Podcasts about Phishing

Live from Authenticate 2025, Jeff Steadman and Jim McDonald sit down with Dr. Tina Srivastava, an IDPro board member and co-founder of Badge Inc., for a crucial discussion on the rapidly evolving landscape of identity and authentication.Tina shares her insights on the conference, the evolution from physical hacks to sophisticated AI-driven threats like supercharged phishing, and the current challenges facing the industry. The conversation delves into the complexities of synced Passkeys, the critical vulnerability of account recovery processes, and the slow pace of regulation in keeping up with technology.As a board member for IDPro, Tina highlights the immense value of the practitioner-focused community, the supportive culture within its Slack channels, and makes an exciting announcement about the creation of new member-driven committees to shape the future of the organization. They explore the concept of the "AI arms race" and why identity professionals cannot afford to wait for the next big thing, emphasizing that collaboration and information sharing through communities like IDPro are essential to staying ahead of adversaries.Connect with Tina: https://www.linkedin.com/in/tina-s-8291438a/Find out more about IDPro: https://www.idpro.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Introduction and Greetings00:16 Highlights from Authenticate 202501:39 FIDO Feud Rematch Discussion03:17 Guest Introduction: Tina Srivastava03:46 Conference Insights and AI Challenges06:16 Regulatory Environment and Passkeys09:11 Phishing and AI Supercharged Attacks12:28 QR Codes and Accessibility Issues13:09 The Importance of Phishing Resistant Authentication22:24 IDPro Community and Practitioner Support25:18 Community Support and Engagement26:26 IDPro's Role in Identity Events27:48 Future Directions for IDPro29:19 Introducing Committees in IDPro30:39 AI and Identity Verification37:07 The Importance of Information Sharing45:35 Public Speaking and Personal Growth50:58 Conclusion and Final ThoughtsKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Tina Srivastava, IDPro, Authenticate 2025, Passkeys, AI, Artificial Intelligence, Cybersecurity, Phishing, Deepfakes, Authentication, Account Recovery, Biometrics, Identity and Access Management, IAM, NIST, Regulation, Identity Verification, Synced Passkeys, FIDO Alliance

CISA says cooperation between federal agencies and the private sector remains steady. Long-standing Linux kernel vulnerability in active ransomware campaigns confirmed. A Chinese-linked group targets diplomatic organizations in Hungary, Belgium, and other European nations. A government contractor breach exposes data of over 10 million Americans. Luxury fashion brands fall victim to impersonation scams. Phishing shifts from email to LinkedIn. Advocacy groups urge the FTC to block Meta from using chatbot interactions to target ads. A man pleads guilty to selling zero-days to the Russians. Emily Austin, Principal Security Researcher at Censys, discusses why nation state attackers continue targeting critical infrastructure. When M&S went offline, shoppers hit ‘Next'. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Emily Austin, Principal Security Researcher at Censys, as she discusses why nation state attackers continue targeting critical infrastructure. Selected Reading Cyber info sharing ‘holding steady' despite lapse in CISA 2015, official says (The Record) CISA: High-severity Linux flaw now exploited by ransomware gangs (Bleeping Computer) CISA and NSA share tips on securing Microsoft Exchange servers (Bleeping Computer) UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities (Arctic Wolf) More than 10 million impacted by breach of government contractor Conduent (The Record) Luxury Fashion Brands Face New Wave of Threats in Lead-up to 2025 Holiday Shopping Season (BforeAI) LinkedIn phishing targets finance execs with fake board invites (Bleeping Computer) Coalition calls on FTC to block Meta from using chatbot interactions to target ads, personalize content (The Record) Ex-L3Harris exec pleads guilty to selling zero-day exploits to Russian broker (CyberScoop) Business rival credits cyberattack on M&S for boosting profits (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Phishing with Invisible Characters in the Subject Line Phishing emails use invisible UTF-8 encoded characters to break up keywords used to detect phishing (or spam). This is aided by mail clients not rendering some characters that should be rendered. https://isc.sans.edu/diary/A%20phishing%20with%20invisible%20characters%20in%20the%20subject%20line/32428 Apache Tomcat PUT Directory Traversal Apache released an update to Tomcat fixing a directory traversal vulnerability in how the PUT method is used. Exploits could upload arbitrary files, leading to remote code execution. https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog BIND9 DNS Spoofing Vulnerability A PoC exploit is now available for the recently patched BIND9 spoofing vulnerability https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918

Bilingual Phishing for Cloud Credentials Guy observed identical phishing messages in French and English attempting to phish cloud credentials https://isc.sans.edu/diary/Phishing%20Cloud%20Account%20for%20Information/32416 Kaitai Struct WebIDE The binary file analysis tool Kaitai Struct is now available in a web only version https://isc.sans.edu/diary/Kaitai%20Struct%20WebIDE/32422 WSUS Emergency Update Microsoft released an emergency patch for WSUS to fix a currently exploited critical vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287 Network Security Devices Endanger Orgs with 90s-era Flaws Attackers increasingly use simple-to-exploit network security device vulnerabilities to compromise organizations. https://www.csoonline.com/article/4074945/network-security-devices-endanger-orgs-with-90s-era-flaws.html

Today Justin sits down with Aidan Raney. Aidan is the founder of Farnsworth Intelligence, a digital intelligence service, which he founded after unmasking a phishing network online which was harvesting credentials from unwitting Facebook users on a massive scale. Aidan is here to discuss his work at the forefront of digital intelligence, and in particular, his interactions with North Korean IT workers attempting to infiltrate American companies employing remote workers. Connect with Aidan:farnsworthintelligence.comGet the OSINT Newsletter: osintinsider.comConnect with Spycraft 101:Get Justin's latest book, Murder, Intrigue, and Conspiracy: Stories from the Cold War and Beyond, here.spycraft101.comIG: @spycraft101Shop: shop.spycraft101.comPatreon: Spycraft 101Subtack: spycraft101.substack.comFind Justin's first book, Spyshots: Volume One, here.Check out Justin's second book, Covert Arms, here.Download the free eBook, The Clandestine Operative's Sidearm of Choice, here.KruschikiThe best surplus military goods delivered right to your door. Use code SPYCRAFT101 for 10% off!Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Support the show

Send us a textIn this week's episode we discussed the essentials of cybersecurity. From data breaches, phishing scams, and strong passwords, we break down practical tips for keeping your personal and professional information secure. Whether you're a tech novice or a digital pro, this episode will help you stay one step ahead of cyber threats.Our Links:Retrospect

Microsoft WSUS vulnerability could allow for remote code execution Fake LastPass death claims used to breach password vaults New CoPhish attack steals OAuth tokens via Copilot Studio agents Huge thanks to our sponsor, Conveyor If security questionnaires make you feel like you're drowning in chaos, you're not alone. Endless spreadsheets, portals, and questions—always when you least expect them. Conveyor brings calm to the storm. With AI that auto-fills questionnaires and a trust center that shares all your docs in one place, you'll feel peace where there used to be panic. Find your security review zen at www.conveyor.com. Find the stories behind the headlines at CISOseries.com.

New Episode

In this episode of the Unsecurity Podcast, hosted by Megan Larkins and Brad Nigh from FRSecure, we are joined by Pinky from the IR team to dive deep into the pressing cybersecurity challenges as the holiday season approaches.From early breaches to the increasing sophistication of AI in phishing attacks, discover how attackers are evolving their tactics. The trio discusses the impact of VPN vulnerabilities, the rise of AI-enabled chatbots in ransomware scenarios, and how businesses can prepare for the uptick in threats during this busy time of year.Whether you're an IT professional or just curious about cybersecurity, this episode is packed with valuable insights.Don't miss out!-- Like, subscribe, and share with your network to stay informed about the latest in cybersecurity!Looking to get in touch? Reach out at unsecurity@frsecure.com and follow us for more!LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

Angry Nerds 271 - Edging is the new phishing

It's almost the end of the 25th annual October Cybersecurity Awareness Month and if you haven't heard of or watched the cybercriminal version of “The Office” it's time! Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team.  Links mentioned in the podcast + other helpful resources:     National Cybersecurity Alliance:   Cybersecurity Awareness Month Kubikle Videos Get the Vendor Callback Confirmation Toolkit(TM) Today: https://training.debrarrichardson.com/course/callback-confirmation-toolkitCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

As the Verizon Data Breach Investigations Report has stated year after year, most breaches start with human error. We've invested a lot in Security Awareness and Training and Phishing solutions, but yet human error is still the top risk. How do we actually reduce human risk? Rinki Sethi, CSO at Upwind Security, and Nicole Jiang, CEO of Fable Security, share why human risk management is the next frontier for security—and how platforms like Fable Security deliver personalized nudges that help employees build safer habits and stay ahead of threats. Solving human risk starts by changing human behavior. Learn how advancements in Artificial Intelligence (AI) and the application of adtech principles (targeted, personalized, A/B-tested messages delivered when they're most relevant) are delivering faster, more effective behavior change that lasts. Segment Resources: Five must-haves of modern human risk management: https://fablesecurity.com/ebook-five-must-haves/ Starter RFP for modern human risk management: https://fablesecurity.com/starter-rfp-for-modern-hrm/ This segment is sponsored by Fable Security. Visit https://securityweekly.com/fable to learn more about them! In the leadership and communications segment, Inside the CISO Mind: How Security Leaders Choose Solutions, 2026 Leadership Strategy: Mastering Agility and Anticipation for Better Decisions, The Most Human, Strategic, Sought-After Tool in Leadership, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-418

As the Verizon Data Breach Investigations Report has stated year after year, most breaches start with human error. We've invested a lot in Security Awareness and Training and Phishing solutions, but yet human error is still the top risk. How do we actually reduce human risk? Rinki Sethi, CSO at Upwind Security, and Nicole Jiang, CEO of Fable Security, share why human risk management is the next frontier for security—and how platforms like Fable Security deliver personalized nudges that help employees build safer habits and stay ahead of threats. Solving human risk starts by changing human behavior. Learn how advancements in Artificial Intelligence (AI) and the application of adtech principles (targeted, personalized, A/B-tested messages delivered when they're most relevant) are delivering faster, more effective behavior change that lasts. Segment Resources: Five must-haves of modern human risk management: https://fablesecurity.com/ebook-five-must-haves/ Starter RFP for modern human risk management: https://fablesecurity.com/starter-rfp-for-modern-hrm/ This segment is sponsored by Fable Security. Visit https://securityweekly.com/fable to learn more about them! In the leadership and communications segment, Inside the CISO Mind: How Security Leaders Choose Solutions, 2026 Leadership Strategy: Mastering Agility and Anticipation for Better Decisions, The Most Human, Strategic, Sought-After Tool in Leadership, and more! Show Notes: https://securityweekly.com/bsw-418

As the Verizon Data Breach Investigations Report has stated year after year, most breaches start with human error. We've invested a lot in Security Awareness and Training and Phishing solutions, but yet human error is still the top risk. How do we actually reduce human risk? Rinki Sethi, CSO at Upwind Security, and Nicole Jiang, CEO of Fable Security, share why human risk management is the next frontier for security—and how platforms like Fable Security deliver personalized nudges that help employees build safer habits and stay ahead of threats. Solving human risk starts by changing human behavior. Learn how advancements in Artificial Intelligence (AI) and the application of adtech principles (targeted, personalized, A/B-tested messages delivered when they're most relevant) are delivering faster, more effective behavior change that lasts. Segment Resources: Five must-haves of modern human risk management: https://fablesecurity.com/ebook-five-must-haves/ Starter RFP for modern human risk management: https://fablesecurity.com/starter-rfp-for-modern-hrm/ This segment is sponsored by Fable Security. Visit https://securityweekly.com/fable to learn more about them! In the leadership and communications segment, Inside the CISO Mind: How Security Leaders Choose Solutions, 2026 Leadership Strategy: Mastering Agility and Anticipation for Better Decisions, The Most Human, Strategic, Sought-After Tool in Leadership, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-418

Only half (52%) of Irish office workers are confident in their ability to identify phishing attacks, and one in five (19%) admit to entering sensitive business data, like customer details and financial information into free, unsecured AI tools. These findings, drawn from new Accenture research that surveyed 1,000 Irish office workers, reveal that the unsanctioned use of AI tools, combined with growing deepfake and phishing threats, could significantly increase cyber risks for Irish businesses. While most Irish office workers receive training either quarterly or annually (65%), a significant 1 in 10 (10%) have never received cybersecurity training, highlighting a real gap in organisational preparedness. The research also reveals that the vast majority of those surveyed (87%) have encountered suspicious messages at work. With impersonation attacks on the rise, 36% report receiving an email or text message impersonating a co-worker. Further findings reveal that while reporting culture is strong overall, with 3 in 4 office employees (77%) likely to report a phishing attempt, 46% say they are unsure of what to do if they were to receive suspicious messages. In addition, over half of those surveyed (56%) selected reasons that may discourage them from reporting a phishing or deepfake attack at work. These include not believing it's serious (21%) not knowing who to report to (20%) and fear of being blamed (15%). Responsibility for cybersecurity is also unclear. The research shows a near-even split between those who believe office workers (48%) are responsible for preventing cyberattacks and those who think it's the job of IT professionals (42%), highlighting a lack of clarity and shared accountability. When it comes to cyber concerns, AI-driven phishing emails top the list for Irish office workers (47%), followed by identity theft through AI misuse (34%). Deepfake threats are also a major worry, with 32% concerned about impersonations of their own likeness and 31% about deepfake videos impersonating leaders or executives. Jacky Fox, Senior Managing Director at Accenture Cybersecurity, commented: "These findings highlight the evolving nature of cyber threats in the age of AI and the urgent need for businesses to address gaps in training, tools, and reporting culture. While 52% of employees feel confident spotting phishing attempts, it only takes one person to be deceived for an attack to succeed, and human error remains the leading cause of breaches. "Our research also reveals a lack of clarity on responsibility, with employees split between whether cybersecurity is their job or IT's. This mindset treats security as a technical issue rather than a core part of business resilience, leaving organisations exposed when attacks disrupt operations, reputation, and trust. With AI-driven phishing and deepfake threats on the rise, businesses must prioritise training and foster a culture of shared accountability to stay protected." To help address these challenges and gaps, Accenture has identified three key actions for Irish organisations to strengthen resilience and empower office workers: 1. Boost Worker Confidence in Responding to Threats With only half (52%) of Irish office workers confident in their ability to identify phishing attacks, organisations need to prioritise clear and open communication to foster a culture of reporting. This includes having well-publicised reporting channels and straightforward guidance, so office workers know exactly what to do when they encounter suspicious activity. 1. Equip Office Workers with Practical Skills Upskilling is critical. Beyond basic awareness, organisations should invest in interactive training that simulates real-world phishing and deepfake scenarios. Regular updates on emerging risks, especially those involving AI-generated content will help office workers stay informed and prepared. With 79% of employees now using, or planning on using AI tools at work, practical guidance on using AI safe...

Es gibt wieder einige Neuigkeiten in der Welt der IT-Sicherheit und alte Bekannte rühren erneut ihr hässliches Haupt. Allen voran die als "Chatkontrolle" bezeichnete Iniative zum "Client-Side Scanning" von Nachrichten, die der EU-Rat unter dänischer Präsidentschaft kürzlich erneut aus der Versenkung hervorholte. Fast genau ein Jahr nach dem letzten Scheitern dieser Initiative zur Aufweichung von Verschlüsselung sprechen Sylvester und Christopher erneut darüber. Auch Oracle ist bereits altbekannter "Gast" im Podcast - dieses Mal mit einer kritischen Lücke in ihrer e-Business Suite und einer äußerst unbefriedigenden Kommunikationsstrategie. Sylvester erklärt seinem Co-Host und den Hörern, was es mit Signals neuen "Post Quantum Ratchets" auf sich hat und warum diese kryptografischen Ratschen den Messenger im Quantenzeitalter sicherer machen sollen. Und dann geht es gleich quantensicher weiter, nämlich mit einer Diskussion über die Vorteile hybrider Quantenverschlüsselungssysteme zu rein quantensicheren. - Einsteiger-Themenabend zu IT-Sicherheit in Hannover: https://aktionen.heise.de/heise-themenabend - Oracles gelöschter Blogeintrag: https://nitter.net/pic/orig/media%2FG2T6vnYWEAAHcB6.jpg - Watchtowr Labs zu CVE-2025-61882: https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ - "Passwort", Folge 16: Die Technik hinter der Chatkontrolle - https://passwort.podigee.io/16-die-technik-hinter-der-chatkontrolle - Cloudflare-Blog zum Zertifikats-Lapsus: https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/ - SPQR: https://signal.org/blog/spqr/ - "Passwort", Folge 32: Quantencomputer und wie man sich vor ihnen schützt - https://passwort.podigee.io/32-quantencomputer-und-wie-man-sich-vor-ihnen-schutzt - DJB über Hybrid oder nicht: https://blog.cr.yp.to/20240102-hybrid.html - Folgt uns im Fediverse: * @christopherkunz@chaos.social * @syt@social.heise.de Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

As the Verizon Data Breach Investigations Report has stated year after year, most breaches start with human error. We've invested a lot in Security Awareness and Training and Phishing solutions, but yet human error is still the top risk. How do we actually reduce human risk? Rinki Sethi, CSO at Upwind Security, and Nicole Jiang, CEO of Fable Security, share why human risk management is the next frontier for security—and how platforms like Fable Security deliver personalized nudges that help employees build safer habits and stay ahead of threats. Solving human risk starts by changing human behavior. Learn how advancements in Artificial Intelligence (AI) and the application of adtech principles (targeted, personalized, A/B-tested messages delivered when they're most relevant) are delivering faster, more effective behavior change that lasts. Segment Resources: Five must-haves of modern human risk management: https://fablesecurity.com/ebook-five-must-haves/ Starter RFP for modern human risk management: https://fablesecurity.com/starter-rfp-for-modern-hrm/ This segment is sponsored by Fable Security. Visit https://securityweekly.com/fable to learn more about them! In the leadership and communications segment, Inside the CISO Mind: How Security Leaders Choose Solutions, 2026 Leadership Strategy: Mastering Agility and Anticipation for Better Decisions, The Most Human, Strategic, Sought-After Tool in Leadership, and more! Show Notes: https://securityweekly.com/bsw-418

This Morning's Headlines1. Phishing crackdown2. Incheon Plan3. Halloween safety4. Tariff talks5. Japan's new PM

Apple finally blinks. We break down the rumored touchscreen MacBook Pro on M6 silicon and what it means for the Mac–iPad divide, creative workflows, and the future of touch-first productivity without giving up a real keyboard and trackpad. If Apple embraces touch on macOS, does the iPad's role shrink, or do we enter a new era of flexible, two-in-one computing?Streaming also sheds a skin as Apple TV drops the “Plus” while raising prices. We talk about what a name change signals, how the industry is normalizing higher monthly fees, and why subscriber rotation is your smartest money move. Then we put on a headset and test Meta's Horizon TV app—turning a $399 Quest and a $1 download into a wraparound home theater. It's shockingly good for travel, apartments, and late-night bingeing, even with some missing apps.Security stays front and center with a meticulous loyalty email phish that threads through a legitimate address, a Zendesk excuse, a call center handoff, and a final push for remote access. We slow it down, show you every red flag, and share simple rules that stop sophisticated cons. We also look at the PayPal and Venmo outage overlap and why a backup payment rail should be part of your daily toolkit. And we spotlight a Florida “Tech Fairy” who refurbishes laptops and gives them away—proof that practical innovation often starts at home.Along the way, we sip Jack Daniel's Old No. 7 from 1972 versus today's bottle, compare notes, and talk about what changed in the glass. If you enjoyed this one, tap follow, share it with a friend who loves tech and whiskey, and drop a review to help more curious listeners find the show.Support the show

Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Carter Zupancich. Chris and Carter explore the evolving landscape of social engineering threats, focusing on the rise of vishing attacks and the role of AI in enhancing these tactics. Their discussion underscores the importance of empowering employees as a human firewall and the need for continuous education and testing to strengthen organizational security. [Oct 20, 2025]   00:00 - Intro 00:31 - Carter Zupancich Intro -          Website: https://carterzupancich.com/ 01:30 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                03:35 - Tools, Tactics and Procedures 05:19 - Tech Advances 08:16 - The Classics 10:01 - The Need for Testing 12:16 - Callback Phishing 17:26 - Setting Expectations 21:56 - Approved Language 23:56 - Verify! 25:16 - Empowerment 26:17 - And Now a Horrible Story 28:47 - Investing In Employees 31:19 - Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

Is there anything real left on the internet? Neil deGrasse Tyson and co-hosts Chuck Nice and Gary O'Reilly explore deepfakes, scams, and cybercrime with the Director of Threat Research at Bitdefender, Bogdan Botezatu. ​​Scams are a trillion-dollar industry; keep your loved ones safe with Bitdefender: https://bitdefend.me/90-StarTalkNOTE: StarTalk+ Patrons can listen to this entire episode commercial-free here: https://startalkmedia.com/show/deepfakes-and-the-war-on-truth-with-bogdan-botezatu/Thanks to our Patrons Bubbalotski, Oskar Yazan Mellemsether, Craig A, Andrew, Liagadd, William ROberts, Pratiksha, Corey Williams, Keith, anirao, matthew, Cody T, Janna Ladd, Jen Richardson, Elizaveta Nikitenko, James Quagliariello, LA Stritt, Rocco Ciccolini, Kyle Jones, Jeremy Jones, Micheal Fiebelkorn, Erik the Nerd, Debbie Gloom, Adam Tobias Lofton, Chad Stewart, Christy Bradford, David Jirel, e4e5Nf3, John Rost, cluckaizo, Diane Féve, Conny Vigström, Julian Farr, karl Lebeau, AnnElizabeth, p johnson, Jarvis, Charles Bouril, Kevin Salam, Alex Rzem, Joseph Strolin, Madelaine Bertelsen, noel jimenez, Arham Jain, Tim Manzer, Alex, Ray Weikal, Kevin O'Reilly, Mila Love, Mert Durak, Scrubbing Bubblez, Lili Rose, Ram Zaidenvorm, Sammy Aleksov, Carter Lampe, Tom Andrusyna, Raghvendra Singh Bais, ramenbrownie, cap kay, B Rhodes, Chrissi Vergoglini, Micheal Reilly, Mone, Brendan D., Mung, J Ram, Katie Holliday, Nico R, Riven, lanagoeh, Shashank, Bradley Andrews, Jeff Raimer, Angel velez, Sara, Timothy Criss, Katy Boyer, Jesse Hausner, Blue Cardinal, Benjamin Kedwards, Dave, Wen Wei LOKE, Micheal Sacher, Lucas, Ken Kuipers, Alex Marks, Amanda Morrison, Gary Ritter Jr, Bushmaster, thomas hennigan, Erin Flynn, Chad F, fro drick, Ben Speire, Sanjiv VIJ, Sam B, BriarPatch, and Mario Boutet for supporting us this week. Subscribe to SiriusXM Podcasts+ to listen to new episodes of StarTalk Radio ad-free and a whole week early.Start a free trial now on Apple Podcasts or by visiting siriusxm.com/podcastsplus. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

F5 discloses long-term breach tied to nation-state actors. PowerSchool hacker receives a four-year prison sentence. Senator scrutinizes Cisco critical firewall vulnerabilities. Phishing campaign impersonates LastPass and Bitwarden. Credential phishing with Google Careers. Reduce effort, reuse past breaches, recycle into new breach. Qilin announces new victims. Manoj Nair, from Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. And AI faces the facts. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Manoj Nair, Chief Innovation Officer at Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. In light of the recent high-severity vulnerability in Cursor, Manoj discusses how threats like tool poisoning, toxic flows, and MCP vulnerabilities are redefining what secure AI-driven development means—and why organizations must move faster to keep up. Selected Reading F5 disclosures breach tied to nation-state threat actor (CyberScoop) CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices (CISA) ED 26-01: Mitigate Vulnerabilities in F5 Devices (CISA)  PowerSchool hacker sentenced to 4 years in prison (The Record)  Cisco faces Senate scrutiny over firewall flaws (The Register) Fake LastPass, Bitwarden breach alerts lead to PC hijacks (Bleeping Computer)  Google Careers impersonation credential phishing scam with endless variation (Sublime Security)  Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches (HackRead)  Qilin Ransomware announced new victims (Security Affairs)  When Face Recognition Doesn't Know Your Face Is a Face (WIRED) Semperis Announces Midnight in the War Room: A Groundbreaking Cyberwar Documentary Featuring the World's Leading Defenders and Reformed Hackers (PR Newswire) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of Reboot IT, host Dave Coriale sits down with Ben Muscolino, CEO of Breezio, Data Sangria, and co-founder at Vortacity, and Ryan O'Donnell, CTO at Vortacity, to demystify cybersecurity for associations and nonprofits. They explore the evolving threat landscape, the importance of proactive security measures, and how organizations can build a culture of cybersecurity without fear or shame. From phishing-resistant MFA to red team engagements, this conversation is packed with practical advice for leaders and IT professionals alike. Themes and Topics: Cybersecurity Culture and Leadership Cybersecurity must be embraced across the organization, not just by IT. Leaders should foster a “shameless and blameless” environment for open dialogue. Culture impacts how teams respond to threats and education efforts. Phishing and Account Takeover Risks Phishing remains the most common entry point for breaches. Attackers often dwell silently before exploiting access. Social engineering tactics are becoming more sophisticated. Cybersecurity Maturity  Organizations should progress from asset inventory to vulnerability scans, pen tests, and red team engagements. Skipping foundational steps can lead to ineffective or costly security efforts. Tailoring assessments to organizational needs is key. Penetration Testing and Red Teaming Pen tests simulate real-world attacks to expose vulnerabilities. Red team engagements test people, processes, and systems under stealth conditions. Trusted agents within the organization coordinate red team efforts discreetly. Deception Technology and Canary Tokens Canary tokens act as tripwires to detect post-compromise behavior. These tools are low-cost and high-impact for early breach detection. Ideal for organizations with limited cybersecurity resources. Budgeting and Advocacy for Cybersecurity Cybersecurity is often the first to be cut during budget reviews. IT leaders must communicate risk in terms of cost and organizational responsibility. Starting small is better than doing nothing—get from zero to one.

Fraudsters have evolved again – this time with check fraud because they have found a way to bypass payee positive pay.  So now what? Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Federal Reserve Board:  How Criminals Commit Check Fraud Using Stolen Business Identities Training:  Validations to Prevent Check Payment Fraud - Your Accounts System/ERP, The Bank and Your Vendor Team  Get the Vendor Callback Confirmation Toolkit(TM) Today: https://training.debrarrichardson.com/course/callback-confirmation-toolkitCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Today on America in the MorningSCOTUS On Voting Rights At the US Supreme Court, the justices seem inclined to either chip away, or possibly fully scrap a key tenet of the Voting Rights Act.  Correspondent Haya Panjwani reports on Wednesday's hearing.   Shutdown Continues The Trump administration was handed a defeat by a federal judge on Wednesday that prevents their efforts to lay off thousands of federal workers during the government shutdown.  John Stolnis has the latest on the continuing impasse from Washington.   Trump OK's CIA To Venezuela President Trump says he is authorizing the C-I-A to go into Venezuela to target drug cartels.  Correspondent Clayton Neville reports.   Pentagon Reports Exit Dozens of reporters turned in access badges and exited the Pentagon on Wednesday rather than agree to government-imposed restrictions on their work.  America in the Morning's Jeff McKay has details.   Mississippi Execution A Mississippi man convicted of raping and murdering a college student in the nineties was executed Wednesday after spending more than 30 years on death row.    Straw Case A 41-year-old New York cold case has finally been solved.  Ed Donahue reports on how police used a discarded straw to catch a killer.   Pressuring Russia On Ukraine Two nations have announced they will increase the pressure on Russia to end the war in Ukraine, one directly, and the other, indirectly.  Washington correspondent Sagar Meghani reports President Trump claims to have gained a key commitment from one nation to stop buying cheap Russian oil, and Germany's Defense Minister at a NATO Summit attended by Defense Secretary Pete Hegseth said his nation is increasing their multi-billion dollar military aid package for Ukraine.   Young Republicans Messages Politicians are reacting to a series of group chats involving Young Republicans that contained what critics call "racist" and "vile" comments about political opponents.  Correspondent Clayton Neville reports.   Judge Rules On Shutdown Firings Any plans for firings of federal workers on Friday due to the government shutdown could be on hold, at least temporarily.  Correspondent Lisa Dwyer reports on a new court ruling over the proposed shutdown layoffs.   Johnson On Seating Grijalva Democrats are ramping up pressure on House Speaker Mike Johnson, including a protest at his office, to seat a Democrat who won a special election in Arizona more than three weeks ago.  Correspondent Joan Jones reports.   Brown Says No Brown University on Wednesday rejected a White House proposal to steer public money toward schools that aligned with President Trump's priorities, following M-I-T which also said no last week.     Tech News Phishing is now all the rage – and not the type using a rod and reel.  Microsoft is warning that there is a bunch of new Phishing scams, using A-I to disguise malware that is attached to your email.  Chuck Palm has that in today's tech report.     Finally   He blamed what he called a “whale-sized truck.”  Actor Alec Baldwin is speaking out about his recent car crash where he hit a “big fat” tree in New York.  Entertainment reporter Kevin Carr has details. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Send us a textWhat connects aviation, law, and cybersecurity? In this powerful episode, Joey Pinz uncovers the journey of building resilience and innovation through unlikely intersections.David Setzer shares his early passion for flying, reflecting on family ties to aviation and the lessons of safety and precision. He then takes us through his fascination with law and philosophy, connecting ancient principles of due process to modern justice.But the heart of the conversation lies in the creation of Mailprotector—a company born from humble beginnings that became a leader in email security. David reveals the early days of battling spam and viruses, the rise of ransomware, and why email remains the number one entry point for cyberattacks. He explains how AI and behavioral analysis are reshaping defenses, and why small businesses and MSPs must rethink security as foundational, not optional.

Today's tour tries to clarify some myths and legends. Order the official Cabinet of Curiosities book by clicking here today, and get ready to enjoy some curious reading!See omnystudio.com/listener for privacy information.

The MacVoices Live! panel marks the anniversary of Steve Jobs' passing with memories, reflections, and some personal encounters on his impact. Chuck Joiner, David Ginsburg, Web Bixby, Marty Jencius, Brian Flanigan-Arthurs, Jeff Gamet, Eric Bolden, and Jim Rea talk about a recent warning about PayPal/Venmo scams after account linking, with debate over protections, Apple Pay safety, Zelle pitfalls, and practical tips include using secondary accounts and caution with subscriptions.  MacVoices is supported by MacPaw and the Cloud Cleanup feature. Get Tidy Today! Try 7 days free and use my code MACVOICES20 for 20% off at clnmy.com/MACVOICES. Show Notes: Chapters: [0:10] Live show intro and sponsor mention [5:26] Remembering Steve Jobs: stories and impact [13:00] Sponsor message: Cloud Cleanup feature [14:33] PSA: PayPal/Venmo scams and account linking [15:33] Consumer protections and debit vs. credit [16:59] Mixed experiences with PayPal support [18:46] Risk-mitigation: secondary accounts and travel cards [20:22] Sending money to Canada? Options and caveats [20:57] Apple Pay adoption and site support [21:50] Zelle warnings, unauthorized payments, and best practices Links: Remembering Steve Jobs https://www.macrumors.com/2025/10/05/remembering-steve/ Protect yourself from scams as Venmo and PayPal complete hook up https://9to5mac.com/2025/10/02/protect-yourself-from-scams-as-venmo-and-paypal-complete-hook-up/ 7 Things To Know Before You Use Zelle https://clark.com/personal-finance-credit/banks-banking/zelle-things-to-know/ Guests: Web Bixby has been in the insurance business for 40 years and has been an Apple user for longer than that.You can catch up with him on Facebook, Twitter, and LinkedIn, but prefers Bluesky. Eric Bolden is into macOS, plants, sci-fi, food, and is a rural internet supporter. You can connect with him on Twitter, by email at embolden@mac.com, on Mastodon at @eabolden@techhub.social, on his blog, Trending At Work, and as co-host on The Vision ProFiles podcast. Brian Flanigan-Arthurs is an educator with a passion for providing results-driven, innovative learning strategies for all students, but particularly those who are at-risk. He is also a tech enthusiast who has a particular affinity for Apple since he first used the Apple IIGS as a student. You can contact Brian on twitter as @brian8944. He also recently opened a Mastodon account at @brian8944@mastodon.cloud. Jeff Gamet is a technology blogger, podcaster, author, and public speaker. Previously, he was The Mac Observer's Managing Editor, and the TextExpander Evangelist for Smile. He has presented at Macworld Expo, RSA Conference, several WordCamp events, along with many other conferences. You can find him on several podcasts such as The Mac Show, The Big Show, MacVoices, Mac OS Ken, This Week in iOS, and more. Jeff is easy to find on social media as @jgamet on Twitter and Instagram, jeffgamet on LinkedIn., @jgamet@mastodon.social on Mastodon, and on his YouTube Channel at YouTube.com/jgamet. David Ginsburg is the host of the weekly podcast In Touch With iOS where he discusses all things iOS, iPhone, iPad, Apple TV, Apple Watch, and related technologies. He is an IT professional supporting Mac, iOS and Windows users. Visit his YouTube channel at https://youtube.com/daveg65 and find and follow him on Twitter @daveg65 and on Mastodon at @daveg65@mastodon.cloud. Dr. Marty Jencius has been an Associate Professor of Counseling at Kent State University since 2000. He has over 120 publications in books, chapters, journal articles, and others, along with 200 podcasts related to counseling, counselor education, and faculty life. His technology interest led him to develop the counseling profession ‘firsts,' including listservs, a web-based peer-reviewed journal, The Journal of Technology in Counseling, teaching and conferencing in virtual worlds as the founder of Counselor Education in Second Life, and podcast founder/producer of CounselorAudioSource.net and ThePodTalk.net. Currently, he produces a podcast about counseling and life questions, the Circular Firing Squad, and digital video interviews with legacies capturing the history of the counseling field. This is also co-host of The Vision ProFiles podcast. Generally, Marty is chasing the newest tech trends, which explains his interest in A.I. for teaching, research, and productivity. Marty is an active presenter and past president of the NorthEast Ohio Apple Corp (NEOAC). Jim Rea built his own computer from scratch in 1975, started programming in 1977, and has been an independent Mac developer continuously since 1984. He is the founder of ProVUE Development, and the author of Panorama X, ProVUE's ultra fast RAM based database software for the macOS platform. He's been a speaker at MacTech, MacWorld Expo and other industry conferences. Follow Jim at provue.com and via @provuejim@techhub.social on Mastodon. Support:      Become a MacVoices Patron on Patreon      http://patreon.com/macvoices      Enjoy this episode? Make a one-time donation with PayPal Connect:      Web:      http://macvoices.com      Twitter:      http://www.twitter.com/chuckjoiner      http://www.twitter.com/macvoices      Mastodon:      https://mastodon.cloud/@chuckjoiner      Facebook:      http://www.facebook.com/chuck.joiner      MacVoices Page on Facebook:      http://www.facebook.com/macvoices/      MacVoices Group on Facebook:      http://www.facebook.com/groups/macvoice      LinkedIn:      https://www.linkedin.com/in/chuckjoiner/      Instagram:      https://www.instagram.com/chuckjoiner/ Subscribe:      Audio in iTunes      Video in iTunes      Subscribe manually via iTunes or any podcatcher:      Audio: http://www.macvoices.com/rss/macvoicesrss      Video: http://www.macvoices.com/rss/macvoicesvideorss

Google and Amazon are now the top targets for brand impersonation in phishing attacks. It comes as cybercriminals are increasingly using AI to craft convincing scams leading to a surge in security breaches. cybersecurity strategist Paul Keener shares what he is seeing and how people can be prepared to avoid getting scammed.

We've got a bushel of SWAYSOs first! Chocolate is disappearing, an ongoing "psychic study" tries to recruit Ben, Las Vegas tries to recruit a random ghost hunter, Trump tries to find Amelia Earhart files, and Netflix releases "The Truth about Jussie Smollett?" Then at 43:12, we bring on Brian Brushwood, who Celestia cornered while he was visiting Las Vegas for Scoopfest. We talk about his many shows -- Scam School, Scam Nation, World's Greatest Con, Modern Rogue, Great Night, and NatGeo's "Hacking the System -- as well as his current work in deceptive role play, or "wolf-masking." Brian talks about anxiety being mankind's greatest superpower and the terrifying fact that AI makes even small-dollar scam targets worthwhile.

Join us for another episode of the Unsecurity Podcast as Megan, Brad, and Seth Bowling, lead researcher and developer at FRSecure, dive into the evolving landscape of cybersecurity for city and county governments.Seth shares how Mirrored Defense's innovative heat map visualizes the attack surface across the U.S. and presents surprising findings from their research. The trio discusses the challenges and vulnerabilities faced by local governments, the importance of proactive security measures, and how Project Broken Mirror aims to raise awareness by providing public service solutions.The crew also discusses Seth's efforts to kick-start FRSecure's vulnerability management and conditional access policy initiatives.Whether you're a cybersecurity professional or an interested citizen, this episode offers valuable insights into protecting our critical infrastructure.Don't miss out on this engaging discussion and find out how you can get involved!--Like, subscribe, and share with your network to stay informed about the latest in cybersecurity!Looking to get in touch? Reach out at unsecurity@frsecure.com and follow us for more!LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

Svindlerne forsøger via sms, mail og opkald at snyde penge og kærlighed ud af os allesammen, om vi er tykke, tynde, rige eller fattige. Hvilket sprog bruger de til at få os på krogen, når de fisker? Hvorfor skammer vi os, når vi spræller i deres net? Vi giver dig redskaberne til at svømme forbi svindlernes ruser. Gæster: Kresten Munksgaard, leder af Forebyggelse, Analyse og Digital Patruljering i NSK Jesper Dammeyer, prof. i psykologi KU Tanya Karoli Christensen, prof. i dansk, KU Anna Thygesen, kommunikationsekspert og forfatter til bogen 'Det er Christian fra banken' Vært: Adrian Hughes Producer: Anna Sonja Bruhn Tilrettelægger: Hector Brunhøj Husum

A recent study of nearly 20,000 University of California, San Diego Health workers found cybersecurity training reduced the likelihood of successful phising attacks by just 2%. Marketplace's Nova Safo spoke with Ariana Mirian, senior researcher at the cybersecurity firm Censys and co-author of the study, who explained that many workers are just not taking those training programs seriously enough.

A recent study of nearly 20,000 University of California, San Diego Health workers found cybersecurity training reduced the likelihood of successful phising attacks by just 2%. Marketplace's Nova Safo spoke with Ariana Mirian, senior researcher at the cybersecurity firm Censys and co-author of the study, who explained that many workers are just not taking those training programs seriously enough.

If one of your vendor validations is checking with the State of your vendor but find that the vendor is not registered with the State of their address….now what? Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Find States Your Vendor is Registered In:  Open Corporates Free Download:  5 Steps to Improve Your Vendor Callback Process https://training.debrarrichardson.com/confirmationGet the Vendor Callback Confirmation Toolkit(TM) Today: https://training.debrarrichardson.com/course/callback-confirmation-toolkitCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Our brains in "autopilot mode" make us sitting ducks for phishing attacks. Why? And what we can do about it? Let's find out with our guest Lisa Petrocchi-Merriman, Executive Coach with "WorksWell Labs Coaching & Training". Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   Email -- lisamerriman@workswell.info   LinkedIn -- https://www.linkedin.com/in/lisa-merriman/   Register for "Oktane on the Road in Seattle" -- https://regionalevents.okta.com/seattle-oor-exec-panel-okta

Phishing simulations have been a cornerstone of security awareness training for years. But do they actually change user behavior, or are they just creating frustration and fatigue? In this episode, Tom Eston and Scott Wright (CEO of ClickArmor) debate whether simulated phishing attacks are still valuable in 2025. We cover the benefits, challenges, and how […] The post Are Phishing Simulations Still Worth It? appeared first on Shared Security Podcast.

At WHX Tech, cybersecurity expert Dr Leila Taghizade, Group Head of Cyber Risk Management / CISO IberoLatAm at Allianz, breaks down what every individual—and every hospital—should know about protecting themselves in 2025. From the basics of stronger passwords and two-factor authentication to the risks of free apps and third-party tools, she explains in clear terms why “there's no such thing as free lunch” in cybersecurity. Leila also highlights the dangers of phishing, the vulnerability of medical devices, and how AI both helps defenders and lowers the cost of attacks. Show Notes 00:00 – Introduction: why cybersecurity basics matter in 2025 00:30 – Strong passwords, two-factor authentication, limiting app permissions 02:00 – Giving apps only the access they really need 03:00 – Cybersecurity in healthcare: medical devices as weak links 04:30 – Default passwords and firmware updates as major risks 05:30 – Phishing: why reporting is critical for protection 07:00 – Everyday cyber hygiene: logging out, password managers 08:30 – AI's impact on cybersecurity: lowering cost of attacks, improving defense 10:00 – The risks of free apps and third-party tools 11:00 – Data leaks and how AI tools may unintentionally share information 12:30 – AI as a double-edged sword: prevention vs. risk 14:00 – Final advice: caution doesn't mean fear, but informed use www.facesofdigitalhealth.com Newsletter: https://fodh.substack.com/

We're doing the ransomware thing again - checking on the folks at Jaguar Land Rover, plus what may be a ransomware attack at Japanese brewery Asahi. Then - why isn't the anti-phishing training at your work working? UC San Diego has some thoughts. All of that plus tiny updates from Apple on this edition of The Checklist, brought to you by SecureMac. Check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com

Many automation software platforms including email to invoicing have artificial intelligence embedded in them.  You may not think that email or invoicing software can help fight fraud in the vendor process, but yes they can and here's how...  Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Free Download:  5 Steps to Improve Your Vendor Callback Process https://training.debrarrichardson.com/confirmationGet the Vendor Callback Confirmation Toolkit(TM) Today: https://training.debrarrichardson.com/course/callback-confirmation-toolkitCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Recent studies have shown how AI Agents have expanded the attack surface for federal agencies.   Today, we sit down with three leaders who demonstrate why fundamentals, such as visibility, inventory, runtime, and least-permissive access control, will be more critical than ever.   Rob Roser from Idaho National Labs looks at the proliferation of API in the past decade.  Although they facilitate communication, they can also give a path to attackers. He notes that today's attackers are interested in much more than money, the seek intellectual property that can compromise American security.   Phishing and security training are good starting points, but developers must learn what tools to use to be able to use AI an appropriate manner.   Where to start?  Steven Ringo from Akamai give four key points for handling the drastic increase in data generated by AI   ·       One: Discovery -  build an API inventory  ·       Two: Posture – implement policies that can control the APIs ·       Three: Run Time protection - design how to alert and take action to block ·       Four:  Active testing prevention that is continuous   The webinar underscored the urgency of integrating API security into comprehensive cybersecurity strategies and recommends programs to test and validate APIs before production deployment.

As artificial intelligence reshapes workplaces and business strategies, firms increasingly depend on AI providers, making AI a tool of geopolitical influence. We'll discuss the impact across industries, as digital currencies affect monetary control and cyber threats challenge operational resilience. Host: William Foster, Senior Vice President, Sovereign Risk Group, Moody's Ratings Guests: Vincent Gusdorf, Associate Managing Director, Digital Finance and AI Analytics, Moody's Ratings; Leroy Terrelonge, Vice President-Analyst, Cyber Credit Risk, Moody's Ratings  Related research:Artificial Intelligence – Global – Nations push for AI sovereignty to capture economic, geopolitical gains 30 September 2025 Sovereigns - Global – Digital currency growth, inconsistent regulation amplify countries' financial risks 25 September 2025Artificial Intelligence – Corporates – Pace of AI advances, regional disparities will steer credit trends across industries 23 September 2025 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Converting Timestamps in .bash_history Unix shells offer the ability to add timestamps to commands in the .bash_history file. This is often done in the form of Unix timestamps. This new tool converts these timestamps into a more readable format. https://isc.sans.edu/diary/New%20tool%3A%20convert-ts-bash-history.py/32324 Cisco ASA/FRD Compromises Exploitation of the vulnerabilities Cisco patched last week may have bone back about a year. Cisco and CISA have released advisories with help identifying affected devices. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices Github Notification Phishing Github notifications are used to impersonate YCombinator and trick victims into installing a crypto drainer. https://www.bleepingcomputer.com/news/security/github-notifications-abused-to-impersonate-y-combinator-for-crypto-theft/

This episode focuses on the evolution of phishing and how it has transformed itself into deepfakes and sophisticated, emotionally engineered attacks.  Moser's Hersey Richardson is joining us again to discuss how it's changing, why it's harder to detect, and what you can do to stay ahead. We've come a long way from the days of clumsy emails promising lottery winnings. Today's phishing is a sophisticated cyber threat powered by AI, deepfakes, and psychological manipulation. Attackers now use realistic voice clones, AI-generated emails, and even video deepfakes to impersonate trusted individuals or leaders. What once relied on poor grammar and broken links now leverages emotional triggers, urgency, and hyper-personalization to exploit human behavior.#moserconsulting#technology #phishing #emotionalengineering#informationtechnology #cybersecurity

➡ Stay Ahead of Cyber Threats with AI-Driven Vulnerability Management with Maze:https://mazehq.com/ In this conversation, I speak with Harry about how AI is transforming vulnerability management and application security. We explore how modern approaches can move beyond endless reports and generic fixes, toward real context-aware workflows that actually empower developers and security teams. We talk about: The Real Problem in Vulnerability ManagementWhy remediation—not just prioritization—remains the toughest challenge, and how AI can help bridge the gap between vulnerabilities and the developers who need to fix them. Context, Ownership, and VelocityHow linking vulnerabilities to the right applications and teams inside their daily tools (like GitHub) reduces friction, speeds up patching, and improves security without slowing developers down. AI Agents and the Future of SecurityWhy we should think of AI agents as “extra eyes and hands,” and how they’re reshaping everything from threat detection to system design, phishing campaigns, and organizational defense models. Attackers Move FirstHow attackers are already building unified world models of their targets using AI, and why defenders need to match (or exceed) this intelligence to stay ahead. From Days to MinutesWhy the tolerance for vulnerability windows is shrinking fast, and how automation and AI are pushing us toward a future where hours—or even minutes—make the difference. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters: 00:00 – Welcome and Harry’s Background01:07 – The Real Problem: Remediation vs. Prioritization04:31 – Breaking Down Vulnerability Context and Threat Intel05:46 – Connecting Vulnerabilities to Developers and Workflows08:01 – Why Traditional Vulnerability Management Fails10:29 – Startup Lessons and The State of AI Agents13:26 – DARPA’s AI Cybersecurity Competition14:29 – System Design: Deterministic Code vs. AI16:05 – How the Product Works and Data Sources18:01 – AI as “Extra Eyes and Hands” in Security20:20 – Breaking Barriers: Rethinking Scale with AI23:22 – Building World Models for Defense (and Attack)25:22 – Attackers Move Faster: Why Context Matters27:04 – Phishing at Scale with AI Agents31:24 – Shrinking Windows of Vulnerability: From Days to Minutes32:47 – What’s Next for Harry’s Work34:13 – Closing ThoughtsBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Jeremy Clarkson hacked https://www.thesun.co.uk/news/36577873/jeremy-clarkson-farmers-dog-pub-computer-hackers/ https://www.ladbible.com/entertainment/celebrity/jeremy-clarkson-farmers-dog-pub-hacked-27000-002780-20250907   AI-powered phishing confusion https://malwr-analysis.com/2025/08/24/phishing-emails-are-now-aimed-at-users-and-ai-defenses/   Rise of Linux Desktop malware https://www.cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery https://www.bleepingcomputer.com/news/security/apt36-hackers-abuse-linux-desktop-files-to-install-malware/   Companies experiment with replacing humans with AI https://www.wsj.com/articles/taco-bell-rethinks-future-of-voice-ai-at-the-drive-through-72990b5a  https://www.miaminewtimes.com/news/la-quinta-investigating-miamis-viral-remote-receptionist-23748941  https://www.ambscallcenter.com/blog/remote-receptionist-guide   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Glenn - https://www.linkedin.com/in/glennmedina/ Daren - https://www.linkedin.com/in/daren-schneider/

A new self-replicating malware infects the NPM repository. Microsoft and Cloudflare disrupt a Phishing-as-a-Service platform. Researchers uncover a new Fancy Bear backdoor campaign. The VoidProxy phishing-as-a-service (PhaaS) platform targets Microsoft 365 and Google accounts. A British telecom says its ransomware recovery may stretch into November. A new Rowhammer attack variant targets DDR5 memory. Democrats warn proposed budget cuts could slash the FBI's cyber division staff by half at a heated Senate Judiciary Committee hearing. On our Industry Voices segment, we are joined by Abhishek Agrawal from Material security discussing challenges of securing the Google Workspace. Pompompurin heads to prison.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Abhishek Agrawal, CEO and Co-Founder of Material Security, discussing challenges of securing the Google Workspace. You can hear Abhishek's full conversation here. Selected Reading Self-Replicating Worm Hits 180+ Software Packages (Krebs on Security) Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader (Help Net Security) Fancy Bear attacks abuse Office macros, legitimate cloud services (SC Media) VoidProxy phishing operation targets Microsoft 365, Google accounts (SC Media) UK telco Colt's cyberattack recovery seeps into November (The Register) Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack (The Register) Senators, FBI Director Patel clash over cyber division personnel, arrests (CyberScoop) House lawmakers move to extend two key cyber programs, for now (The Record) BreachForums founder caged after soft sentence overturned (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Why You Need Phishing-Resistant Authentication NOW. The recent compromise of a number of high-profile npmjs.com accounts has yet again shown how dangerous a simple phishing email can be. https://isc.sans.edu/diary/Why%20You%20Need%20Phishing%20Resistant%20Authentication%20NOW./32290 S1ngularity/nx Attackers Strike Again A second wave of attacks has hit over a hundred npm-related GitHub repositories. The updated payload implements a worm that propagates itself to other repositories. https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again ChatGPT s Calendar Integration Can Be Exploited to Steal Emails ChatGPT s new MCP integration can be used, via prompt injection, to affect software connected to ChatGPT via MCP. https://www.linkedin.com/posts/eito-miyamura-157305121_we-got-chatgpt-to-leak-your-private-email-activity-7372306174253256704-xoX1/

Apple Updates Apple released major updates for all of its operating systems. In addition to new features, these updates patch 33 different vulnerabilities. https://isc.sans.edu/diary/Apple%20Updates%20Everything%20-%20iOS%20macOS%2026%20Edition/32286 Microsoft End of Life October 14th, support for Windows 10, Exchange 2016, and Exchange 2019 will end. https://support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281#:~:text=As%20a%20reminder%2C%20Windows%2010,one%20that%20supports%20Windows%2011. https://techcommunity.microsoft.com/blog/exchange/t-9-months-exchange-server-2016-and-exchange-server-2019-end-of-support/4366605 Phishing Targeting Rust Developers Rust developers are reporting similar phishing emails as the emails causing the major NPM compromise last week. https://github.com/rust-lang/crates.io/discussions/11889#discussion-8886064 Samsung Patches 0-Day Samsung released its monthly updates for its flagship phones fixing, among other vulnerability, an already exploited 0-day. https://security.samsungmobile.com/securityUpdate.smsb

The open source community heads off a major npm supply chain attack. The Treasury Department sanctions cyber scam centers in Myanmar and Cambodia. Scammers abuse iCloud Calendar invites to send callback phishing emails. Researchers discover a new malware variant exploiting exposed Docker APIs. Phishing attacks abuse the Axios user agent and Microsoft's Direct Send feature. Plex warns users of a data breach.  Researchers flag a surge in scans targeting Cisco ASA devices. CISA delays finalizing its incident reporting rule. The GAO says federal cyber workforce figures are incomplete and unreliable. Our guest is Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security, discussing cybersecurity education going back to school. AI earns its own Darwin awards.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security discussing cybersecurity education going back to school. Selected Reading Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack (Bleeping Computer) Open Source Community Thwarts Massive npm Supply Chain Attack (Infosecurity Magazine) US sanctions companies behind cyber scam centers in Cambodia, Myanmar (The Record) New Apple Warning, This iCloud Calendar Invite Is Actually An Attack (Forbes) New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs (HackRead) Axios User Agent Helps Automate Phishing on “Unprecedented Scale” (Infosecurity Magazine) Plex Urges Password Resets Following Data Breach (SecurityWeek) Surge in networks scans targeting Cisco ASA devices raise concerns (Bleeping Computer) CISA pushes final cyber incident reporting rule to May 2026 (CyberScoop) US government lacks clarity into its infosec workforce (The Register) AI Darwin Awards launch to celebrate spectacularly bad deployments (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices