Podcasts about netscaler

In the latest Weekly Security Sprint, Dave and Andy covered the following topics:Warm Open:• Join the GRIP! The GRIP is one year old and to celebrate, we're running an anniversary sale!! Join the GRIP in July and use promo code HOTJULY2025 to receive a 20% discount!• We're excited to release this brand-new collaborative report! (TLP:CLEAR) North Korea IT Worker Threat Report: Threat Overview and Mitigation. This report is a collaboration that incorporates analysis from several leading Information Sharing and Analysis Centers (ISACs), including Crypto ISAC, Oil and Natural Energy ISAC (ONE-ISAC), Real Estate ISAC, Tribal ISAC, WaterISAC, the Faith-Based Information Sharing and Analysis Organization (ISAO), and Gate 15. • New! Lock It Down: Why MFA Isn't Optional Anymore• FB-ISAO Current Threat Level• Faith-Based (U.S.): TLP:CLEAR | FB-ISAO Newsletter• DHS intelligence office halts staff cuts after stakeholder backlashMain Topics:• Unreleased Beyoncé music stolen from car at Atlanta's Krog Street Market• Elmo has been hacked, claims Trump is in Epstein files, calls for Jews to be exterminated• Hacktivist Attacks on Critical Infrastructure Grow as New Groups Emerge• NOAA - June 2025 was Earth's 3rd warmest on record• A deadly 1987 flood foreshadowed the Texas disaster. Survivors ask, ‘why didn't we learn?' • Camp Mystic waited over an hour to evacuate after receiving ‘life threatening' flood alert• CSU: Forecast for 2025 Hurricane Activity, 09 Aug update. PDF• UK arson attack trial reveals how Russia-linked operatives recruited ‘gig' workers for terrorismo British criminals convicted over Wagner Group-linked arson attack on London warehouseo Intelligence officials worry a sabotage campaign blamed on Russia is growing more dangerousQuick Hits:• A Marco Rubio impostor is using AI voice to call high-level officials• Recorded Future: US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025• Soufan Center: Assessment of the Global Terrorism Threat Landscape in Mid-2025• Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now • Pay2Key's Resurgence: Iranian Cyber Warfare Targets the Westo To view this content in one document, please download the full threat report here.o Iranian ransomware crew reemerges, promises big bucks for attacks on US or Israel• CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2' security flaw• 'Anti-Government Militia' Says It's Targeting Oklahoma Weather Radars• Suspect In News 9 Radar Vandalism Arrested By Oklahoma City Police• (TLP:CLEAR) WaterISAC: Anti-Government Extremist Group Threatens to Destroy Critical Weather Radars, NOAA Warns (15 May 2025)• Far-right extremist group threatens to take weather radars offline• US neo-fascist group claims it is part of Texas floods relief efforts & Extremist Groups Uphold Long Tradition of Exploiting National Tragedies for Publicity• Swedish PM's private address revealed by Strava data shared by bodyguards• UK NCSC: Getting your organisation ready for Windows 11 upgrade before Autumn 2025• Crypto Wallets Continue to be Drained in Elaborate Social Media Scam• U.S. Secret Service One-Year Update Following the July 13, 2024, Attempted Assassination of President Donald Trump• US GAO - Cybersecurity: Implementation of the 2015 Information Sharing Act• NATO Ally Warns of Iranian Assassination Threat

Referências do EpisódioJuly 2025 Security UpdatesCVE-2025-25257 - Unauthenticated SQL injection in GUIPublic exploits released for Citrix Bleed 2 NetScaler flaw, patch nowRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Researchers release proof-of-concept exploits for CitrixBleed2. Grafana patches four high-severity vulnerabilities. A hacker claims to have breached Spanish telecom giant Telefónica. Italian police arrest a Chinese man wanted by U.S. authorities for alleged industrial espionage. Beware of a new ransomware group called Bert. Call of Duty goes offline after reports of RCE vulnerabilities. President Trump's spending bill allocates hundreds of millions for cybersecurity. Nearly 26 million job seekers' resumes and personal data are leaked. CISA adds four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. Outsmarting AI scraper bots with math. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment Cyber attackers are increasingly targeting the very tools developers trust—integrated development environments (IDEs), low-code platforms, and public code repositories. In this segment of Threat Vector, host ⁠David Moulton⁠ speaks with ⁠Daniel Frank⁠ and ⁠Tom Fakterman⁠ from Palo Alto Networks' threat research team about “Hunting Threats in Developer Environments.” You can hear David and Tyler's full discussion on Threat Vector ⁠⁠here⁠⁠ and catch new episodes every Thursday on your favorite podcast app. Selected Reading Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now (Bleeping Computer) Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild (SecurityWeek) Hacker leaks Telefónica data allegedly stolen in a new breach (Bleeping Computer) Italian police arrest Chinese national wanted by FBI for alleged industrial espionage (Reuters) Beware of Bert: New ransomware group targets healthcare, tech firms (The Record) Call of Duty takes PC game offline after multiple reports of RCE attacks on players (CyberScoop) GOP domestic policy bill includes hundreds of millions for military cyber (CyberScoop) TalentHook leaks resumes of 26 Million job seekers (Beyond Machines) CISA Adds Four Known Exploited Vulnerabilities to Catalog (CISA) The Open-Source Software Saving the Internet From AI Bot Scrapers (404 Media) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Interesting ssh/telnet usernames Some interesting usernames observed in our honeypots https://isc.sans.edu/diary/A%20few%20interesting%20and%20notable%20ssh%20telnet%20usernames/32080 More sudo trouble The host option in Sudo can be exploited to execute commands on unauthorized hosts. https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host CitrixBleed2 PoC Posted (CVE-2025-5777) WatchTwer published additional details about the recently patched CitrixBleed vulnerability, including a PoC exploit. https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/ Instagram Using Six Day Certificates Instagram changes their TLS certificates daily and they use certificates that are just about to expire in a week. https://hereket.com/posts/instagram-single-day-certificates/

The Feds shut down a covert North Korean IT operation. Google releases an emergency update to fix a new Chrome zero-day. A major U.S. trade show and event marketing firm suffers a data breach. NetScaler patches a pair of critical vulnerabilities. A sophisticated cyber attack targets The Hague. An Iran-linked hacking group threatens to release emails allegedly stolen from aides to President Trump. A ransomware attack exposes sensitive data linked to multiple Swiss federal government offices. The U.S. Treasury Department faces scrutiny after a string of cyberattacks. The FBI's phone security tips draw fire from Senator Wyden. Tim Starks from CyberScoop describes how ubiquitous surveillance turned deadly. AI proves its pentesting prowess. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined today by Tim Starks, Senior Reporter from CyberScoop, discussing his story "Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report." Selected Reading US government takes down major North Korean 'remote IT workers' operation (TechCrunch) Google fixes fourth actively exploited Chrome zero-day of 2025 (Bleeping Computer) NetScaler Critical Security Updates for CVE-2025-6543 and CVE-2025-5777 (NetScaler) International Criminal Court hit with cyber security attack (AP News) Iran-linked hackers threaten to release Trump aides' emails (Reuters) Swiss government data compromised in ransomware attack on health foundation Radix (Beyond Machines) Trade show management firm Nth Degree hit by data breach, exposing sensitive data (Beyond Machines) A Trio of US Treasury Hacks Exposes a Pattern Making Banks Nervous (Bloomberg) Senator Chides FBI for Weak Advice on Mobile Security (Krebs on Security) The top red teamer in the US is an AI bot (CSO Online) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543 Citrix patched a memory overflow vulnerability leading to unintended control flow and denial of service. https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 Remote code execution in CentOS Web Panel - CVE-2025-48703 An arbitrary file upload vulnerability in the user (not admin) part of Web Panel can be used to execute arbitrary code https://fenrisk.com/rce-centos-webpanel Gogs Arbitrary File Deletion Vulnerability Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution. https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7 Let s Encrypt Will Soon Issue IP Address-Based Certs Let s Encrypt is almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the short-lived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while. https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777

If you like what you hear, please subscribe, leave us a review and tell a friend!

Referências do EpisódioCitrixBleed 2: Electric Boogaloo — CVE-2025–5777NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543Citrix users hit by actively exploited zero-day vulnerabilityCisco Identity Services Engine Unauthenticated Remote Code Execution VulnerabilitiesIn the Wild: Malware Prototype with Embedded Prompt InjectionRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Scans for Ichano AtHome IP Cameras A couple days ago, a few sources started scanning for the username super_yg and the password 123. This is associated with Ichano IP Camera software. https://isc.sans.edu/diary/Scans%20for%20Ichano%20AtHome%20IP%20Cameras/32062 Critical Netscaler Security Update CVE-2025-5777 CVE 2025-5777 is a critical severity vulnerability impacting NetScaler Gateway, i.e. if NetScaler has been configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. https://www.netscaler.com/blog/news/critical-security-updates-for-netscaler-netscaler-gateway-and-netscaler-console/ WinRar Vulnerability CVE-2025-6218 WinRar may be tricked into extracting files into attacker-determined locations, possibly leading to remote code execution https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9

As hardware costs climb and Windows 11 migration looms, IT leaders face a tough choice: upgrade or optimize. In Episode 179 of The Citrix Session, Bill Sutton (XenTegra) and Todd Smith (Citrix) unpack a smarter path—repurposing aging hardware with Citrix Elux and Scout.Why Listen:Learn how tariffs and supply chain delays are impacting endpoint strategiesDiscover how Citrix Elux enables secure, seamless access to Windows 11 on old devicesUnderstand how Citrix's Scout tool simplifies endpoint managementExplore flexible deployment options, including boot-to-VDI and Imprivata tap-and-goHear how NetScaler and Win365 fit into a hybrid IT model—no rip and replace requiredKey Takeaway: You don't need new hardware to modernize your workspace. Citrix's built-in solutions help you do more with what you already have.

[Referências do Episódio] Password spraying attacks on NetScaler/NetScaler Gateway – December 2024 - https://www.citrix.com/blogs/2024/12/13/password-spraying-attacks-netscaler-december-2024 The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit - https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html  NodeLoader Exposed: The Node.js Malware Evading Detection - https://www.zscaler.com/blogs/security-research/nodeloader-exposed-node-js-malware-evading-detection  Clop ransomware claims responsibility for Cleo data theft attacks - https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks/  New Yokai Side-loaded Backdoor Targets Thai Officials - https://www.netskope.com/blog/new-yokai-side-loaded-backdoor-targets-thai-officials  Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials - https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

In this episode of The Citrix Session, host Bill Sutton and guests dive deep into the latest advancements in hardware and device security, with a special focus on Netscaler disk encryption. Our experts, including Jeremy Myers and Todd Smith, discuss how these innovations originated from financial and public sectors and are now setting a standard for security across industries. Discover how encryption not only protects sensitive data but also ensures compliance with stringent regulations. Join us as we explore how these technologies are being implemented to safeguard decommissioned devices and prevent unauthorized data retrieval, making a significant impact in the finance and government sectors.

Delve deeper into cybersecurity's critical aspects with our thorough examination of the Citrix Netscaler Zero Day vulnerability. This analysis covers the vulnerability's technical nuances, highlighting its capacity for remote code execution and the severe risks it poses to network security. Understand the sophisticated mechanisms attackers use to exploit this vulnerability, leading to unauthorized access and potential data breaches. Interested in the full technical info of the discussed threat? For more detailed information or to access the infographic, please visit https://threat-talks.com/citrix-netscaler-deep-dive/

On this week's episode of the podcast I cover multiple vulnerabilities, one of which is under active exploitations, I get into some recent AI news and much more! Reference Links: https://www.rorymon.com/blog/2-new-netscaler-vulnerabilities-new-chrome-zero-day-incognito-mode-controversy/

                                                      Martin Creighan tells us why you should “You don't have to be a jerk to be successful”, why “It's ok to be afraid”, and that “Real leadership is putting your team out front” and other insightful lessons it took him years to learn. About Martin Creighan Inspired by people, building new relationships and a continuous curiosity of learning, Vice President of Sales, Martin Creighan has joined our leadership team to propel Commvault's innovative brand and award-winning software and SaaS offerings into the Australian and New Zealand markets. Martin has over three decades of experience and brings a wealth of leadership expertise and knowledge in the software, cloud, technology, telecommunications and defence industries, having held numerous senior leadership and sales positions. Prior to joining Commvault, Creighan was the Vice President and General Manager of Cloud Software Group (Citrix, NetScaler and Tibco) Australia and New Zealand where he was responsible for go to market execution and revenue/profit growth. He previously held senior sales and general management leadership roles at AT&T, Radware, SecureNet/Baltimore Technologies and was an Operations Specialist and Master Training Specialist with the United States Navy. Creighan holds a Bachelor of Business from The National University of San Diego, California, and is a Certified Master Training Specialist from US Navy. Episode Notes Lesson 1: You don't have to be a jerk to be successful 04:18 Lesson 2: Look after your people and your people will always looks after you! 16:32 Lesson 3: Your “Why” doesn't have to be industry specific. 21:40  Lesson 4: Tackle each of life's challenges one step at a time. 28:24   Lesson 5: Always be kind. 31:25  Lesson 6: Real leadership is putting your team out front. 35:42   Lesson 7: Build your team based on Attitude, not aptitude! 38:55   Lesson 8: Don't be a “Gonna”. 42:15  Lesson 9: It's ok to be afraid! 46:24  Lesson 10: Never, ever forget where you came from. 49:45 

This episode reports on unpatched holes that are being exploited by threat actors, and more

On this week's episode I give an update on the NetScaler and Confluence vulnerabilities and explore a new strategy being used by a cyber gang plus much more! Reference Links: https://www.rorymon.com/blog/mass-exploitation-of-netscaler-vulnerabilities-major-week-for-ai-systems-new-cloud-pcs/

The StormWatch podcast episode from October 31, 2023, began with the hosts in a light-hearted mood, donning costumes for Halloween. The hosts discussed the latest happenings in the cybersecurity world, focusing on the latest phones, developments at Censys and GreyNoise, and important cybersecurity news. They also touched on conspiracy theories. The hosts were in costumes, with one host dressed as the Invisible Man, another as Louise Belcher from Bob's Burgers, and another as Cozy Bear, a reference to APT 29, a cyber espionage group. They also discussed their "scariest vulnerabilities," with one host mentioning the mercenary spyware like Pegasus as a significant concern. The hosts then discussed the recent security breaches involving Okta, Beyond Trust, and 1Password. They praised 1Password for their transparent and detailed response to the incident. They also discussed the recent vulnerabilities found in SolarWinds and the subsequent charges filed by the SEC against SolarWinds and their Chief Information Security Officer for fraud and internal control failures. The hosts also discussed a tool called cvecrowd.com, which tracks CVE mentions on Mastodon, a social network. They praised the tool for its usefulness in tracking cybersecurity vulnerabilities and incidents. They also mentioned an upcoming event at a brewery where they would discuss threat hunting techniques and tips. The hosts then discussed the recent vulnerabilities found in Cisco IOS, with one host sharing her findings from her investigation into the vulnerabilities. They also discussed the importance of patching and updating systems to protect against these vulnerabilities. This Episodes Slides >> Join our Community Slack >> Learn more about GreyNoise >>  

In Episode 7, we discuss Microsoft's $5 billion investment in Australia's cloud infrastructure and ChatGPT's introduction in Australian Schools in 2024. We also cover the recent NetScaler and Sony data breaches, Telstra's acquisition of Versent for $267.5 million, job cuts at Stack Overflow, ANZ's experiments with GitHub Copilot, and Comm Bank's job reductions due to automation. Tune in for the latest tech updates and headlines!

In our first segment: the PSW hosts drop valuable insight on how to start your own journey into reverse engineering hardware! Resources we mentioned: The Hardware Hackers Handbook is a great start Do a badge challenge: https://www.cyberark.com/resources/threat-research-blog/an-introduction-to-hardware-hacking Take some classes Do some Arduino stuff: https://www.arduino.cc/ Take free courses on electrical engineering: https://ocw.mit.edu/courses/6-01sc-introduction-to-electrical-engineering-and-computer-science-i-spring-2011/ (And here: https://www.tinkerforge.com/en/doc/ and here: https://www.youtube.com/watch?v=LSQf3iuluYo&list=PLoFdAHrZtKkhcd9k8ZcR4th8Q8PNOx7iU) Building a lab - The list: Soldering iron (and tools and parts such as Solder, Flux, Tweezer, Soldering wick, Cutter, Wire stripper) Hot air rework station (can be bundled with soldering iron) Multi-meter (and lots of associated cables) Jumper and pinout wires Breadboard USB microscope Bench power supply Specific lighting (e.g. my document camera has an LED light that works great) Magnification - magnifying lenses and a headset (esp. if you are old, like us) USB serial devices (or Bus Pirate if you fancy) Then, in the Security News: Windows 11 tries to fix legacy authentication, Rapid resets and the world's largest DDoS attack, we finally get to see the cURL vulnerability, and its pretty ugly, turns out Android TV boxes with pre-installed malware are a hot topic, patch your Netscaler, root for everyone with emergency responder software, learn THIS hacking Tools First, long live Wayland, how to actually hack a WiFi device with a Flipper Zero, scanning open source packages, GNOME bugs and a bonus, security is a great idea until there is a bypass in apparmor,a tool that everyone should have in their kit, and we could talk for hours about 25 hard hitting lessons from Cybersecurity! All that and more on this episode of Paul's Security Weekly!   Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-802

In the Security News: Windows 11 tries to fix legacy authentication, Rapid resets and the world's largest DDoS attack, we finally get to see the cURL vulnerability, and its pretty ugly, turns out Android TV boxes with pre-installed malware are a hot topic, patch your Netscaler, root for everyone with emergency responder software, learn THIS hacking Tools First, long live Wayland, how to actually hack a WiFi device with a Flipper Zero, scanning open source packages, GNOME bugs and a bonus, security is a great idea until there is a bypass in apparmor,a tool that everyone should have in their kit, and we could talk for hours about 25 hard hitting lessons from Cybersecurity! All that and more on this episode of Paul's Security Weekly! Show Notes: https://securityweekly.com/psw-802

In our first segment: the PSW hosts drop valuable insight on how to start your own journey into reverse engineering hardware! Resources we mentioned: The Hardware Hackers Handbook is a great start Do a badge challenge: https://www.cyberark.com/resources/threat-research-blog/an-introduction-to-hardware-hacking Take some classes Do some Arduino stuff: https://www.arduino.cc/ Take free courses on electrical engineering: https://ocw.mit.edu/courses/6-01sc-introduction-to-electrical-engineering-and-computer-science-i-spring-2011/ (And here: https://www.tinkerforge.com/en/doc/ and here: https://www.youtube.com/watch?v=LSQf3iuluYo&list=PLoFdAHrZtKkhcd9k8ZcR4th8Q8PNOx7iU) Building a lab - The list: Soldering iron (and tools and parts such as Solder, Flux, Tweezer, Soldering wick, Cutter, Wire stripper) Hot air rework station (can be bundled with soldering iron) Multi-meter (and lots of associated cables) Jumper and pinout wires Breadboard USB microscope Bench power supply Specific lighting (e.g. my document camera has an LED light that works great) Magnification - magnifying lenses and a headset (esp. if you are old, like us) USB serial devices (or Bus Pirate if you fancy) Then, in the Security News: Windows 11 tries to fix legacy authentication, Rapid resets and the world's largest DDoS attack, we finally get to see the cURL vulnerability, and its pretty ugly, turns out Android TV boxes with pre-installed malware are a hot topic, patch your Netscaler, root for everyone with emergency responder software, learn THIS hacking Tools First, long live Wayland, how to actually hack a WiFi device with a Flipper Zero, scanning open source packages, GNOME bugs and a bonus, security is a great idea until there is a bypass in apparmor,a tool that everyone should have in their kit, and we could talk for hours about 25 hard hitting lessons from Cybersecurity! All that and more on this episode of Paul's Security Weekly!   Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-802

In the Security News: Windows 11 tries to fix legacy authentication, Rapid resets and the world's largest DDoS attack, we finally get to see the cURL vulnerability, and its pretty ugly, turns out Android TV boxes with pre-installed malware are a hot topic, patch your Netscaler, root for everyone with emergency responder software, learn THIS hacking Tools First, long live Wayland, how to actually hack a WiFi device with a Flipper Zero, scanning open source packages, GNOME bugs and a bonus, security is a great idea until there is a bypass in apparmor,a tool that everyone should have in their kit, and we could talk for hours about 25 hard hitting lessons from Cybersecurity! All that and more on this episode of Paul's Security Weekly! Show Notes: https://securityweekly.com/psw-802

This week Dr. Doug rants: Mystery, Qakbot, Crates.io, VDP, NetScaler, Entra ID, SynthID, FreeBSD, More News, and Jason Wood on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes!  Show Notes: https://securityweekly.com/swn-322

Mystery, Qakbot, Crates.io, VDP, NetScaler, Entra ID, SynthID, FreeBSD, More News, and Jason Wood on the Security Weekly News. Show Notes: https://securityweekly.com/swn-322 

This week Dr. Doug rants: Mystery, Qakbot, Crates.io, VDP, NetScaler, Entra ID, SynthID, FreeBSD, More News, and Jason Wood on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes!  Show Notes: https://securityweekly.com/swn-322

In today's podcast we cover four crucial cyber and technology topics, including: 1.        Data theft at Mom's Meals impacts over million individuals 2.        FBI says disconnect your Barracuda ESG appliance amidst attacks 3.        Citrix under attack from financially motivated criminals 4.        Japan CERT says attackers using novel tactic to deliver Word files  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Mystery, Qakbot, Crates.io, VDP, NetScaler, Entra ID, SynthID, FreeBSD, More News, and Jason Wood on the Security Weekly News. Show Notes: https://securityweekly.com/swn-322 

China accuses the US of installing backdoors in a Wuhan lab. NetScaler backdoors are found. A Phishing scam targets executives. LinkedIn sees a surge in account hijacking. Raccoon Stealer gets an update. Cryptocurrency recovery scams. We kick off our new Learning Layer segment with N2K's Sam Meisenberg. And a Moscow court fines Reddit and Wikipedia, for unwelcome content about Russia's war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/156 Selected reading. Ministry warns of data security risks after US agencies identified behind cyberattack on Wuhan Earthquake Monitoring Center (Global Times) China accuses U.S. intelligence agencies as source behind Wuhan cybersecurity attack (ZDNET)  China teases imminent exposé of seismic US spying scheme (Register)  2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability (SecurityWeek)  Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations (Proofpoint) LinkedIn Accounts Under Attack (Cyberint) LinkedIn faces surge of account hijacking (Computing) LinkedIn accounts hacked in widespread hijacking campaign (BleepingComputer) Raccoon Stealer malware returns with new stealthier version (BleepingComputer) FBI warns of increasing cryptocurrency recovery scams (BleepingComputer)  Russia slaps Reddit, Wikipedia with fines (Cybernews)

This week, Oscar and Brad sit down to discuss Adobe ColdFusion & Citrix NetScaler Vulnerabilities.Give this episode a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com

Was your A+ SSL security scan made possible with NetScaler legacy SSL profiles or basic SSL parameters?  Time to look at moving those to Enhanced SSL Profiles...and we'll discuss how to get there easily and save you a  lot of time.  Thanks to my cohosts, Justin Weldon and Isrrael Quintero, and to our new team member Jeffrey Olsen...and shoutout to our NetScaler guests; John Clayman, Karthick Srivatsan, Subhojit Goswami, Satyam Mehrotra for making the conversation possible.

NetScaler new logo...new licensing options...and review of what you might be missing out on.  Join us for a great discussion around NetScaler features, options in your pooled capacity, road mappings, and review of what you may already know, or not know about NetScaler.Thanks to Justin Weldon and John Clayman for always making a great session with us.

NetScaler is, and always will be, the optimum choice in enterprise grade load balancing.  Join us on our revamped NetScaler series for a chat around the JARH algorithm and why it's superior to CARP.  It you like lower costs in the clouds and greater efficiency, this session will impress you.Blog Topic: https://www.citrix.com/blogs/2022/01/24/innovations-in-load-balancing-better-performance-lower-costs/ Thanks a lot to XenTegra's Justin Weldon and Isrrael Quintero, as well as our special guest John Clayman as we get this series kicked into high gear!

Summary The promise of streaming data is that it allows you to react to new information as it happens, rather than introducing latency by batching records together. The peril is that building a robust and scalable streaming architecture is always more complicated and error-prone than you think it's going to be. After experiencing this unfortunate reality for themselves, Abhishek Chauhan and Ashish Kumar founded Grainite so that you don't have to suffer the same pain. In this episode they explain why streaming architectures are so challenging, how they have designed Grainite to be robust and scalable, and how you can start using it today to build your streaming data applications without all of the operational headache. Announcements Hello and welcome to the Data Engineering Podcast, the show about modern data management Businesses that adapt well to change grow 3 times faster than the industry average. As your business adapts, so should your data. RudderStack Transformations lets you customize your event data in real-time with your own JavaScript or Python code. Join The RudderStack Transformation Challenge today for a chance to win a $1,000 cash prize just by submitting a Transformation to the open-source RudderStack Transformation library. Visit dataengineeringpodcast.com/rudderstack (https://www.dataengineeringpodcast.com/rudderstack) today to learn more Hey there podcast listener, are you tired of dealing with the headache that is the 'Modern Data Stack'? We feel your pain. It's supposed to make building smarter, faster, and more flexible data infrastructures a breeze. It ends up being anything but that. Setting it up, integrating it, maintaining it—it's all kind of a nightmare. And let's not even get started on all the extra tools you have to buy to get it to do its thing. But don't worry, there is a better way. TimeXtender takes a holistic approach to data integration that focuses on agility rather than fragmentation. By bringing all the layers of the data stack together, TimeXtender helps you build data solutions up to 10 times faster and saves you 70-80% on costs. If you're fed up with the 'Modern Data Stack', give TimeXtender a try. Head over to dataengineeringpodcast.com/timextender (https://www.dataengineeringpodcast.com/timextender) where you can do two things: watch us build a data estate in 15 minutes and start for free today. Join in with the event for the global data community, Data Council Austin. From March 28-30th 2023, they'll play host to hundreds of attendees, 100 top speakers, and dozens of startups that are advancing data science, engineering and AI. Data Council attendees are amazing founders, data scientists, lead engineers, CTOs, heads of data, investors and community organizers who are all working together to build the future of data. As a listener to the Data Engineering Podcast you can get a special discount of 20% off your ticket by using the promo code dataengpod20. Don't miss out on their only event this year! Visit: dataengineeringpodcast.com/data-council (https://www.dataengineeringpodcast.com/data-council) today Your host is Tobias Macey and today I'm interviewing Ashish Kumar and Abhishek Chauhan about Grainite, a platform designed to give you a single place to build streaming data applications Interview Introduction How did you get involved in the area of data management? Can you describe what Grainite is and the story behind it? What are the personas that you are focused on addressing with Grainite? What are some of the most complex aspects of building streaming data applications in the absence of something like Grainite? How does Grainite work to reduce that complexity? What are some of the commonalities that you see in the teams/organizations that find their way to Grainite? What are some of the higher-order projects that teams are able to build when they are using Grainite as a starting point vs. where they would be spending effort on a fully managed streaming architecture? Can you describe how Grainite is architected? How have the design and goals of the platform changed/evolved since you first started working on it? What does your internal build vs. buy process look like for identifying where to spend your engineering resources? What is the process for getting Grainite set up and integrated into an organizations technical environment? What is your process for determining which elements of the platform to expose as end-user features and customization options vs. keeping internal to the operational aspects of the product? Once Grainite is running, can you describe the day 0 workflow of building an application or data flow? What are the day 2 - N capabilities that Grainite offers for ongoing maintenance/operation/evolution of those applications? What are the most interesting, innovative, or unexpected ways that you have seen Grainite used? What are the most interesting, unexpected, or challenging lessons that you have learned while working on Grainite? When is Grainite the wrong choice? What do you have planned for the future of Grainite? Contact Info Ashish LinkedIn (https://www.linkedin.com/in/ashishkumarprofile/) Abhishek LinkedIn (https://www.linkedin.com/in/abhishekchauhan/) Parting Question From your perspective, what is the biggest gap in the tooling or technology for data management today? Closing Announcements Thank you for listening! Don't forget to check out our other shows. Podcast.__init__ (https://www.pythonpodcast.com) covers the Python language, its community, and the innovative ways it is being used. The Machine Learning Podcast (https://www.themachinelearningpodcast.com) helps you go from idea to production with machine learning. Visit the site (https://www.dataengineeringpodcast.com) to subscribe to the show, sign up for the mailing list, and read the show notes. If you've learned something or tried out a project from the show then tell us about it! Email hosts@dataengineeringpodcast.com (mailto:hosts@dataengineeringpodcast.com)) with your story. To help other people find the show please leave a review on Apple Podcasts (https://podcasts.apple.com/us/podcast/data-engineering-podcast/id1193040557) and tell your friends and co-workers Links Grainite (https://www.grainite.com/) Blog about the challenges of streaming architectures (https://www.grainite.com/blog/there-was-an-old-lady-who-swallowed-a-fly) Getting Started Docs (https://gitbook.grainite.com/developers/getting-started) BigTable (https://research.google/pubs/pub27898/) Spanner (https://research.google/pubs/pub39966/) Firestore (https://cloud.google.com/firestore) OpenCensus (https://opencensus.io/) Citrix (https://www.citrix.com/) NetScaler (https://www.citrix.com/blogs/2022/10/03/netscaler-is-back/) J2EE (https://www.oracle.com/java/technologies/appmodel.html) RocksDB (https://rocksdb.org/) Pulsar (https://pulsar.apache.org/) SQL Server (https://en.wikipedia.org/wiki/Microsoft_SQL_Server) MySQL (https://www.mysql.com/) RAFT Protocol (https://raft.github.io/) The intro and outro music is from The Hug (http://freemusicarchive.org/music/The_Freak_Fandango_Orchestra/Love_death_and_a_drunken_monkey/04_-_The_Hug) by The Freak Fandango Orchestra (http://freemusicarchive.org/music/The_Freak_Fandango_Orchestra/) / CC BY-SA (http://creativecommons.org/licenses/by-sa/3.0/)

The NetScaler name is back, the features are fresh, and the options are limitless.  Join us for a chat on:NetScaler name change/business unit change etc.Adaptive Auth (really cool now in SPA)Application Delivery and Security ServiceWeb App and API ServiceAdvantages of the same VPX code on premises, and in all the clouds.Big thanks to Richard Faulkner (Citrix - Technical Marketing Architect) for joining and sharing the knowledge!

Welcome to this episode of the EUCdigest ThrowDown. In the ThrowDown we'll discuss and debate on the news of the past month in the EUC space:Citrix goes private, merges with TIBCO, brings back NetScaler and more!​Dutch Citrix User Group celebrates 10 years​VMware shows innovations around Autonomous Workspaces, Zero Trust, Employee Experience and more​Corel changes names to Alludo and changes strategy to a more cohesive identity​OVH opens less flammable datacenters​Microsoft changes update cadence to yearly updates for Windows 11, adds virtual core licensing, and more​Wipro fires 300 employees who were found moonlighting for competitors​Workers going in to office 1.5 days a week, survey suggests​Workspace expands service that surfaces employee skills​New liability rules on products and AI to protect consumers and foster innovation HostIngmar Verheij - https://www.linkedin.com/in/ingmarverheij/​Co-hostsJits Langedijk - https://www.linkedin.com/in/jitslangedijk/Johan van Amersfoort - https://www.linkedin.com/in/hojan/Kees Baggerman - https://www.linkedin.com/in/keesbaggerman/

Ransomware written in JavaScript using Node.js https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/ Landry Restaurant PoS Breach https://www.landrysinc.com/CreditNotice/CANotice.asp Holiday Hack Challenge https://www.holidayhackchallenge.com Citrix/NetScaler Vulnerability Special Webcast Recording https://i5c.us/citrix