POPULARITY
100 episodes with n2k
28 episodes with n2k
25 episodes with n2k
13 episodes with n2k
13 episodes with n2k
8 episodes with n2k
6 episodes with n2k
4 episodes with n2k
3 episodes with n2k
This week on Caveat, Dave and Ben welcome back N2K's own Ethan Cook for our latest policy deep dive segment. As our lead analyst, Ethan shares his knowledge of law, privacy, and surveillance on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Complete our annual audience survey before August 31. Policy Deep Dive In this Caveat Policy Deep Dive, our conversation and analysis revolve around preemption. Recently, Congress attempted to use preemption as a justification to pass a moratorium that would have overridden all current state AI legislation and prevented any new state AI bills from being passed. While the measure failed, this action is representative of a growing debate over how the government should regulate AI. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers how the U.S. SEC has issued new guidance on crypto-based exchange-traded products, signaling the start of a broader regulatory framework that could accelerate the approval of dozens of crypto ETFs, including those tied to Solana, XRP, and even meme coins. While full rule changes are still in development, the guidance marks a shift in the agency's stance under Republican leadership and could significantly streamline the listing process for new crypto products. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Grifter, the legendary Black Hat NOC lead, and Lintile, host of Hacker Jeopardy, to go behind the scenes of DEF CON and Black Hat. They unpack the chaos of managing the world's most hostile networks, share advice for first-time attendees, and explore the vibrant hacker community that thrives on connection, contests, and lifelong friendships. The conversation also covers how to submit compelling CFP abstracts, why live events matter, and the controlled mayhem that defines Hacker Jeopardy each year in Las Vegas. Heading to Black Hat? Join us at booth #2246 where we will be recording new episodes, and request to attend the VIP Mixer. We'll also be hosting the BlueHat podcast, our friends from GitHub, and experts from our incident response team. In this episode you'll learn: Why skipping talks at DEF CON to join contests and villages can be more valuable Tips for crafting compelling CFP abstracts that stand out among 1,000+ submissions The importance of connection and niche technical discussions in the hacker community Some questions we ask: What advice would you give to someone who has never been to DEF CON? How does the team plan traps and misdirection in Hacker Jeopardy questions? What do you think the community should focus on getting out of DEF CON? Resources: View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
In this episode of The BlueHat Podcast, host Nic Fillingham is joined by George Hughey from Microsoft who returns to discuss his Blue Hat India talk on variant hunting, explaining how MSRC uses submission data from hacking competitions like Pwn2Own and Tianfu Cup to uncover additional security vulnerabilities in Windows. George shares how incentives in competitions differ from bug bounty programs, how tools like CodeQL assist variant hunting, and why collaborating with the security research community is key to improving Windows security. In This Episode You Will Learn: How hacking competitions help find real-world Windows vulnerabilities The role of MSRC in hunting variants beyond submitted vulnerabilities Why fuzzing is not always effective for modern edge cases Some Questions We Ask: How do you decide which cases to pursue for variant hunting? What advice do you have for researchers submitting variants? How does the CodeQL team collaborate with your team? Resources: View George Hughey on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
French authorities report multiple entities targeted by access brokers. A ransomware group extorts a German hunger charity. AT&T combats SIM swapping and account takeover attacks. A Missouri physician group suffers a cyber attack. Qantas doesn't crash, but their computers do. Researchers uncover multiple critical vulnerabilities in Agorum Core Open. A student loan administrator in Virginia gets hit by the Akira ransomware group. The Feds sanction a Russian bulletproof hosting service. Johnson Controls notifies individuals of a major ransomware attack dating back to 2023. Will Markow, CEO of FourOne Insights and N2K CyberWire Senior Workforce Analyst shares the latest technology workforce trends. The ICEBlock app warms up to users. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Will Markow, CEO of FourOne Insights and N2K CyberWire Senior Workforce Analyst, sharing the latest workforce technology trends. Will recently appeared on our CISO Perspectives podcast with host Kim Jones in the “What's the “correct” path for entering cyber?” episode. If you are not already an N2K Pro member, you can learn more about that here. Got cybersecurity, IT, or project management certification goals? For the past 25 years, N2K's practice tests have helped more than half a million professionals reach certification success. Grow your career and reach your goals faster with N2K's full exam prep of practice tests, labs, and training courses for Microsoft, CompTIA, PMI, Amazon, and more at n2k.com/certify. Selected Reading French cybersecurity agency confirms government affected by Ivanti hacks (The Record) Ransomware gang attacks German charity that feeds starving children (The Record) AT&T deploys new account lock feature to counter SIM swapping (CyberScoop) Cyberattack in Missouri healthcare provider Esse Health exposes data of over 263,000 patients (Beyond Machines) Australia's Qantas says 6 million customer accounts accessed in cyber hack (Reuters) Security Advisories on Agorum Core Open (usd) Virginia student loan administrator Southwood Financial hit by ransomware attack (Beyond Machines) Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work (The Record) Johnson Controls starts notifying people affected by 2023 breach (Bleeping Computers) ICEBlock, an app for anonymously reporting ICE sightings, goes viral overnight after Bondi criticism (TechCrunch) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Jeetu Patel, President and Chief Product Officer at Cisco, joins Ann on this week's episode of Afternoon Cyber Tea to explore how artificial intelligence is reshaping the cybersecurity landscape. Jeetu shares insights on the urgent need for machine-scale defenses, the potential for defenders to finally tip the scale against attackers, and the importance of collaboration across the industry. They discuss the evolution of agentic AI, the challenges of innovation fragmentation, and why cybersecurity must become more accessible and effective to keep pace with modern threats. Resources: View Jeetu Patel On LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Craig Nelson, who leads the elite Microsoft Red Team. Together, they dive into the art and impact of red teaming at Microsoft: what it means to simulate real-world attacks, how threat intelligence informs operations, and why collaboration between red and blue teams is crucial for organizational resilience. Craig shares the surprising mission that blurred the lines between physical and cyber security, reflects on how AI is reshaping attacker tactics and defensive strategies, and offers advice for aspiring red teamers. From stories of early hacker days in the '90s to navigating the complexities of securing cloud and AI systems, this conversation is packed with insights on how Microsoft stays ahead of evolving threats. In this episode you'll learn: The role of human behavior in real-world security breaches How Microsoft's Secure Future Initiative impacts security culture What the Microsoft Red Team does and what it doesn't do Some questions we ask: How do you feel about getting caught during a red team operation? What do you wish people paid more attention to in red team findings? Is this new AI complexity good or bad for red teaming? Resources: View Craig Nelson on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Mike Macelletti from Microsoft's MSRC Vulnerabilities and Mitigations team to explore Redirection Guard, a powerful mitigation designed to tackle a long-standing class of file path redirection vulnerabilities in Windows. Mike shares how his interest in security began, the journey behind developing Redirection Guard, and how it's helping reduce a once-common bug class across Microsoft products. He also explains how the feature works, why it's impactful, and what developers can do to adopt it. Plus, a few fun detours into Solitaire hacking, skiing, and protein powder. In This Episode You Will Learn: What Redirection Guard is and how it helps prevent file system vulnerabilities How Microsoft identifies and addresses common bug classes across their ecosystem Why some vulnerabilities still slip past Redirection Guard and what's out of scope Some Questions We Ask: What is a junction and how is it different from other redirects? How does Redirection Guard decide which shortcuts to block? Are there vulnerabilities Redirection Guard doesn't cover? Resources: View Mike Macelletti on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
Please enjoy this encore of Hacking Humans. On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First we start off with some follow up, our hosts share some more information on VIN swapping, and a clarification on bank participation in FinCEN. Maria shares a telling tale about a Bethesda couple loosing $367,000 in gold bars to a sophisticated scam involving fake officials and elaborate deceptions, but a police sting led to the arrest of a suspect, highlighting a growing nationwide trend of elderly victims targeted by gold bar fraud. Joe's story comes from KnowBe4 and is on DavidB, their VP of Asia Pacific, thwarting a sophisticated social engineering attack via WhatsApp by recognizing inconsistencies in the impersonator's behavior and verifying directly with the colleague they claimed to be. Dave's story comes from the FBI on how criminals are exploiting generative AI to enhance fraud schemes, including using AI-generated text, images, audio, and video to create convincing social engineering attacks, phishing scams, and identity fraud, while offering tips to protect against these threats. Our catch of the day comes from a listener who received an urgent email from someone claiming to be an FBI agent with a rather dramatic tale about intercepted consignment boxes, missing documents, and a ticking clock—but let's just say this "agent" might need some better training in both law enforcement and grammar. Resources and links to stories: “VIN swap scam costs Las Vegas man $50K, new truck" FinCEN Gold bar scammers claimed hackers could fund Russian missiles, police say Real Social Engineering Attack on KnowBe4 Employee Foiled Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
Dr. Aleise McGowan, Chief Information Security Officer of BlackGirlsHack and a 20-year cybersecurity veteran, joins Ann on this week's episode of Afternoon Cyber Tea. Aleise shares how a career-defining hack early on shifted her trajectory from developer to defender, and why she believes the future of security lies in resilience, diversity, and human-centered leadership. She talks about what separates good and great leaders during the first hours of an incident response and why delayed action equals exponential damage. She also spotlights her work with BlackGirlsHack, a rapidly growing nonprofit that opens doors for underrepresented talent in cyber, and makes the case that building an inclusive security workforce isn't just the right thing to do, it's the smart thing to do. Resources: View Aleise McGowan on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
Interpol's Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon's Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trump's antitrust policies. DNS neglect leads to AI subdomain exploits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we share a selection from today's Caveat podcast where Dave Bittner and Ben Yelin are joined by N2K's Lead Analyst, Ethan Cook, to take a Policy Deep Dive into “The art of the breakup: Trump's antitrust surge.” You can listen to the full episode here and find new episodes of Caveat in your favorite podcast app each Thursday. Selected Reading Interpol takes down 20,000 malicious IPs and domains (Cybernews) Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts (The Record) GitLab patches high severity account takeover, missing auth issues (Bleeping Computer) SmartAttack uses smartwatches to steal data from air-gapped systems (Bleeping Computer) Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration (Beyond Machines) Researchers confirm two journalists were hacked with Paragon spyware (TechCrunch) Tracking pixels: CNIL launches public consultation on its draft recommendation (CNIL) Fog ransomware attack uses unusual mix of legitimate and open-source tools (Bleeping Computer) FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters (The Record) Erie Insurance confirms cyberattack behind business disruptions (Bleeping Computer) Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'? (404 Media) Secure your public DNS presence from subdomain takeovers and dangling DNS exploits (Silent Push) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week on Caveat, Dave and Ben welcome back N2K's own Ethan Cook for our latest policy deep dive segment. As a trusted expert in law, privacy, and surveillance, Ethan is joining the show regularly to provide in-depth analysis on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Policy Deep Dive In this Caveat Policy Deep Dive, our conversation and analysis revisits antitrust policy. Throughout this conversation, we break down how President Trump has pursued one of the most aggressive initial antitrust policies in decades. Since taking office, the FTC and DOJ have continued to pursue many of the antitrust cases that the former Biden administration was pursuing targeting many Big Tech companies. However, these cases are not minor as in each of the cases, the Trump administration is actively pursuing major company breakups. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers how Italy has cut ties with the Israeli spyware firm, Paragon after revelations that its technology was used to surveil government critics, including journalists and migrant rescue workers, sparking political outrage. A parliamentary report confirmed that Italian intelligence services had first paused, then terminated use of the spyware, though the timeline of the decision remains disputed. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
Recorded live at RSAC 2025, this special episode of the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo, brings together Jeremy Dallman from the Microsoft Threat Intelligence and Steven Masada from Microsoft's Digital Crimes Unit. The panel explores the psychology and techniques behind nation-state and criminal cyber actors, how Microsoft innovatively uses legal and technical disruption to dismantle threats like Cobalt Strike and Storm-2139, and the growing trend of adversaries leveraging AI. From North Korean fake job interviews to China's critical infrastructure infiltration, this episode highlights how Microsoft is staying ahead of the curve—and sometimes even rewriting the playbook. In this episode you'll learn: How targeting attacker techniques is more effective than chasing specific actors The surprising ways threat actors use AI—for productivity, not just deepfakes Why North Korean threat actors are building full-blown video games to drop malware Some questions we ask: What's the role of Microsoft's Digital Crimes Unit and how is it unique in the industry? Why should cybersecurity professionals read legal indictments? What impact did Microsoft's legal actions have on tools like Cobalt Strike and Quakbot? Resources: View Jeremy Dallman on LinkedIn View Steven Masada on LinkedIn View Sherrod DeGrippo on LinkedIn Bold action against fraud: Disrupting Storm-1152 Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share Ram Shankar Siva Kumar's dynamic keynote from BlueHat India 2025, where he explores the evolving threat landscape of AI through the lens of the Microsoft AI Red Team. From adversarial machine learning to psychosocial harms and persuasive AI, Ram highlights real-world case studies, including prompt injection, content safety violations, and memory poisoning in AI agents. Ram underscores the urgent need for robust red teaming practices to secure AI systems against traditional security flaws and emerging threats across images, text, audio, and autonomous agents. In This Episode You Will Learn: Why old-school security flaws still break modern AI systems Real-world AI red teaming in action, from scams to memory hacks How small input tweaks can fool AI across images, audio, and text Some Questions We Ask: Can attackers fool AI using just slight image changes? Are generative AI systems vulnerable to prompt manipulation? Do you need to be an expert to break an AI model? Resources: Watch Ram's BlueHat India 2025 Keynote: BlueHat India 2025 Day 2 Keynote - Ram Shankar Siva Kumar Listen to Ram's Previous Appearance on The BlueHat Podcast: Not with a Bug but with a Sticker View Ram Shankar Siva Kumar on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
Yonatan Zunger, Corporate Vice President and Deputy Chief Information Security Officer for Artificial Intelligence at Microsoft joins Ann on this week's episode of Afternoon Cyber Tea. They dive into the evolving cybersecurity landscape shaped by generative and agentic AI, discussing both the opportunities and the risks. Yonatan shares insights on how organizations should think about AI as a junior employee - not infallible, but useful when paired with human oversight. They also explore the principles of safe AI development, how to balance innovation with governance, and why AI could finally enable persistent cybersecurity defense in a way never before possible. Resources: View Yonatan Zunger on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Henning Rauch, to discuss Call of the Cyber Duty is a 42-hour global cybersecurity challenge hosted by Microsoft's Kusto Detective Agency. The competition runs from 12:00 AM Coordinated Universal Time (UTC) on June 8, 2025, and ends at 12:00 AM UTC on June 18, 2025, at 10:00AM UTC. Once a team member opens the first case, they have 42 hours to complete it.Participants will solve a series of investigative puzzles using Kusto Query Language (KQL) — no prior Kusto experience required. This free, gamified threat-hunting experience is open to individuals and teams, with a $10,000 grand prize, an interactive mystery plot, and a Hall of Fame for the top solvers. Expect fun twists, real-world security skills, and even a surprise appearance by mentalist Lior Suchard or the illusive Professor Smoke! Later in the episode, Sherrod is joined by security researchers Anna Seitz and Rebecca Light to explore two evolving cyber threats. Anna breaks down the unprecedented collaboration between Russian state-affiliated threat actors Aqua Blizzard and Secret Blizzard, who are combining efforts to target Ukrainian military systems. Rebecca dives into the resurgence of DarkGate malware—this time delivered through a deceptive technique called ClickFix, which uses fake CAPTCHA-like prompts to trick users into activating malicious payloads. In this episode you'll learn: What Kauzar V2 malware is and how it enables long-term remote access and data theft How Russian threat groups Aqua Blizzard and Secret Blizzard are collaborating Why DarkGate malware remains relevant thanks to its adaptability and evasion tactics Some questions we ask: Are Russian threat actors adopting cybercriminal tactics like initial access brokers? How does Kauzar V2 malware function, and why is it significant in this campaign? What is ClickFix, and how does it differ from typical malware delivery methods? Resources: View Henning Rauch on LinkedIn View Rebecca Light on LinkedIn View Anna Seitz on LinkedIn View Sherrod DeGrippo on LinkedIn
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share David Weston's keynote from BlueHat India 2025. David explores the growing role of on-device AI in Windows, the security risks it introduces, and how Microsoft is rethinking architecture to defend against new threats like model tampering, data exfiltration, and AI-powered malware. He also shares insights on innovations like Windows Recall, biometric protection, and the future of secure, agentic operating systems. In This Episode You Will Learn: How AI integration in Windows (like Windows Recall and MS Paint) is evolving Emerging threats from protocols like MCP and CUAs What a “confused deputy” attack is, and how Microsoft is protecting users Some Questions We Ask: What are the biggest security threats in on-device AI—data, model, or runtime? Can AI be used to accelerate post-compromise attacks? What will it take to bring Azure-level confidential computing to the consumer device? Resources: View David Weston on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
While our team is observing Memorial Day in the United States, please enjoy this episode from the N2K CyberWire network partner, Microsoft Security. You can hear new episodes of Ann Johnson's Afternoon Cyber Tea podcast every other Tuesday. Dr. Hugh Thompson, Executive Chairman of RSA Conference and Managing Partner at Crosspoint Capital joins Ann on this week's episode of Afternoon Cyber Tea. They discuss what goes into planning the world's largest cybersecurity conference—from theme selection to llama-related surprises on the expo floor—and how the RSA community continues to evolve. Hugh also shares how his background in applied math led him from academia to cybersecurity, his thoughts on the human element in security, and what keeps him optimistic about the future of the industry. Resources: View Hugh Thompson on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network. Learn more about your ad choices. Visit megaphone.fm/adchoices
In large enterprise software companies, Red and Blue Teams collaborate through Purple Teaming to proactively detect, respond to, and mitigate advanced threats. In this episode of CyberWire-X, N2K's Dave Bittner is joined by Adobe's Justin Tiplitsky, Director of Red Team and Ivan Koshkin, Senior Detection Engineer to discuss how their teams work together daily to strengthen Adobe's security ecosystem. They share real-world insights on how this essential collaboration enhances threat detection, refines security controls, and improves overall cyber resilience. Learn more about your ad choices. Visit megaphone.fm/adchoices
Dr. Hugh Thompson, Executive Chairman of RSA Conference and Managing Partner at Crosspoint Capital joins Ann on this week's episode of Afternoon Cyber Tea. They discuss what goes into planning the world's largest cybersecurity conference—from theme selection to llama-related surprises on the expo floor—and how the RSA community continues to evolve. Hugh also shares how his background in applied math led him from academia to cybersecurity, his thoughts on the human element in security, and what keeps him optimistic about the future of the industry. Resources: View Hugh Thompson on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
This week on Caveat, Dave and Ben welcome back N2K's own Ethan Cook for our latest policy deep dive segment. As a trusted expert in law, privacy, and surveillance, Ethan is joining the show regularly to provide in-depth analysis on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Please take a moment to fill out an audience survey! Let us know how we are doing! Policy Deep Dive In this Caveat Policy Deep Dive, our conversation and analysis revolve around critical infrastructure policy. Throughout this conversation, we break down how critical infrastructure policy has evolved over the past fifteen years and what policies have been behind some of these advancements. Some key topics focused on during this conversation center on some of the centralization of infrastructure management policies, the creation of CISA, and how the second Trump administration is changing the federal government's approach when managing critical infrastructure. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing a new bill that is gaining traction in Congress where Senators Merkley and Kennedy are looking to limit the TSA's facial scanning program. This law comes after the DHS announced an audit regarding how the TSA has used this technology. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Megan Stalling to unpack new intelligence on the BadPilot Campaign, a sophisticated operation by a subgroup of Seashell Blizzard—also known as APT-44, Iridium, or Sandworm. The team explores how this subgroup, active since 2021, uses opportunistic access, remote management tools, and Tor based ShadowLink infrastructure to maintain covert control of compromised systems. They also examine trends across threat actor ecosystems, how tactics evolve through shared influence, and why network detection remains a key battleground in defending against persistent global threats. In this episode you'll learn: How evolving network detection is helping stop threat actors Why Seashell Blizzard targets industrial control systems When fake Zoom links and meeting invites are used to lure victims into engagement Some questions we ask: Have North Korean hackers improved at social engineering lately? What's this subgroup's main goal when it comes to network attacks? Why would a group like this use such basic tactics instead of more advanced ones? Resources: View Megan Stalling on LinkedIn View Anna Seitz on LinkedIn View Sherrod DeGrippo on LinkedIn BadPilot Campaign, Seashell Blizzard How Microsoft Names Threat Actors Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Felix Boulet fresh off his participation in Zero Day Quest. Felix talks about his unique journey from industrial maintenance to becoming a full-time vulnerability researcher, and how that background fuels his passion for hacking and bug bounty work. He explains his method for finding bugs in Microsoft products—particularly in identity systems—and why identity is such a valuable target for attackers. Felix also shares highlights from the Zero Day Quest event, where he focused on building connections, learning from Microsoft engineers, and experiencing the collaborative side of the security community. In This Episode You Will Learn: Why identity-based bugs are especially valuable and dangerous in the security world When breaking identity controls can be the key to pivoting through an entire system How SharePoint's concept of "virtual files" impacts vulnerability validation Some Questions We Ask: What was your first bug bounty experience? Can you explain what the flash challenges were and what your experience was like? Do you think sharing bug ideas could cost you a bounty? Resources: View Felix Boulet on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
On this special episode of Afternoon Cyber Tea, Ann brings listeners inside the 2025 RSA Conference to explore the intersection of AI, quantum computing and cyber resiliency with two visionary experts: Massachusetts Institute of Technology's Vinod Vaikuntanathan and Dr. Sasha O'Connell from The Aspen Institute. Vinod shares how quantum computing poses a serious threat to current encryption methods and explains the urgent need for post-quantum cryptography, while Sasha shares her non-technical path into cybersecurity, her work leading Aspen Digital's global policy efforts and the launch of the new public campaign aimed at making cybersecurity accessible and actionable for everyone. Resources: View Sasha O'Connell on LinkedIn View Vinod Vaikuntanathan on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
We're sharing a episode from another N2K show we thought you might like. It's the third episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: While the cybersecurity industry has expanded and grown in recent years, newcomers still struggle to gain relevant "experience" before officially beginning their cyber careers. In this episode of CISO Perspectives, host Kim Jones sits down with Kathleen Smith, the Chief Outreach Officer at clearedjobs.net and the co-host of Security Cleared Jobs: Who's Hiring & How, to discuss this dilemma and what new entrants can do to account for these difficulties. Throughout the conversation, Kathleen and Kim will discuss the challenges associated with entry-level cyber positions, how to gain meaningful experience, and how the industry as a whole contributes to this problem. Want more CISO Perspectives?: Check out a companion blog post by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It's the perfect follow-up if you're curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Caveat. This week on Caveat, Dave and Ben are thrilled to welcome back N2K's own Ethan Cook for the second installment of our newest policy deep dive segment. As a trusted expert in law, privacy, and surveillance, Ethan is joining the show regularly to provide in-depth analysis on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Please take a moment to fill out an audience survey! Let us know how we are doing! Policy Deep Dive In this Caveat Policy Deep Dive, we turn our focus to the evolving landscape of artificial intelligence (AI) policy. This month, the Caveat team delves into the key issues shaping political discourse around AI, exploring state-led initiatives, the lack of significant federal action, and the critical areas that still require stronger oversight, offering an in-depth analysis of AI legislation, the varied approaches across states, and the pressing challenges that demand federal attention. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers the story of the Paris AI summit, where French President Emmanuel Macron and EU digital chief Henna Virkkunen announced plans to reduce regulatory barriers to support AI innovation. The summit highlighted the growing pressure on Europe to adopt a lighter regulatory touch in order to remain competitive with the U.S. and China, while also addressing concerns about potential risks and the impact on workers as AI continues to evolve. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Lauren Proehl, Sydney Marrone, and Jamie Williams to dig into the THOR Collective — a fresh, community-driven initiative bringing modern energy to threat intel. The group discusses the ongoing tension where developers focus on user-friendly design while security professionals aim to break things to prevent malicious use. They also dive into the THOR Collective, a community-driven initiative with open-source projects like Hearth and their twice-weekly Substack newsletter, Dispatch, which combines research, memes, and real-world lessons to uplift the InfoSec community. The conversation touches on the challenges of security, the disconnect between the public and understanding risks, and the need for more user-friendly, AI-driven security solutions that cater to various skill levels. In this episode you'll learn: The value of consistently publishing high-quality content How the THOR Collective addresses this issue through innovative and digestible content The importance of making complex InfoSec topics approachable for different experience levels Some questions we ask: What's going on with the rise in toll scam text messages? Why has social engineering remained such a successful tactic for threat actors? How does THOR Collective welcome new voices in InfoSec, and why is this crucial in today's security landscape? Resources: View Lauren Proehl on LinkedIn View Sydney Marrone on LinkedIn View Jamie Williams on LinkedIn View Sherrod DeGrippo on LinkedIn THOR Collective Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Marco Ivaldi, co-founder and technical director of HN Security, a boutique company specializing in offensive security services, shares his journey from hacking as a teenager in the '80s to becoming a key figure in the security research community. With nearly three decades of experience in cybersecurity, Marco digs into the ongoing challenges, particularly in Active Directory and password security, highlighting vulnerabilities that continue to pose significant risks today. He recounts his unexpected path into bug bounty hunting, including his involvement in Microsoft's Zero Day Quest and his passion for auditing real-time operating systems like Azure RTOS. In This Episode You Will Learn: How Marco taught himself BASIC and assembly through cassette tapes and trips to local libraries Why mentorship and positive leadership can catapult your cybersecurity career When measuring network response times can unintentionally leak valuable info Some Questions We Ask: Do you remember the first time you made code do something unexpected? What was your experience like in the Zero Day Quest building for those three days? How are you thinking of approaching fuzzing after Zero Day Quest? Resources: View Marco Ivaldi on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn HN SECURITY Learn More About Marco Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
We're sharing a episode from another N2K show we thought you might like. It's the first episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: Cybersecurity has an identity problem where the industry as a whole is struggling to determine whether it is a trade or a profession. In this episode of CISO Perspectives, host Kim Jones sits down with Larry Whiteside Jr., the Chief Advisory Officer for The CISO Society, to discuss this identity crisis and how the industry as a whole connects to both of these labels. Throughout the conversation, Larry and Kim will discuss the merits and drawbacks of both labels and how cybersecurity does not solely fall into one category or the other. Want more CISO Perspectives?: Check out a companion blog post by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It's the perfect follow-up if you're curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices
Christina Morillo, Head of Information Security at the National Football League's New York Giants joins Ann on this week's episode of Afternoon Cyber Tea. Christina discusses the ins and outs of building a resilient cybersecurity strategy, the importance of entering organizations with curiosity—not checklists—and why listening is always her first step. Christina breaks down common cybersecurity misconceptions, shares how to move from strategy to implementation, discusses the importance of storytelling in governance and shares how she addresses burnout and mental health in her teams. Resources: View Christina Morillo on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
We're sharing a episode from another N2K show we thought you might like. It's the first episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: The cyber talent ecosystem faces severe indigestion, which has stifled growth and closed doors to new talent. In this episode of CISO Perspectives, host Kim Jones sits down with Ed Adams, the Head of Cybersecurity for North America at the Bureau Veritas Group, to discuss what has caused this indigestion and how leadership can better address these challenges. A key aspect of this conversation revolved around discussing Ed's book, See Yourself in Cyber: Security Careers Beyond Hacking, and how he expands the conversation surrounding traditional roles associated with cybersecurity. Want more CISO Perspectives?: Check out a companion blog post by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It's the perfect follow-up if you're curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week on Caveat, Dave and Ben welcome back N2K's own Ethan Cook for our latest policy deep dive segment. As a trusted expert in law, privacy, and surveillance, Ethan is joining the show regularly to provide in-depth analysis on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Please take a moment to fill out an audience survey! Let us know how we are doing! Policy Deep Dive In this Caveat Policy Deep Dive, our conversation and analysis revolves around US cybersecurity policy. Throughout this conversation, we break down the Trump administration's efforts to reassess the US's cybersecurity policies. Some key talking points revolve around pivoting the nation's international focus to prioritize the Pacific region as well as domestic efforts to place cybersecurity responsibilities in the hands of state governments rather than federal agencies. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers the story of the FTC officially kicking off its antitrust lawsuit against Meta, and how it accusing the tech giant of monopolizing the social media market through a “buy-or-bury” strategy, with high-profile witnesses like Mark Zuckerberg set to testify as the agency attempts to unwind years-old acquisitions. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
The CVE program gets a last-minute reprieve. A federal whistleblower alleges a security breach at the NLRB. Texas votes to spin up their very own Cyber Command. BreachForums suffers another takedown. A watchdog group sues the federal government over SignalGate allegations. The SEC Chair reveals a 2016 hack. ResolverRAT targets the healthcare and pharmaceutical sectors worldwide. Microsoft warns of blue screen crashes following recent updates. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. 4chan gets Soyjacked. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. Today's question comes from N2K's EC-Council Certified Ethical Hacker CEH (312-50) Practice Test. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading Funding Expires for Key Cyber Vulnerability Database (Krebs on Security) CISA extends funding to ensure 'no lapse in critical CVE services' (Bleeping Computer) CVE Foundation (CVE Foundation) NoVa govcon firm Mitre to lay off 442 employees after DOGE cuts contracts (Virginia Business) Federal employee alleges DOGE activity resulted in data breach at labor board (NBC News) Whistleblower claims DOGE took sensitive data - now he's being hounded by threatening notes (CNN via YouTube) New state agency to deal with cyber threats advances in Texas House (Texarkana Gazette) BreachForums taken down by the FBI? Dark Storm hackers say they did it “for fun” (Cybernews) Here's What Happened to Those SignalGate Messages (WIRED) After breach, SEC says hackers used stolen data to buy stocks (CNET) New ResolverRAT malware targets pharma and healthcare orgs worldwide (Bleeping Computer) Microsoft warns of blue screen crashes caused by April updates (Bleeping Computer) Infamous message board 4chan taken down following major hack (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Sarah Pfabe to dive into the activities of the Russian-aligned threat actor, Star Blizzard. Active since 2022, Star Blizzard recently shifted tactics by using WhatsApp for spear-phishing campaigns targeting government officials, NGOs, and academics. The team discusses how this change in approach may be a response to previous exposure of their tactics. They also explore the resilience of Star Blizzard, highlighting Microsoft's disruption of their operations, including the seizure of domains, and the ongoing threat posed by this actor despite legal actions. In this episode you'll learn: Why threat actors like Star Blizzard are highly resilient and quickly adapting What steps users take to avoid falling victim to mobile malware Challenges of monitoring WhatsApp activity and why this platform has become a target Some questions we ask: What role do QR codes play in Star Blizzard's phishing campaigns? Why do you think phishing continues to be the number one access vector? How resilient is Star Blizzard when facing disruptions like domain seizures or legal actions? Resources: View Sarah Pfabe on LinkedIn View Anna Seitz on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Dhiral Patel, Senior Security Engineer at ZoomInfo and one of MSRC's Most Valuable Researchers (MVR). Dhiral shares how a hacked Facebook account sparked his passion for ethical hacking. From web development to penetration testing, Dhiral has become a top bug hunter, landing multiple spots on the MSRC leaderboards. Dhiral reflects on his early MSRC submissions and lessons learned. He also discusses the importance of mastering web security basics, practicing on platforms like TryHackMe and Hack the Box, and staying connected with the bug bounty community. In This Episode You Will Learn: The importance of mastering web security basics before diving into bug bounty hunting Why hands-on platforms like TryHackMe and Hack the Box are perfect for beginners Dhiral's journey from blogging to freelancing and security research Some Questions We Ask: How do you balance competition and collaboration in the bug bounty community? Can you explain what clickjacking is and if it still works today? Why did you start with Power BI, and how did it lead to your journey in security? Resources: View Dhiral Patel on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
This week, while Dave Bittner is out, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with a lot of follow up on listener feedback this week! Justin shares a thought about how to track gold deliveries with a simple sting operation involving an AirTag. Xray Specs offers a fun response to a theory about scanning plates and running Python scripts, stating they receive similar emails despite not owning a car. Jim Gilchrist recounts his experience with E-ZPass and unpaid tolls, explaining how a failed transponder led to a replacement and noting the prevalence of scam toll messages. Joe shares two gripping stories this week, one being on how the FBI is seizing $8.2 million from a massive romance scam involving cryptocurrency, and second is on a Maryland woman losing millions in a growing "pig butchering" scheme, with the FBI warning that many more victims are at risk. Maria's story is on an East Hartford woman caught up in a federal sweepstakes scam targeting the elderly. The suspects, including one local resident, allegedly stole millions. What did they do, and how did they get caught? Our catch of the day comes from a user on Reddit who shares a message they got from billionaire, and owner of Tesla, Elon Musk. Resources and links to stories: FBI Cracks 'Pig Butchering' Scam on Dating Sites Maryland woman loses millions in crypto "pig butchering" scam as FBI warns of more targets East Hartford Woman Bilked Elderly In Fake Sweepstakes Scam: Feds Elon Musk Vows To Hand Out $1 Million Checks This Weekend: What To Know Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
Jack Rhysider, the creator and host of cybersecurity podcast Darknet Diaries joins Ann on this week's episode of Afternoon Cyber Tea. Jack shares his journey from network security engineer to self-taught storyteller, detailing how his passion for cybersecurity and relentless dedication to learning and marketing helped him build an independent media powerhouse. He discusses the challenges of growing the podcast from scratch, the intensity required to succeed, and why telling well-researched cybercrime stories keeps him motivated. Resources: View Jack Rhysider on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
This week our hosts, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. First, we start off with some more follow-up on EZ passes, along with the newest iteration, as Kailey Cornick shares that scammers target phone numbers rather than actual toll users, sending her SUN pass scam texts tied to her old Florida number. Dave shares the story of Palo Alto's Unit 42 researchers uncovering a massive campaign distributing thousands of fraudulent cryptocurrency investment platforms via websites and mobile apps, using brand impersonation, Ponzi-like schemes, and domain fronting to deceive victims, primarily in East Africa and Asia. Maria follows the story of a Queens man arraigned for allegedly scamming a 72-year-old Newton woman out of over $480,000 by posing as a DEA agent and coercing her into transferring her assets under the threat of arrest. Joe came across a Facebook video featuring an AI-generated ad falsely claiming Kelly Clarkson endorsed a weight loss product. These deceptive ads use AI to create convincing deepfakes, making it appear as if celebrities are promoting products they've never actually supported. Our catch of the day comes from listener Connor, who flagged a phishing email pretending to be from the Social Security Administration. The email urges the recipient to click a link to view an "important update," but the repetition of the message and a suspicious logo placeholder suggest it's a phishing attempt designed to steal personal info. Resources and links to stories: Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims Man Arraigned After Posing as Government Agent to Scam Senior out of Over $480,000 'I have terminal cancer and lost my life savings to whisky barrel scammers' Casks and Kegs Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
Google and Mozilla patch nearly two dozen security flaws. The UK's Royal Mail Group sees 144GB of data stolen and leaked. A bizarre campaign looks to recruit cybersecurity professionals to hack Chinese websites. PostgreSQL servers with weak credentials have been compromised for cryptojacking. Google Cloud patches a vulnerability affecting its Cloud Run platform. Oracle faces a class-action lawsuit over alleged cloud services data breaches. CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation and Hitachi Energy products. General Paul Nakasone offers a candid assessment of America's evolving cyber threats. On today's CertByte segment, a look at the Cisco Enterprise Network Core Technologies exam. Are AI LLMs more like minds or mirrors? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources, this week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Enterprise Network Core Technologies (350-401 ENCOR) v1.1 exam. Today's question comes from N2K's Cisco CCNP Implementing and Operating Cisco Enterprise Network Core Technologies ENCOR (350-401) Practice Test. The ENCOR exam enables candidates to earn the Cisco Certified Specialist - Enterprise Core certification, which can also be used to meet exam requirements for several other Cisco certifications. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.cisco.com/site/us/en/learn/training-certifications/exams/encor.html Selected Reading Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities (SecurityWeek) Royal Mail Group Loses 144GB to Infostealers: Same Samsung Hacker, Same 2021 Infostealer Log (Infostealers) Someone is trying to recruit security researchers in bizarre hacking campaign (TechCrunch) Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers (SC Media) ImageRunner Flaw Exposed Sensitive Information in Google Cloud (SecurityWeek) Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users (SecurityWeek) Oracle now faces class action amid alleged data breaches (The Register) CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS (Cyber Security News) Exclusive: Gen. Paul Nakasone says China is now our biggest cyber threat (The Record) Large AI models are cultural and social technologies (Science) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this special episode marking 50 years of Microsoft, host Sherrod DeGrippo is joined by Charlie Bell, Stephanie Calabrese, John Lambert, and Scott Woodgate to take a deeper look at Microsoft's incredible journey in cybersecurity. They share their experiences and reflections on how the company has grown over the last five decades, from the early days of proprietary systems to the transformative rise of cloud computing and AI. As they celebrate this milestone, the conversation dives into the evolution of security practices, the development of key initiatives like the Microsoft Threat Intelligence Center and the Secure Future Initiative, and the culture of collaboration that has always been at the heart of Microsoft's approach to tackling cybersecurity challenges. In this episode you'll learn: How Microsoft evolved to lead the charge in cloud computing and AI Why Microsoft's security efforts have influenced the broader tech industry The evolution of Microsoft's security, from XP Service Pack 2 to the Secure Future Initiative Some questions we ask: How did the company's culture and products impact you early on? How have you seen Microsoft's prioritization toward cybersecurity create change? Resources: View Charlie Bell on LinkedIn View Stephanie Calabrese on LinkedIn View John Lambert on LinkedIn View Scott Woodgate on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
A cyberattack targeting Oracle Health compromises patient data. The DOJ nabs over $8 million tied to romance scams. Trend Micro examines a China-linked APT group conducting cyber-espionage. A new Android banking trojan called Crocodilus has emerged. North Korea's Lazarus Group targets job seekers in the crypto industry. CISA IDs a new malware variant targeting Ivanti Connect Secure appliances. Maria Varmazis, host of N2K's T-Minus Space Daily show chats with Jake Braun, former White House Principal Deputy National Cyber Director and chairman of DEF CON Franklin. They discuss designating space as critical infrastructure. Nulling out your pizza payment. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Maria Varmazis, host of N2K's T-Minus Space Daily show sits down with Jake Braun, former White House Principal Deputy National Cyber Director and chairman of DEF CON Franklin, and they discuss designating space as critical infrastructure and sharing an overview of its attack surface. Selected Reading Oracle Health breach compromises patient data at US hospitals (Bleeping Computer) Oracle Warns Health Customers of Patient Data Breach (Bloomberg) Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware (SecurityWeek) U.S. seized $8.2 million in crypto linked to 'Romance Baiting' scams (Bleeping Computer) DOJ Seizes USD 8.2M Tied to Pig Butchering Scheme (TRM Labs) Earth Alux Hackers Employ VARGIET Malware to Attack Organizations (Cyber Security News) 'Crocodilus' Android Banking Trojan Allows Device Takeover, Data Theft (SecurityWeek) ClickFake Interview – Lazarus Hackers Exploit Windows and macOS Users Fake Job Campaign (Cyber Security News) CISA Analyzes Malware Used in Ivanti Zero-Day Attacks (SecurityWeek) How A Null Character Was Used to Bypass Payments (System Weakness on Medium) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week our hosts, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), and they are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up on E-ZPass scams—a listener suggests that scammers may be exploiting exposed license plate reader data, as demonstrated by YouTuber Mike Brown, to link plate numbers with breached phone records and send scam texts in real time. Dave's story is on how scammers may use conditioning techniques in romance scams—Ben Tasker observed that refusing to provide a phone number led to fewer photos being sent early on, suggesting scammers use rewards like photos to encourage compliance. Joe's got the story of Google's lawsuit against scammers who created and sold thousands of fake business listings on Google Maps, exploiting urgent services like locksmiths and towing to deceive customers and charge inflated fees. Maria's got the story of the FTC suing Click Profit for allegedly scamming consumers out of millions with a fake “passive income” scheme, falsely promising high returns through AI-driven e-commerce stores on Amazon, Walmart, and TikTok while most investors ended up losing money. Our catch of the day comes from Reddit after a user posted a conversation with a scammer after messing with them about a potential job opportunity. Resources and links to stories: Who is sending those scammy text messages about unpaid tolls? My Scammer Girlfriend: Baiting A Romance Fraudster Google finds 10,000 fake listings on Google Maps, sues alleged network of scammers AI scammers on Amazon duped investors out of millions with ‘passive income' scheme, FTC alleges Can I work from jail? Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
Ryan Field, Executive Vice President & Chief Information Security Officer at Bank of Hawaii joins Ann on this week's episode of Afternoon Cyber Tea. With over two decades of experience in IT and cybersecurity, Ryan shares his approach to security leadership; and the importance of fostering collaboration and diverse perspectives. He discusses the unique challenges of cybersecurity in banking and financial services, how organizations across Hawaii are coming together to build a more resilient security workforce, and how shifting from enforcers to influencers is transforming security culture. Resources: View Ryan Field on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe shares a bit of follow up on scam victims sharing their experiences of losing money to various frauds, including investment schemes, romance scams, business email compromises, online shopping fraud, unusual payment requests, tax impersonations, remote access scams, and identity theft. Maria shares a story on scammers using fake E-ZPass toll alerts to steal personal information, and another on victims losing thousands to investment, romance, and online shopping scams. Dave's got the story of how digital scammers prey on the financially vulnerable, using AI-generated content and deceptive ads on platforms like Instagram to sell worthless "get-rich-quick" schemes that ultimately leave victims deeper in debt. Joe's got two stories this week, the first being on Wenhui Sun, a California man, and how he was sentenced to six and a half years for stealing nearly $800,000 through a gold bar scam targeting victims nationwide. Meanwhile, the U.S. Federal Trade Commission reported a sharp rise in fraud, with 2.6 million people losing $12.5 billion in 2024, up from $2.5 billion in 2023, primarily due to impostor scams. Younger adults reported losing money more often than older ones. Our catch of the day follows how First Lady Melania Trump messaged an unsuspecting citizen claiming to give them a free gift. Resources and links to stories: Scam victims tell us their stories Digital Snake Oil Merchants Are Stealing From The Already Broken California man sentenced after Montgomery Co. woman loses over $700K in gold bar scam FTC says Americans lost $12.5B to scams last year — social media, AI, and crypto didn't help You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
A critical vulnerability could let attackers hijack and potentially disable vulnerable servers. Europol warns of a “shadow alliance” between state-backed threat actors and cybercriminals. Sekoia examines ClearFake. A critical PHP vulnerability is under active exploitation. A sophisticated scareware phishing campaign has shifted its focus to macOS users. Phishing as a service attacks are on the rise. A new jailbreak technique bypasses security controls in popular LLMs. Microsoft has uncovered StilachiRAT. CISA confirms active exploitation of a critical Fortinet vulnerability. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. AI coding assistants get all judgy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources. This week, Chris is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. Today's question comes from N2K's ISACA® Certified Information Security Manager® (CISM®) Practice Test. The CISM exam helps to affirm your ability to assess risks, implement effective governance, proactively respond to incidents and is the preferred credential for IT managers, according to ISACA.To learn more about this and other related topics under this objective, please refer to the following resource: CISM Review Manual, 15th Edition, 1.0, Information Security Governance, Introduction. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isaca.org/credentialing/cism#1 Selected Reading Critical AMI MegaRAC bug can let attackers hijack, brick servers (bleepingcomputer) Europol Warns of “Shadow Alliance” Between States and Criminals (Infosecurity Magazine) ClearFake's New Widespread Variant: Increased Web3 Exploitation for Malware Delivery (Sekoia.io Blog) PHP RCE Vulnerability Actively Exploited in Wild to Attack Windows-based Systems (cybersecuritynews) Scareware Combined With Phishing in Attacks Targeting macOS Users (securityweek) Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge (Infosecurity Magazine) New Jailbreak Technique Bypasses DeepSeek, Copilot, and ChatGPT to Generate Chrome Malware (gbhackers) Microsoft Warns of New StilachiRAT Malware (SecurityWeek) Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns (Infosecurity Magazine) AI coding assistant Cursor reportedly tells a 'vibe coder' to write his own damn code (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Our hosts start out with some follow up on chicken talk from last week. Maria shares the story of scammers impersonating police officers in England to steal cryptocurrency by exploiting leaked personal data, creating fake fraud reports, and tricking victims into revealing their seed phrases, leading to losses totaling £1 million. Joe has two stories this week, his first one is on a $21 million "Grandparent Scam" in which 25 Canadians were charged for running a scheme from Montreal call centers, posing as grandchildren in distress to deceive elderly Americans into handing over money, with 23 suspects already arrested. Joe's second story is on two people charged in a ticket scam that exploited a loophole in StubHub's system to steal and resell over 900 tickets—mostly for Taylor Swift's Eras Tour—netting more than $600,000 in profit before being caught by the Queens D.A.'s Cybercrime Unit. We have a special catch of the day this week, where we are joined by N2K's own Ma'ayan Plaut, who joins to discuss going out of business scams. Resources and links to stories: ‘Fake police call cryptocurrency investors to steal their funds Dozens of Canadians Are Charged in $21 Million ‘Grandparent Scam' 2 People Charged with Taylor Swift Eras Tour Ticket Scam That Allegedly Netted More Than $600K BBB Scam Alert: How to spot a fake "going out of business" sale Joann Fabric's going out of business scam You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
This week on Caveat, Dave and Ben welcome back N2K's own Ethan Cook for the third installment of our newest policy deep dive segment. As a trusted expert in law, privacy, and surveillance, Ethan is joining the show regularly to provide in-depth analysis on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Please take a moment to fill out an audience survey! Let us know how we are doing! Policy Deep Dive In this Caveat Policy Deep Dive, we turn our focus to online safety for children. The discussion highlights legislative efforts such as the Kids Online Safety Act (KOSA) and COPPA 2.0, which aim to strengthen protections for minors online but face criticism over free speech concerns and potential government overreach. Despite bipartisan support, these bills have stalled in Congress, prompting states like Florida, California, and Utah to implement their own child safety laws. The episode examines the challenges of enforcement, the impact of state-led initiatives, and the ongoing debate over balancing child protection with digital rights. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers the story of the ongoing debate over online child safety, focusing on stalled federal bills like KOSA and COPPA 2.0, concerns over free speech and enforcement, and how states are stepping in with their own regulations. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
We hear audio from Dennis Gates & Jac Caglianone, and some NFL News in the N2K, Michael Swain of 247Sports joins us for KU Hoops talk, and a Stephen A Smith Kicker!See omnystudio.com/listener for privacy information.
On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off the show with some follow-up from a long-time listener who shared how switching to Publii and Cloudflare Pages saved his wife's psychiatric nurse practice over $120/year in hosting costs after discovering static site generators on Hacking Humans. Joe's story is on a warning from an Oregon woman who fell victim to an online scam while trying to buy hens for her backyard chicken coop amid egg shortages caused by the bird flu, urging others to be cautious and avoid transactions on social media. Maria has the story on the increasing threats targeting sellers on online marketplaces, including phishing campaigns, scams designed to bypass platform protections, and the risks associated with off-platform transactions, all of which emphasize the need for heightened vigilance and security measures. The catch of the day, from Scott, highlights an email invitation that appeared legitimate but redirected to a phishing site designed to steal email credentials, with Scott's wife recognizing the suspicious nature and forwarding it for further investigation. Resources and links to stories: ‘Be suspicious': Sweet Home woman warns of chicken scam amid egg shortage Your item has sold! Avoiding scams targeting online sellers You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
US Treasury Department sanctions Iranian national accused of running the Nemesis criminal marketplace. Hunters International threatens to leak data stolen from Tata Technologies. Apple challenges U.K.'s iCloud encryption backdoor order. UK competition regulator says no investigation into Microsoft's OpenAI partnership. Stealthy malware campaign targets the UAE's aviation and satellite industry. This week on our CertByte segment, N2K's Chris Hare is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam. And hackers hit the books. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. This week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam, 201-301, version 1.1 exam. Today's question comes from N2K's Cisco Certified Network Associate (CCNA 200-301) Practice Test. According to Cisco, the CCNA is the industry's most widely recognized and respected associate-level certification. To learn more about this and other related topics under this objective, please refer to the following resource: https://learningnetwork.cisco.com/s/article/protection-techniques-nbsp-from-wardriving-attack To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.cisco.com/site/us/en/learn/training-certifications/certifications/enterprise/ccna/index.html Selected Reading Treasury sanctions Iranian national behind defunct Nemesis darknet marketplace (The Record) Ransomware Group Claims Attack on Tata Technologies (SecurityWeek) Apple is challenging U.K.'s iCloud encryption backdoor order (TechCrunch) UK's competition regulator says Microsoft's OpenAI partnership doesn't qualify for investigation (TechCrunch) Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware (Proofpoint) Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear (GuidePoint Security) Fake police call cryptocurrency investors to steal their funds (Bitdefender) Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (Bleeping Computer) Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement (CyberScoop) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Credential theft puts sensitive corporate and military networks at risk. A federal judge refuses to block DOGE from accessing sensitive federal data. New York-based Insight Partners confirms a cyber-attack. BlackLock ransomware group is on the rise. OpenSSH patches a pair of vulnerabilities. Russian threat actors are exploiting Signal's “Linked Devices” feature. Over 12,000 GFI KerioControl firewalls remain exposed to a critical remote code execution (RCE) vulnerability.CISA issued two ICS security advisories. Federal contractors pay $11 million in cybersecurity noncompliance fines. In our CertByte segment, Chris Hare is joined by Steven Burnley to break down a question targeting the ISC2® SSCP - Systems Security Certified Practitioner exam.Sweeping cybercrime reforms are unveiled by…Russia? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources, for the past 25 years, N2K's practice tests have helped more than half a million IT and cyber security professionals reach certification success. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isc2.org/certifications/sscp Selected Reading Hundreds of US Military and Defense Credentials Compromised (Infosecurity Magazine) DOGE Team Wins Legal Battle, Retains Access to Federal Data (GovInfo Security) Musk Ally Demands Admin Access to System That Lets Government Text the Public (404 Media) Cyber Investor Insight Partners Suffers Security Breach (Infosecurity Magazine) BlackLock On Track to Be 2025's Most Prolific Ransomware Group (Infosecurity Magazine) Qualys reports two flaws in OpenSSH, one critical DDoS (Beyond Machines) Russian phishing campaigns exploit Signal's device-linking feature (Bleeping Computer) Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (Bleeping Computer) CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities (Cyber Security News) Managed healthcare defense contractor to pay $11 million over alleged cyber failings (The Record) Russian Government Proposes Stricter Penalties to Tackle Cybercrime (GB Hackers) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
© 2020-2025 Ivy Podcast Discovery LLC
