Podcasts about NCSC

In deze podcast luister je naar het gesprek dat Jeroen Prinse (voormalig CISO bij het NCSC, nu strategisch adviseur) en Rob van der Veer (Chief AI Officer bij SIG en AI standaardmaker bij ISO en de AI Act) hadden tijdens het webinar van 12 februari 2026.We willen AI het liefst aan alles koppelen en naar onze data laten kijken, als we het kunnen vertrouwen. Want: waar gaat die data naar toe en hoe voorkomen we dat AI gemanipuleerd wordt? ​Rob en Jeroen hebben het over AI toepassen voor security, over het programmeren met AI en over het beveiligen van AI systemen, inclusief Agentic AI. Daarvoor putten de heren samen uit 20 jaar ervaring in security plus 34 jaar in AI. Zij geven een duidelijk overzicht, praktische tips en verwijzingen naar nuttige bronnen zoals owaspai.org en ncsc.nl/artificial-intelligence. 

A China-linked group exploits a critical Dell zero-day for 18 months. A Microsoft 365 Copilot bug risks sensitive email oversharing. A new Linux botnet leans on old-school IRC for command and control. Switzerland tightens critical infrastructure rules with mandatory cyber reporting. AstarionRAT emerges as a custom post-exploitation implant. Researchers find serious flaws in popular PDF platforms. A suspected Iranian-aligned campaign targets protest supporters. Notepad++ rolls out a “double-lock” update fix. And a Spanish court orders NordVPN and ProtonVPN to block illegal football streams. Our guest is Keith Mularski, Former FBI Special Agent and Chief Global Ambassador at Qintel, reflecting on the 25th anniversary of notorious spy Robert Hanssen's arrest. Dutch Defense flaunt F-35 firmware freedom.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Keith Mularski, Former FBI Special Agent and Chief Global Ambassador at Qintel, to talk about the 25th anniversary of Robert Hanssen's arrest. If you enjoyed Keith's conversation, you can hear more from him over on the Only Malware in the Building podcast. Selected Reading Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed (CyberScoop)  Microsoft says bug causes Copilot to summarize confidential emails (Bleeping Computer) New Linux Botnet Discovered (Linux Magazine) Switzerland's NCSC boosts operational capabilities, mandates cyberattack reporting on critical infrastructure (Industrial Cyber) ClickFix Won't Die. Neither Will Matanbuchus. A New RAT and a Hands-on-Keyboard Intrusion (Huntress) Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration (SecurityWeek) CRESCENTHARVEST: Iranian protestors and dissidents targeted in cyberespionage campaign (Acronis) Notepad++ boosts update security with ‘double-lock' mechanism (Bleeping Computer) Spain orders NordVPN, ProtonVPN to block LaLiga piracy sites (Bleeping Computer) Dutch defense chief: F-35s can be jailbroken like iPhones (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

I detta avsnitt av Palo Alto Networks podcast För Säkerhets Skull gästas podden av John Billow, chef för Nationellt Cybersäkerhetscenter (NCSC) som berättar om hur de suddiga gränserna mellan fred och geopolitisk konflikt har gjort en robust cybersäkerhet till själva hörnstenen i Sveriges totalförsvar. Han diskuterar cybersäkerhetens roll i det moderna svenska försvaret och hur tekniken förändrar spelplanen." Läs mer om hur du skyddar verksamheten mot moderna cyberhot: https://www.paloaltonetworks.com/engage/for-sakerhets-skull/ta-nk-om-sverig Detta är ett kommersiellt samarbete och inte en del av Di:s redaktionella innehåll.

On this week's Security Sprint, Dave and Andy covered the following topics:Opening:• TribalHub 6th Annual Cybersecurity Summit, 17–20 Feb 2026, Jacksonville, Florida• IT-ISAC, Food & Ag ISAC Ransomware Reports!• Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Rulemaking; Town Hall Meetings • What to Know About the Homeland Security Shutdown New York Times 15 Feb 2026Main Topics:South Korea blames Coupang data breach on management failure, not sophisticated attack – Reuters – 10 Feb 2026. “'It's more of a management problem than an advanced attack,' Choi Woo-hyuk, deputy minister for cyber security and network policy, told a press conference, citing lax oversight of authentication systems.” South Korean authorities released findings on a massive Coupang data leak, concluding that a former engineer exploited known authentication weaknesses and a retained signing key to access customer accounts for months, exposing personal data on about 33.7 million users. AI Threats & Mitigation• GTIG AI Threat Tracker: Distillation, Experimentation, and Continued Integration of AI for Adversarial Use — Google Cloud Blog — 12 Feb 2026. Google Threat Intelligence Group describes observed adversary use of AI across multiple phases of the attack lifecycle and highlights rising model extraction and distillation activity. • What CISOs need to know about ClawDBot, I mean MoltBot, I mean OpenClaw CSO Online — 16 Feb 2026. The article outlines enterprise risk considerations around OpenClaw and similar autonomous agent tooling that can execute actions on behalf of users with broad system access. It includes the warning that “The problem with running this is that these tools can do basically anything that a user can do,” says Rich Mogull, chief analyst at Cloud Security Alliance. Awareness of Preoperational Surveillance Tactics Associated With Terrorism Offers Opportunities — Joint Counterterrorism Assessment Team First Responder's Toolbox, ODNI — 13 Feb 2026. CISA's 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure. Notable highlights include: • Strengthened Collective Defense: Published more than 1,600 products and triaged 30,000+ incidents through CISA's 24/7 Operations Center – keeping critical systems secure. • Blocked Malicious Activity at Scale: Stopped 2.62 billion malicious connections on federal civilian networks and 371 million within critical infrastructure. • Enhanced Preparedness Nationwide: Led 148 cyber and physical security exercises with 10,000+ participants, helping partners refine emergency plans and boost local and national resilience. • Following Executive Order 14305, “Restoring American Airspace Sovereignty,” CISA published the Be Air Aware™ suite of security guides in November to help organization detect, respond to, and safely manage Unmanned Aircraft System Threats. Quick Hits:• Improving your response to vulnerability management — NCSC, 10 Feb 2026• Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 – CISA – 03 Feb 2026• CISA Helps Johnny Secure Operational Technology: New Guidance Addresses Cyber Risks from Legacy Protocols. CISA released the guidance Barriers to Secure OT Communication: Why Johnny Can't Authenticate. • Poland energy sector cyber incident highlights OT and ICS security gaps • CISA Updates BRICKSTORM Backdoor Malware Analysis Report• Blended Threats: Axios Future of Cybersecurity – Axios – 10 Feb 2026• A Defector Explains the Remote-Work Scam Helping North Korea Pay for Nukes Wall Street Journal 16 Feb 2026• Hacktivism today: what three years of research reveal about its transformation • Pakistan mosque attack highlights worsening militant threat

Tonight on the Carolina Weather Group, we are breaking down the massive winter storm that just walloped the Carolinas. From the mountains to the coast, we cover the historic snowfall totals and the icy impacts felt across North and South Carolina.❄️ In This Episode:NC & SC Storm Recap: James Brierton reports from Charlotte (Piedmont) and Sam Walker joins from the Outer Banks to discuss the monster storm totals across North Carolina. Plus, Frank Strait breaks down the significant snow accumulation across South Carolina.Guest Mark Sudduth: Renowned storm chaser Mark Sudduth (HurricaneTrack) joins the panel to share his experience chasing ice and snow in the Carolinas during this event, as well as his recent coverage of the massive Lake Effect snow bands in New York.Breaking NASCAR News: We are tracking live developments from Winston-Salem, where winter weather continues to disrupt The Clash. Already delayed by the weekend storm, tonight's race at Bowman Gray Stadium faces new delays due to stubborn sleet and rain.The Forecast Ahead: Don't put the coats away yet. We look at the potential for a few lingering snowflakes on Thursday and warn of a dangerous refreeze and frigid temperatures coming Friday morning.Subscribe to the Carolina Weather Group for your weekly verified weather updates!#NCwx #SCwx #WinterStorm #NASCAR #MarkSudduth #Weather#weather #northcarolina #southcarolina #ncwx #scwx #podcast

Welcome to episode 217 of the Financial Crime Weekly Podcast. I am Chris Kirkbride. In this episode, we lead with the US Treasury sanctioning 21 entities and individuals involved in Houthi oil smuggling and weapons procurement, while the EU marks a historic structural shift as the European Banking Authority transfers all AML/CFT mandates to the new AMLA. We examine the SFO's conviction of three directors in a £70 million "ethical forestry" fraud and the FCA's £309,843 fine against a consultant for repeated insider dealing. Furthermore, we discuss South Africa's legislative push to close FATF gaps via its updated 2025 Amendment Bill, and a stern warning from a UK Treasury Select Committee that regulators are moving too slowly to address the systemic risks posed by the rapid integration of AI. Finally, we consider the industrialisation of cybercrime, the NCSC's warning regarding escalating pro-Russian DDoS attacks on UK infrastructure, and new research into how youth cybercrime often begins with everyday online risk-taking.A transcript of this podcast, with links to the stories, will be available at www.crimes.financial.

If you like what you hear, please subscribe, leave us a review and tell a friend!

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Cyber Insights 2026: Information Sharing (SecurityWeek, 16 Jan 2026)• ICYMI: Homeland Republicans underscore importance of strong public-private sector partnerships to deter cyber threats — House Homeland Security Committee (Majority) | Jan 17, 2026 Main Topics:Pro-Russia hacktivist activity continues to target UK organisations & NCSC warns of hacktivist groups disrupting UK online services (UK National Cyber Security Centre, Jan 2026). The NCSC reports sustained, low-sophistication but high-volume hacktivist campaigns—primarily DDoS and website defacements—linked to pro-Russia narratives and opportunistic targeting of UK public- and private-sector organizations. While technically unsophisticated, the activity is persistent, media-aware, and designed to generate disruption, reputational harm, and psychological impact rather than deep network compromise. The NCSC emphasizes preparedness measures including DDoS resilience, clear incident communications, and executive awareness that “noise” activity can still impose real operational cost. • Russia-linked APT28 targets energy and defense groups tied to NATO • UAT-8837 targets critical infrastructure sectors in North America • A Day Without ICS: The real impact of ICS/OT security threats Ransomware• Worldwide ransomware roundup: 2025 end-of-year report • Global ransomware attacks rose 32% in 2025, as manufacturers emerged as top target• 2025 Shattered Records: Key takeaways from the GRIT 2026 Ransomware & Cyber Threat Report• DeadLock Ransomware: Smart Contracts for Malicious Purposes Domestic Operations: Joint Interagency Task Force-Counter Cartel (JIATF-CC) established & US Northern Command establishes JTF-GOLD Quick Hits:• (TLP:CLEAR) Assessing Terrorism Trends on the Horizon in 2026 — WaterISAC — Jan 15, 2026 • UK NCSC: Designing safer links: secure connectivity for operational technology• NCSC UK: Secure connectivity principles for OT (collection) • FBI: Secure Connectivity Principles for Operational Technology (OT) (PDF)• ACSC (Australia): New publication for small businesses managing cyber risks from AI • Artificial intelligence for small business: Managing cyber security risks• Developing your IT recovery plan (Canadian Centre for Cyber Security, Jan 2026)• Improving cyber security resilience through emergency preparedness planning (Canadian Centre for Cyber Security, Jan 2026)• Developing your incident response plan (Canadian Centre for Cyber Security, Jan 2026)• Developing your business continuity plan (Canadian Centre for Cyber Security, Jan 2026)

We're just over a week into 2026 but already, enterprise cybersecurity teams will be hard at work repelling attacks – and business leaders will be worrying about the year ahead.On the one hand, we're told that AI tools are beginning to empower security teams to go further and faster. On the other, the use of AI by hackers to launch attacks also appears to be on the rise.All of this is happening against a backdrop of rising geopolitical tensions and continual attacks by state-sponsored hacking groups against businesses. How will all this come together in 2026 and beyond?In this episode, Jane and Rory are joined by Jamie Collier, lead advisor in Europe at Google Threat Intelligence Group, to explore the risks – both novel and ordinary – enterprises face in 2026.Read more:NCSC issues urgent warning over growing AI prompt injection risks – here's what you need to knowCyber experts have been warning about AI-powered DDoS attacks – now they're becoming a realitySalt Typhoon attack on US congressional email system ‘exposes how vulnerable core communications systems remain to nation-state actors'OpenAI says prompt injection attacks are a serious threat for AI browsers – and it's a problem that's ‘unlikely to ever be fully solved'OpenAI turns to red teamers to prevent malicious ChatGPT use as company warns future models could pose 'high' security riskA flaw in Google's new Gemini CLI tool could've allowed hackers to exfiltrate dataGoogle says you shouldn't worry about AI malware – but that won't last long as hackers refine techniquesNorth Korean IT workers: The growing threatNorth Korean hackers...

God jul till er, alla våra kära lyssnare, och varmt välkomna till årets sista avsnitt!Idag, på självaste julafton, har vi en cyberjulklapp till er. Vi tar nämligen med er till ….Tomteboda! Där Nationellt cybersäkerhetscenter (NCSC) håller till.NCSC har funnits i fyra år, men många undrar fortfarande: Vad är NCSC egentligen, vad gör de, och varför spelar de en så stor roll för Sveriges cybersäkerhet? För att reda ut dessa frågor har vi bjudit in två väldigt centrala personer från NCSC till vår julaftonscyberhörna, två personer som befinner sig mitt i Sveriges cybersäkerhetsarbete: John Billow, chef för Nationellt cybersäkerhetscenter, och Tomas Beeckman Norrström, enhetschef för cyberverksamhet vid Försvarets radioanstalt (FRA).Tillsammans ger de oss en unik inblick i NCSC:s resa. Vad är egentligen centrumets primära uppdrag? Vad innebär det att FRA, som länge setts som en ”hemlig” myndighet, nu har huvudmannaskapet? Hur ser visionen ut för de kommande åren när NCSC ska bli navet för Sveriges cybersäkerhet?Vi går även in på hotbilden mot Sverige och hur den utvecklats. Vilka trender ser vi just nu, och vilka samhällssektorer är mest utsatta, och varför? Samtidigt pratar vi om vilka kompetenser och egenskaper NCSC letar efter hos personer som vill arbeta där, spännande! Som vanligt avslutar vi med konkreta tips om hur privatpersoner kan stärka sin cyberhygien, perfekt för att bli en lite säkrare internetanvändare lagom till nyårslöftena.Och hörni: Vem kan önska sig en bättre julklapp än att, på självaste julafton, få krypa upp i soffan och lära känna NCSC lite bättre? Vi kan i alla fall inte det, och vi hoppas att avsnittet ger både ny kunskap och några nya perspektiv till er idag

In de vijfde en laatste aflevering van Enter over cybersecurity voor het mkb kijken we vooruit: hoe maak je je bedrijf structureel weerbaar? We spreken met Abram Schermer, directeur van Tien Security en Anthonie Drenth, cybersecurity-adviseur bij het NCSC. Samen bespreken ze de 5 basisprincipes voor veilig digitaal ondernemen: gebruik inzicht, maak bewustzijn, beveilig apparatuur, beveilig toegang en bereid incident voor. Anthonie legt uit waarom juist deze vijf principes de basis vormen. Abram laat vanuit de dagelijkse praktijk zien hoe mkb-bedrijven deze principes toepassen. De boodschap: ieder bedrijf kan vandaag beginnen met weerbaar worden. Je hoort het in aflevering 5 van Enter - mkb onder digitaal vuur.Over deze serieCybercriminelen richten hun pijlen steeds vaker op het Nederlandse mkb. Niet omdat kleine bedrijven zo interessant zijn, maar omdat ze vaak minder goed beveiligd zijn dan grote organisaties. Een simpel wachtwoord, verouderde software of één medewerker die op een verkeerde link klikt - het is genoeg om binnen te komen.In deze serie van Enter van het NCSC duiken we in de cybersecurity van het mkb. We ontkrachten mythes, horen het verhaal van een ondernemer die getroffen werd door ransomware, kruipen in de huid van een ethisch hacker, spreken met een onderhandelaar die met cybercriminelen praat en krijgen concrete handvatten om weerbaar te worden.Presentatie: Yasmine AbiadhGasten: Abram Schermer (directeur bij Tien Security) en Anthonie Drenth (NCSC)Redactie: NCSC & DPIMontage en geluid: Practical Media

In de vierde aflevering van Enter over cybersecurity voor het mkb bespreken we wat je doet als het tóch misgaat. We spreken met Pim Takkenberg, algemeen directeur bij Northwave en voormalig politieman bij High Tech Crime. Pim voert professioneel onderhandelingen met cybercriminelen. Hij deelt zijn ervaringen: hoe verloopt zo'n eerste contact op het darkweb? Hoe betrouwbaar zijn criminelen in het nakomen van hun afspraken? En het grote dilemma: betaal je losgeld of niet? Pim legt uit wanneer betalen de juiste keuze kan zijn, maar ook waarom voorbereiding zo cruciaal is. Want de beste onderhandeling is die je nooit hoeft te voeren. Je hoort het in aflevering 4 van Enter - mkb onder digitaal vuur.Over deze serieCybercriminelen richten hun pijlen steeds vaker op het Nederlandse mkb. Niet omdat kleine bedrijven zo interessant zijn, maar omdat ze vaak minder goed beveiligd zijn dan grote organisaties. Een simpel wachtwoord, verouderde software of één medewerker die op een verkeerde link klikt – het is genoeg om binnen te komen.In deze serie van Enter van het NCSC duiken we in de cybersecurity van het mkb. We ontkrachten mythes, horen het verhaal van een ondernemer die getroffen werd door ransomware, kruipen in de huid van een ethisch hacker, spreken met een onderhandelaar die met cybercriminelen praat en krijgen concrete handvatten om weerbaar te worden.Presentatie: Yasmine AbiadhGast: Pim Takkenberg (algemeen directeur bij Northwave Cyber Security)Redactie: NCSC & DPIMontage en geluid: Practical Media

Tens of thousands of New Zealanders have been sent an unprecedented email from our National Cyber Security Centre. It's emailed 26,000 addresses warning malicious software, called Lumma Stealer, could have infected their devices. It's designed to steal sensitive information - and some stolen passwords are connected to Government agency systems and bank accounts. Aura Information Manager, Patrick Sharp, says international partners revealed the threat to our cyber security centre. He explained that presumably means an agency's uncovered a trove of stolen data and alerted the NCSC about the email addresses of concern. LISTEN ABOVESee omnystudio.com/listener for privacy information.

In de derde aflevering van Enter over cybersecurity voor het mkb kruipen we in de huid van de aanvaller. We spreken met Chester van den Bogaard, ethisch hacker die meer dan 50 kwetsbaarheden heeft gemeld bij het NCSC. Chester laat zien hoe verrassend eenvoudig het is om een slecht beveiligd mkb-netwerk binnen te dringen. Met tools die gewoon online beschikbaar zijn, krijg je binnen minuten toegang. Het gaat vaak niet om complexe hacks, maar om typische zwakke plekken: verouderde systemen, zwakke wachtwoorden, eenmedewerker die op een verkeerd linkje klikt. Chester deelt ook de quick wins: wat kun je vandaag nog implementeren om jezelf te beschermen? Je hoort het in aflevering 3 van Enter - mkb onder digitaal vuur.Over deze serieCybercriminelen richten hun pijlen steeds vaker op het Nederlandse mkb. Niet omdat kleine bedrijven zo interessant zijn, maar omdat ze vaak minder goed beveiligd zijn dan grote organisaties. Een simpel wachtwoord, verouderde software of één medewerker die op een verkeerde link klikt – het is genoeg om binnen te komen.In deze serie van Enter van het NCSC duiken we in de cybersecurity van het mkb. We ontkrachten mythes, horen het verhaal van een ondernemer die getroffen werd door ransomware, kruipen in de huid van een ethisch hacker, spreken met een onderhandelaar die met cybercriminelen praat en krijgen concrete handvatten om weerbaar te worden.Presentatie: Yasmine AbiadhGast: Chester van den Bogaard (Ethisch hacker)Redactie: NCSC & DPIMontage en geluid: Practical Media

In de tweede aflevering van Enter over cybersecurity voor het mkb hoor je het persoonlijke verhaal van Jack Ros, financieel directeur bij de Tom van Kuyk Groep, een Volvo-dealer met 110 medewerkers in Noord-Holland. Ongeveer drie jaar geleden kwam Jack op een normale vrijdagochtend binnen en zag zwarte schermen met een losgeldeis. Een ransomware-aanval. Alle systemen geblokkeerd. Een aflopende teller op het darkweb. Jack neemt ons mee door die eerste surreële momenten, het besluit om niet te betalen en het weekend waarin ze met zijn allen doorwerkten om het bedrijf te redden. Vijf dagen waren ze offline. Hoe hebbenze dat overleefd? En wat had hij vooraf anders gedaan? Je hoort het in aflevering 2 van Enter - mkb onder digitaal vuur.Over deze serieCybercriminelen richten hun pijlen steeds vaker op het Nederlandse mkb. Niet omdat kleine bedrijven zo interessant zijn, maar omdat ze vaak minder goed beveiligd zijn dan grote organisaties. Een simpel wachtwoord, verouderde software of één medewerker die op een verkeerde link klikt – het is genoeg om binnen te komen.In deze serie van Enter van het NCSC duiken we in de cybersecurity van het mkb. We ontkrachten mythes, horen het verhaal van een ondernemer die getroffen werd door ransomware, kruipen in de huid van een ethisch hacker,spreken met een onderhandelaar die met cybercriminelen praat en krijgen concrete handvatten om weerbaar te worden.Presentatie: Yasmine AbiadhGast: Jack Ros (financieel directeur bij de Tom van Kuyk Groep)Redactie: NCSC & DPIMontage en geluid: Practical Media

How might Trump's new National Security Strategy impact cyber? The UK's NCSC warns LLMs may never get over prompt injection. At least 18 U.S. universities were hit by a months-long phishing campaign. Russia blocks FaceTime. A bipartisan group of senators reviving efforts to strengthen protections across the health sector. Portugal provides legal safe harbor for good-faith security research. A large-scale campaign targets Palo Alto GlobalProtect portals. A Maryland man gets 15 months in prison for his part in a North Korean IT worker scam. Business Brief. Tim Starks from CyberScoop unpacks the President's pending cybersecurity strategy release. An AI image sends UK train schedules off the rails.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks, senior reporter  from CyberScoop, discussing President Trump's pending cybersecurity strategy release and the end of Sean Plankey's nomination process. Selected Reading National Security Strategy (The White House) The National Security Strategy: The Good, the Not So Great, and the Alarm Bells (CSIS) UK intelligence warns AI 'prompt injection' attacks might never go away (The Record) Over 70 Domains Used in Months-Long Phishing Spree Against US Universities (Hackread) Russia restricts FaceTime, its latest step in controlling online communications (AP News) Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues (CyberScoop) Portugal updates cybercrime law to exempt security researchers (Bleeping Computer) New wave of VPN login attempts targets Palo Alto GlobalProtect portals (Bleeping Computer) Maryland man sentenced for N. Korea IT worker scheme involving US government contracts (The Record) ServiceNow reportedly intends to acquire Veza for more than $1 billion (N2K Pro Business Briefing) Trains cancelled over fake bridge collapse image (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In de eerste aflevering van Enter over cybersecurity voor het mkb spreken we met Melle Conradie, onderzoeksadviseur bij Ipsos I&O, en Joeri Nelemans, relatiemanager cybersecurity bij het NCSC. Melle brengt de cijfers: mkb'ers maken zich meer zorgen over brand dan over cybercriminaliteit en zedenken ‘bij mij valt niks te halen'. Joeri laat vanuit de praktijk zien waarom dat een gevaarlijke misvatting is. Cybercriminelen zoeken niet naar specifieke bedrijven, maar naar makkelijke doelwitten. En als jouw systeem een zwakke plek heeft, ben jij het doelwit – ongeacht hoe groot of klein je bedrijf is. Je hoort het in aflevering 1 van Enter - mkb onder digitaal vuur.Over deze serieCybercriminelen richten hun pijlen steeds vaker op het Nederlandse mkb. Niet omdat kleine bedrijven zo interessant zijn, maar omdat ze vaak minder goed beveiligd zijn dan grote organisaties. Een simpel wachtwoord, verouderde software of één medewerker die op een verkeerde link klikt – het is genoeg om binnen te komen.In deze serie van Enter van het NCSC duiken we in de cybersecurity van het mkb. We ontkrachten mythes, horen het verhaal van een ondernemer die getroffen werd door ransomware, kruipen in de huid van een ethisch hacker, spreken met een onderhandelaar die met cybercriminelen praat en krijgen concrete handvatten om weerbaar te worden.Presentatie: Yasmine AbiadhGasten: Melle Conradie (Ipsos I&O) en Joeri Nelemans (NCSC)Redactie: NCSC & DPIMontage en geluid: Practical Media

If you like what you hear, please subscribe, leave us a review and tell a friend!

Hello and welcome to episode 207 of the Financial Crime Weekly Podcast. I am Chris Kirkbride. This episode covers a range of critical global financial crime developments, beginning with sanctions, where the UK government published statutory guidance detailing when trade licences under Russia sanctions may be granted, such as for humanitarian assistance or critical energy supply, while the US Treasury settled an $11.5 million sanctions case with IPI Partners for maintaining investments with sanctioned Russian oligarch Suleiman Kerimov. We also cover significant fraud and money laundering cases, including the European Public Prosecutor's Office uncovering a €40 million EU subsidy fraud scheme in Italy involving fictitious training courses, and the UK's Serious Fraud Office securing a conviction against the director of AOG Technics for selling aircraft engine parts with forged documentation. Additionally, we analyse integrity reforms, as the Council of Europe's GRECO confirmed the UK has made substantial progress in anti-corruption reforms within government and law enforcement, but still needs fully to implement sanctions for post-employment breaches and enhance lobbying transparency. We conclude with cybercrime, highlighting the NCSC's launch of its free Cyber Action Toolkit to help small businesses combat rising threats.A transcript of this podcast, with links to the stories, will be available at www.crimes.financial.

In the second part of his interview with journalist Nick Witchell, Steve and Nick delve into the world of AI and cyber. Steve shares his thoughts on autonomous cyber defense and argues that major actors like the ISF, large private enterprises, and the UK's National Cyber Security Centre, must lead the way and support small and medium-sized businesses in keeping pace with technological advancements. The two also discuss the future of AI, cautioning that we aren't as prepared as we need to be… Key Takeaways: Small and medium-sized businesses must receive support to stay up-to-date with new technologies. As more automation is introduced into business operations, understanding of one's crown jewels and how to protect them is increasingly important. AI is advancing rapidly with evermore funding, and globally society is not preparing as well as it needs to for what's to come.  Tune in to hear more about: Steve's view on autonomous cyber defense (00:55) The National Cyber Security Centre and its role in the cyber resilience of UK businesses (3:36) How AI will impact jobs in cyber (7:55) Standout Quotes: “You'll never get me going into an autonomous car. I just won't do it. And people will say, ‘Yes, they're being looked after by some bloke in a tower somewhere who's watching it.” I'm not buying it. I've been working in technology for far too long to know that it is fallible. And so I think we have to really move toward much more transparency in our understanding of where the AI tool is active, the data that it's using, the decisions it's making.” - Steve Durbin “We are looking for large private enterprise to be working collaboratively with people like the NCSC, with people like the ISF, to really help some of these smaller organizations that don't have the luxury or resources available to them to keep a pace with [technology].” - Steve Durbin “If you go back to the internet, we didn't do a good enough job of trying to forecast the way in which the internet was going to be used. We put it out there and we said, ‘Let everybody use it and let's see where it goes.” We are doing, I fear, a similar kind of thing with AI.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In the second part of his interview with journalist Nick Witchell, Steve and Nick delve into the world of AI and cyber. Steve shares his thoughts on autonomous cyber defense and argues that major actors like the ISF, large private enterprises, and the UK's National Cyber Security Centre, must lead the way and support small and medium-sized businesses in keeping pace with technological advancements. The two also discuss the future of AI, cautioning that we aren't as prepared as we need to be… Key Takeaways: Small and medium-sized businesses must receive support to stay up-to-date with new technologies. As more automation is introduced into business operations, understanding of one's crown jewels and how to protect them is increasingly important. AI is advancing rapidly with evermore funding, and globally society is not preparing as well as it needs to for what's to come.  Tune in to hear more about: Steve's view on autonomous cyber defense (00:55) The National Cyber Security Centre and its role in the cyber resilience of UK businesses (3:36) How AI will impact jobs in cyber (7:55) Standout Quotes: “You'll never get me going into an autonomous car. I just won't do it. And people will say, ‘Yes, they're being looked after by some bloke in a tower somewhere who's watching it.” I'm not buying it. I've been working in technology for far too long to know that it is fallible. And so I think we have to really move toward much more transparency in our understanding of where the AI tool is active, the data that it's using, the decisions it's making.” - Steve Durbin “We are looking for large private enterprise to be working collaboratively with people like the NCSC, with people like the ISF, to really help some of these smaller organizations that don't have the luxury or resources available to them to keep a pace with [technology].” - Steve Durbin “If you go back to the internet, we didn't do a good enough job of trying to forecast the way in which the internet was going to be used. We put it out there and we said, ‘Let everybody use it and let's see where it goes.” We are doing, I fear, a similar kind of thing with AI.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Hello, and welcome to episode 195 of the Financial Crime Weekly Podcast, I am Chris Kirkbride. This episode covers notable sanctions actions, including US and UK asset freezes targeting Haitian gang leaders and others under migration and trafficking regulations, as well as an OFSI licence allowing business with subsidiaries of Rosneft. We cover the takedown of a $30 million fraud ring targeting American timeshare owners, Switzerland's proposed beneficial ownership register, and the UK's move to centralise AML/CTF supervision under the FCA. Also featured are OECD's review of Latvia's anti-bribery efforts, a major cross-border corruption case, FCA warnings on weak financial crime controls, Pacific nations teaming up against crypto abuse, plus key cyber security updates such as Europol dismantling SIMCARTEL, the global impact of an AWS outage, and NCSC's call for board-level cyber resilience.A transcript of this podcast, with links to the stories, will be available at www.crimes.financial.

Episode 68 of News Man Weekly is the “checkmate edition,” where Carl, Zac, and Hayden open with their usual mix of sports heartbreak, newsroom chaos and local headlines. The crew talks Cleveland’s roller-coaster weekend — from the Guardians’ playoff exit to yet another Browns gut punch — before catching up on family life, football byes, and a few folks who’ve landed on the News Man Weekly Shit List. Carl also runs through the week’s top local stories, including the opening of Mansfield’s new multi-use trail and tunnel, county leaders weighing property tax relief and the latest developments in downtown revitalization. Then, the mics turn to strategy and focus as chess master Carl Boor joins the show ahead of National Chess Day. The Mansfield-based player and founder of The Chess Bus shares how he fell in love with the game, what it takes to reach master status and why chess still matters in the age of video games and AI. During the interview, Boor and Zac Hiser actually play a live game of chess — one you’ll want to watch on YouTube — and, not surprisingly, Boor dismantles Hiser while carrying on the conversation. It’s a smart, funny and competitive episode that proves strategy isn’t just for the board. Thanks to Relax, It's Just Coffee for supporting the News Man Weekly. Head over to Relax to check out their fall drink menu. Related links: Learn more about Chess Bus and see their upcoming events Tunnel under Trimble, connector for bike path, open to the public Political hot potato: Richland County leaders face tough choices on property tax reductions NCSC instructor removed from Clear Fork college course after social media posts Upcoming Event: Build a Better Village Upcoming Event: Newsroom After Hours Richland Source hosting 'Candidate Conversations' Oct. 15 in Mansfield Support the show: https://richlandsource.com/membersSee omnystudio.com/listener for privacy information.

In this week's Security Sprint, Dave and Andy covered the following topics:Main Topics:Annunciation Catholic Church Attack • Minneapolis Suspect Knew Her Target, but Motive Is a Mystery• Shooter who opened fire on Minneapolis Catholic school posted rambling videos• Robin Westman: Minneapolis gunman was son of church employee• Robin Westman posted a manifesto on YouTube prior to Annunciation Church shooting• Minneapolis school shooter wrote “I am terrorist” and “Kill yourself” in Russian on weapon magazines and listened to Russian rappers• Minneapolis Catholic Church shooter mocked Christ in video before attack• Minneapolis school shooter 'obsessed with idea of killing children', authorities say• Minnesota Mass Shooter Steeped in Far-Right Lore, White Nationalist Murderers• In Secret Diaries, the Church Shooter's Plans for Mass Murder• Minneapolis church shooting search warrants reveal new details and evidence• 'There is no message': The search for ideological motives in the Minneapolis shooting• Minneapolis Church Shooting: Understanding the Suspect's Video• More Of Minnesota Shooter's Writings Uncovered: ‘Gender And Weed F***ed Up My Head'• Classmates say Minnesota school shooter gave Nazi salutes and idolized school shootings back in middle schoolHoax Active Shooter Reports• More than a dozen universities have been targeted by false active shooter reports• This Is the Group That's Been Swatting US Universities• FBI urges students to be vigilant amid wave of swatting hoaxesAI & Cyber Threats • The Era of AI-Generated Ransomware Has Arrived• Researchers flag code that uses AI systems to carry out ransomware attacks & First known AI-powered ransomware uncovered by ESET Research • Anthropic: Detecting and countering misuse of AI: August 2025• A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four yearsCountering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System• FBI warns Chinese hacking campaign has expanded, reaching 80 countries• Allied spy agencies blame 3 Chinese tech companies for Salt Typhoon attacks• UK NCSC: UK and allies expose China-based technology companies for enabling global cyber campaign against critical networksQuick Hits:• Storm-0501's evolving techniques lead to cloud-based ransomware • Why Hypervisors Are the New-ish Ransomware Target• FBI Releases Use-of-Force Data Update• Denmark summons US envoy over report on covert American ‘influence operations' in Greenland• Falsos Amigos• Surge in coordinated scans targets Microsoft RDP auth servers• Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424• Citrix patches trio of NetScaler bugs – after attackers beat them to it• U.S., Japan, and ROK Join Mandiant to Counter North Korean IT Worker Threats• US sanctions fraud network used by North Korean ‘remote IT workers' to seek jobs and steal money• H1 2025 Malware and Vulnerability Trends • The FDA just overhauled its COVID vaccine guidance. Here's what it means for you• 25 August 2025 NCSC, AFOSI, ACIC, NCIS, DCSA, FBI, ED, NIST, NSF bulletin • DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says• Blistering Wyden letter seeks review of federal court cybersecurity, citing ‘incompetence,' ‘negligence'• Email Phishing Scams Increasingly Target Churches

With Tropical Storm Warnings, Storm Surge Warnings, and dangerous rip currents along the Carolina coastline, we break down what you need to know as Erin makes its closest pass offshore.

Britain's National Cyber Security Centre recently issued a lukewarm verdict on passkeys as an authentication solution. We explore the problems with WebAuthn, including account recovery, spotty availability, inconsistent implementation, and lack of Linux support.

Shellshock Promotions is an all-encompassing promotion and booking outfit based in Shelby, NC, specializing in Heavy Metal, Hardcore and Hip Hop. We have several upcoming shows with Shellshock, learn more about the guys and some of their upcoming events. Then stick around for the 2nd half of the interview for an inside look at a controversial issue in the NC/SC music community. https://linktr.ee/ShellShockPromotions

AI meltdowns, Gigabyte, NCSC, Rowhammer, Gravity Form, Grok, AsyncRat, Josh Marpet and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-494

AI meltdowns, Gigabyte, NCSC, Rowhammer, Gravity Form, Grok, AsyncRat, Josh Marpet and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-494

If you like what you hear, please subscribe, leave us a review and tell a friend!

AI meltdowns, Gigabyte, NCSC, Rowhammer, Gravity Form, Grok, AsyncRat, Josh Marpet and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-494

AI meltdowns, Gigabyte, NCSC, Rowhammer, Gravity Form, Grok, AsyncRat, Josh Marpet and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-494

The National Counterintelligence and Security Center is a relatively new organization within government, but the nominee to lead the center wants to make the NCSC the nerve center for us counterintelligence activities. Here with more details on the organization and the nominee is Federal News Network's Justin Doubleday.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The UK National Cyber Security Centre (NCSC) has released new PQC guidance. We take exception to the dates it gives and explain why.

In this episode of The Jerich Show, Erich Kron and Javvad Malik dive headfirst into the week's most curious, cringeworthy, and critical cybersecurity stories. First up: a global honeypot powered by over 5,300 compromised Cisco devices—courtesy of the ViciousTrap botnet. Then, it's schadenfreude central as the developers of DanaBot malware accidentally infect themselves. Karma, meet keyboard. We'll also unpack Europol's massive takedown of ransomware infrastructure, which led to the seizure of 300 servers and €3.5 million in crypto. Not to be outdone, two ATM heist suspects made their arrest even easier... by taking selfies mid-crime. And finally, the UK's NCSC shows us how to securely retire old tech—because tossing servers in the skip just isn't secure policy. Join Erich and Javvad for sharp takes, security snark, and the cybersecurity fails you'll want to learn from (or at least laugh at).

In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for secure design, and discuss the new Cybersecurity Skills Framework from the OpenSSF and Linux Foundation. Then we share two more sponsored interviews from this year's RSAC Conference. With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io's solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization's entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control. This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-331

In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for secure design, and discuss the new Cybersecurity Skills Framework from the OpenSSF and Linux Foundation. Then we share two more sponsored interviews from this year's RSAC Conference. With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io's solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization's entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control. This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo! Show Notes: https://securityweekly.com/asw-331

In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for secure design, and discuss the new Cybersecurity Skills Framework from the OpenSSF and Linux Foundation. Then we share two more sponsored interviews from this year's RSAC Conference. With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io's solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization's entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control. This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-331

Three Buddy Problem - Episode 45: (The buddies are trapped in timezone hell with cross-continent travel this week). In the meantime, absorb this keynote presented by Juan Andres Guerrero-Saade (JAG-S) at CounterThreats 2023. It's a frank discussion on the role of cyber threat intelligence (CTI) during wartime and its importance in bridging information gaps between adversaries. Includes talk on the ethical challenges in CTI, questioning the impact of intelligence-sharing and how cyber operations affect real-world conflicts. He pointed to Ukraine and Israel as examples where CTI plays a critical, yet complicated, role. His message: cybersecurity pros need to be aware of the real-world consequences of their work and the ethical responsibility that comes with it. Acknowledgment: Credit for the audio goes to CyberThreat 2023, SANS Institute, NCSC, and SentinelOne. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

The UK's National Cyber Security Centre (NCSC) has provided formal guidance to system and risk owners in various industry sectors about how to prepare for the migration to post-quantum cryptography. While symmetric cryptography is not significantly impacted by quantum technology, the NCSC said PQC will eventually replace vulnerable PKC algorithms, providing secure alternatives for key establishment and digital signatures. System owners are advised to start planning for integration of PQC into their infrastructure, with the migration likely happening seamlessly through software updates for commodity IT – but requiring more effort for bespoke or enterprise IT systems. You can listen to all of the Quantum Minute episodes at https://QuantumMinute.com. The Quantum Minute is brought to you by Applied Quantum, a leading consultancy and solutions provider specializing in quantum computing, quantum cryptography, quantum communication, and quantum AI. Learn more at https://AppliedQuantum.com.

Brits face empty shelves and suspended meal deals as cybercriminals hit major high street retailers, and a terminated Disney employee gets revenge with a little help with Wingdings. Plus Graham challenges Carole to a game of "Malware or metal?", and we wonder just happens when you have sex on top of a piano?All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Plus! Don't miss our featured interview with Jon Cho of Dashlane.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Why is the M&S cyber attack chaos taking so long to resolve? - BBC News.M&S 'had no plan' for cyber attacks, insider claims, with 'staff left sleeping in the office amid paranoia and chaos' - Sky News.Hackers target the Co-op as police probe M&S cyber attack - BBC News.Harrods latest retailer to be hit by cyber attack - BBC News.Alleged ‘Scattered Spider' Member Extradited to US - Krebs on Security.British 'ringleader' of hacking group 'behind M&S cyber attack' fled his home after 'masked thugs burst in and threatened him with blowtorches' - Daily Mail.Incidents impacting retailers – recommendations - NCSC.Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus - The Register. United States of America V Michael Sheuer - Plea Agreement - US District Court PDF.At 99, David Attenborough shares strongest message for the ocean - Oceanographic magazine.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Dashlane - Protect against the #1 cause of data breaches - poor password habits. Save 25% off a new business plan, or 35% off a personal Premium plan! Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Material - Email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in

In this week's Security Sprint Andy and Hunter talk about the following topics:Warm Open:• How Healthcare Facilities Can Be Truly Disaster-Resilient. Healthcare Facilities Today spoke with Jon Crosson, director of health sector resilience at Health-ISAC, on what makes a solid resiliency program for healthcare facilities, the importance of real-time information sharing and how healthcare facility managers can use partnerships to improve response and recovery efforts. • Healthcare cybersecurity needs a total overhaul, by Errol Weiss, Chief Security Officer, Health-ISAC• Addressing Risks from Chris Krebs and Government Censorshipo Fact Sheet: President Donald J. Trump Addresses Risks from Chris Krebs and Government Censorshipo Trump Revenge Tour Targets Cyber Leaders, Electionso Gate 15: Cybersecurity & Infrastructure Security: Time to Make This Happen, December 15, 2017 Following the House of Representatives, the US Senate needs to approve the re-designation of DHS's National Protection and Programs Directorate (NPPD) to become the Cybersecurity and Infrastructure Security Agency (CISA); The President should nominate, and the Senate should confirm, Christopher Krebs as Under Secretary for NPPD and then as the first Director of National Cybersecurity and Infrastructure Security.Main Topics: Hacktivism & Nation-State Influence• CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide• IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities• Top 10 Advanced Persistent Threat (APT) Groups That Dominated 2024• The rising tide: A 2024 retrospective of hacktivismPolitical Violence, Executive Protection• ‘Save the white race': Teen who gunned down his parents was plotting a ‘political revolution' that included ‘getting rid of' President Trump, police say• Pennsylvania Man Charged with Making Threats to Assault and Murder President Donald J. Trump, Other U.S. Officials, and Immigration and Customs Enforcement Agents & ‘Going to assassinate him myself': Man ‘buying 1 gun a month since the election' threatened to kill Trump in multiple YouTube comments under name ‘Mr Satan,' FBI says• Suspect in custody after overnight arson at Pennsylvania Gov. Josh Shapiro's residenceo Was Cody Balmer 'Upset' With Gov Josh Shapiro Over Property Seizure? o Harrisburg man to be charged with attempted murder of Gov. Josh Shapiro for setting fire to official residenceo Suspect in arson at Pennsylvania Gov. Josh Shapiro's residence planned to beat him, documents sayo Suspected arsonist Cody Balmer accused of firebombing Gov. Shapiro's home shared disturbing photos onlineo Cody Balmer's Social Media Reveals Anti-Joe Biden Posts• Protect Democracy: How does Gen Z really feel about democracy? 11% believe that it political violence is sometimes necessary to achieve progress.• Arrest made at UnitedHealthcare headquarters after reports of an intruder Quick Hits:• Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit• 8 April 2025 NCSC, FBI, DCSA bulletin – Online Targeting of Current & Former U.S. Government Employees. • FAA Drone Detection Testing. The FAA will conduct drone-detection testing in Cape May, New Jersey, between April 14-25. • Top homeland security lawmaker calls for cautious cuts to CISA• CISA cuts: ‘Open season' for US? • Senator puts hold on Trump's nominee for CISA director, citing telco security ‘cover up' • OCC Notifies Congress of Incident Involving Email Systemo Treasury bureau notifies Congress that email hack was a ‘major' cybersecurity incidento Hackers lurked in Treasury OCC's systems since June 2023 breach• US Cyber Command: Posture Statement of Lieutenant General William J. Hartman

The UK's National Cyber Security Centre (NCSC) is warning organizations to prepare for the threat of quantum hackers by 2035. Quantum computers have the potential to break current encryption methods, which rely on mathematical problems that current computers struggle to solve. The NCSC is recommending that large organizations, including energy and transport providers, introduce "post-quantum cryptography" to prevent quantum technology from being used to break into their systems. The agency has set a deadline of 2028 for organizations to identify services that need an upgrade, with the most important overhauls to be completed by 2031 and the migration to a new encryption system by 2035. You can listen to all of the Quantum Minute episodes at https://QuantumMinute.com. The Quantum Minute is brought to you by Applied Quantum, a leading consultancy and solutions provider specializing in quantum computing, quantum cryptography, quantum communication, and quantum AI. Learn more at https://AppliedQuantum.com.

I've been following this weeks guest for years now...I guess you could say I'm a big fan. He's one of those dudes that's like every DJ's favorite DJ. Duane is a whole vibe. Representing NCDNB and Queen City JNGL. From Charlotte NC,  please welcome ND-Skyz. He has played alongside some of the heaviest hitters in Drum and Bass. Chase & Status, Hedex, Calyx & Teebee, LTJ Bukem, Dillinja, Degs, Trace, Aphrodite, Dimension, Nu:Tone, Dara, Dieselboy, AK1200, Danny the Wildchild, and so many more. You can catch him randomly streaming on his Twitch channel (twitch.tv/nd_skyz) as well as club appearances all around the NC/SC region. His passion for music bleeds through each performance so make sure you take the chance to see him live when you see an opportunity and feel the music along with him.  Links below Please enjoy❤️ back next week -Thomas  soundcloud.com/nd-skyz twitch.tv/nd_skyz instagram.com/ndskyz_nc facebook.com/NDSkyzNC https://www.facebook.com/share/1HTRrbCrsc/?mibextid=wwXIfr https://www.facebook.com/share/g/15Rx2TNB1H/?mibextid=wwXIfr

Researchers uncover a new Windows zero-day. A covert Chinese-linked network targets recently laid-off U.S. government workers. Malicious npm packages are found injecting persistent reverse shell backdoors. A macOS malware loader evolves. DrayTek router disruptions affect users worldwide. A new report warns of growing cyber risks to the commercial space sector. CISA issues four ICS advisories. U.S. Marshals arrest a key suspect in a multi million dollar cryptocurrency heist. Our guest is Brian Levine, Co-Founder and CEO of FormerGov.com, speaking about creating a networking directory for former government and military professionals. The UK's NCSC goes full influencer to promote 2FA. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Brian Levine, Co-Founder and CEO of FormerGov.com, speaking about the importance of networking and creating a directory for former government and military professionals. Selected Reading New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials - Unofficial Patch (cybersecuritynews) Exclusive: Secretive Chinese network tries to lure fired federal workers, research shows (Reuters) New npm attack poisons local packages with backdoors (bleepingcomputer) macOS Users Warned of New Versions of ReaderUpdate Malware (securityweek) DrayTek Routers Vulnerability Exploited in the Wild – Possibly Links to Reboot Loop (cybersecuritynews) ENISA Probes Space Threat Landscape in New Report (Infosecurity Magazine) CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS (cybersecuritynews) Crypto Heist Suspect "Wiz" Arrested After $243 Million Theft (hackread) NCSC taps influencers to make 2FA go viral (The Register)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: DeepSeek leaves an unauthed database on the internet Russia hacked UK prime minister's personal mail Australia sanctions a Telegram group… which is more sensible than it sounds Medical device backdoor turns out to be just poorly thought out upgrade feature Google abuses weak hashing to patch AMD CPU microcode And much, much more. This week's episode is sponsored by email security boffins Sublime. Their co-founder and CEO Josh Kamdjou joins to talk about how attackers' abuse of legitimate services like Docusign is a challenge for email security vendors. This episode is also available on Youtube. Show notes Exclusive: Musk aides lock workers out of OPM computer systems | Reuters Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog Криптостилер SparkCat в магазинах Google Play и App Store | Securelist Russian hackers suspected of compromising British PM's personal email account | The Record from Recorded Future News PowerSchool hack: missed basic security step resulted in data breach Australia sanctions ‘Terrorgram' white supremacist online group | The Record from Recorded Future News ‘Paid actors' could be behind some antisemitic attacks, Albanese says | Australian security and counter-terrorism | The Guardian Interview with James Glenday, ABC News Breakfast | Australian Minister for Foreign Affairs WhatsApp says spyware company Paragon Solutions targeted journalists Spyware maker Paragon confirms US government is a customer | TechCrunch Former Polish justice minister arrested in sprawling spyware probe | The Record from Recorded Future News Sweden releases suspected ship, says cable break ‘clearly' not sabotage | The Record from Recorded Future News Backdoor found in two healthcare patient monitors, linked to IP in China Attackers exploit zero-day vulnerability in Zyxel CPE devices | Cybersecurity Dive AMD: Microcode Signature Verification Vulnerability · Advisory · google/security-research · GitHub 22-year-old math wiz indicted for alleged DeFI hack that stole $65M - Ars Technica A method to assess 'forgivable' vs 'unforgivable'... - NCSC.GOV.UK Living Off the Land: Credential Phishing via Docusign abuse Living Off the Land: Callback Phishing via Docusign comment B2B freight-forwarding scams on the rise to evade financial fraud crackdowns Callback phishing via invoice abuse and distribution list relays Enhanced message groups: Improving efficiency in email incident response

Michael Casey is Director of the National Counterintelligence and Security Center, the part of the Director of National Intelligence that leads and supports the counterintelligence and security activities of the U.S. Government. NCSC produces the National Counterintelligence Strategy of the United States and includes the National Insider Threat Task Force. NCSC also plays a critical role in conducting outreach to the private sector on foreign intelligence threats: how to recognize them and how to mitigate them. I spoke with him recently from NCSC headquarters in McLean, Virginia about the risks that spies are posing to their enterprises and to future U.S. national security.

More than 760,000 see their personal data exposed on the BreachForums cybercrime forum. The new head of the UK's NCSC warns against underestimating growing cyber threats. The Consumer Financial Protection Bureau (CFPB) looks to prevent data brokers from selling Americans' personal and financial information. A U.S. government and energy sector contractor discloses a ransomware attack. The “smoked ham” Windows backdoor is being actively deployed. A new report warns of overreliance on Chinese-made LIDAR technology. SmokeLoader malware targets companies in Taiwan. NIST proposes new password guidelines. South Korean police make arrests over 240,000 satellite receivers with built-in DDoS attack capabilities. On our Threat Vector segment, we preview this week's episode where host David Moulton goes Behind the Scenes with Palo Alto Networks CIO and CISO. ChatGPT has a Voldemort moment.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector segment, we preview this week's episode where host David Moulton goes “Behind the Scenes with Palo Alto Networks CIO and CISO Securing Business Success with Frictionless Cybersecurity.” Meerah Rajavel, CIO of Palo Alto Networks, and Niall Browne, CISO of the organization, join David to discuss the importance of aligning IT strategy with cybersecurity. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app.  Selected Reading 760,000 Employee Records From Several Major Firms Leaked Online (SecurityWeek) UK cyber chief warns country is ‘widely underestimating' risks from cyberattacks (The Record) US agency proposes new rule blocking data brokers from selling Americans' sensitive personal data (TechCrunch) US government contractor ENGlobal says operations are ‘limited' following cyberattack (TechCrunch) New Windows Backdoor Security Warning For Bing, Dropbox, Google Users (Forbes) Chinese LIDAR Dominance a Cybersecurity Threat, Warns Think Tank (Infosecurity Magazine) SmokeLoader Attack Targets Companies in Taiwan (FortiGuard Labs)  Korea arrests CEO for adding DDoS feature to satellite receivers (Bleeping Computer) Do Your Passwords Meet the Proposed New Federal Guidelines? (Wall Street Journal) These names cause ChatGPT to break, and it's due to AI hallucinations ( TechSpot)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Authorities arrest over 200 Chinese nationals in Sri Lanka over financial scams. Officials in Finland take down an online drug market. Cisco investigates an alleged data breach.  A major apparel provider suffers a data breach. Oracle's latest patch update includes 35 critical issues. Microsoft has patched several high-severity vulnerabilities. The NCSC's new boss calls for global collaboration to fight cybercrime. CISA warns of critical vulnerabilities affecting software from Microsoft, Mozilla, and SolarWinds.Hackers steal data from Verizon's push-to-talk (PTT) system. On our CertByte segment, Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test. Robot vacuums go rogue. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test. Candidates for the Microsoft Azure Administrator exam are Azure Administrators who manage cloud services that span storage, security, networking, and compute cloud capabilities. Candidates should be proficient in using PowerShell, the Command Line Interface, Azure Portal, ARM templates, operating systems, virtualization, cloud infrastructure, storage structures, and networking. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Reference: Microsoft Azure Blog > Virtual Machines > Gain business insights using Power BI reports for Azure Backup Selected Reading Sri Lankan Police Arrest Over 200 Chinese Scammers (BankInfo Security) Finnish Customs closed down the Sipulitie marketplace on the encrypted Tor network (Finnish Customs) Cisco investigates breach after stolen data for sale on hacking forum (Bleeping Computer) Varsity Brands Data Breach Impacts 65,000 People (SecurityWeek) Oracle October 2024 Critical Patch Update Addresses 198 CVEs (Security Boulevard) Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site (SecurityWeek) 'Nationally significant' cyberattacks are surging, warns the UK's new cyber chief (The Record) CISA Warns of Three Vulnerabilities Actively Exploited in the Wild (Cyber Security News) Hackers Advertise Stolen Verizon Push-to-Talk ‘Call Logs' (404 Media) Hackers took over robovacs to chase pets and yell slurs (The Verge) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Former Counterintelligence czar William Evanina joins Marc to discuss our nation's greatest CI challenges, to include the staggering threat from an aggressive Chinese communist party, what motivates Americans to betray their country and how to defend against traitors in our midst, and his leadership growth, from SWAT team member, the JTTF post 9/11, a unique rotation to CIA, and then leading the USG's entire CI efforts. Learn more about your ad choices. Visit megaphone.fm/adchoices