de Valencia, sobre actualidad, bulos, política, antipolítica y solidaridad. Sastre comparte algo que seguro muchos hemos sentido: “Hay un punto en el que la actualidad te desborda y te afecta emocionalmente. Entiendo que la gente quiera abstraerse para encontrar algo de paz interior.” Desde el 1 de diciembre al 6 de enero de 2025 con el código de descuento MITRE 10 en la web de gh obtendréis un 10% de descuento en mis productos con gh. Aprovechad para probarlos, reponerlos o encargar regalos de Reyes. Loción exfoliante 5 Azelaic-SEmulsión limpiadora KireEsencia hidratante 4FNHLos tres, juntos o separados, pueden formar parte de rutinas para todos los tipos de piel: grasa, madura, seca, adolescente, tras el afeitado, incluso con rosácea. En este enlace a mi web encontraréis la información completa sobre cada producto y cómo integrarlos en una rutina según tu piel.Instagram @thebeautymailTwitter @cristinamitreYouTube https://www.youtube.com/c/CristinaMitreLinkedIn Cristina Mitre ArandaFacebook https://www.facebook.com/Crismitre Hosted on Acast. See acast.com/privacy for more information.

SUSCRÍBETE A LA VERSIÓN DE PAGO DE LA NEWSLETTER Y RECIBE CONTENIDO EXCLUSIVO SUSCRIBETE A LA VERSIÓN EN ABIERTO DE LA NEWSLETTER A MICRÓFONO CERRADONOTAS DEL EPISODIO: WWW.CRISTINAMITRE.COMCharlamos con Roberto Bosquet, más conocido como Chef Bosquet, quien lleva años demostrando, receta tras receta, que comer sano puede ser delicioso y, además, sencillo. Sus más de 2 millones de seguidores en Instagram confirman su éxito en esta tarea y, desde luego, si es verdad que se come con los ojos, las fotos de los platos que sube te dan ganas de comértelo todo. En el episodio de esta semana Chef Bosquet comparte con nosotros sus trucos para transformar recetas simples en platos irresistibles. nos cuenta cómo hace para que sus niños disfruten cocinando y comiendo sano, cómo organiza los menús o cómo hace la compra. Por cierto, Roberto, además de chef es bombero de profesión, y en este episodio nos cuenta su experiencia ayudando tras la Dana en Valencia. Así, le pone al episodio una pizca de solidaridad para que no olvidemos de lo que está pasando y sigamos apoyando a los valencianos.Desde el 1 de diciembre al 6 de enero de 2025 con el código de descuento MITRE 10 en la web de gh obtendréis un 10% de descuento en mis productos con gh. Aprovechad para probarlos, reponerlos o encargar regalos de Reyes. Loción exfoliante 5 Azelaic-SEmulsión limpiadora KireEsencia hidratante 4FNHLos tres, juntos o separados, pueden formar parte de rutinas para todos los tipos de piel: grasa, madura, seca, adolescente, tras el afeitado, incluso con rosácea. En este enlace a mi web encontraréis la información completa sobre cada producto y cómo integrarlos en una rutina según tu piel.Instagram @thebeautymailTwitter @cristinamitreYouTube https://www.youtube.com/c/CristinaMitreLinkedIn Cristina Mitre ArandaFacebook https://www.facebook.com/Crismitre Hosted on Acast. See acast.com/privacy for more information.

The feds take down the PopeyeTools cybercrime market. Five alleged Scattered Spider members have been charged.  CISA warns of critical vulnerabilities in VMware's vCenter Server. Global AI experts convene to discuss safety. MITRE updates its list of Top 25 Most Dangerous Software Weaknesses. US and Australian agencies warn critical infrastructure organizations about evolving tactics by the BianLian ransomware group. A new report looks at rising threats to the U.S. manufacturing industry. Researchers at ESET uncover the WolfsBane Linux backdoor. A pair of malicious Python packages impersonating ChatGPT went undetected for over a year. A data breach at a French hospital compromised the medical records of 750,000 patients. On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate's Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." AI Pimping is the scourge of Instagram.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate's Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." Resources:  Security Validation Essentials Hertz Israel Reduced Cyber Risk by 81% within 4 Months with Cymulate SecOps Roundtable: Security Validation and the Path to Exposure Management Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD Selected Reading US seizes PopeyeTools cybercrime marketplace, charges administrators (Bleeping Computer) Five Charged in Scattered Spider Case (Infosecurity Magazine) CISA Warns of VMware VCenter Vulnerabilities Actively Exploited in Attacks (Cyber Security News) US Gathers Allies to Talk AI Safety as Trump's Vow to Undo Biden's AI Policy Overshadows Their Work (SecurityWeek) MITRE Updates List of 25 Most Dangerous Software Vulnerabilities (SecurityWeek) BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk (Infosecurity Magazine) Manufacturing Sector Under Siege: Industry Faces Wave of Advanced Email Attacks (Abnormal Security) Gelsemium APT Hackers Attacking Linux Servers With New WolfsBane Malware (Cyber Security News) Two PyPi Malicious Package Mimic ChatGPT & Claude Steals Developers Data (GB Hackers) Cyberattack at French hospital exposes health data of 750,000 patients (Bleeping Computer) Inside the Booming 'AI Pimping' Industry (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today on the show, Pete's getting a little too obsessed with his mitre saw, feeling all powerful like…hold up, Jesus? Are we hearing that right?The lads dive deep into another Jesus convo, but this time, they're brainstorming how he could really stamp out any doubt about his existence. Could he pull a Taylor Swift on us and pop up at a gig? Or bless his disciples with 12 shiny new treadmills? Maybe he could show us the wonders of a Nectar card or even unveil a car with a mystical twist? The possibilities are endless!Plus, Luke opens up about a personal low point of the week: being utterly shamed by a delivery driver. It's a wild ride, as always.Email: hello@lukeandpeteshow.com or you can get in touch on X, Threads or Instagram.***Please take the time to rate and review us on Apple, Spotify or wherever you get your pods. It means a great deal to the show and will make it easier for other potential listeners to find us. Thanks!*** Hosted on Acast. See acast.com/privacy for more information.