Act of attempting to acquire sensitive information by posing as a trustworthy entity
POPULARITY
Categories
In this episode of Stories from the River, guest host Tyler Trill, Senior Communications Manager at Broad River Retail, sits down with Broad River Retail's IT experts Robert Ferguson, Associate Director, IT Infrastructure & User Services, and Tim Sobkowiak, Associate Director, Retail Technology & Project Management, to dive into the world of cybersecurity, with a specific focus on phishing attacks. The discussion breaks down how phishing techniques have evolved from suspicious emails to sophisticated text messages, QR code scams, and AI-powered voice impersonations. Robert and Tim share real-life examples of successful phishing scams, explain why these attacks remain effective, and offer practical advice on how to recognize and respond to threats. Key takeaways include the critical roles of strong passwords, multi-factor authentication, and most importantly, ongoing education for every team member—not just IT. The episode emphasizes that staying safe online is everyone's responsibility, both at work and at home. Listeners will walk away better prepared to spot and stop phishing attempts before they cause harm. Watch this episode on YouTube: https://youtu.be/Aj8A5NqKmq8 Visit https://www.storiesfromtheriver.com for more episodes. Broad River Retail brought this show to you. Visit https://BroadRiverRetail.com Follow us on LinkedIn: https://www.linkedin.com/company/broad-river-retail
There is a common scenario for those Accounts Payable or Vendor teams that can do bank account ownership validations when setting up or changing vendor data: many vendors have legitimate reasons why their bank account holder names do not match their legal name. So, how are you supposed to know whether this is legitimate or fraudulent?Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources: AVM: 3-Step Vendor Setup and Maintenance Framework to Avoid Fraud, Fines and Bad Vendor Data: https://youtu.be/prvHJ6_Rf58 D&B Business Directory: https://www.dnb.com OpenCorporates: https://opencorporates.com/ SEC > EDGAR Database: https://www.sec.gov/edgar/search/#/entityName=USERFUL%2520CORPORATION State Registration Sites: Vendor Process Training Center > Resource Library Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training: https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up: https://www.debrarrichardson.com/cleanupYouTube Channel: https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas? Email me at debra@debrarrichardson.com Music Credit: www.purple-planet.com
How cyber criminals are using AI tools to scale malicious operationsStreamlining user experience with biometrics or device-based authenticationMaking your organisation cyber resilient and securing critical systems as AI continues to advanceFeaturing: Thom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Derek Hanson, VP Solutions Architecture and Alliances, Yubicohttps://www.linkedin.com/in/derekthansonJay Vinda, Global CISO and Cyber Risk Engineering Lead, Mosaic Insurancehttps://www.linkedin.com/in/jayvindaLee Munson, Principal Research Analyst, Information Security Forumhttps://www.linkedin.com/in/lmunson/
In this episode of Stories from the River, guest host Tyler Trill, Senior Communications Manager at Broad River Retail, sits down with Broad River Retail's IT experts Robert Ferguson, Associate Director, IT Infrastructure & User Services, and Tim Sobkowiak, Associate Director, Retail Technology & Project Management, to dive into the world of cybersecurity, with a specific focus on phishing attacks. The discussion breaks down how phishing techniques have evolved from suspicious emails to sophisticated text messages, QR code scams, and AI-powered voice impersonations. Robert and Tim share real-life examples of successful phishing scams, explain why these attacks remain effective, and offer practical advice on how to recognize and respond to threats. Key takeaways include the critical roles of strong passwords, multi-factor authentication, and most importantly, ongoing education for every team member—not just IT. The episode emphasizes that staying safe online is everyone's responsibility, both at work and at home. Listeners will walk away better prepared to spot and stop phishing attempts before they cause harm. Watch this episode on YouTube: https://youtu.be/Aj8A5NqKmq8 Visit https://www.storiesfromtheriver.com for more episodes. Broad River Retail brought this show to you. Visit https://BroadRiverRetail.com Follow us on LinkedIn: https://www.linkedin.com/company/broad-river-retail
William Lyne of the UK's National Crime Agency joins us live at Infosecurity Europe to talk ransomware, AI threats, and the future of cybercrime disruption.When the UK's top cyber intelligence strategist sits down with you in London, you listen — and you hit record.At Infosecurity Europe 2025, the ITSPmagazine podcast team — Marco Ciappelli and Sean Martin — sat down with William Lyne, Deputy Director and Head of Cyber Intelligence at the UK's National Crime Agency (NCA). This is the guy who not only leads cyber strategy for the NCA, but has also represented the UK at the FBI in the U.S. and now oversees national-level ransomware disruption efforts. It's not just a conversation — it's a rare front-row seat into how one of the world's most serious crime-fighting agencies is tackling ransomware 3.0.The message? Ransomware isn't just a cyber issue. It's a societal one. And it's evolving faster than we're prepared for — unless we change the game.“It went from niche to national threat fast,” Lyne explains. “The tools were always there. It just took a few threat actors to stitch them together.”From banking malware to fully operational cybercrime-as-a-service ecosystems, Lyne walks us through how the underground economy has industrialized. Ransomware isn't just about tech — it's about access, scale, and business models. And most importantly, it's no longer limited to elite coders or closed-door Russian-speaking forums. The barrier to entry is gone, and the dark web is wide open for business.Sean brings up the obvious: “Why does this still feel like we're always reacting?”Lyne responds: “We've shifted. We're going after the ecosystem — the people, the infrastructure, the business model — not just the payload.” That includes disrupting ransomware-as-a-service, targeting marketplaces, and yes, investing in preemptive intelligence.Marco flips the script by comparing today's cyber landscape to something deeply human. “Extortion is nothing new — we've just digitalized it. This is human behavior, scaled by tech.”From there, the conversation takes a future-facing turn. Deepfakes, AI-powered phishing, the commoditization of generative tools — Lyne confirms it's all on their radar. But he's quick to note that cybercriminals aren't bleeding-edge innovators. “They adopt when the ROI is right. But AI-as-a-service? That's coming. And it will reshape how efficient — and damaging — these threats become.”And then the real insight lands:“You can't wait to be a victim to talk to law enforcement. We may already have access to the infrastructure. The earlier we hear from you, the better we can act — and fast.”That kind of operational openness isn't something you heard from law enforcement five years ago. It signals a cultural shift — one where collaboration is not optional, it's essential.William also highlights the NCA's partnerships with private sector firms, academia, and international agencies, including the Kronos operation targeting LockBit infrastructure. These kinds of collaborations prove that when information moves, so does impact.Why does this matter?Because while most cybersecurity media gets stuck in product buzzwords and vendor hype, this is the real stuff — how ransomware groups behave, how law enforcement thinks, and how society can respond. It's not theory. It's strategy, lived on the front lines.
Erweitere dein Wissen über digitale Sicherheit mit „Cybersecurity ist Chefsache“.In dieser Episode spricht Nico Freitag mit Caroline Krohn, Fachbereichsleiterin für digitalen Verbraucherschutz beim Bundesamt für Sicherheit in der Informationstechnik (BSI).Zentrales Thema: Das vom BSI ausgerufene E-Mail-Sicherheitsjahr 2025. Gemeinsam mit Unternehmen, Providern und zivilgesellschaftlichen Akteuren will das BSI die E-Mail-Infrastruktur in Deutschland sicherer machen – proaktiv, freiwillig und sichtbar.
You may be listening to this podcast to find out what your vendors are doing, but guess what? Your vendors are reaching out to me to understand what you are doing! If you want to know the top 2 reasons vendors reach out to me about you (and what you can do to avoid this), then…Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources: IRS W-9 Examples by Tax Classification - What To Look For When Accepting From Your Vendor: https://training.debrarrichardson.com/course/w9 Do IRS Form W-9s Expire? When Should You Collect a New One? https://debrarrichardson.com/blog/do-irs-form-w-9s-expire-when-should-you-collect-a-new-one?rq=expire Do You Need to Collect the California 587 or 590 Forms When Setting Up New Vendors? https://debrarrichardson.com/blog/do-you-need-to-collect-the-california-587-or-590-forms-when-setting-up-new-vendors?rq=587 Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training: https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up: https://www.debrarrichardson.com/cleanupYouTube Channel: https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas? Email me at debra@debrarrichardson.com Music Credit: www.purple-planet.com
Deze week praten Wout Funnekotter, Jurian Ubachs, Arnoud Wokke en Jelle Stuip over glasvezel van Ziggo, Summer Game Fest, Android-apps maken met vibecoden, steeds persoonlijke phishing en de nieuwe aankondigingen van Apple. 0:00 Intro0:19 Opening2:09 .post16:30 Ziggo gaat glasvezel aanbieden21:57 Wat er gebeurde op Summer Game Fest38:08 Android-apps maken met vibecoden51:16 Phishing wordt steeds beter en persoonlijker58:02 Apple, vloeibaar glas en beperkte AI1:17:20 SneakpeekSee omnystudio.com/listener for privacy information.
In this sponsored interview, Casey Ellis interviews Push Security co-founder and Chief Product Officer Jacques Louw about how good phishing crews have gotten at evading detection. Attackers are hiding their payloads behind legitimate bot-detection tools to stop things like email security gateways from seeing them, as well as locking up phishing pages behind OAuth challenges. Push sees all this because it's installed as a browser plugin and sees what users see. Show notes
The McGraw Show 6-9-25: National Guard in LA, Mike Kehoe - Master Negotiator, Popshelf & Phishing by
In today's digital age, cybersecurity has become a crucial aspect for businesses across all industries. As cyber threats evolve, so must our strategies to combat them. In evaluating the entire business ecosystem, it's essential to identify your organization's critical functions and potential single points of failure. A comprehensive approach not only involves protecting against breaches but also ensuring you have robust backup systems in place, should an attack occur. In this episode of 10 Miunte Tech Talks, The Pittsburgh Technology Council's Jonathan Kersting highlights his TechVibe Radio interview with Izzy Syring and Robert Ragan of CustosIQ. Custos is one of Pittsburgh's top cyber firms working with companies large and small to deploy custom cyber solutions and strategies that evolve with the company. Keep on listening for insights on phishing as a service and the new twisted threats phishing attacks pose for your company and a simple way to guard against them. If you have more than 10 minutes, listen to the entire interview here for more cyber insights. This is a podcast for tech and manufacturing entrepreneurs exploring the tech ecosystem, from cyber security and AI to SaaS, robotics, and life sciences, featuring insights to satisfy the tech curious.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Phishing e-mail that hides malicious links from Outlook users Jan found a phishing email that hides the malicious link from Outlook users. The email uses specific HTML comment clauses Outlook interprets to render or not render specific parts of the email s HTML code. Jan suggests that the phishing email is intented to not expose users of https://isc.sans.edu/diary/Phishing%20e-mail%20that%20hides%20malicious%20link%20from%20Outlook%20users/32010 Amazon changing default logging from blocking to non-blocking Amazon will change the default logging mode from blocking to non-blocking. Non-blocking logging will not stop the application if logging fails, but may result in a loss of logs. https://aws.amazon.com/blogs/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/ Cisco Removes Backdoor Cisco fixed a Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7 Infoblox Vulnerability Details disclosed Details regarding several vulnerabilities recently patched in Infoblox s NetMRI have been made public. In particular an unauthenticated remote code execution issue should be considered critical. https://rhinosecuritylabs.com/research/infoblox-multiple-cves/
The confirmation call has long been hailed as a safeguard against fraud. But it's not. Let's delve into why and what can improve the process.Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources: Get the Vendor Callback Confirmation Toolkit(TM) Today: https://training.debrarrichardson.com/course/callback-confirmation-toolkitCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training: https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up: https://www.debrarrichardson.com/cleanupYouTube Channel: https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas? Email me at debra@debrarrichardson.com Music Credit: www.purple-planet.com
In dieser Folge des Podcasts wirft KVD-Redakteur Michael Braun gemeinsam mit Julian Rupp vom Bundesamt für Sicherheit in der Informationstechnik (BSI) einen fundierten Blick auf die Herausforderungen und Chancen im Bereich Cybersicherheit – insbesondere für kleine und mittlere Unternehmen (KMU). Julian Rupp erklärt eindrücklich, warum Informationssicherheit kein Zustand, sondern ein kontinuierlicher Prozess ist – und warum es längst nicht mehr reicht, das Thema "irgendwann mal" auf die Agenda zu setzen. Besonders gefährdet sind dabei Unternehmen ohne eigene IT-Abteilung – also die überwältigende Mehrheit der Betriebe in Deutschland. Einige der Kernaussagen im Überblick: - Die Bedrohungslage ist real – täglich entstehen über 300.000 neue Schadsoftware-Varianten. - Die größten Schwachstellen liegen oft nicht in der Technik, sondern in veralteten Systemen, fehlenden Updates und menschlichem Fehlverhalten. - Ransomware, Phishing und Social Engineering sind längst keine abstrakten Bedrohungen mehr – sie treffen ganz konkrete Unternehmen im Alltag. Julian Rupp bringt aber auch praktikable Lösungen mit: Mit dem Cyber-Risikocheck bietet das BSI einen leicht zugänglichen Einstieg in die Sicherheitsprüfung für Unternehmen – speziell auf die Bedürfnisse kleiner Betriebe zugeschnitten. Drei zentrale Maßnahmen, die jedes Unternehmen sofort umsetzen kann: - Updates sind Pflicht, keine Option – veraltete Systeme sind Einfallstore Nummer eins. - Mehrfaktor-Authentifizierung einführen – sie schützt auch dann, wenn Passwörter kompromittiert wurden. - Mitarbeitende regelmäßig sensibilisieren – denn am Ende sitzt immer ein Mensch vor dem Bildschirm. Zusätzlich diskutieren sie die Rolle künstlicher Intelligenz im Bereich Cyberkriminalität, die Entwicklung einer digitalen Schattenwirtschaft und die Bedeutung regulatorischer Antworten wie dem EU AI Act. Ein spannendes Gespräch, das nicht nur Risiken aufzeigt, sondern vor allem lösungsorientierte Ansätze bietet – und deutlich macht: Cybersicherheit ist Chefsache.
Welcome to a special RSAC 2025 episode of the Breaking Badness Cybersecurity Podcast! Today, we delve into the critical role of domains in modern cyber attacks. From sophisticated nation-state operations to AI-powered phishing kits and malicious browser extensions, domains are the foundational infrastructure for threat actors. Host Kali Fencl is joined by four leading cybersecurity experts Joe Slowik, Robert Duncan, John Fokker and Vivek Ramachandran to break down how domains are weaponized and what organizations can do to defend themselves on this ever-evolving frontline
Phishing remains to be the number one way fraudsters are scamming people into giving away both personal and financial information. In the latest episode of Wallet Watch “Unraveling Card Fraud”, Melissa, Manager of Card Fraud shares ways consumers have given away sensitive financial information like their card and account numbers, not realizing it was a scam until after the fact. She is also sharing safe card practices that could help you better recognize fraud attempts and ways to help keep your personal and financial sensitive information safe and secure. Don't miss out- tune in now!
Ransomware attacks, phishing scams, and third-party vendor breaches emphasize the need for advanced cybersecurity strategies and stronger collaboration between IT and supply chain teams. Learn how organizations are strengthening their cybersecurity efforts to be ready when hackers come knocking.
Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what's keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. Cyber Resilience in Action: A Guide for Mid-Market Firms This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them! Nightwing Interview Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today's threat landscape. This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them! Segment 2 Libraesva Interview Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message. This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them! IRONSCALES Interview Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception. Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes. Assessing Organizational Readiness in the Face of Emerging Cyber Threat Using AI to Enhance Defensive Cybersecurity white paper The Hidden Gaps of SEG Protection white paper This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them! Segment 3 Illumio Interview In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph. Segment Resources: Rethinking Threat Detection in a Decentralized World Illumio Insights Announcement More information about Illumio Insights This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiorsac for information on Illumio Insights or to sign up for a private preview! ESET Interview The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. Segment Resources: https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/ https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/ This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-409
Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what's keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. Cyber Resilience in Action: A Guide for Mid-Market Firms This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them! Nightwing Interview Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today's threat landscape. This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them! Segment 2 Libraesva Interview Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message. This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them! IRONSCALES Interview Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception. Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes. Assessing Organizational Readiness in the Face of Emerging Cyber Threat Using AI to Enhance Defensive Cybersecurity white paper The Hidden Gaps of SEG Protection white paper This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them! Segment 3 Illumio Interview In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph. Segment Resources: Rethinking Threat Detection in a Decentralized World Illumio Insights Announcement More information about Illumio Insights This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiorsac for information on Illumio Insights or to sign up for a private preview! ESET Interview The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. Segment Resources: https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/ https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/ This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-409
In this conversation, Dr. Chase Cunningham and Michael Shieh from Mammoth Cyber discuss the evolution of Zero Trust security, focusing on browser security and AI's role in enhancing security measures. They explore the concept of data-first security, the significance of mobile security, and the future of Zero Trust in the context of increasing cyber threats. Michael emphasizes the need for a browser-centric approach to security, which allows for better control and visibility over user behavior and data access.TakeawaysMammoth Cyber focuses on browser-centric security solutions.The evolution of web applications has increased data leakage risks.AI tools are becoming integral to browser security.Data isolation allows users to access data without downloading it.User productivity should not be hindered by security measures.The attack surface for cyber threats is broader than ever.Browser security is essential for all users, not just enterprises.Phishing training is less effective than implementing browser isolation.Mobile security is crucial as users access company data on personal devices.The future of Zero Trust will heavily involve browser security solutions.
Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what's keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. Cyber Resilience in Action: A Guide for Mid-Market Firms This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them! Nightwing Interview Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today's threat landscape. This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them! Segment 2 Libraesva Interview Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message. This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them! IRONSCALES Interview Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception. Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes. Assessing Organizational Readiness in the Face of Emerging Cyber Threat Using AI to Enhance Defensive Cybersecurity white paper The Hidden Gaps of SEG Protection white paper This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them! Segment 3 Illumio Interview In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph. Segment Resources: Rethinking Threat Detection in a Decentralized World Illumio Insights Announcement More information about Illumio Insights This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiorsac for information on Illumio Insights or to sign up for a private preview! ESET Interview The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. Segment Resources: https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/ https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/ This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Show Notes: https://securityweekly.com/esw-409
If you're company is a small or medium sized business, don't get comfortable about fraud – you're being targeted too. Troy Baker is back to talk fraud and how the fraud prevention resources at the Better Business Bureau can help you protect your payments from fraudsters.Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources: Better Business Bureau Links: Main Webpage: https://www.bbb.org Scam Tracker: https://www.bbb.org/scamtracker Scam News/Tips: https://www.bbb.org/all/scamtips Sign-Up for Scam Alerts: https://signup.e2ma.net/signup/1900156/1902645/ Michigan Better Business Bureau: https://www.bbb.org/miprograms Validate Charities: https://www.give.org Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training: https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up: https://www.debrarrichardson.com/cleanupYouTube Channel: https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas? Email me at debra@debrarrichardson.com Music Credit: www.purple-planet.com
In this episode of Cybersecurity Today, host Jim Love explores the intricacies behind phishing emails that cleverly spoof Microsoft addresses, making many fall for scams despite appearing legitimate. Love emphasizes the need for a stringent 'zero trust' approach to counter these advanced tactics. Additionally, the episode delves into the activities of the hacking group Hazy Hawk, which exploits misconfigured DNS records to hijack trusted domains and propagate malware. Organizations are warned about the importance of regular DNS audits to prevent such attacks. The episode also covers the alarming wave of departures at the Cybersecurity and Infrastructure Security Agency (CISA), raising concerns over the agency's effectiveness amid increasing cyber threats. In another segment, Love discusses a sophisticated fraud operation out of Hanoi, where perpetrators manipulated X's Creator Revenue Sharing Program to siphon funds through fraudulent engagement metrics. The need for built-in fraud prevention mechanisms in digital reward systems is stressed. The episode concludes with a call for listener feedback and support. 00:00 Introduction and Overview 00:27 Phishing Scams: Authentic-Looking Emails 02:58 DNS Misconfigurations and Hazy Hawk 05:36 CISA Leadership Exodus 08:16 X's Creator Revenue Sharing Fraud 10:56 Conclusion and Contact Information
Phishing with Sam Fischer
Ob Fake-Mail vom Finanzamt oder ein vermeintlicher Anruf Deiner Bank – Phishing hat viele Gesichter. In dieser Folge erfährst Du: - wie Du Phishing-Mails, gefälschte Webseiten und betrügerische Anrufe erkennst - worauf Du beim Online-Shopping achten solltest, damit Deine Daten sicher bleiben - warum regelmäßige Kontochecks und sichere Passwörter so wichtig sind - wie Passwortmanager Dir helfen, den Überblick zu behalten - was Du tun kannst, wenn doch mal Geld vom Konto verschwindet - welche einfachen Routinen Deine Finanzen langfristig schützen Du bekommst konkrete Tipps, wie Du Dich im Alltag und online souverän schützt – ohne Panik, aber mit klaren Strategien. Rentenlücke berechnen und herausfinden, wie Du sie schließen kannst mit der finanz-heldinnen App: https://finanzheldinnen.comdirect.de/ Kennst Du schon unseren Finanzplaner? Hier geht es zu unserem Buch, das Dich Schritt für Schritt auf Deinem Weg zur finanz-heldin begleitet: https://finanz-heldinnen.de/planer Tägliche Inspiration und geballtes Finanzwissen findest Du auf dem finanz-heldinnen Instagram-Kanal: https://www.instagram.com/finanzheldinnen/ Und wenn Du Dich tiefer in Themen einlesen willst, dann schau Dir doch mal unsere Beiträge, Interviews und Checklisten auf unserer Website an: https://finanz-heldinnen.de/
Did you know you can find lots of fraud prevention resources from the Better Business Bureau? In this episode, Troy Baker from the Michigan Better Business Bureau talks about fraud, using the BBB for validations and what we both think is the best thing to do that will keep your company protected from fraud. Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources: Better Business Bureau Links: Main Webpage: https://www.bbb.org Scam Tracker: https://www.bbb.org/scamtracker Scam News/Tips: https://www.bbb.org/all/scamtips Sign-Up for Scam Alerts: https://signup.e2ma.net/signup/1900156/1902645/ Michigan Better Business Bureau: https://www.bbb.org/miprograms Validate Charities: https://www.give.org Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training: https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up: https://www.debrarrichardson.com/cleanupYouTube Channel: https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas? Email me at debra@debrarrichardson.com Music Credit: www.purple-planet.com
Il furto di migliaia di dati sensibili di clienti Coinbase ci ricorda per quale motivo gli exchange centralizzati vanno sempre evitati come la peste.Inoltre: ancora aggiornamenti sul dibattito OP_RETURN, analizziamo lo stato degli UTXO set, Wallet of Satoshi aggiorna una versione non custodial dell'app, sempre più aziende nel mondo adottano bitcoin nella loro strategia.It's showtime!
Sam Fischer Joins the show! Summer time Ball Standby list Day Bet Make My Day See omnystudio.com/listener for privacy information.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
xorsearch.py: Python Functions Didier s xorsearch tool now supports python functions to filter output https://isc.sans.edu/diary/xorsearch.py%3A%20Python%20Functions/31858 Pwn2Own Berlin 2025 Last weeks Pwn2Own contest in Berlin allowed researchers to demonstrate a number of new exploits with a large focus on privilege escalation and virtual machine escape. https://www.zerodayinitiative.com/blog/2025/5/17/pwn2own-berlin-2025-day-three-results Senior US Officials Impersonated in Malicious Messaging Campaign The FBI warns of senior US officials being impersonated in text and voice messages. https://www.ic3.gov/PSA/2025/PSA250515 Scattered Spider: TTP Evolution in 2025 Pushscurity provided an update on how Scattered Spider evolved. One thing they noted was that Scattered Spider takes advantage of legit dynamic domain name systems to make detection more difficult https://pushsecurity.com/blog/scattered-spider-ttp-evolution-in-2025/
This week, Dave speaks with Max Gannon of Cofense Intelligence to dive into his team's research on "The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders." Threat actors continuously develop new tactics, techniques, and procedures (TTPs) to bypass existing defenses. When defenders identify these methods and implement countermeasures, attackers adapt or create more sophisticated approaches. This research explores how cybercriminals are leveling up their credential phishing tactics using Precision-Validated Phishing, a technique that leverages real-time email validation to ensure only high-value targets receive the phishing attempt. The research can be found here: The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders Learn more about your ad choices. Visit megaphone.fm/adchoices
Today's blockchain and crypto news Binance, Kraken successfully thwart phishing attacks simialar to Coinbase hack World Liberty Financial rebuts Senate Democrat's probe Coinshift's stablecoin tops $100 million in TVL Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, Dave speaks with Max Gannon of Cofense Intelligence to dive into his team's research on "The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders." Threat actors continuously develop new tactics, techniques, and procedures (TTPs) to bypass existing defenses. When defenders identify these methods and implement countermeasures, attackers adapt or create more sophisticated approaches. This research explores how cybercriminals are leveling up their credential phishing tactics using Precision-Validated Phishing, a technique that leverages real-time email validation to ensure only high-value targets receive the phishing attempt. The research can be found here: The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders Learn more about your ad choices. Visit megaphone.fm/adchoices
Content warning: This episode contains descriptions of exploitation, self-harm, and abuse. Listener discretion is advised. A network called 764 has turned abuse into currency. It spread through Discord, Telegram, and gaming platforms—built around “lorebooks,” collections of coerced violence traded for status. In a strange twist, this harm group has connections to cybercrime groups we've covered on this show before. Note: I was recording in an office, which between that and the subject matter, explains why my tone is pretty hushed in this one. Hacked is brought to you by Push Security—helping companies stop identity attacks before they happen. Phishing, credential stuffing, session hijacking—Push tackles it right where it starts: in the browser. Smart, seamless, and built for how people actually work. Check them out at pushsecurity.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Is your vendor master file and customer master file the same? Don't miss taking advantage of these key benefits when they are one in the same. What are they? Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources: Customer Master File Training (50% off Through 6/15/25): 3 Step Customer Setup & Maintenance Process Workshop Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training: https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up: https://www.debrarrichardson.com/cleanupYouTube Channel: https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas? Email me at debra@debrarrichardson.com Music Credit: www.purple-planet.com
Josef is the founder of BrikMate, a company using AI to transform how commercial real estate teams manage, analyze, and extract insights from complex lease data. In this episode, KJ and Josef delve into the importance of confidence and curiosity for innovators and the potential of AI to revolutionize the service industry. Key Takeaways: 05:41 Evolution of Cybersecurity Threats 08:14 Modern Phishing and Social Engineering Tactics 10:32 Deepfake and Advanced Cyber Attacks 19:50 AI in Cybercrime: The Nigerian Email Scam 26:19 Future of Cybersecurity: AI vs. Human Quote of the Show (19:00): “The customer doesn't always know what they want. It takes someone who's confident, curious, and willing to take action" – Josef Pipoly Join our Anti-PR newsletter where we’re keeping a watchful and clever eye on PR trends, PR fails, and interesting news in tech so you don't have to. You're welcome. Want PR that actually matters? Get 30 minutes of expert advice in a fast-paced, zero-nonsense session from Karla Jo Helms, a veteran Crisis PR and Anti-PR Strategist who knows how to tell your story in the best possible light and get the exposure you need to disrupt your industry. Click here to book your call: https://info.jotopr.com/free-anti-pr-eval Ways to connect with Josef Pipoly: LinkedIn: https://www.linkedin.com/in/josefpipoly Company LinkedIn: https://www.brikmate.com/ How to get more Disruption/Interruption: Amazon Music - https://music.amazon.com/podcasts/eccda84d-4d5b-4c52-ba54-7fd8af3cbe87/disruption-interruption Apple Podcast - https://podcasts.apple.com/us/podcast/disruption-interruption/id1581985755 Spotify - https://open.spotify.com/show/6yGSwcSp8J354awJkCmJlDSee omnystudio.com/listener for privacy information.
What do people have to do with cybersecurity? A lot. As with other fields of human risk, it's people that are typically the root cause of problems in the cybersecurity world. Which is where my guest's expertise in behavioural design comes into play.On this episode, I'm speaking with Sarah Aalborg, a cybersecurity and behavioural design expert who's on a mission to change how organisations approach IT security.Rather than focusing on firewalls and tech solutions, Sarah examines the human behaviours that can undermine even the best-designed security systems.Her new book, Secure by Choice, challenges conventional security thinking by exploring how cognitive biases affect security professionals and how to use behavioural design to reshape security culture. We discuss the pitfalls of traditional security training – particularly those phishing tests that feel more like traps than training – and how to flip the script by focusing on what we want people to do rather than what we want them to avoid.Sarah shares practical strategies for using positive reinforcement, creating engaging training experiences, and making security less about fear and more about action. By applying principles of behavioural science and risk-based thinking, Sarah explains how we can bridge the gap between security policies and everyday human behaviour. Guest BiographySarah Aalborg is a cybersecurity expert and behavioural design advocate, focusing on how cognitive biases impact IT security professionals and their decision-making processes. She is the author of Secure by Choice, a book that challenges conventional approaches to cybersecurity training by applying principles of behavioural science to security culture. With a background in IT security spanning over two decades, Sarah speaks at major security events and consults with organisations on how to create more effective, engaging, and human-centric security programs. AI-Generated Timestamped Summary[00:00:00] Introduction [00:01:00] Meet Sarah Aalborg – Why she wrote Secure by Choice and her journey into behavioural design.[00:03:00] The '20-centimetre above the keyboard' exercise – How human inaction impacts tech security.[00:05:00] Why phishing tests feel like entrapment – and how to flip the script.[00:08:00] Turning phishing tests into positive reinforcement opportunities. [00:10:00] How a simple 'Report Suspicious Email' button can change behaviours.[00:12:00] The problem with fear-based messaging in cybersecurity.[00:14:00] Why telling people what NOT to do isn't effective. [00:15:00] Sarah's four-step framework for creating risk-aware security cultures. [00:17:00] Why most security training is designed to address the wrong problem. [00:20:00] The McDonald's kiosk example – What we can learn from other industries.[00:25:00] The importance of actionable examples in security training.[00:30:00] The generative AI paradox – When tech meets human bias. [00:35:00] Why AI is the ultimate behavioural science challenge. [00:40:00] The 'Operating System' analogy – Why the human brain is still running Stone Age software.[00:50:00] Why cyber professionals need to look outside their own industry for inspiration.[00:55:00] The role of curiosity and exploration in designing effective security programs. Links:Sarah's website: https://securebychoice.com/Sarah on LinkedIn: https://www.linkedin.com/in/sarah-aalborg-bb348a1/Secure by Choice:https://securityblendbooks.com/products/secure-by-choice?
Erich and Javvad summarize this week's cyber soap opera and bring you a tangled web of digital deceit, artificial “intelligence,” and just enough government extradition drama to keep things spicy. From Spain With Wire Fraud: Alleged “Scattered Spider” member Tyler Buchanan thought sunny Spain was a safe hideout—until the long arm of U.S. justice said hola. Extradited for allegedly scamming Caesars and MGM, his toolkit included SIM swapping and social engineering. Welcome to America, Tyler—hope you like federal courtrooms. Phishing with Google's Seal of Approval: Meanwhile, phisherfolk are reusing Google's DKIM signatures like they're leftover lasagna—slapping them onto spoofed emails from no-reply@accounts.google.com and tricking even the most paranoid clickers. The result? Legit-looking credential traps hosted on Google Sites. It's like gourmet phishing, served with a side of irony. Darcula Gets a Brain Upgrade: And if you thought cybercrime required effort, think again. The Darcula phishing kit now uses generative AI to do all the heavy lifting. Bad grammar and clunky templates? Gone. Now, even your cousin Steve with zero hacking skills can impersonate a bank in 100 languages. Thanks, AI. Tune in for a romp through the latest digital deceptions, complete with dark web drama and facepalms galore. Stay sharp—because the hackers definitely are.
En la sección de Consumo, Enrique García, portavoz de OCU analiza si el banco debe reponer el dinero en casos de estafa por phishing, cuando se hacen pasar por una persona o empresa para que la víctima revele información confidencial como por ejemplo sus datos bancarios.
Of course – the IRS has updated the 1099-MISC and 1099-NEC again effective for reporting Tax Year 2025 payments to your vendors. It's not that bad though….Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources: Training: From an Accounts Payable Perspective: Year-End Checklist for 1099-MISC, 1099-NEC and 1042-S Reporting IRS: Instructions for Forms 1099-MISC and 1099-NEC (Rev. April 2025) IRS: Form 1099-MISC (Rev. April 2025) https://www.irs.gov/pub/irs-pdf/f1099msc.pdf IRS: Form 1099-NEC (Rev. April 2025) https://www.irs.gov/pub/irs-pdf/f1099nec.pdf Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training: https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up: https://www.debrarrichardson.com/cleanupYouTube Channel: https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas? Email me at debra@debrarrichardson.com Music Credit: www.purple-planet.com
Ross Lazer is the Co-Founder and CEO of Mirage Security, a company using AI to simulate realistic spear-phishing attacks, including voice-based simulations using deepfakes, to train employees to recognize and resist social engineering tactics. In this episode, KJ and Ross uncover the evolving landscape of cybersecurity where attackers are increasingly targeting human weaknesses using sophisticated AI techniques. Ross reveals how Mirage Security is utilizing AI to simulate realistic phishing attacks, including voice and video deepfakes, to train employees and outsmart potential threats. They discuss the rapid advancements in social engineering tactics, the importance of contrarian thinking in innovation, and the future of cybersecurity training. Key Takeaways: 05:41 Evolution of Cybersecurity Threats 08:14 Modern Phishing and Social Engineering Tactics 10:32 Deepfake and Advanced Cyber Attacks 19:50 AI in Cybercrime: The Nigerian Email Scam 26:19 Future of Cybersecurity: AI vs. Human Quote of the Show (16:00): “In cybersecurity, the real challenge isn't just the technology; it's transforming the human side from our greatest vulnerability into our strongest defense." – Ross Lazer Join our Anti-PR newsletter where we’re keeping a watchful and clever eye on PR trends, PR fails, and interesting news in tech so you don't have to. You're welcome. Want PR that actually matters? Get 30 minutes of expert advice in a fast-paced, zero-nonsense session from Karla Jo Helms, a veteran Crisis PR and Anti-PR Strategist who knows how to tell your story in the best possible light and get the exposure you need to disrupt your industry. Click here to book your call: https://info.jotopr.com/free-anti-pr-eval Ways to connect with Ross Lazer: LinkedIn: https://www.linkedin.com/in/rosslazer/ Company LinkedIn: https://www.linkedin.com/company/miragesecurity/ How to get more Disruption/Interruption: Amazon Music - https://music.amazon.com/podcasts/eccda84d-4d5b-4c52-ba54-7fd8af3cbe87/disruption-interruption Apple Podcast - https://podcasts.apple.com/us/podcast/disruption-interruption/id1581985755 Spotify - https://open.spotify.com/show/6yGSwcSp8J354awJkCmJlDSee omnystudio.com/listener for privacy information.
#vinayakjoshi #kannadainterviews #podcast 00:00 - Titles00:26 - Online scams in India14:52 - Honey traps explained19:24 - Hacking and Identity Theft24:39 - How to stay safe online?28:50 - Reforming rowdy elements34:52 - Funny experiences as a Police OfficerIn this gripping follow-up episode, DySP Rajesh L.Y returns to shine a light on one of the biggest threats of our time - cyber crime. From phishing to data theft, he breaks down the digital dangers lurking behind screens and shares real-life insights from his frontline experience in cyber investigations.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Python InfoStealer with Embedded Phishing Webserver Didier found an interesting infostealer that, in addition to implementing typical infostealer functionality, includes a web server suitable to create local phishing sites. https://isc.sans.edu/diary/Python%20InfoStealer%20with%20Embedded%20Phishing%20Webserver/31924 Android Update Fixes Freetype 0-Day Google released its monthly Android update. As part of the update, it patched a vulnerability in Freetype that is already being exploited. Android is not alone in using Freetype. Freetype is a very commonly used library to parse fonts like Truetype fonts. https://source.android.com/docs/security/bulletin/2025-05-01 CISA Warns of Unsophistacted Cyber Actors CISA released an interesting title report warning operators of operational technology networks of ubiquitous attacks by unsophisticated actors. It emphasizes how important it is to not forget basic security measures to defend against these attacks. https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology
Send us a textThe relentless race for cloud dominance continues as AWS reports 16.9% growth year-over-year—a number that would thrill most companies but falls short of expectations for the cloud giant. Tim and Chris dig into what's behind these numbers and why Microsoft and Google continue gaining ground with stronger-than-anticipated growth rates. Microsoft's massive 53% increase in capital spending signals their aggressive push into AI infrastructure, raising questions about whether AWS can maintain its leadership position.Cybersecurity threats are evolving in concerning ways according to Threat Labs' 2025 Phishing Report. While overall phishing attempts have declined, attacks have become more targeted and sophisticated. The hosts explore disturbing trends including the rise of cryptocurrency scams with fake wallets and an increase in job-related phishing that exploits today's challenging employment market. Most alarming is how threat actors are capitalizing on AI hype, creating fraudulent agent websites that mimic legitimate platforms to steal credentials. This exposes a critical vulnerability in emerging technologies like Multi-agent Collaboration Protocol systems that currently lack robust security frameworks.The conversation shifts to more positive developments with Kubernetes 1.33 "Octarine" release, which brings sidecar containers to stable status—a significant improvement for managing service mesh implementations. The hosts break down how this and other updates like in-place resource resizing make Kubernetes more flexible and easier to manage for enterprise deployments.The episode closes with a somber discussion of Intel's announcement of potential layoffs affecting up to 20% of its workforce following substantial quarterly losses. Tim and Chris challenge the new CEO's assertion that requiring more office days will make the company "lean, fast and agile," questioning whether return-to-office mandates have more to do with real estate investments than actual productivity improvements.What tech news matters most to you? We'd love your feedback on our news format and what topics you'd like us to cover in future episodes!Purchase Chris and Tim's new book on AWS Cloud Networking: https://www.amazon.com/Certified-Advanced-Networking-Certification-certification/dp/1835080839/ Check out the Fortnightly Cloud Networking Newshttps://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/Visit our website and subscribe: https://www.cables2clouds.com/Follow us on BlueSky: https://bsky.app/profile/cables2clouds.comFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatj
We discuss a schism years in the making — the infamous imageboard 4chan gets hacked by its own offshoot, Soyjak.party, in a breach that exposed moderator identities, source code, and shattered the myth of online anonymity. Then, we look at Cluely — an AI tool built by a suspended student to help users “cheat” on job interviews — and the viral campaign pitching it as a revolution. Is it a tech breakthrough, a social bluff, or both? Hacked is brought to you by Push Security—helping companies stop identity attacks before they happen. Phishing, credential stuffing, session hijacking—Push tackles it right where it starts: in the browser. Smart, seamless, and built for how people actually work. Check them out at . Learn more about your ad choices. Visit podcastchoices.com/adchoices
Amy King hosts your Thursday Wake Up Call. ABC News White House correspondent Karen Travers opens the show talking about President Trump speaking on why the US economy shrank for first time in 3 years. ABC News national reporter Jim Ryan discusses the latest phishing bait using pro athletes. Amy is headed to… PARIS! We ‘Get in Your Business' with Bloomberg's Courtney Donohoe discussing business and Wall Street. The show closes with Amy talking with Dr. Charity Chandler Cole about the Reimagine Gala at CASA of Los Angeles.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
It's 2025, so why are malicious advertising URLs still going strong? Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL. https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%20advertising%20URLs%20still%20going%20strong%3F/31880 ChatGPT Fingerprinting Documents via Unicode ChatGPT apparently started leaving fingerprints in texts, which it creates by adding invisible Unicode characters like non-breaking spaces. https://www.rumidocs.com/newsroom/new-chatgpt-models-seem-to-leave-watermarks-on-text Asus AI Cloud Security Advisory Asus warns of a remote code execution vulnerability in its routers. The vulnerability is related to the AI Cloud feature. If your router is EoL, disabling the feature will mitigate the vulnerability https://www.asus.com/content/asus-product-security-advisory/ PyTorch Vulnerability PyTorch fixed a remote code execution vulnerability exploitable if a malicious model was loaded. This issue was exploitable even with the weight_only=True" setting selected https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
What's the best thing small businesses can do to improve their security posture?
We're on the road to RSAC 2025 — or maybe on a quantum-powered highway — and this time, Sean and I had the pleasure of chatting with someone who's not just riding the future wave, but actually building it.Marc Manzano, General Manager of the Cybersecurity Group at SandboxAQ, joined us for this Brand Story conversation ahead of the big conference in San Francisco. For those who haven't heard of SandboxAQ yet, here's a quick headline: they're a spin-out from Google, operating at the intersection of AI and quantum technologies. Yes — that intersection.But let's keep our feet on the ground for a second, because this story isn't just about tech that sounds cool. It's about solving the very real, very painful problems that security teams face every day.Marc laid out their mission clearly: Active Guard, their flagship platform, is built to simplify and modernize two massive pain points in enterprise security — cryptographic asset management and non-human identity management. Think: rotating certificates without manual effort. Managing secrets and keys across cloud-native infrastructure. Automating compliance reporting for quantum-readiness. No fluff — just value, right out of the box.And it's not just about plugging a new tool into your already overloaded stack. What impressed us is how SandboxAQ sees themselves as the unifying layer — enhancing interoperability across existing systems, extracting more intelligence from the tools you already use, and giving teams a unified view through a single pane of glass.And yes, we also touched on AI SecOps — because as AI becomes a standard part of infrastructure, so must security for it. Active Guard is already poised to give security teams visibility and control over this evolving layer.Want to see it in action? Booth 6578, North Expo Hall. Swag will be there. Demos will be live. Conversations will be real.We'll be there too — recording a deeper Brand Story episode On Location during the event.Until then, enjoy this preview — and get ready to meet the future of cybersecurity.⸻Keywords:sandboxaq, active guard, rsa conference 2025, quantum cybersecurity, ai secops, cryptographic asset management, non-human identity, cybersecurity automation, security compliance, rsa 2025, cybersecurity innovation, certificate lifecycle management, secrets management, security operations, quantum readiness, rsa sandbox, cybersecurity saas, devsecops, interoperability, digital transformation______________________Guest: Marc Manzano,, General Manager of the Cybersecurity Group at SandboxAQMarc Manzano on LinkedIn
This week, our hosts Dave Bittner and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines, while our other host, Maria Varmazis is at a conference. We begin with some follow-up, as Joe reflects on the density of gold. Then, Dave shares some heartfelt and moving words about the recent passing of his father. Dave's story follows how confusion sparked by Trump's erratic tariff policies is fueling a global surge in cyber scams, phishing sites, and crypto cons, as threat actors exploit the chaos to mislead, defraud, and manipulate online users. Joe has two stories this week, the first is about the "blessing scam," a con that targets older Chinese women with promises of spiritual cleansing that ends in financial ruin. The second covers a new FTC rule requiring companies to make subscription cancellations as easy as sign-ups, cracking down on deceptive practices. Our catch of the day this week comes from MontClair University, as they are warning of a phishing scam offering a “free 2014 Airstream Sport 16′ Travel Trailer.” Resources and links to stories: Trump Tariff Confusion Fuels Online Scams Oklahoma woman charged with laundering $1.5M from elderly women in online romance scam A new ‘jackpotting' scam has drained more than $236,000 from Texas ATMs — but who foots the loss? Opportunity To Own A Free 2014 Airstream Sport 16′ Travel Trailer Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit