Podcasts about Mitre

If you're anything like me, the moment you saw the World's most famous art gallery had been robbed of the French Crown Jewels... one thing came to mind. It's silly really, because at the end of the day it's a crime. A serious crime. Nevertheless, it's hard to totally ignore the audacity and romance of it all. What's the difference between a robbery and a heist? Whatever it is that distinguishes those words... there is something seductive. We were told the thieves were organised, efficient, and used specialist equipment. I imagined a Tom Cruise-like figure firing a grappling hook out of a special gun, repelling from the ceiling and acrobatically navigating a room of invisible lasers, any of which if broken, would immediately trigger an alarm and a carbon dioxide pump that would starve the room of oxygen and suffocate the thieves where they stood. Alas, as more detail has emerged over the last two weeks, it's become clear the Louvre Heist was less Mission Impossible and more Mission-to-Mitre-10. The specialist equipment the thieves used? It was a plain old over-the-counter angle grinder like the second-hand Makita I have in my tools cupboard at home. I'd never thought about it before, but the problem with publicly displaying crown jewels worth tens or hundreds of millions of dollars, is that security in the display cases can only go so far. As well as being hard to access for potential thieves, in the event of a fire, the cases need to be openable in a few seconds. So they need to be super-secure. But also super-accessible. What could go wrong? What the thieves seemed to have worked out is that using an axe or a hammer was a bad idea. It would have potentially taken hundreds of blows to break through and get the goods. But the museum's own firefighting handbook lays out the best course of action for quickly getting into the Louvre's secure display cases: you don't smash, you cut. Although they've made a series of arrests, lessons abound for the French authorities. It's shocking they had such poor security camera coverage around the museum. But as more and more detail comes to light, I think there's a valuable lesson for all of us: The disguises. The thieves weren't in military fatigues. They weren't dressed in all black. They weren't wearing crazy masks like the ones in MoneyHeist. They were wearing the universal uniform of authority: high-vis vests. The great irony of a garment designed to be seen is that it has become so ubiquitous, we don't see it, even when it's being worn by thieves, in broad daylight, stealing some of the most valuable jewellery in the World. The Paris Police, who has street cameras trained on the area where the thieves parked their truck, sheepishly admitted this week that no one paid any attention to the men on the video feed. In their hi-vis vests, they looked like a regular construction crew, said a Police spokesperson. And Paris has heaps of construction. It looks increasingly likely the men will not get away with their theft. And though clearly they were organised, this was hardly the perfect crime. They dropped some of the jewels and left heaps of evidence at the scene. They tried to burn the truck but the gas tank wouldn't catch. The big question now is whether or not the jewels are still intact. Still, they have proved something. For the biggest heist at the World's most-famous museum in more than a hundred years, the biggest heist since the Mona Lisa was pinched way back in 1911, you only need three things: A charged battery on your angle grinder. An air of confidence and purpose. And most importantly, a high-vis vest. LISTEN ABOVESee omnystudio.com/listener for privacy information.

Mitre 10's Stan Smith joins Jesse to answer all your DIY questions.

On this episode I kikback with the homie from Panama, Iris Mitre and talk about her transition to america, how she got into fashion and we talk about gardening and why she reached out to me and gave me plants to get started. Dope fun show!!!

Welcome and Introduction- Will Townsend welcomes Anshel Sag to episode 240 of G2 on 5G.- Coverage of six topics spanning 5G and 6G developments.T-Mobile's Edge Control Solution- Launch of Edge Control at fourth annual Innovate Awards.- Combines 5G advanced network with local breakout for private-like cellular experience.- Zero on-premise infrastructure requirement distinguishes this solution.- Strategic positioning against Verizon and AT&T in enterprise cellular offerings.Nvidia and Nokia Partnership- Extension of aerial RAN computer announcements for 6G.- Nvidia's billion-dollar investment in Nokia signals strategic alignment.- Partnership includes T-Mobile and Dell Technologies for server infrastructure.- Nokia stock surged 25% following the announcement.All-American AI RAN Stack- Announcement of domesticated supply chain for 6G development.- Nvidia's aerial platform moving to open source to accelerate adoption.- Full-stack solution involving Cisco, Mitre, and Booz Allen.- Focus on spectrum sensing and computer vision applications.Nvidia DGX Spark Developer Experience- Anshel Sag shares hands-on experience with DGX Spark device.- 200 gigabit connectivity and scalable memory capacity.- Simplified software stack enables AI deployment without extensive coding knowledge.Samsung Networks and SoftBank MOU- Joint research agreement for 6G and AI-based RAN technologies.- Four focus areas: 6G, AI for RAN, AI in RAN, and large telecom models.- Cultural significance of Korean-Japanese partnership in telecommunications.5G Techratory Event Insights- Will Townsend's experience hosting panels in the Baltic region.- "Defense of 5G" panel discussion with European experts and skeptics.- Challenges in European 5G deployment due to fragmented regulation.- Delayed standalone 5G rollout creating similar frustrations as experienced in U.S.Fixed Wireless Access as Killer Use Case- FWA success in U.S. market with T-Mobile leading adoption.- AT&T's Internet Air product serving consumers and enterprises.Verizon's Fiber Expansion Strategy- New CEO driving aggressive fiber buildout through wholesale partnerships.- Deal with Eaton Fiber for network expansion without direct capital investment.- Following AT&T's successful fiber strategy after years of market leadership.Competitive Fiber Market Dynamics- AT&T's overinvestment in fiber driving strong ARPU and earnings performance.- T-Mobile's strategic shift toward fiber for backhaul and FWA support.- Verizon's Pac-Man approach with Frontier acquisition correcting previous divestiture.- Competition driving price improvements and better consumer options.

The Pentagon's tech pipeline is littered with promising innovations that never make it to the field. MITRE's new Transition Maturity Framework aims to change that by replacing the slow, siloed acquisition process with a collaborative, data-driven approach. For insight on how this framework could help warfighters—and why it might be a fix for the “ditches of death”—we turn to MITRE's senior vice president for national security, Keoki Jackson.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Christina Irene is a disability and diversity speaker who works with corporations, not-for-profit organizations, government entities, and educational institutions all over the world. Her clients include Target, Redfin, Maersk, U.S. Department of State, U.S. Navy, National Credit Union Administration, FINRA, MITRE, the Brookings Institution, Johns Hopkins University, Technology University of Eindhoven, Penn State Health, Pueblo of Jemez, and many more. Using a lived-experience approach, she invented the Splat system of communication and published a series of books on it, including Talking Splat: Communicating About Hidden Disabilities, Splatvocate: Supporting People With Hidden Disabilities, and Spactivity Book: Self-Care and Carefree Distractions for Adults with Hidden Disabilities. Christina's past careers include high school English and theater teacher and nationally-touring stand-up comedian. She lives with physical, cognitive, and mental health disabilities. To learn more about Christina Irene: Website: ChristinaIrene.com YouTube: @ChristinaIreneInspires (or use the url ChristinaIreneTube.com which redirects to my channel) Instagram: @TalkingSplat (all Splat-related content) and @InstaChristinaIrene  TikTok: @TalkingSplat Facebook: @SplattiePage (Splat-related content) and @ChristinaIreneInspires

Join Bhavna Sawnani as she explores a crucial aspect of employee experience surveys: driving high participation and engagement, in conversation with Chrystal Kennedy, Head of People Partnering at Mitre 10 New Zealand.Together, they unpack how Mitre 10 achieved exceptional participation rates across a highly operational and decentralised organisation, even while transitioning to new platforms. The discussion dives into the vital role of senior leader buy-in, effective communication and promotion from boardroom to frontline, and how embedding the ‘why' behind the survey can inspire action and trust.Listen to gain practical tactics for promotion and mobilisation, the power of networks and local champions, and ways to remove friction so people can and will respond. Discover what messages resonate, when and how to target communications, and how closing the loop builds trust for the next cycle.This episode offers actionable insights and practical tips to help organisations boost survey participation and build a culture of listening that drives long-term impact.

New DShield Support Slack Workspace Due to an error on Salesforce s side, we had to create a new Slack Workspace for DShield support. https://isc.sans.edu/diary/New%20DShield%20Support%20Slack/32376 Attackers Exploiting Recently Patched Cisco SNMP Flaw (CVE-2025-20352) Trend Micro published details explaining how attackers took advantage of a recently patched Cisco SNMP Vulnerability https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte Framework BIOS Backdoor The mm command impleneted in Framework BIOS shells can be used to compromise a device pre-boot. https://eclypsium.com/blog/bombshell-the-signed-backdoor-hiding-in-plain-sight-on-framework-devices/ SANS.edu Research: Mark Stephens, Validating the Effectiveness of MITRE Engage and Active Defense https://www.sans.edu/cyber-research/validating-effectiveness-mitre-engage-active-defense/

O mercado imobiliário brasileiro vive um momento decisivo. Com as novas medidas anunciadas pelo governo para estimular o crédito imobiliário e um cenário de juros ainda elevados, como as construtoras e incorporadoras estão se preparando para o próximo ciclo? A demanda por imóveis segue aquecida, especialmente nas grandes capitais, mas quais são os verdadeiros desafios para destravar o crescimento do setor?

Send us a textEpisode 258 – Terry Bollinger: Understanding the Limits of Artificial IntelligenceIn this episode of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, speaks with Terry Bollinger, retired technology analyst at MITRE, about the limits of artificial intelligence and the growing risks of relying on systems that only mimic human understanding. They discuss how large language models operate as mimicry machines, imitating intelligence rather than achieving it, and how this design choice leads to fundamental weaknesses in trust, accuracy, and accountability. Terry explains that AI models based on probability and pattern replication erase uniqueness, creating false confidence in their results. He warns that by averaging data rather than analyzing meaning, these systems blur important distinctions, making it difficult to detect errors, anomalies, or malicious activity. Debbie and Terry explore why true privacy and security depend on identifying outliers —the small deviations that reveal hidden threats, rather than relying on average trends.Terry describes how traditional security systems are built on clearly defined boundaries, data paths, and verification processes, while modern AI systems often remove those controls. He emphasizes that when data is distributed, reweighted, and stored probabilistically, it becomes nearly impossible to verify what has been learned, lost, or leaked. The conversation examines the risks of utilizing LLMs in sensitive environments, where transmitting confidential data to remote commercial systems can compromise containment and integrity. Terry discusses how interpolation, or the act of filling in the blanks when data is missing, leads AI to generate convincing but incorrect answers, what he calls “random noise masquerading as insight.” Debbie and Terry also examine why intelligence, wisdom, and comprehension cannot be replicated through scale or speed. The episode concludes with a reflection on the importance of human judgment, accountability, and boundary control in an era where automation is expanding faster than understanding.Support the show

Cold cases test the patience, persistence, and creativity of any investigator. Few know this better than Pete Hughes.In this episode of Fed Time Stories, hosts Dave Brant and John Gill talk with Pete about his four decades in law enforcement, from his early years as a patrol officer to his leadership role at NCIS. Pete shares how he helped shape the agency's cold case program and the unique methods investigators use when re-examining unsolved crimes years later.He also reflects on one of his most challenging investigations, a decades-old disappearance that had long been considered unsolvable, and how determined investigative work ultimately brought long-awaited resolution for a grieving family. Beyond cold cases, Pete discusses his later work uncovering fraud and corruption in Afghanistan and at MITRE, showing how the same skills and values carried across each stage of his career.Tune in for an inside look at investigative persistence, lessons from decades of service, and what it takes to bring closure after so many years.Fed Time Stories is brought to you by Kaseware, an investigative case management solution. Learn more at www.kaseware.com/fedtimestoriespodcast

What is a CVE – and why does it matter to your patching process? Landon Miles breaks down CVEs, CVSS scores, and CNAs – covering how they work together, what to prioritize, and how to respond. Learn how to assess risk, spot active exploits, and streamline remediation with clear, actionable steps.

This Episodes Questions: Brians Questions: I've been making music boxes and trying to replicate the traditional style (see attached photos). I'm struggling to get the curved edge just right. I've tried using a planer, but I keep messing up and have ended up wasting a lot of boards. Router round-overs almost work, but still need planed or sanded after routing to get the shape just right, and also they're pretty dangerous given the small and awkward size of the pieces—I'm working with ¾-inch thick wood that's 2.5 inches high for the box sides. I'd like a repeatable process that provides consistent shapes, but can't seem to find a way to achieve it.  Advice? Trish I've heard a few of your podcasts where you speak about making boxes and using a router to make the miter. I'm assuming you're using a bit with a 45° angle. What I don't understand is, how do you get the sides to be the exact same length while using your router table. It would seem to me that having the top of the angle (the point of the angle) against the fence would be almost impossible to get perfectly sized sides.  Can you please describe what I am missing here, since a perfect 45° angle using a route a bit seems incredibly simple. Mike G. Guys Questions: I have always tried to select straight grain for legs, aprons, stretchers and the frame of a frame and panel.  I am now thinking this may be too much straight grain in a piece of furniture. When are the times that you would not do this and would instead use a more interesting grain pattern in these pieces.  Does the wood species affect your choice? For example, it seems like the current trend with walnut is not worrying about getting any straight grain in the pieces at all.  Thanks for all your help. Jeff Hi from Melbourne Australia. I've been listening for years, and I like how y'all do things! Thanks for making the best woodworking pod. Like everyone, I have a small shop, that I fit a lot into. Without listing every item… I've got stationary machines covered with a euro style slider (Hammer K3), a 14” bandsaw (N4400) and a combo planer/thicknesser (A3-31). Those 3 cover my needs really well, and I've learned to work within the capacity of my tools and space. It's the secondary/benchtop machines that are causing trouble. Mitre saw was first to go. Don't miss it, don't need it. I'm looking at sanders next. The disc sander stays, couldn't live without it. But the 1632 drum sander and the oscillating bobbin sander are both rarely used and take up space I want back. Could you life without them? If not, what's the essential job they do for you? I'm usually making furniture sized objects. With the finish I get off the helical thicknesser, I find that hand planes/scrapers, ROS, and hand sanding is usually all I need. For bigger flat things, I'm gonna pay a pro shop to put it thru a wide belt sander anyway. Johnny Huys Questions: I was trained on a belt sander, and as Guy has mentioned, there is a learning curve. I'm now very proficient with one and it is a central part of my stock prep: from the planer, I belt sand a rough-sized board with 80 grit, wet it down and let it dry to raise any remaining compression marks from the planer, and then belt sand with 120. I then cut the board to final dimension, random orbital sand with 120, cut the joinery, and then random orbital sand the fitted piece to 180 before final assembly. The process leaves flawless surfaces every time. For panel glue-ups and tabletops, I glue up from the planer using cauls and then make sure the 80 grit belt sanding that follows evens out any discrepancies in height along the joints (hopefully they are minimal). I have zero experience with a drum sander, but I would consider getting one if it could replace some of the above belt sanding, as the belt sander is no light weight hand tool, and it's a killer on my back when I have to sand a full width dining table. I would likely get the PM2244, as I have heard it is the easiest to adjust. You all have mentioned that a drum sander does NOT offer a finish ready surface, as it leaves sanding ridges along the workpiece. This is not a problem in my workflow if it replaces the belt sander. My questions: Are these ridges similar to what I get with the belt sander for a given grit, or are they deeper, requiring by comparison to the belt sander extra time on the following grit? Since I am not seeking to dimension or flatten, but merely prep the surface for the next grit, would one pass in the drum sander for each grit be enough, or am I looking at multiple passes per grit? With a belt sander, there is a lot of back and forth, but with a drum sander I'm wondering if a single pass through will give the same result. How easy and fast is it to change the grit on a drum sander if I want to run 80 grit and then 120 in each sanding session? A dual drum unit is not in the budget. Finally, how reasonable is it to get good results sanding a tabletop that exceeds the width of the sander (i.e., the 22 in the Powermatic) but is within the bounds of the larger number (here, the 44)? With some practice, can I get reliable results, or does this just create more work after sanding, where I'll likely be pulling out the belt sander to even out a center ridge anyway? Keep in mind this could include tabletops from small night stands to full 8' dining tables. As a professional shop, the whole endeavor would be to save me some time and labor. Is it worth getting a drum sander for my workflow, or should I just stick to the belt sander? Michael After listening to your podcast this week I listened with interest the question that was posted by Jose about track saw blade deflection and you guys had a great response.  Unfortunately I was hoping that you would address the issue that I'm having with my Makita SP 6000 unit.  I bought this unit a couple of years ago and despite great reviews have been a little disappointed.  The saw seems to be underpowered.  It struggles getting through material whether its 3/4" plywood or thicker hardwood.  I started with the stock Makita blade 165x20 48 tooth then with with a CMT 165x20 24 tooth and am currently using a Ridge Carbide TRK16048A 48 tooth blade.  I have a Festool extractor and using Makita tracks.  The problem is the saw bogs down (I have to creep with the feed rate  and still have the issue although not as bad) and burning.  Also sometimes the right side of the track edges up where two tracks join causing the saw to catch.  I have the good TSO GRC12 track connectors.  The Makita ones are junk.  I What's up with this?  Do I need to move this thing out the door, bite the bullet and buy a Festool? Love the podcast. Tom

Trigger warning: This episode includes discussion of suicide in the context of researching measurable predictive indicators and the lack thereof in the context of cyber. Episode NotesDr Caputo's path from social psychology to applied security, including intelligence analysis and building a behavioural-science team at MITRE.What MITRE is: a not-for-profit operating six federally funded R&D centres that provide independent, public-interest research alongside government.Why early “indicator” hunting on endpoints often chased the last bad case; shifting to experiments and known-bad/created-bad data to learn patterns of behaviour change.The LinkedIn recruiter field experiment: ethically approved creation of recruiter personas, staged outreach in three messages, and follow-up interviews to understand reporting barriers.What user-activity monitoring can and cannot tell you; the role of human judgement and programme design.Insider-risk is not only “malicious users”: designing programmes for negligent, mistaken or outsmarted behaviours as well.Current lines of work include improving employee recognition and reporting of malicious elicitations and exploring whether insider-risk telemetry offers early signals of suicide risk.Why multidisciplinary teams beat solo efforts in insider-risk operations.About our guest:Dr. Deanna D. Caputo MITRE Insider Threat Research & Solutions profile: https://insiderthreat.mitre.org/dr-caputo/ LinkedIn: https://www.linkedin.com/in/dr-deanna-d-caputoPapers or resources mentioned in this episode:Caputo, D. D. (2024). Employee risk recognition and reporting of malicious elicitations: Longitudinal improvement with new skills-based training. Frontiers in Psychology. https://www.frontiersin.org/journals/psychology/articles/10.3389/fpsyg.2024.1410426/full MITRE Insider Threat Research & Solutions. (2025). Suicide risk and insider-risk telemetry overview. https://insiderthreat.mitre.org/suicide-risk/ MITRE. (2024). Managing insider threats is a team sport. https://www.mitre.org/news-insights/impact-story/managing-insider-threats-team-sport MITRE Insider Threat Research & Solutions. (2024). Capability overview two-pager (PDF). https://insiderthreat.mitre.org/wp-content/uploads/2024/06/MITREInTResearchSolutions-CapabilityTwoPager-24-0659_2024-02-01.pdf MITRE Insider Threat Research & Solutions. (2024). Insider Threat Behavioural Risk Framework two-pager (PDF). https://insiderthreat.mitre.org/wp-content/uploads/2024/06/MITREInTResearchSolutions-InTFramework_TwoPager-24-0674_2024-03-18.pdf

A major ransomware attack disrupts airport operations across Europe. Congress is on the verge of letting major cyber legislation expire. A critical flaw nearly allowed total compromise of every Entra ID tenant. Automaker Stellantis confirms a data breach. Fortra patches a critical flaw in its GoAnywhere MFT software. Europol leads a major operation against online child sexual exploitation. Three of the cybersecurity industry's biggest players opt out of MITRE's 2025 ATT&CK Evaluations. A compromised Steam game drains a cancer patient's donations. Business Breakdown. Andrzej Olchawa and Milenko Starcik from VisionSpace join Maria Varmazis, host of T-Minus Space on hacking satellites. How one kid got tangled in Scattered Spider's web. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Andrzej Olchawa and Milenko Starcik from VisionSpace are speaking with Maria Varmazis, host of T-Minus Space on hacking satellites. Selected Reading EU cyber agency says airport software held to ransom by criminals (BBC News) Cyber threat information law hurtles toward expiration, with poor prospects for renewal (CyberScoop) Microsoft Entra ID flaw allowed hijacking any company's tenant (Bleeping Computer) Stellantis says a third-party vendor spilled customer data (The Register) Fortra Patches Critical GoAnywhere MFT Vulnerability (SecurityWeek) AI Forensics Help Europol Track 51 Children in Global Online Abuse Case (HackRead) Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test (Infosecurity Magazine) Verified Steam game steals streamer's cancer treatment donations (Bleeping Computer) CrowdStrike and Check Point intend to acquire AI security firms. (N2K CyberWire Business Briefing)  ‘I Was a Weird Kid': Jailhouse Confessions of a Teen Hacker (Bloomberg) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Alex Robb from Clennett’s Mitre 10 joins Kaz and Tubes live in the studio to detail tomorrow’s Huge Tradie Brekkie at their Patrick Street store, encouraging tradies to come together, connect, and enjoy some time out with their mates.See omnystudio.com/listener for privacy information.

On today’s show: How Jono ended up with something close to his crotch... Megan’s daughter attempts a bizarre bathroom hack Producer Troy shares a hilarious (and terrible) story from a group fitness class We put a Mitre 10 worker’s insane aisle knowledge to the ultimate test! And for Father’s Day, Megan’s husband performs the heartfelt song he wrote for their kids Instagram: @THEHITSBREAKFAST Facebook: The Hits Breakfast with Jono, Ben & MeganSee omnystudio.com/listener for privacy information.

Cyberattacks aren't just about hackers in hoodies anymore. Today, we're up against professionalized, well-funded organizations that run like businesses. They use AI to crack defenses, run labs that simulate the tools we rely on, and rake in trillions while defenders struggle to keep pace. The scary part? Even the strongest companies and governments can fall behind when the threat landscape moves this fast. My guest, Evan Powell, has spent nearly 30 years in the cybersecurity world. He's the founder and CEO of Deep Tempo, and a serial entrepreneur who's helped industries from cloud data to resilience engineering make big transitions. Evan knows what it looks like when attackers have the upper hand, and he's seen firsthand how enterprises try to shift the balance. In this conversation, Evan explains why compliance checkboxes aren't enough, why raising the cost of an attack is often more realistic than stopping one outright, and how AI is reshaping both sides of the fight. He also shares the creative ways defenders are adapting, from honeypots to sock puppets, and the simple steps every one of us can take to make life harder for attackers. Show Notes: [00:57] Evan Powell introduces himself as founder and CEO of Deep Tempo, with nearly 30 years in cybersecurity and tech innovation. [02:39] He recalls a high-profile spearphishing case where the CIA director's AOL email and home router were compromised. [03:51] Attackers are professionalizing, running AI-powered labs, and making trillions while defenders spend billions and still fall behind. [07:06] Evan contrasts compliance-driven “checkbox security” with threat-informed defense that anticipates attacker behavior. [09:40] Enterprises deploy creative tactics like honeypots and sock puppet employees to study attackers in action. [12:22] Raising the cost of attack through stronger habits, better routers, and multi-factor authentication can make attacks less profitable. [15:01] Attackers are using AI to morph and simulate defenses, while defenders experiment with anomaly detection and adaptive models. [20:56] Evan explains why security vendors themselves can become attack vectors and why data should sometimes stay inside customer environments. [24:50] He draws parallels between fraud rings and cybercrime, where different groups handle exploits, ransomware, and money laundering. [26:29] The debate over “hacking back” raises legal and policy questions about whether enterprises should strike attackers directly. [30:18] Network providers struggle with whether they should act as firewalls to protect compromised consumer devices. [34:59] Data silos across 50+ vendors per enterprise create “Franken-stacks,” slowing real-time defense and collaboration. [37:28] AI agents may help unify security systems by querying across silos and tightening the OODA loop for faster response. [39:10] MITRE's ATT&CK framework and open-source collaboration are pushing the industry toward more shared knowledge. [41:05] Evan acknowledges burnout in cybersecurity roles but sees automation and better tools improving day-to-day work. [42:59] Final advice: corporations should rethink from first principles with data-centric solutions, and consumers must build protective habits like MFA and secret family phrases. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Evan Powell - DeepTempo Evan Powell - LinkedIn

It's the 1st of September which means Spring has officially sprung! Although we're not sure the weather has caught up with the news. Traditionally spring is all about getting back into the garden and this year the focus seems to be on modern meadow gardens. Mitre 10 Garden Operations Specialist Craig Clancy joins Jesse with tips and tricks.

Air Zealand's boss is predicting another challenging year ahead. Our national carrier has seen profits plunge. It's partly due to weak domestic demand and ongoing engine maintenance issues. Chief Executive Greg Foran told Mike Hosking it's also facing unavoidable price hikes for things like landing charges, wages, and engineering materials. He says they can't go down to Bunnings or Mitre 10 to buy a replacement toilet seat for a 787, although he wishes they could. LISTEN ABOVE See omnystudio.com/listener for privacy information.

The FTC warns one country's “online safety” may be another's “censorship.” A new bipartisan bill aims to reduce barriers to federal cyber jobs. MURKY PANDA targets government, technology, academia, legal, and professional services in North America. MITRE updates their hardware weaknesses list. Customs and Border Protection conducts a record number of device searches at U.S. borders. A recent hoax exposes weaknesses in the cybersecurity community's verification methods. A Houston man gets four years in prison for sabotaging his employer's computer systems. A Florida-based provider of sleep apnea equipment suffers a data breach. Interpol dismantles a vast cybercriminal network spanning Africa.  Brandon Karpf shares his experience with fake North Korean job applicants. Being a smooth-talking English speaker can land you a gig in the cybercrime underworld.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Brandon Karpf, friend of the show discussing his experience with fake North Korean job applicants. You can also hear more from Brandon on our show T-Minus Daily, where he's a regular guest on a monthly space segment—catch his latest episode this Monday! Selected Reading US warns tech companies against complying with European and British ‘censorship' laws (The Record) House lawmakers take aim at education requirements for federal cyber jobs (CyberScoop) MURKY PANDA: Trusted-Relationship Cloud Threat (CrowdStrike) MITRE Updates List of Most Common Hardware Weaknesses (SecurityWeek) Phone Searches at the US Border Hit a Record High (WIRED) The Cybersecurity Community's Wake-Up Call: A Fake Reward and Its Lessons (The DefendOps Diaries) Chinese national who sabotaged Ohio company's systems handed four-year jail stint (The Record) CPAP Medical Data Breach Impacts 90,000 People (SecurityWeek) Interpol-Led African Cybercrime Crackdown Leads to 1209 Arrests (Infosecurity Magazine) 'Impersonation as a service' next big thing in cybercrime (The Register) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A looming deadline always gets attention, and for DoD suppliers, the clock is ticking. On October 1, 2025, the Department of Defense will begin including Cybersecurity Maturity Model (CMMC) certification requirements in new contracts.     This week on Feds At The Edge, four leading experts cut through the complexity and share practical guidance to help you start, or finish, your CMMC journey.    Sean Frazier, Federal Chief Security Officer for Okta, explains why “Know Thy Data” is the key to applying the right level of security where it matters most.  Alan Dinerman, PhD, Senior Manager, Cyber Strategy, Policy, and Privacy at Mitre, puts CMMC in context with other cybersecurity standards, noting its focus on Controlled Unclassified Information. And Jeff Adorno, Field Chief Compliance Officer at ZScaler, warns of risks in the AI era, where sensitive data can unintentionally “leak” into Large Language Models. The panel as a whole highlights how aligning with existing frameworks and using current technologies can demonstrate progress to auditors and ease compliance.     Listen now on your favorite podcast platform because whether you're deep into compliance or just getting started, this conversation will help you navigate the evolving landscape of CMMC and beyond.   

While Silicon Valley builds advanced AI models and Beijing integrates them into state power, Washington faces an uncomfortable reality: America's innovation machine might not be enough to win the AI race on its own. The problem isn't our technology—it's our government's ability to deploy it.The White House recently released “America's AI Action Plan,” which aims to change this dynamic, calling for everything from "Manhattan Project-style" coordination to federal AI sandboxes. But with the Trump Administration now moving to implement these initiatives, the question becomes: can American democracy move fast enough to compete with authoritarian efficiency? And should it?Charles Clancy, Chief Technology Officer of MITRE, knows the challenges well. His organization serves as a bridge between government needs and technical solutions, and he's seen firsthand how regulatory fragmentation, procurement bottlenecks, and institutional silos turn America's AI advantages into operational disadvantages. His team also finds that Chinese open-weight models outperform American ones on key benchmarks—a potential warning sign as the U.S. and China compete to proliferate their technology across the globe.Clancy argues the solution is not for the U.S. to become China, but rather to take a uniquely American approach—establish federal frontier labs, moonshot challenges, and market incentives that harness private innovation for public missions. He and FAI's Josh Levine join Evan to explore whether democratic institutions can compete with authoritarian efficiency without sacrificing democratic values. View Mitre's proposals for the White House's plan here, and more of Charle's research here. 

More than a thousand AI medical devices have FDA clearance, yet fewer than two percent of radiologists actually use them.In this episode, Steve sits down with Dr. Brian Anderson—CEO and co‑founder of the Coalition for Health AI—to unpack why trust, transparency, and regulation could make or break the next wave of AI‑powered medicine.We cover:

Pentagon welcomes Chinese engineers into its environment HazyBeacon: It's not a beer, but it leaves a bitter aftertaste What the world needs now is another framework Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

A DOGE employee leaks private API keys to GitHub. North Korea's “Contagious Interview” campaign has a new malware loader. A New Jersey diagnostic lab suffers a ransomware attack. A top-grossing dark web marketplace goes dark in what experts believe is an exit scam. MITRE launches a cybersecurity framework to address threats in cryptocurrency and digital financial systems. Experts fear steep budget cuts and layoffs under the Trump administration may undermine cybersecurity information sharing. A Maryland IT contractor settles federal allegations of cyber fraud. Kim Jones and Ethan Cook reflect on CISO perspectives. A crypto hacker goes hero and gets a hefty reward.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Kim Jones, host of CISO perspectives, sits down with N2K's analyst Ethan Cook to reflect on highlights from this season of CISO Perspectives. They revisit key moments, discuss recurring themes like the cybersecurity workforce gap, and get Ethan's outsider take on the conversations. It's all part of a special wrap-up to close out the season finale. If you like this conversation and want to hear more from CISO Perspectives, check it out here. Selected Reading DOGE Employee exposes AI API Keys in source code, giving access to advanced xAI models (Beyond Machines) DOGE Denizen Marko Elez Leaked API Key for xAI (Krebs on Security) North Korean Actors Expand Contagious Interview Campaign with New Malware Loader (Infosecurity Magazine) Avantic Medical Lab hit by ransomware attack, data breach (Beyond Machines) Abacus Market Shutters After Exit Scam, Say Experts (Infosecurity Magazine) MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats (SecurityWeek) How Trump's Cyber Cuts Dismantle Federal Information Sharing (BankInfo Security) UK launches vulnerability research program for external experts (Bleeping Computer) Federal IT contractor to pay $14.75 fine over ‘cyber fraud' allegations (The Record) Crypto Hacker Who Drained $42,000,000 From GMX Goes White Hat, Returns Funds in Exchange for $5,000,000 Bounty (The Daily Hodl) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fundada con la intención de rendir homenaje a las raíces mexicanas y al mismo tiempo romper esquemas, este mezcal artesanal ha logrado conquistar tanto paladares como miradas con su distintiva botella. En esta entrevista platicamos con Claudio Román, Director General y fundador de Mezcal Mitre sobre el origen de la marca, su portafolio, las ideas creativas detrás de sus lanzamientos y por qué Mezcal Espadín es una gran opción para celebrar este #DíadelPadre.

In May 2025, the Emerging Technologies Institute and MITRE Corporation released a report that explores how artificial intelligence (AI) can improve the Department of Defense's acquisition system and support its workforce. Several of the authors, including Adam Bouffard (Group Leader and Principal Decision Analyst at MITRE), Chris Barlow (Senior Acquisition Analyst), and Wilson Miles (Associate Research Fellow at ETI) joined the podcast to discuss both the opportunities of inserting AI into the acquisition lifecycle and barriers to implementation. Additionally, the guests describe several potential paths forward to accelerate the adoption of AI for acquisition needs. Accelerating the Future: Leveraging AI for Transformative Federal Acquisition, https://www.emergingtechnologiesinstitute.org/publications/research-papers/accelerating-the-future To receive updates about the NDIA Emerging Technologies for Defense Conference and Exhibition on August 27-29, 2025 at the Washington D.C. Convention Center, please join our mailing list here: https://www.emergingtechnologiesinstitute.org/sign-up or visit our website at: https://www.ndiatechexpo.org https://emergingtechnologiesinstitute.org https://www.facebook.com/EmergingTechETI https://www.linkedin.com/company/ndia-eti-emerging-technologies-institute https://www.twitter.com/EmergingTechETI

In May 2025, the Emerging Technologies Institute and MITRE Corporation released a report that explores how artificial intelligence (AI) can improve the Department of Defense's acquisition system and support its workforce. Several of the authors, including Adam Bouffard (Group Leader and Principal Decision Analyst at MITRE), Chris Barlow (Senior Acquisition Analyst), and Wilson Miles (Associate Research Fellow at ETI) joined the podcast to discuss both the opportunities of inserting AI into the acquisition lifecycle and barriers to implementation. Additionally, the guests describe several potential paths forward to accelerate the adoption of AI for acquisition needs.Accelerating the Future: Leveraging AI for Transformative Federal Acquisition, https://www.emergingtechnologiesinstitute.org/publications/research-papers/accelerating-the-futureTo receive updates about the NDIA Emerging Technologies for Defense Conference and Exhibition on August 27-29, 2025 at the Washington D.C. Convention Center, please join our mailing list here: https://www.emergingtechnologiesinstitute.org/sign-up or visit our website at: https://www.ndiatechexpo.orghttps://emergingtechnologiesinstitute.orghttps://www.facebook.com/EmergingTechETIhttps://www.linkedin.com/company/ndia-eti-emerging-technologies-institute https://www.twitter.com/EmergingTechETI

I chat with Aaron Lippold, creator of MITRE's Security Automation Framework (SAF), to discuss how to escape the pain of manual STIG compliance. We explore the technical details of open-source tools like InSpec, Heimdall, and Vulcan that automate validation, normalize diverse security data, and streamline the entire security authoring process. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-06-stig-automation-aaron-lippold/

Guest Kade Morton Panelists Richard Littauer | Eriol Fox Show Notes In this Maintainers Month episode of Sustain, host Richard Littauer and co-host Eriol Fox talk with cybersecurity expert Kade Morton from Arachne Digital. The conversation dives into how Kade's unconventional path through criminology and international relations led him into cybersecurity and open source. They explore the unique challenges of sustaining open source security tools, particularly for human rights activists and under-resourced groups, the tension between proprietary and open solutions, and how geopolitical contexts and human motivations influence modern digital threat landscapes. Hit download now to hear more! [00:01:41] Kade explains his work is split between a day job working security operations and a startup he runs called Arachne Digital. [00:02:51] Kade tells us about his background, how he got into cybersecurity through self-teaching and open source, and how his criminology and international relations studies informed his interest in cyber threats. [00:05:17] Kade discusses the open source projects he maintains, specifically ‘Thread.' [00:06:50] We learn about the difficulty of getting others invested in better tools and Kade discusses challenges explaining open source values to corporate environments. [00:12:26] Richard asks whether closed-source software is more secure and Kade highlights how most real world exploits target proprietary software. [00:14:57] Eriol brings up security perceptions in non-tech orgs using digital tools. Kade shares how Arachne Digital offers free services to vetted human rights orgs and he they discuss challenges balancing funding and access in human rights cybersecurity. [00:19:17] Richard reflects on monetization models for sustaining open source cybersecurity. Kade explains his company avoids fear-based marketing and promotes awareness instead. [00:22:40] Kade outlines how their threat-informed defense model works. [00:25:42] Eriol asks what changes could help improve open source sustainability. Kade discusses feeling out of place in both government and open source spaces and emphasizes cross-pollination between sectors to reduce polarity. [00:28:29] Richard introduces the concept of “digital sovereignty.” Kade warns of the risks of splintering the internet through nationalism and advocates for a balanced middle ground between centralization and fragmentation. [00:31:41] Kade shares where you can find his work on the web. Quotes [00:13:44] “It's mostly proprietary software that's being hacked.” [00:29:40] “The internet is the world's largest shared resource.” Spotlight [00:32:56] Eriol's spotlight is a repository called: The Design We Open. [00:33:49] Richard's spotlight is 1Password and Robin Riley. [00:34:31 Kade's spotlight is a shoutout to Mitre for TRAM and Justin Seitz who wrote a blog post on a project called, Searx. Links SustainOSS (https://sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) richard@sustainoss.org (mailto:richard@sustainoss.org) SustainOSS Discourse (https://discourse.sustainoss.org/) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) SustainOSS Bluesky (https://bsky.app/profile/sustainoss.bsky.social) SustainOSS LinkedIn (https://www.linkedin.com/company/sustainoss/) Open Collective-SustainOSS (Contribute) (https://opencollective.com/sustainoss) Richard Littauer Socials (https://www.burntfen.com/2023-05-30/socials) Eriol Fox GitHub (https://erioldoesdesign.github.io/) Kade Morton LinkedIn (https://www.linkedin.com/in/kade-morton-34179283/) Arachne Digital (https://www.arachne.digital/) Arachne Digital LinkedIn (https://www.linkedin.com/company/arachne-digital/) Arachne Digital (Medium) (https://arachnedigital.medium.com/) Arachne Digital (YouTube) (https://www.youtube.com/@Arachne_Digital) Arachne Digital (Bluesky) (https://bsky.app/profile/arachnedigital.bsky.social) Arachne Digital (GitHub) (https://github.com/arachne-threat-intel/) Thread-GitHub (https://github.com/arachne-threat-intel/thread) The National Digital Forum (NDF) (https://www.ndf.org.nz/) The New Design Congress (https://newdesigncongress.org/en/) Open Technology Fund -Security Lab (https://www.opentech.fund/labs/security-lab/) The Design We Open (GitHub) (https://github.com/sprblm/The-Design-We-Open) 1Password (https://1password.com/) TRAM (https://github.com/mitre-attack/tram) Searx (https://github.com/searx/searx) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Kade Morton.

A new survey from MITRE says that a majority of non-traditional defense contractors face barriers of inflexibility and complexity in the acquisition process. As DoD tries to bring more innovation and flexibility into its stable of contractors, what really needs to change to make this possible? The senior vice president and general manager for MITRE National Security Sector, Keoki Jackson joins me to answer that question.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Today, we look at three aspects of automation to give listeners a better view of its efficacy and some of its inherent challenges. First, we provide an overview, then  a look at securing applications, and finally, we give a view on threat intelligence. PART ONE: Role of Automation Jason Ralph from the Department of Labor puts the entire discussion into perspective when he states that AI should not be considered as a replacement for current efforts at automation, but as an augmentation. Further, he cautions that accelerating adoption must be tempered with a more reasonable approach where you can be assured your data is not poisoned. When not used judiciously, automation can introduce more conflicts and errors than when used at all. Context is everything in today's complex systems, and Nick Vinson suggests that using an approach called "threat modeling" can give system designers better ideas of automation's impact.  PART TWO: Application Security & Cloud Telemetry Malicious actors noticed the emphasis on data security and are now directing attacks on applications. Applications can be complex to protect when located in a public, private, and hybrid cloud maze. Rob Davies from Peraton refers to using telemetry to understand where resources are located so that we can leverage them. Telemetry can collect data from various sources, typically on a network. Monitoring this data gives you system performance. Peter Chestna from Checkmarx observes tools from cloud service providers may be too superficial and will not allow a deeper investigation of the automation process. PART THREE:  Threat Intelligence & Risk Visibility In sports, there is an adage: "ya can't tell the players without a scorecard." Eric Werner from the DoD shares with listeners the Enhanced Network Sensor and Intelligence Threat Enumeration (ENSITE). Based on insight provided by the MITRE framework, it allows for new threat vectors to be distributed and reduces duplication. David Monneir from Team CYMRU starts with a strategic observation. He notes that in the federal government, a nation-state actor will persistently attack because the goal is much more serious than an attack on a bank. All the experts agree on the concepts of knowing your vulnerabilities, learning what controls are in place, and knowing what capabilities you have.  

A busy Patch Tuesday. Investigators discover undocumented communications devices inside Chinese-made power inverters. A newly discovered Branch Privilege Injection flaw affects Intel CPUs. A UK retailer may claim up to £100mn from its cyber insurers after a major cyberattack.  A Kosovo national has been extradited to the U.S. for allegedly running an illegal online marketplace. CISA will continue alerts on its website following industry backlash. On our Industry Voices segment, Neil Hare-Brown, CEO at STORM Guidance, discusses Cyber Incident Response (CIR) retainer service provision. Shoring up the future of the CVE program. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Neil Hare-Brown, CEO at STORM Guidance, discussing Cyber Incident Response (CIR) retainer service provision. You can learn more here.  Selected Reading Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days (Security Affairs) SAP patches second zero-day flaw exploited in recent attacks (Bleeping Computer)  Ivanti fixes EPMM zero-days chained in code execution attacks (Bleeping Computer)  Fortinet fixes critical zero-day exploited in FortiVoice attacks (Bleeping Computer)  Vulnerabilities Patched by Juniper, VMware and Zoom (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact (SecurityWeek) Adobe Patches Big Batch of Critical-Severity Software Flaws (SecurityWeek) Ghost in the machine? Rogue communication devices found in Chinese inverters (Reuters) New Intel CPU flaws leak sensitive data from privileged memory (Bleeping Computer)  M&S cyber insurance payout to be worth up to £100mn (Financial Times) US extradites Kosovo national charged in operating illegal online marketplace (The Record) CISA Planned to Kill .Gov Alerts. Then It Reversed Course. (Data BreachToday) CVE Foundation eyes year-end launch following 11th-hour rescue of MITRE program (CyberScoop) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Three Buddy Problem - Episode 43: Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national security, and the philosophical questions surrounding AI consciousness and rights. Plus, TP-Link under US government investigation and the broader issues of consumer trust in hardware security, the need for regulation and inspectability of technology, and the struggles with patching network devices. Cast: Thomas Rid (https://sais.jhu.edu/users/trid2), Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs) and Ryan Naraine (https://twitter.com/ryanaraine). Costin Raiu (https://twitter.com/craiu) is away this week.

Today we're talking about swimming and so we went to the London Aquatics Center in Stratford, located in the Queen Elizabeth Olympic Park. Obviously the venue for the London 2012 Olympics and Paralympic games, but also the Aquatics GB Swimming Championships, which were on while we were there.It was an opportunity to talk about the sport in detail from lots of different angles with Aquatics GB's Chief Executive Drew Barrand and Simon Rowe, whose role is Senior Vice President at Pentland Brands, which includes things like Mitre, Canterbury, but also Speedo, who are an official partner of Aquatics GB.You are hear because it's a swimming competition. You'll hear a load of noise in the background, but ignore that. The conversation was really good.Unofficial Partner is the leading podcast for the business of sport. A mix of entertaining and thought provoking conversations with a who's who of the global industry. To join our community of listeners, sign up to the weekly UP Newsletter and follow us on Twitter and TikTok at @UnofficialPartnerWe publish two podcasts each week, on Tuesday and Friday. These are deep conversations with smart people from inside and outside sport. Our entire back catalogue of 400 sports business conversations are available free of charge here. Each pod is available by searching for ‘Unofficial Partner' on Apple, Spotify, Google, Stitcher and every podcast app. If you're interested in collaborating with Unofficial Partner to create one-off podcasts or series, you can reach us via the website.

Send us a textThe tech world gives and takes away as Google introduces CloudWAN while MITRE nearly loses CVE funding, showcasing both innovation and vulnerability in our digital infrastructure landscape. Politics increasingly intersects with technology as we examine controversial security clearance revocations alongside much-needed technical improvements in cloud networking.• Google Cloud Next introduces CloudWAN service with two use cases: high-performance data center connectivity and premium branch networking• Google's approach differs from AWS, encouraging single global VPC deployments across regions• MITRE loses funding for the CVE program, threatening the global vulnerability tracking system• CISA provides 11-month bridge funding, but fragmentation begins as EU launches alternative vulnerability tracking• Azure announces general availability of route maps for Virtual WAN, bringing traditional networking capabilities to cloud• Former CISA director Chris Krebs targeted in federal investigation for debunking 2020 election fraud claims• Security clearance revocations increasingly used as political weapons against technology professionalsSubscribe to Cables to Clouds Fortnightly News and tell a friend about the show to stay informed about the evolving cloud technology landscape.Purchase Chris and Tim's new book on AWS Cloud Networking: https://www.amazon.com/Certified-Advanced-Networking-Certification-certification/dp/1835080839/ Check out the Fortnightly Cloud Networking Newshttps://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/Visit our website and subscribe: https://www.cables2clouds.com/Follow us on BlueSky: https://bsky.app/profile/cables2clouds.comFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatj

Topics covered in this episode: Huly CVE Foundation formed to take over CVE program from MITRE drawdb 14 Advanced Python Features Extras Joke Watch on YouTube About the show Sponsored by Posit Workbench: pythonbytes.fm/workbench Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Huly All-in-One Project Management Platform (alternative to Linear, Jira, Slack, Notion, Motion) If you're primarily interested in self-hosting Huly without the intention to modify or contribute to its development, please use huly-selfhost. Manage your tasks efficiently with Huly's bidirectional GitHub synchronization. Use Huly as an advanced front-end for GitHub Issues and GitHub Projects. Connect every element of your workflow to build a dynamic knowledge base. Everything you need for productive team work: Team Planner • Project Management • Virtual Office • Chat • Documents • Inbox Self hosting as a service: elest.io Brian #2: CVE Foundation formed to take over CVE program from MITRE Back story: CVE, global source of cybersecurity info, was hours from being cut by DHS The 25-year-old CVE program, an essential part of global cybersecurity, is cited in nearly any discussion or response to a computer security issue. CVE was at real risk of closure after its contract was set to expire on April 16. The nonprofit MITRE runs CVE on a contract with the DHS. A letter last Tuesday sent Tuesday by Yosry Barsoum, vice president of MITRE, gave notice of the potential halt to operations. Another possible victim of the current administration. CVE Foundation Launched to Secure the Future of the CVE Program CVE Board members have spent the past year developing a strategy to transition CVE to a dedicated, non-profit foundation. The new CVE Foundation will focus solely on continuing the mission of delivering high-quality vulnerability identification and maintaining the integrity and availability of CVE data for defenders worldwide. Over the coming days, the Foundation will release more information about its structure, transition planning, and opportunities for involvement from the broader community. Michael #3: drawdb Free and open source, simple, and intuitive database design editor, data-modeler, and SQL generator. Great drag-drop relationship manager Define your DB visually, export as SQL create scripts Or import existing SQL to kickstart the diagramming. Brian #4: 14 Advanced Python Features Edward Li Picking some favorites 1. Typing Overloads 2. Keyword-only and Positional-only Arguments 9. Python Nitpicks For-else statements Walrus operator Short Circuit Evaluation Operator Chaining Extras Michael: Thunderbird send / other firefox things. Joke: Python Tariffs Thanks wagenrace Thanks Campfire Tales

HR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-469

Drex covers three critical security stories: the government's reversal of its decision to defund Mitre's Common Vulnerability and Exposure (CVE) program, a ransomware attack on DaVita's 3,100+ dialysis facilities across 14 countries, and former CISA Assistant Director Chris Krebs' resignation from Sentinel One following an executive order targeting him.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Apple Updates Apple released updates for iOS, iPadOS, macOS, and VisionOS. The updates fix two vulnerabilities which had already been exploited against iOS. https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/31866 Oracle Updates Oracle released it quarterly critical patch update. The update addresses 378 security vulnerabilities. Many of the critical updates are already known vulnerabilities in open-source software like Apache and Nginx ingress. https://www.oracle.com/security-alerts/cpuapr2025.html Oracle Breach Guidance CISA released guidance for users affected by the recent Oracle cloud breach. The guidance focuses on the likely loss of passwords. https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise Google Chrome Update A Google Chrome update released today fixes two security vulnerabilities. One of the vulnerabilities is rated as critical. https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html CVE Updates CISA extended MITRE s funding to operate the CVE numbering scheme. However, a number of other organizations announced that they may start alternative vulnerability registers. https://euvd.enisa.europa.eu/ https://gcve.eu/ https://www.thecvefoundation.org/

Three Buddy Problem - Episode 42: We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days. Plus, the effectiveness of Lockdown Mode, the rising costs of mobile exploits, Chris Krebs' exit from SentinelOne after a presidential executive order, and the value and effectiveness of security clearances. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

The CVE program gets a last-minute reprieve. A federal whistleblower alleges a security breach at the NLRB. Texas votes to spin up their very own Cyber Command. BreachForums suffers another takedown. A watchdog group sues the federal government over SignalGate allegations. The SEC Chair reveals a 2016 hack. ResolverRAT targets the healthcare and pharmaceutical sectors worldwide. Microsoft warns of blue screen crashes following recent updates. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. 4chan gets Soyjacked.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. Today's question comes from N2K's EC-Council Certified Ethical Hacker CEH (312-50) Practice Test. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading Funding Expires for Key Cyber Vulnerability Database (Krebs on Security) CISA extends funding to ensure 'no lapse in critical CVE services' (Bleeping Computer) CVE Foundation (CVE Foundation) NoVa govcon firm Mitre to lay off 442 employees after DOGE cuts contracts (Virginia Business) Federal employee alleges DOGE activity resulted in data breach at labor board (NBC News) Whistleblower claims DOGE took sensitive data - now he's being hounded by threatening notes (CNN via YouTube) New state agency to deal with cyber threats advances in Texas House (Texarkana Gazette) BreachForums taken down by the FBI? Dark Storm hackers say they did it “for fun” (Cybernews) Here's What Happened to Those SignalGate Messages (WIRED) After breach, SEC says hackers used stolen data to buy stocks (CNET) New ResolverRAT malware targets pharma and healthcare orgs worldwide (Bleeping Computer) Microsoft warns of blue screen crashes caused by April updates (Bleeping Computer) Infamous message board 4chan taken down following major hack (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Online Services Again Abused to Exfiltrate Data Attackers like to abuse free online services that can be used to exfiltrate data. From the originals , like pastebin, to past favorites like anonfiles.com. The latest example is gofile.io. As a defender, it is important to track these services to detect exfiltration early https://isc.sans.edu/diary/Online%20Services%20Again%20Abused%20to%20Exfiltrate%20Data/31862 OpenSSH 10.0 Released OpenSSH 10.0 was released. This release adds quantum-safe ciphers and the separation of authentication services into a separate binary to reduce the authentication attack surface. https://www.openssh.com/releasenotes.html#10.0p1 Apache Roller Vulnerability Apache Roller addressed a vulnerability. Its CVSS score of 10.0 appears inflated, but it is still a vulnerability you probably want to address. https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f CVE Funding Changes Mitre s government contract to operate the CVE system may run out tomorrow. This could lead to a temporary disruption of services, but the system is backed by a diverse board of directors representing many large companies. It is possible that non-government funding sources may keep the system afloat for now. https://www.cve.org/

On this week's show Patrick Gray talks to former NSA Cybersecurity Director Rob Joyce about Donald Trump's unprecedented, unwarranted and completely bonkers political persecution of Chris Krebs and his employer SentinelOne. They also talk through the week's cybersecurity news, covering: Mitre's stewardship of the CVE database gets its funding DOGE'd The US signs on to the Pall Mall anti-spyware agreement China tries to play the nationstate cyber-attribution game, but comedically badly Hackers run their malware inside the Windows sandbox, for security against EDR This week's episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins to talk through the increasing sprawl of the identity ecosystem. This episode is also available on Youtube. Show notes Cybersecurity industry falls silent as Trump turns ire on SentinelOne | Reuters U.S. cyber defenders shaken by Trump's attack on their former boss Trump Revenge Tour Targets Cyber Leaders, Elections – Krebs on Security Wyden to block Trump's CISA nominee until agency releases report on telecoms' ‘negligent cybersecurity' | The Record from Recorded Future News Gabbard sets up DOGE-style team to cut costs, uncover intel ‘weaponization' MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty US to sign Pall Mall pact aimed at countering spyware abuses | The Record from Recorded Future News Court document reveals locations of WhatsApp victims targeted by NSO spyware | TechCrunch Spyware Maker NSO Group Is Paving a Path Back Into Trump's America | WIRED NCSC shares technical details of spyware targeting Uyghur, Tibetan and Taiwanese groups | The Record from Recorded Future News Risky Bulletin: Chinese APT abuses Windows Sandbox to go invisible on infected hosts China escalates cyber fight with U.S., names alleged NSA hackers Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs - Ars Technica China-based SMS Phishing Triad Pivots to Banks – Krebs on Security Risky Bulletin: CA/B Forum approves 47-days TLS certs Ransomware in het mkb: Cybercriminelen verhogen losgeld bij cyberverzekering 4chan Is Down Following What Looks to Be a Major Hack Spurred By Meme War

Nvidia announces a $5.5 billion charge tied to exports of H20 AI chips, Meta reportedly offered FTC $1B to settle current case, Grok AI chatbot now includes Grok Studio for docs, code, and apps. MP3 Please SUBSCRIBE HERE for free or get DTNS Live ad-free. A special thanks to all our supporters–without you, none ofContinue reading "CISA Will Extend Funding to Mitre For the CVE Program – DTH"

Explore actionable strategies for building a robust cyber resilience posture in this insightful episode. From strengthening defenses to improving recovery agility and anticipating future cybersecurity trends, this conversation delivers practical insights to help you stay a step ahead in protecting your digital landscape.

Common Crawl includes Common Leaks The "Common Crawl" dataset, a large dataset created by spidering website, contains as expected many API keys and other secrets. This data is often used to train large language models https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data Github Repositories Exposed by Copilot As it is well known, Github's Copilot is using data from public GitHub repositories to train it's model. However, it appears that repositories who were briefly left open and later made private have been included as well, allowing Copilot users to retrieve files from these repositories. https://www.lasso.security/blog/lasso-major-vulnerability-in-microsoft-copilot MITRE Caldera Framework Allows Unauthenticated Code Execution The MITRE Caldera adversary emulation framework allows for unauthenticted code execution by allowing attackers to specify compiler options https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e modsecurity Rule Bypass Attackers may bypass the modsecurity web application firewall by prepending encoded characters with 0. https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j

A major employee screening provider discloses a data breach affecting over 3.3 million people. Signal considers exiting Sweden over a proposed law that would give police access to encrypted messages. House Democrats call out DOGE's negligent cybersecurity practices. Critical vulnerabilities in Rsync allow attackers to execute remote code. A class action lawsuit claims Amazon violates Washington State's privacy laws. CISA warns that attackers are exploiting Microsoft's Partner Center platform. A researcher discovers a critical remote code execution vulnerability in MITRE's Caldera security training platform. An analysis of  CISA's JCDC AI Cybersecurity Collaboration Playbook. Ben Yelin explains Apple pulling iCloud end-to-end encryption in response to the UK Government. A Disney employee's cautionary tale.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Caveat podcast co-host Ben Yelin to discuss Apple pulling iCloud end-to-end encryption in response to the UK Government. You can read the article from Bleeping Computer here. Ben is the Program Director for Public Policy & External Affairs at University of Maryland Center for Health and Homeland Security. You can catch Caveat every Thursday here on the N2K CyberWire network and on your favorite podcast app.  Selected Reading 3.3 Million People Impacted by DISA Data Breach (SecurityWeek) DOGE must halt all ‘negligent cybersecurity practices,' House Democrats tell Trump (The Record) Signal May Exit Sweden If Government Imposes Encryption Backdoor (Infosecurity Magazine) Rsync Vulnerabilities Let Hackers Gain Full Control of Servers - PoC Released (Cyber Security News) Lawsuit: Amazon Violates Washington State Health Data Law (BankInfo Security) CISA Warns of Microsoft Partner Center Access Control Vulnerability Exploited in Wild (Cyber Security News) MITRE Caldera security suite scores perfect 10 for insecurity (The Register) CISA's AI cybersecurity playbook calls for greater collaboration, but trust is key to successful execution (CyberScoop) A Disney Worker Downloaded an AI Tool. It Led to a Hack That Ruined His Life. (Wall Street Journal)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Chief Teriyaki Officer Willy Wonka and Charlie Choccie PhD (Business) destroy beloved childhood memories. LINKS Buy tickets to our DREM World Tour https://tour.auntydonna.com/ Follow @theauntydonnagallery on Instagram https://bit.ly/auntydonna-ig Become a Patreon supporter at http://auntydonnaclub.com/ CREDITS  Hosts: Broden Kelly, Zachary Ruane, & Mark Bonanno   Producer: Lindsey Green Digital Producers: Nick Barrett, Jim Cruse & Tanya Zerek Managing Producer: Sam Cavanagh   Join The Aunty Donna Club: https://www.patreon.com/auntydonnaSee omnystudio.com/listener for privacy information.