Podcasts about Phishing

Phishing Scams, Leaked Stream Keys, Zero-Day Android Vulnerabilities, and Bounties on Russian Hackers In this episode of Cybersecurity Today, host Jim Love discusses several critical cybersecurity issues. Attackers are using iCloud calendar invites for phishing scams, leveraging Apple's system to bypass security checks. The US Department of Defense has exposed livestream credentials, risking hijack and fake content insertion. Billions of Android phones are vulnerable due to unpatched critical zero days, and Google has only fixed issues for Pixel devices so far. Additionally, the US State Department has placed a $10 million bounty on three Russian FSB hackers responsible for attacks on energy companies. Jim emphasizes the importance of securing digital assets and maintaining strong cybersecurity practices. 00:00 Introduction and Headlines 00:24 Phishing Scam via iCloud Calendar Invites 03:18 US Department of Defense Livestream Vulnerabilities 05:53 Critical Android Zero-Day Vulnerabilities 07:38 US Bounty on Russian FSB Hackers 09:42 Conclusion and Contact Information

The open source community heads off a major npm supply chain attack. The Treasury Department sanctions cyber scam centers in Myanmar and Cambodia. Scammers abuse iCloud Calendar invites to send callback phishing emails. Researchers discover a new malware variant exploiting exposed Docker APIs. Phishing attacks abuse the Axios user agent and Microsoft's Direct Send feature. Plex warns users of a data breach.  Researchers flag a surge in scans targeting Cisco ASA devices. CISA delays finalizing its incident reporting rule. The GAO says federal cyber workforce figures are incomplete and unreliable. Our guest is Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security, discussing cybersecurity education going back to school. AI earns its own Darwin awards.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security discussing cybersecurity education going back to school. Selected Reading Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack (Bleeping Computer) Open Source Community Thwarts Massive npm Supply Chain Attack (Infosecurity Magazine) US sanctions companies behind cyber scam centers in Cambodia, Myanmar (The Record) New Apple Warning, This iCloud Calendar Invite Is Actually An Attack (Forbes) New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs (HackRead) Axios User Agent Helps Automate Phishing on “Unprecedented Scale” (Infosecurity Magazine) Plex Urges Password Resets Following Data Breach (SecurityWeek) Surge in networks scans targeting Cisco ASA devices raise concerns (Bleeping Computer) CISA pushes final cyber incident reporting rule to May 2026 (CyberScoop) US government lacks clarity into its infosec workforce (The Register) AI Darwin Awards launch to celebrate spectacularly bad deployments (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, we discuss a wild story about Jordan's sperm count, an absolutely insane phishing scam, how to get new online coaching clients without posting online, and more.We hope you enjoy this episode and if you'd like to join us in The Online Fitness Business Mentorship, you can grab your seat at https://www.fitnessbusinessmentorship.comThank you!-J & MWATCH this episode on YouTube: https://youtu.be/lc86Cc28EC8TIMESTAMPS:(00:00) — Intro(00:11) — Checking in on fear, anger, & stress(02:29) — Time vs money & the cost of convenience(08:12) — The ketchup conundrum(11:33) — These scams are getting intense (and scary)(17:28) — The art of conversation & the importance of delivery(25:12) — Jordan's sperm count & unhinged social media behavior(34:58) — Growing an online business WITHOUT social media(42:13) — Finding motivation beyond financial needs(48:52) — Has gym culture changed... Or is it just me?(53:44) — Some wisdom from the Tanakh(57:05) — Don't forget to get on our email list so you don't miss the Black Friday Mentorship saleFollow the show on social:YouTube - https://www.youtube.com/@personaltrainerpodcastInstagram - https://www.instagram.com/personaltrainerpodcastTikTok - https://www.tiktok.com/@personaltrainerpodcastJoin our email list & get our FREE '30 Ways To Build A Successful Online Coaching Business' manual: https://bit.ly/30O2l6pCheck out our new book 'Eat It!' at https://www.eatit-book.comIf you have any questions you'd like to have answered on the show, shoot us an email at info@fitnessbusinessmentorship.comIf you enjoyed the episode, we would sincerely appreciate it if you left a five-star review.----Post-Production by: David Margittai | In Post MediaWebsite: https://www.inpostmedia.comEmail: david@inpostmedia.com© 2025 Michael Vacanti & Jordan Syatt

From YARA Offsets to Virtual Addresses Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with debuggers. https://isc.sans.edu/diary/From%20YARA%20Offsets%20to%20Virtual%20Addresses/32262 Phishing via JavaScript in SVG Files Virustotal uncovered a Colombian phishing campaign that takes advantage of JavaScript in SVG files. https://blog.virustotal.com/2025/09/uncovering-colombian-malware-campaign.html FreePBX Patches FreePBX released details regarding two vulnerabilities patched last week. One of these vulnerabilities was already actively exploited. https://github.com/FreePBX/security-reporting/security/advisories/GHSA-3r47-p39v-vqqf

Phishing Awareness Training Doesn't Work... by Nick Espinosa, Chief Security Fanatic

New malware phishing campaign hidden in SVG files Anthropic agrees to pay $1.5bn in book piracy lawsuit Qantas penalizes executives for cyberattack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.  

A new APT group turns out to be a phishing test, Qantas cuts executives' bonuses after a recent breach, Anthropic stops selling AI tools to Chinese firms, and Nepal blocks 26 social media sites. Show notes Risky Bulletin: APT report? No, just a phishing test!

What if the next scam you receive looked perfect: no typos, no strange wording, just flawless and convincing?In this episode of AI Experience, I talk with Anthony Davis, security awareness leader and co-host of The Awareness Angle Podcast. For more than a decade, he has helped businesses build security cultures that stick, by making cybersecurity simple and human. Together, we explore how AI is changing the game: from phishing emails that feel authentic, to deepfake voices and videos that can trick even the cautious. You'll hear why emotions have become the new warning signs, and what practical steps you can take to protect yourself and your company. If you've ever wondered how to spot scams in the age of AI, this conversation will give you clear, actionable insights.Hosted by Ausha. See ausha.co/privacy-policy for more information.

Tariffs are here and many vendor team members may be busier than ever with how they have caused changes in the vendor process.  There may be additional validations involved in four areas…Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:     Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Welcome to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown for September 5, 2025. I'm Tatiana Cuadras, Communications Assistant for the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we look at the most recent events and trends related to data security and privacy. Today, we are going to look at how identity criminals are using QR code phishing in new attacks. Many of you probably have heard the phrase “Gone Fishing” before. For those who have not, “Gone Fishing” is another way someone might say one is absent, left or no longer present. It can also be an excuse for not being around. The hackers are not “Gone Fishing”; they are “Gone Quishing”. See what I did there? On a more serious note, that is the title of this week's podcast because they are weaponizing QR codes in new “quishing” attacks. Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter

Video - https://youtu.be/Du4bss9sOKYQR codes aren't always what they seem. This video uncovers the rise of “quishing”—a new phishing scam using QR codes that's so convincing it fooled even cybersecurity experts. Learn how it works and how to stay safe before you scan.I used ChatGPT 5, ScreenPal, and Pictory.ai to put this information together.If you're interested in trying Pictory.ai please use the following link. https://pictory.ai?ref=t015o

Nach über 40 Jahren bleibt sie ungeschlagen: die E-Mail ist weiterhin das elektronische Kommunikationsmittel Nummer 1. In dieser Podcast-Folge steht vor allem die Sicherheit des Mailverkehrs im Vordergrund. Dazu sprechen Sidonie und Sven mit ihren Gästen auch über das vom Bundesamt für Sicherheit in der Informationstechnik (BSI) ausgerufene E-Mail-Sicherheitsjahr 2025. Eine Kampagne, an der auch eco mitwirkt und die ein starkes Zeichen für eine sichere digitale Kommunikation setzen soll. BSI-Präsidentin Claudia Plattner spricht mit Sidonie darüber, warum Unternehmen gerade jetzt die Gelegenheit nutzen sollten, für das Thema E-Mail-Sicherheit einzustehen . „Der einzig wirksame Schutz gegen Phishing ist, wenn die Phishing-Mail gar nicht erst beim Nutzenden ankommt“, so Plattner. Julia Janßen-Holldiek, Director der Certified Senders Alliance (CSA) beim eco Verband klärt im Gespräch mit Sven über E-Mail Standards auf und warum Unternehmen lange Zeit keinen Fokus darauf gesetzt haben. André Görmer, Leiter der Kompetenzgruppe E-Mail beim eco spricht darüber, wie auch kleinere Unternehmen ohne riesige IT-Abteilung für mehr E-Mail Sicherheit sorgen können. Weitere Infos: Mehr zur Kampagne und der Hall of Fame erfahren: Hall of Fame: Sichtbare Anerkennung für Vorreiter im sicheren Mail-Verkehr - eco Deine E-Mails, dein digitales Zuhause - eco 5-Punkte-Plan zur Rechenzentrums-Strategie des Bundes: Rechenzentrumsstrategie des Bundes: eco Verband legt 5-Punkte Plan für zukunftsfähigen Datacenter-Standort vor - eco ----------- Redaktion: Christin Müller, Laura Rodenbeck, Anja Wittenburg Schnitt: David Grassinger Moderation: Sidonie Krug, Sven Oswald Produktion: eco – Verband der Internetwirtschaft e.V.

Scott Barronton, Chief Information Security Officer, Diebold NixdorfAI in financial_services is beginning to move from promise to practical implementation. But, as Scott Barronton, CISO of Diebold Nixdorf, warns, organisations should roll out internal AI solutions before leveraging the technology in their products. Robin Amlôt of IBS Intelligence speaks to Scott Barronton about what you need to build to ensure safe and responsible adoption of AI.

  In this episode of Command Control Power, Joe and Sam catch up after attending a confidential Apple Technical Summit. They discuss the event's highlights, including networking opportunities and technical presentations. Sam shares his experience improving a client's old IT setup, moving them to modern managed services and security practices. Joe dives into his quest for an ideal phone solution with group SMS capabilities, ultimately considering sticking with RingCentral due to recent features supported by AI. The episode also touches on the importance and challenges of maintaining high-quality internet service at a fair price and explores the potential environmental impact of AI note-taking.   00:00 Introduction and Hosts Reunion 00:15 NDA Event and Apple Summit 01:31 Networking and Connections 03:01 San Jose and Big Basin Adventures 06:18 Technical Summit Insights 09:12 Funny Poolside Moments 11:03 Caseless Phones and Engineering Marvels 16:31 Coffee Talk and AeroPress Trivia 25:22 Billing Challenges and Solutions 28:29 Client Negotiations and Agreement 28:55 Email Security and Phishing 29:52 Security Training and Awareness 31:30 New Client with Technical Debt 33:45 Managed Services Plan Pitch 37:41 AI in Client Communication 38:32 Phone Service Saga 51:34 Optimum Fiber and Internet Deals 56:49 Concluding Thoughts and Future Topics

Themen: KI gegen Bürokratie beim Arzt [00:27Min.] | Phishing - fiese Masche [07:51Min.] | Gaming für (ältere) Einsteiger [14:03Min.] | Apfelschälen leicht gemacht [20:10Min.] | Internationale Gemüsetricks [26:16Min.]

In this sponsored interview Casey Ellis chats with Push Security co-founder Jacques Louw. Push's browser plugin gives a unique level of visibility into how users interact with the web and the attacks they face. Jacques talks through what they're seeing, and their recently published taxonomy of phishing attacks. It's on Github for everyone to contribute to! Show notes Introducing our guide to phishing detection evasion techniques

In this episode of Cybersecurity Today, host Jim Love delves into the latest cyber threats and risks. Key topics include the new phishing campaign Zipline that flips traditional tactics, Google's call for 2.5 billion Gmail users to reset passwords due to a phishing attack by Shiny Hunters, and the emergence of AI-driven ransomware like Prompt Lock. The episode also covers a hijack of the NX build platform leading to a sophisticated supply chain attack, and a whistleblower's claims that the Social Security Administration put personal data at risk by improperly handling sensitive information. Tune in to stay informed on these evolving cyber threats and defensive measures. 00:00 Introduction to Cybersecurity News 00:31 Zipline Phishing: A New Threat 02:14 Google Urges Password Resets 03:51 AI-Powered Ransomware: Prompt Lock 05:48 NX Supply Chain Attack 07:35 Social Security Data at Risk 09:20 Conclusion and Upcoming Shows

This Morning's Headlines1. Kim Jong-un to China2. Phishing crackdown3. Local tax cuts4. Rate freeze5. SKT fined

According to The Kaplan Group, tax scams have resulted in 2025 YTD reported financial losses of $5,742,463.91.  Monthly tax scam reports rose 62% year-over-year, from 227 in 2024 to 368 in 2025, and have increased by 323% since 2020.  So what can you do to protect yourself? To help you stay safe, here are three key takeaways: The IRS will almost always contact you by MAIL first.  If you get a text, email, or surprise phone call demanding personal information or payment, it's almost certainly a scam. Phishing and "smishing" are at an all-time high.  Scammers try to lure you with messages about fake refunds, threats, or "unusual activity." Never click suspicious links or share your personal info. Double-check everything.  Unsure about a tax communication?  Review it with your tax professional, or check official IRS resources (linked on the podcast and IRS website).  Remember—the IRS won't email or text you unless you've explicitly given permission. Stay vigilant, and don't let scammers get between you and your hard-earned money! Connect with Paul Contact Paul here or schedule a time to meet with Paul here. For resources discussed in this episode, visit tammacapital.com/podcast. Follow Paul on LinkedIn and YouTube. And feel free to email Paul at pfenner@tammacapital.com with any feedback, questions, or ideas for future guests and topics. Resources Featured in This Episode: How to know it's the IRS Dirty Dozen tax scams for 2025: IRS warns taxpayers to watch out for dangerous threats Understanding your IRS notice or letter

If you're looking for a low-cost vendor validation step to deter fraud – I have one for you in today's episode. Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Article:  How to Vet Suppliers and Avoid Fake Vendor Scams https://www.bitdefender.com/en-gb/blog/hotforsecurity/how-to-vet-suppliers-and-avoid-fake-vendor-scamsCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Podcast: Industrial Cybersecurity InsiderEpisode: AI, Phishing, and the Future of Industrial Cyber DefensePub date: 2025-08-26Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this week's rewind episode, Dino Busalachi is joined by Gary Kneeland from Claroty. With over nine years of experience at Claroty, Gary discusses the evolution of OT security, the convergence of IT and OT, and the growing importance of cybersecurity in protecting critical infrastructure. The conversation touches on how regulatory changes, ransomware threats, and AI advancements are shaping the industry. Whether you're dealing with outdated systems or navigating complex industrial environments, this episode provides practical insights into the challenges and opportunities ahead.Chapters:00:00:00 - Pandemic's Impact on Critical Infrastructure00:01:08 - Introduction to Gary Neelan and Claroty00:01:41 - Gary's Role in OT Cybersecurity00:02:49 - Evolution of OT Cybersecurity: From Compliance to Strategy00:05:23 - IT and OT Convergence: Securing Cyber-Physical Systems00:09:46 - Addressing Complex Challenges in OT Cybersecurity00:11:56 - OT Cybersecurity Talent Shortage and Managed Services00:13:01 - Future of OT Cybersecurity: Adapting to New Threats00:14:36 - Modernizing Manufacturing Systems for Enhanced Security00:15:52 - Global Cybersecurity Trends in Critical Infrastructure00:18:01 - Regional OT Cybersecurity Challenges and Responses00:25:01 - The Role of AI in Defending OT Environments00:28:19 - Final Thoughts on OT Cybersecurity's FutureLinks And Resources:Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityGary Kneeland on LinkedInDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Send us a textWhat do street food in Vietnam, varsity football, and DMARC email authentication have in common? In this immersive episode, Joey Pinz sits down with Michael Chester for a lively conversation that connects personal transformation with global impact.

Microsoft has launched Project IR, an advanced AI capable of reverse-engineering malware with a remarkable 90% accuracy rate. This autonomous agent utilizes a combination of large language models and specialized cybersecurity tools to identify threats effectively, achieving a low false positive rate of just 2%. Recent tests demonstrated its capability to analyze thousands of unclassified files and accurately flag a significant majority as malicious. However, as cybersecurity technology advances, so do the tactics of cybercriminals, with a notable increase in phishing attacks targeting managed service providers (MSPs), which now account for over half of all phishing incidents.The rise of AI-powered phishing and social engineering tactics has been highlighted in a recent Acronis report, revealing that 52% of phishing attacks are aimed at MSPs. Additionally, new research indicates that AI browsers may inadvertently assist scammers, as they can overlook red flags that human users would typically catch. A survey from One Password further emphasizes the challenges organizations face with the rapid adoption of AI tools, with many lacking visibility and control over these applications, leading to potential security vulnerabilities.Gartner has issued a warning to corporate leaders, stating that they have a limited timeframe to integrate AI agents into their operations or risk falling behind competitors. Despite the urgency, Gartner also acknowledges that a significant percentage of AI projects fail, raising concerns about the pressure vendors may place on businesses to adopt these technologies hastily. Meanwhile, XAI's claims regarding its Grok 2.5 model being open-sourced have been criticized as misleading, as the licensing terms impose restrictions that contradict open-source principles.In the realm of cybersecurity solutions, companies like SonicWall and VMware are introducing new tools and technologies to enhance security and operational efficiency. SonicWall has launched a new generation of firewalls with a unique cyber warranty, while VMware is focusing on ARM architecture to meet the growing demand for energy-efficient servers. However, the podcast emphasizes the importance of cutting through vendor noise and focusing on solutions that genuinely improve business operations, rather than getting caught up in marketing hype.Three things to know today 00:00 Microsoft's Project Ire Shows AI Can Catch Malware, But Attacks on MSPs Are Rising Faster06:36 AI Urgency, Open-Washing, and Federal Adoption: Sorting Hype From Reality10:09 From Billing Fixes to Firewalls and VMware's Arm Gamble: What Really Matters for MSPs   Supported by:  https://getnerdio.com/  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Tech commentator Tony Grasso joins Kathryn to talk about the big news in the cyber-crime world.

Christopher und Sylvester sind aus dem Urlaub zurück, haben direkt mehr Themen als in einen Passwort-Podcast passen und teilen deshalb auf: In dieser Folge geht es um eine großangelegte Studie, der zufolge viele übliche Anti-Phishing-Maßnahmen kaum oder gar nicht helfen. Außerdem grübeln die beiden über das Tempo, mit dem Let's Encrypt seine alten CT-Logs abschalten will, und verzweifeln an Microsoft. Die Firma aus Redmond ist mit gleich zwei Geschichten im Podcast vertreten, die nicht nur von Sicherheitslücken und (zweifelhaften) technischen Lösungen handeln, sondern auch totale Kommunikationsdesaster skizzieren. - Phrack Ausgabe 72: https://phrack.org/issues/72/1 - Phising-Studie: https://arianamirian.com/docs/ieee-25.pdf - Slide-Deck der Phishing-Studie: https://i.blackhat.com/BH-USA-25/Presentations/US-25-Dameff-Pwning-Phishing-Training-Through-Scientific-Lure-Crafting-Wednesday.pdf - Blogpost von Microsoft Threat Intelligence zu den Sharepoint- Angriffen: https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities - Jürgen Schmidts Kommentar zu Microsofts Secure Future Initiative: https://heise.de/-10505985 - Video des Vortrags „Living off Microsoft Copilot“: https://www.youtube.com/watch?v=FH6P288i2PE - Windows' Kopieren-Dialog: https://xkcd.com/612/ - Copilot broke your audit log: https://pistachioapp.com/blog/copilot-broke-your-audit-log - Folgt uns im Fediverse: - @christopherkunz@chaos.social - @syt@social.heise.de

If Salesforce flutters its wings in San Francisco... How is this still tricking people? From tagging to bagging Huge thanks to our sponsor, Prophet Security Security teams are drowning in alerts - many companies generate upwards of 1000 or more alerts a day, and nearly half go ignored. That's where Prophet Security comes in. Their AI SOC platform automatically triages and investigates alerts, so your team can focus on real threats instead of busywork. Faster response, less burnout, and lower risk to your business. Learn more atprophetsecurity.ai.  

Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year's Oktane event, and we aim to kick off the conversations a little early - with this interview! Segment Resources: Check out securityweekly.com/oktane for all our live coverage during the event this year! More information about the event and how you can attend can be found here: https://www.okta.com/oktane/ AI at Work 2025: Securing the AI-powered workforce Topic - Indirect Prompt Injection Getting Out of Hand Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen. Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack. Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible. What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done? News Finally, in the enterprise security news, Drones are coming for you… to help? One of the most powerful botnets ever goes down Phishing training is still pointless Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff vulns galore in commercial ZTNA apps GenAI projects are struggling to make it to production Adblockers could be made illegal - in Germany Windows is getting native Agentic support Automating bug discovery AND remediation? Public service announcement: time is running out for Windows 10 All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-421

Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year's Oktane event, and we aim to kick off the conversations a little early - with this interview! Segment Resources: Check out securityweekly.com/oktane for all our live coverage during the event this year! More information about the event and how you can attend can be found here: https://www.okta.com/oktane/ AI at Work 2025: Securing the AI-powered workforce Topic - Indirect Prompt Injection Getting Out of Hand Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen. Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack. Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible. What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done? News Finally, in the enterprise security news, Drones are coming for you… to help? One of the most powerful botnets ever goes down Phishing training is still pointless Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff vulns galore in commercial ZTNA apps GenAI projects are struggling to make it to production Adblockers could be made illegal - in Germany Windows is getting native Agentic support Automating bug discovery AND remediation? Public service announcement: time is running out for Windows 10 All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-421

Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year's Oktane event, and we aim to kick off the conversations a little early - with this interview! Segment Resources: Check out securityweekly.com/oktane for all our live coverage during the event this year! More information about the event and how you can attend can be found here: https://www.okta.com/oktane/ AI at Work 2025: Securing the AI-powered workforce Topic - Indirect Prompt Injection Getting Out of Hand Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen. Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack. Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible. What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done? News Finally, in the enterprise security news, Drones are coming for you… to help? One of the most powerful botnets ever goes down Phishing training is still pointless Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff vulns galore in commercial ZTNA apps GenAI projects are struggling to make it to production Adblockers could be made illegal - in Germany Windows is getting native Agentic support Automating bug discovery AND remediation? Public service announcement: time is running out for Windows 10 All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-421

Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year's Oktane event, and we aim to kick off the conversations a little early - with this interview! Segment Resources: Check out securityweekly.com/oktane for all our live coverage during the event this year! More information about the event and how you can attend can be found here: https://www.okta.com/oktane/ AI at Work 2025: Securing the AI-powered workforce Topic - Indirect Prompt Injection Getting Out of Hand Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen. Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack. Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible. What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done? News Finally, in the enterprise security news, Drones are coming for you… to help? One of the most powerful botnets ever goes down Phishing training is still pointless Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff vulns galore in commercial ZTNA apps GenAI projects are struggling to make it to production Adblockers could be made illegal - in Germany Windows is getting native Agentic support Automating bug discovery AND remediation? Public service announcement: time is running out for Windows 10 All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-421

Validating vendor information and checking that they are not on any applicable sanction lists is a part of your vendor on-boarding process, but what about after the on-boarding process? Today's episode is a webinar that not only has a five-step process for recurring vendor validations, but lots of five downloads to help you get started.  Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    On-Demand Webinar:  Recurring Vendor Validations: Ensure Post-Onboarding Compliance https://training.debrarrichardson.com/course/september2024Free Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Microsoft releases emergency out-of-band (OOB) Windows updates. Trump targets NSA's leading AI and cyber expert in clearance revocations. A breach may have compromised the privacy of Ohio medical marijuana patients. Cybercriminals exploit an AI website builder to rapidly create phishing sites. Warlock ransomware operators target Microsoft's SharePoint ToolShell vulnerability. Google and Mozilla patch Chrome and Firefox. European officials report two cyber incidents targeting water infrastructure. A federal appeals court has upheld fines against T-Mobile and Sprint for illegally selling customer location data. Authorities dismantle DDoS powerhouse Rapper Bot. On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, speaking about ShinyHunters and the problems with securing Salesforce. Microsoft Copilot gets creative with compliance.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, who is speaking about ShinyHunters and the problems with securing Salesforce. You can hear more from Matt here. Selected Reading Microsoft releases emergency updates to fix Windows recovery (Bleeping Computer) Trump Revokes Security Clearances of 37 Former and Current Officials (The New York Times) Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database (WIRED) AI Website Builder Lovable Abused for Phishing and Malware Scams (Hackread) Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell Exploit (InfoSecurity Magazine) High-Severity Vulnerabilities Patched in Chrome, Firefox (SecurityWeek) Russia-linked European attacks renew concerns over water cybersecurity (CSO Online) T-Mobile claimed selling location data without consent is legal, judges disagree (Ars Technica) Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator (CyberScoop) Copilot Broke Your Audit Log, but Microsoft Won't Tell You (Pistachio Blog) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fraud and scams are on the increase resulting in a loss of more than $5.8 billion impacting more than 2.8 million consumers according to the Federal Trade Commission. Older adults are among the biggest victims. Learn how to identify and protect yourself starting with keeping your private information secure and not sharing so much information online. Fearless Fabulous You's Melanie Young provides examples of common scams, phishing, pharming and fraud, a few of which have tried to target her.Fearless Fabulous You is broadcast live Wednesdays at 12 Noon ET on W4WN Radio - Women 4 Women Network (www.w4wn.com) part of Talk 4 Radio (www.talk4radio.com) on the Talk 4 Media Network (www.talk4media.com).Fearless Fabulous You Podcast is also available on Talk 4 Media (www.talk4media.com), Talk 4 Podcasting (www.talk4podcasting.com), iHeartRadio, Amazon Music, Pandora, Spotify, Audible, and over 100 other podcast outlets.

Today on the radio show. 1 - Smoko chat. Top 10 pubs in NZ. 5 - Great bars in NZ. 9 - Phishing emails. 13 - Aussie trauma. 18 - What have you had in your ear. 23 - Must watch. https://bit.ly/3HF7J5u 25 - Nickname ninjas vol. 10. 27 - Antiques Road Show Gone Wild. 32 - Mindbenders. 36 - The Grab a Bite. 41 - Aussie battlers on the news. 43 - Late mail. 47 - Last drinks. Get in touch with us: https://linktr.ee/therockdrive

This episode, we're joined by Ford Merrill, Senior Director of Research and Innovation at SEC Alliance, to discuss the evolution and sophistication of Phishing as a Service (PhaaS).Merrill shares from his 11 years of experience working on security research in primarily the areas of phishing and DDoS botnets. In the episode, he talks about the shift from Russian to Chinese-speaking operators, who the developers of advanced kits like Darcula and Lighthouse are, and who actually uses them to impersonate brands for financial gain.Merrill also outlines a complex ecosystem with supporting technologies and roles involving spammers, data brokers, and money launderers. He also shares what thinks needs to be done to respond this problem, and where he sees rays of hope already.Related resources:If you haven't listened to our series on Darcula, a phishing-as-a-service operation targeting victims globally, check out episode 137 and 138 to hear Robby's interview with mnemonic's security researchers Erlend Leiknes and Harrison Sand about the findings from their technical investigation into the phishing kit platform Magic Cat. And hear how this story progressed as Robby interviews investigative journalist Martin Gundersen from the Norwegian media agency NRK.Send us a text

Ann Westerheim, founder and president of Ekaru, discusses the concept of "last mile services" in technology, emphasizing the importance of making advanced IT and cybersecurity accessible to small businesses. Drawing from her background in the semiconductor industry, she highlights the gap between cutting-edge technology and its practical application for Main Street USA businesses. Her approach focuses on empowering clients to improve their cybersecurity posture through simple, actionable steps, such as implementing strong passwords and multi-factor authentication.Westerheim introduces her CyberFit 21-day program, designed to demystify cybersecurity for non-technical users. She aims to replace the overwhelming jargon of the tech industry with relatable concepts that resonate with small business owners. By simplifying complex topics, she helps clients understand the risks they face and the straightforward measures they can take to mitigate them. This approach not only educates but also empowers clients to take control of their cybersecurity.The conversation shifts to the impact of artificial intelligence (AI) on cybersecurity, particularly in phishing attacks. Westerheim notes that AI is being used to create highly sophisticated phishing emails that are indistinguishable from legitimate communications. She emphasizes the need for businesses to establish acceptable use policies regarding AI and to educate employees about the potential security risks associated with its use. This proactive approach is crucial as many employees may be using AI tools without understanding the implications.As the discussion wraps up, Westerheim reflects on the current mood among small business clients, who are feeling overwhelmed by rapid technological changes and external economic pressures. She stresses the importance of taking small, manageable steps to adapt to these changes rather than succumbing to paralysis by analysis. By fostering open dialogues about technology and security, she aims to guide her clients through this period of uncertainty, helping them to embrace the opportunities that come with technological advancements. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

A ransomware attack exposes personal medical records of VA patients. New joint guidance from CISA and the NSA emphasizes asset inventory and OT taxonomy. The UK government reportedly spent millions to cover up a data breach. Researchers identified two critical flaws in a widely used print orchestration platform.  Phishing attacks increasingly rely on personalization. Rooting and jailbreaking frameworks pose serious enterprise risks. Fortinet warns of a critical command injection flaw in FortiSIEM. Estonian nationals are sentenced in a crypto Ponzi scheme. Michele Campobasso from Forescout joins us to unpack new research separating the hype from reality around “vibe hacking.” Meet the Blockchain Bandits of Pyongyang. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Michele Campobasso from Forescout joins us to unpack new research separating the hype from reality around “vibe hacking.” Their team tested open-source, underground, and commercial AI models on vulnerability research and exploit development tasks—finding high failure rates and significant limitations, even among top commercial systems. Selected Reading Medical records for 1 million dialysis patients breached in data hack of VA vendor (Stars and Stripes) NSA Joins CISA and Others to Share OT Asset Inventory Guidance (NSA.gov) CISA warns of N-able N-central flaws exploited in zero-day attacks (Bleeping Computer) U.K. Secretly Spent $3.2 Million to Stop Journalists From Reporting on Data Breach (The New York Times) From Support Ticket to Zero Day  (Horizon3.ai) Personalization in Phishing: Advanced Tactics for Malware Delivery (Cofense) The Root(ing) Of All Evil: Security Holes That Could Compromise Your Mobile Device (Zimperium) Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild (Bleeping Computer) Estonians behind $577 million cryptomining fraud sentenced to 16 months (The Record) Someone counter-hacked a North Korean IT worker: Here's what they found (Cointelegraph) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A vendor in your vendor master file is inactive – and for good reason, because the last time your company paid that vendor was four years ago.  Now your company wants to use that vendor again – don't just change the status that can lead to failed payments and bad vendor data.  Why and what should you do instead? `Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team.  Links mentioned in the podcast + other helpful resources:    Training Session:  Build a Substitute W-9 Form to Combine Your Vendor Setup Form and IRS Form W-9 https://training.debrarrichardson.com/course/substitute-irs-w9Training Session:  Build a Substitute W-8BEN and W-8BEN-E FormFree On-Demand Webinar:  8 Steps to Clean Your Vendor Master File https://training.debrarrichardson.com/course/cleanupFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

We're back! Pen Tester and Team Ambush member Morgan Trust walks us through his journey into the cybersecurity field. With a can-do approach, Morgan discusses how he has developed professionally, expanding his expertise across public speaking and competitive hacking. His presentation, "The New Era of Deception: AI, Deep Fakes, and The Dark Web" has hit many a stage with these essential points to keep in mind: - AI is increasingly being used in sophisticated phishing attacks. - Cybersecurity practices should be proactive; be prepared for a situation- Understanding the evolving nature of cyber threats is vital. Enjoy this episode featuring a balance of hobby pursuits, shared experiences in security, and informative points.We want to hear from you! Contact us at unsecurity@frsecure.com and follow us for more! LinkedIn: https://www.linkedin.com/company/frsecure/ Instagram: https://www.instagram.com/frsecureofficial/ Facebook: https://www.facebook.com/frsecure/ BlueSky: https://bsky.app/profile/frsecure.bsky.social About FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

Personal Security 101: Die Security-Basics für Entwickler*innenDenkst du, Passwortmanager sind in 2025 längst Standard? Dann kennst du vermutlich noch nicht die Realität von vielen Devs. Selbst bei den Profis landen SSH-Schlüssel, API-Keys oder Secrets oft unverschlüsselt auf der Festplatte.In dieser Episode gehen wir zurück zu den Security-Basics. Wir sprechen offen darüber, was wirklich Best Practice ist und was in der Praxis (und bei uns privat) anklang findet. Warum sind Passwortmanager ein echtes Must-have? Wann reicht TOTP – und wann brauchst du Hardware-Tokens wie den Yubikey? Welche Kompromisse gehst du zwischen UX, Sicherheit und „Faulheit“ ein? Außerdem diskutieren wir, wie du SSH-Keys richtig schützt und wie du sensible Umgebungsvariablen verwaltest. Weiterhin klären wir, was Phishing, Typosquatting und homographische Angriffe sind.Engagiere dich in unserer Community, teile deine Security-Stories und verrate uns deine Lieblings-Tools – oder die Hacks, auf die du heute lieber nicht mehr stolz bist. Vielleicht schaffen wir es gemeinsam, Security 2025 ein Stück besser zu machen.Unsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:

In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico's Field CTO about making account recovery and onboarding for employees phishing-resistant. They also discuss the problems and opportunities of syncable passkeys. Show notes

In this episode of Breaking into Cybersecurity, Craig Taylor, CEO of Cyber Hoo, shares his journey into the cybersecurity field. With a background in psychology, Taylor discusses his early career, the establishment of his company, and the challenges he faced along the way. He emphasizes the importance of positive reinforcement in cybersecurity training, the impact and implications of AI in the field, and the evolving landscape of security threats. Taylor also offers valuable guidance for those seeking to follow a similar path in cybersecurity, highlighting free resources to help individuals enhance their cyber literacy.Helpful links:https://cyberhoot.com/cybrary/identity-theft/https://cyberhoot.com/solutions/for-individuals/00:00 Introduction and Guest Welcome01:00 Craig Taylor's Journey into Cybersecurity03:56 Founding Cyber Hoo and Early Challenges05:59 The Role of AI in Cybersecurity09:04 AI's Impact on Phishing and Data Privacy24:50 Positive Reinforcement in Cybersecurity Training32:33 Final Thoughts and Advice for Aspiring Cybersecurity ProfessionalsSponsored by CPF Coaching LLC - http://cpf-coaching.comThe Breaking into Cybersecurity: It's a conversation about what they did before, why did they pivot into cyber, what the process was they went through Breaking Into Cybersecurity, how they keep up, and advice/tips/tricks along the way.The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. We focus on the skills and competencies associated with cybersecurity leadership and tips/tricks/advice from cybersecurity leaders.Check out our books:Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level https://amzn.to/3443AUIHack the Cybersecurity Interview: Navigate Cybersecurity Interviews with Confidence, from Entry-level to Expert roleshttps://www.amazon.com/Hack-Cybersecurity-Interview-Interviews-Entry-level/dp/1835461298/Hacker Inc.: Mindset For Your Careerhttps://www.amazon.com/Hacker-Inc-Mindset-Your-Career/dp/B0DKTK1R93/About the hosts:Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/Download a free copy of her book at magnetichiring.com/bookChristophe Foulon focuses on helping to secure people and processes, using a solid understanding of the technology involved. He has over ten years of experience as an Information Security Manager and Cybersecurity Strategist. He is passionate about customer service, process improvement, and information security. He has significant expertise in optimizing the use of technology while balancing the implications for people, processes, and information security through a consultative approach.https://www.linkedin.com/in/christophefoulon/Find out more about CPF-Coaching at https://www.cpf-coaching.comWebsite: https://www.cyberhubpodcast.com/breakingintocybersecurityPodcast: https://podcasters.spotify.com/pod/show/breaking-into-cybersecuriYouTube: https://www.youtube.com/c/BreakingIntoCybersecurityLinkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/Twitter: https://twitter.com/BreakintoCyberTwitch: https://www.twitch.tv/breakingintocybersecurity

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

Did you know that the IRS has working group meetings for the Information Returns Intake System (IRIS)?  To find out three things I learned when I attended, what the IRS says FIRE users should do now and how you can attend the next one..Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:     YouTube Video:  Demo of the IRS e-News Subscriptions IRS: IRIS working group meetings and notes Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

The final episode of Wallet Watch Season 13 is here, and it's all about one of the most common forms of cyber security fraud: phishing. In the newest episode titled “Phishing 101: Don't Take the Bait,” host Jessica Rubio speaks with Erin Landis, Chief Information Security Officer (CISO) from MSU Federal Credit Union, about how phishing scams are evolving — and how you can protect yourself. Erin shares insights into the personal and corporate risks of phishing, how AI is making scams more convincing, and the top red flag of urgency to watch for. If a message pushes you to act fast, slow down — it could be a trap. To wrap the season up, the message is clear. The more we educate ourselves, the better equipped we are to outsmart fraudsters.

Phishing (fraud) phone calls are getting more sophisticated all the time, and they are using AI to help find out info about you and customize their call scripts    #SupportUkraine #Ukraine #StandingWithUkraine #UkraineRussiaWar #StopRussia

If a co-worker or colleague contacted you on social media – how do you tell if it's them or not?Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Free Authentication Training:  3 Step Vendor Setup & Maintenance Process WorkshopBloomberg Article:  ‘I Need to Identify You':  How One Question Saved Ferrari From a Deepfake Scam Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

This is repeat of a broadcast from last October, still relevant, especially in the light of so many current breaches which have begun not with technical weaknesses but with phishing and social engineering.   In this deeper dive episode of 'Cybersecurity Today,' hosts Jim Love and David Shipley, a top cybersecurity expert from Beauceron Security, explore the evolution, intricacies, and impact of phishing attacks. They highlight recent sophisticated phishing strategies that combine AI, complex setups, and psychological manipulation to deceive even the most knowledgeable individuals. The discussion covers various types of phishing including spearphishing, whaling, sharking, QR phishing, and the emotional and psychological tactics employed by attackers. They also delve into practical defense mechanisms such as Multi-Factor Authentication (MFA), passkeys, and the importance of fostering a security-conscious workplace culture. The episode emphasizes the need for a diversified security approach involving technology, training, and emotional intelligence, while encouraging assertiveness in questioning potentially fraudulent communication. 00:00 Introduction to Cybersecurity Today 00:40 The Evolution of Phishing Attacks 01:44 Deep Dive into Phishing Techniques 03:31 History of Phishing 06:04 Types of Phishing: From Email to Whaling 10:06 Advanced Phishing Tactics 19:25 The Psychology Behind Phishing 26:03 Phishing Tactics: Free Gift Card Scams 26:33 The Power of Scarcity in Phishing 28:27 Authority and Phishing: Impersonation Tactics 29:11 Consistency: Small Requests Leading to Big Scams 30:14 Liking and Social Proof in Social Engineering 32:15 The Evolution of Phishing Techniques 35:31 The Role of MFA in Enhancing Security 38:35 Passkeys and the Future of Authentication 44:57 Building a Security-Conscious Workplace Culture 48:47 Conclusion and Final Thoughts

SharePoint Servers Exploited via 0-day CVE-2025-53770 Late last week, CodeWhite found a new remote code execution exploit against SharePoint. This vulnerability is now actively exploited. https://isc.sans.edu/diary/Critical+Sharepoint+0Day+Vulnerablity+Exploited+CVE202553770+ToolShell/32122/ Veeam Voicemail Phishing Attackers appear to impersonate VEEAM in recent voicemail-themed phishing attempts. https://isc.sans.edu/diary/Veeam%20Phishing%20via%20Wav%20File/32120 Passkey Phishing Attack A currently active phishing attack takes advantage of the ability to use QR codes to complete the Passkey login procedure https://expel.com/blog/poisonseed-downgrading-fido-key-authentications-to-fetch-user-accounts/