Podcasts about Phishing

Charlamos con José Antonio Gómez Hernández, PhD, Responsable de Seguridad de la Información (CISO) de la Universidad de Granada. En esta entrevista, hablamos sobre la ciberseguridad en el ámbito universitario, explorando los desafíos a los que se enfrenta la comunidad universitaria en un entorno cada vez más digitalizado. Además, nos cuenta detalles de una reciente campaña de simulación de phishing que puso a prueba nuestra conciencia digital. Descubre qué medidas tomar para proteger tu información personal, cómo identificar correos sospechosos y qué pasos seguir si caemos en una trampa digital. ¡No te lo pierdas!--------------------------Radiolab, la radio universitaria de la Universidad de Granada, es un espacio de participación de la comunidad universitaria abierto a la ciudadanía. Nuestra universidad, como institución de aprendizaje está abierta al conocimiento y al debate. Desde su autonomía proporciona espacio para un debate libre y crítico, abierto a la pluralidad de voces y a la demandas de la sociedad dentro del marco de los derechos humanos y de los valores de nuestra institución. De este modo, constatamos que las opiniones vertidas en nuestros programas son exclusiva responsabilidad de quienes las emiten, sin representar un posicionamiento de la institución como tal. Defendemos la libertad de expresión y la comunicación en el espacio público como una forma de hacer ciudadanía y avanzar en el conocimiento. 

Get your customized planning started by scheduling a no-cost discovery call: http://bit.ly/calltruewealth Retirees are increasingly targeted by cybercriminals — and the scams are getting more sophisticated. From fake emails and stolen phones to account takeovers and SIM card fraud, even cautious investors can be at risk. In this episode, Tyler Emrick, CFA®, CFP®, shares a real story of an attempted security breach involving a True Wealth Design client — and what made the firm catch it before damage was done. You'll learn the most common cybersecurity threats facing retirees, how to secure your financial accounts, and what to do if you think you've been scammed. Plus, we cover smart strategies like using a password manager, enabling two-factor authentication, freezing your credit, and why every retiree should have a Trusted Contact on file. If you've worked hard to build a secure retirement, this episode will help you protect it. Here's some of what we discuss in this episode:

When it comes to the vendor and buyer and who is responsible when there is a fraudulent payment can depend on the country.  Here is what happened in another court case….Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:   Article:  EFT payments and cybercrime: Court says car buyer is liable to ensure money is paid into the correct account Authentication Free Training Section:  3 Step Vendor Setup & Maintenance Process Workshop Vendor Banking Form Template:  https://debrarrichardson.com/store/vendor-banking-form-template Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

How Long Until the Phishing Starts? About Two Weeks After setting up a Google Workspace and adding a new user, it took only two weeks for the new employee to receive somewhat targeted phishing emails. https://isc.sans.edu/diary/How%20Long%20Until%20the%20Phishing%20Starts%3F%20About%20Two%20Weeks/32052 Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone numbers Scammers are placing Google ads that point to legitimate companies sites, but are injecting malicious text into the page advertising fake tech support numbers https://www.malwarebytes.com/blog/news/2025/06/scammers-hijack-websites-of-bank-of-america-netflix-microsoft-and-more-to-insert-fake-phone-number What s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia Targeted attacks are tricking victims into creating app-specific passwords to Google resources. https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia

In this episode of Stories from the River, guest host Tyler Trill, Senior Communications Manager at Broad River Retail, sits down with Broad River Retail's IT experts Robert Ferguson, Associate Director, IT Infrastructure & User Services, and Tim Sobkowiak, Associate Director, Retail Technology & Project Management, to dive into the world of cybersecurity, with a specific focus on phishing attacks.  The discussion breaks down how phishing techniques have evolved from suspicious emails to sophisticated text messages, QR code scams, and AI-powered voice impersonations. Robert and Tim share real-life examples of successful phishing scams, explain why these attacks remain effective, and offer practical advice on how to recognize and respond to threats. Key takeaways include the critical roles of strong passwords, multi-factor authentication, and most importantly, ongoing education for every team member—not just IT. The episode emphasizes that staying safe online is everyone's responsibility, both at work and at home. Listeners will walk away better prepared to spot and stop phishing attempts before they cause harm. Watch this episode on YouTube: https://youtu.be/Aj8A5NqKmq8  Visit https://www.storiesfromtheriver.com for more episodes. Broad River Retail brought this show to you. Visit https://BroadRiverRetail.com                              Follow us on LinkedIn: https://www.linkedin.com/company/broad-river-retail

There is a common scenario for those Accounts Payable or Vendor teams that can do bank account ownership validations when setting up or changing vendor data: many vendors have legitimate reasons why their bank account holder names do not match their legal name.  So, how are you supposed to know whether this is legitimate or fraudulent?Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:   AVM: 3-Step Vendor Setup and Maintenance Framework to Avoid Fraud, Fines and Bad Vendor Data: https://youtu.be/prvHJ6_Rf58 D&B Business Directory:  https://www.dnb.com OpenCorporates:  https://opencorporates.com/ SEC > EDGAR Database: https://www.sec.gov/edgar/search/#/entityName=USERFUL%2520CORPORATION State Registration Sites:   Vendor Process Training Center > Resource Library Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

How cyber criminals are using AI tools to scale malicious operationsStreamlining user experience with biometrics or device-based authenticationMaking your organisation cyber resilient and securing critical systems as AI continues to advanceFeaturing: Thom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Derek Hanson, VP Solutions Architecture and Alliances, Yubicohttps://www.linkedin.com/in/derekthansonJay Vinda, Global CISO and Cyber Risk Engineering Lead, Mosaic Insurancehttps://www.linkedin.com/in/jayvindaLee Munson, Principal Research Analyst, Information Security Forumhttps://www.linkedin.com/in/lmunson/

Cyberattacks are on the rise—and smaller municipalities are now a top target. In this episode of OMAG All Access, David Dalton, OMAG's Director of Claims, is joined by cybersecurity attorney Zach Oubre of McAfee & Taft to discuss how cities and towns in Oklahoma can protect themselves.Zach shares insights from years of experience helping clients navigate breaches, ransomware events, and phishing scams. Together, they walk through practical steps your municipality can take now—from improving email security to implementing multi-factor authentication and updating system patches.Whether you're a city manager, clerk, or IT professional, this episode offers straightforward advice to reduce your cyber risk and respond quickly when attacks occur.Learn more at www.omag.org

In this episode of Stories from the River, guest host Tyler Trill, Senior Communications Manager at Broad River Retail, sits down with Broad River Retail's IT experts Robert Ferguson, Associate Director, IT Infrastructure & User Services, and Tim Sobkowiak, Associate Director, Retail Technology & Project Management, to dive into the world of cybersecurity, with a specific focus on phishing attacks.  The discussion breaks down how phishing techniques have evolved from suspicious emails to sophisticated text messages, QR code scams, and AI-powered voice impersonations. Robert and Tim share real-life examples of successful phishing scams, explain why these attacks remain effective, and offer practical advice on how to recognize and respond to threats. Key takeaways include the critical roles of strong passwords, multi-factor authentication, and most importantly, ongoing education for every team member—not just IT. The episode emphasizes that staying safe online is everyone's responsibility, both at work and at home. Listeners will walk away better prepared to spot and stop phishing attempts before they cause harm. Watch this episode on YouTube: https://youtu.be/Aj8A5NqKmq8  Visit https://www.storiesfromtheriver.com for more episodes. Broad River Retail brought this show to you. Visit https://BroadRiverRetail.com                              Follow us on LinkedIn: https://www.linkedin.com/company/broad-river-retail

Pieter-Jaap Aalbersberg, de Nationaal Coördinator Terrorismebestrijding en Veiligheid (NCTV), waakt vlak voor zijn pensioen over de NAVO-top volgende week. Deze grootste en duurste veiligheidsoperatie ooit speelt zich af tegen de achtergrond van oplopende spanningen in het Midden-Oosten, maar er dreigt ook binnenlands gevaar. Sven op 1 is een programma van Omroep WNL. Meer van WNL vind je op onze website en sociale media: ► Website: https://www.wnl.tv  ► Facebook: https://www.facebook.com/omroepwnl  ► Instagram: https://www.instagram.com/omroepwnl ► Twitter: https://www.twitter.com/wnlvandaag ► Steun WNL, word lid: https://www.steunwnl.tv ► Gratis Nieuwsbrief: https://www.wnl.tv/nieuwsbrief 

William Lyne of the UK's National Crime Agency joins us live at Infosecurity Europe to talk ransomware, AI threats, and the future of cybercrime disruption.When the UK's top cyber intelligence strategist sits down with you in London, you listen — and you hit record.At Infosecurity Europe 2025, the ITSPmagazine podcast team — Marco Ciappelli and Sean Martin — sat down with William Lyne, Deputy Director and Head of Cyber Intelligence at the UK's National Crime Agency (NCA). This is the guy who not only leads cyber strategy for the NCA, but has also represented the UK at the FBI in the U.S. and now oversees national-level ransomware disruption efforts. It's not just a conversation — it's a rare front-row seat into how one of the world's most serious crime-fighting agencies is tackling ransomware 3.0.The message? Ransomware isn't just a cyber issue. It's a societal one. And it's evolving faster than we're prepared for — unless we change the game.“It went from niche to national threat fast,” Lyne explains. “The tools were always there. It just took a few threat actors to stitch them together.”From banking malware to fully operational cybercrime-as-a-service ecosystems, Lyne walks us through how the underground economy has industrialized. Ransomware isn't just about tech — it's about access, scale, and business models. And most importantly, it's no longer limited to elite coders or closed-door Russian-speaking forums. The barrier to entry is gone, and the dark web is wide open for business.Sean brings up the obvious: “Why does this still feel like we're always reacting?”Lyne responds: “We've shifted. We're going after the ecosystem — the people, the infrastructure, the business model — not just the payload.” That includes disrupting ransomware-as-a-service, targeting marketplaces, and yes, investing in preemptive intelligence.Marco flips the script by comparing today's cyber landscape to something deeply human. “Extortion is nothing new — we've just digitalized it. This is human behavior, scaled by tech.”From there, the conversation takes a future-facing turn. Deepfakes, AI-powered phishing, the commoditization of generative tools — Lyne confirms it's all on their radar. But he's quick to note that cybercriminals aren't bleeding-edge innovators. “They adopt when the ROI is right. But AI-as-a-service? That's coming. And it will reshape how efficient — and damaging — these threats become.”And then the real insight lands:“You can't wait to be a victim to talk to law enforcement. We may already have access to the infrastructure. The earlier we hear from you, the better we can act — and fast.”That kind of operational openness isn't something you heard from law enforcement five years ago. It signals a cultural shift — one where collaboration is not optional, it's essential.William also highlights the NCA's partnerships with private sector firms, academia, and international agencies, including the Kronos operation targeting LockBit infrastructure. These kinds of collaborations prove that when information moves, so does impact.Why does this matter?Because while most cybersecurity media gets stuck in product buzzwords and vendor hype, this is the real stuff — how ransomware groups behave, how law enforcement thinks, and how society can respond. It's not theory. It's strategy, lived on the front lines. 

Erweitere dein Wissen über digitale Sicherheit mit „Cybersecurity ist Chefsache“.In dieser Episode spricht Nico Freitag mit Caroline Krohn, Fachbereichsleiterin für digitalen Verbraucherschutz beim Bundesamt für Sicherheit in der Informationstechnik (BSI).Zentrales Thema: Das vom BSI ausgerufene E-Mail-Sicherheitsjahr 2025. Gemeinsam mit Unternehmen, Providern und zivilgesellschaftlichen Akteuren will das BSI die E-Mail-Infrastruktur in Deutschland sicherer machen – proaktiv, freiwillig und sichtbar.

Erweitere dein Wissen über digitale Sicherheit mit „Cybersecurity ist Chefsache“.In dieser Episode spricht Nico Freitag mit Caroline Krohn, Fachbereichsleiterin für digitalen Verbraucherschutz beim Bundesamt für Sicherheit in der Informationstechnik (BSI).Zentrales Thema: Das vom BSI ausgerufene E-Mail-Sicherheitsjahr 2025. Gemeinsam mit Unternehmen, Providern und zivilgesellschaftlichen Akteuren will das BSI die E-Mail-Infrastruktur in Deutschland sicherer machen – proaktiv, freiwillig und sichtbar.

You may be listening to this podcast to find out what your vendors are doing, but guess what?  Your vendors are reaching out to me to understand what you are doing!  If you want to know the top 2 reasons vendors reach out to me about you (and what you can do to avoid this), then…Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:   IRS W-9 Examples by Tax Classification - What To Look For When Accepting From Your Vendor:  https://training.debrarrichardson.com/course/w9 Do IRS Form W-9s Expire? When Should You Collect a New One? https://debrarrichardson.com/blog/do-irs-form-w-9s-expire-when-should-you-collect-a-new-one?rq=expire Do You Need to Collect the California 587 or 590 Forms When Setting Up New Vendors? https://debrarrichardson.com/blog/do-you-need-to-collect-the-california-587-or-590-forms-when-setting-up-new-vendors?rq=587 Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Deze week praten Wout Funnekotter, Jurian Ubachs, Arnoud Wokke en Jelle Stuip over glasvezel van Ziggo, Summer Game Fest, Android-apps maken met vibecoden, steeds persoonlijke phishing en de nieuwe aankondigingen van Apple. 0:00 Intro0:19 Opening2:09 .post16:30 Ziggo gaat glasvezel aanbieden21:57 Wat er gebeurde op Summer Game Fest38:08 Android-apps maken met vibecoden51:16 Phishing wordt steeds beter en persoonlijker58:02 Apple, vloeibaar glas en beperkte AI1:17:20 SneakpeekSee omnystudio.com/listener for privacy information.

In this sponsored interview, Casey Ellis interviews Push Security co-founder and Chief Product Officer Jacques Louw about how good phishing crews have gotten at evading detection. Attackers are hiding their payloads behind legitimate bot-detection tools to stop things like email security gateways from seeing them, as well as locking up phishing pages behind OAuth challenges. Push sees all this because it's installed as a browser plugin and sees what users see. Show notes

The McGraw Show 6-9-25: National Guard in LA, Mike Kehoe - Master Negotiator, Popshelf & Phishing by

In today's digital age, cybersecurity has become a crucial aspect for businesses across all industries. As cyber threats evolve, so must our strategies to combat them. In evaluating the entire business ecosystem, it's essential to identify your organization's critical functions and potential single points of failure. A comprehensive approach not only involves protecting against breaches but also ensuring you have robust backup systems in place, should an attack occur. In this episode of 10 Miunte Tech Talks, The Pittsburgh Technology Council's Jonathan Kersting highlights his TechVibe Radio interview with Izzy Syring and Robert Ragan of CustosIQ. Custos is one of Pittsburgh's top cyber firms working with companies large and small to deploy custom cyber solutions and strategies that evolve with the company. Keep on listening for insights on phishing as a service and the new twisted threats phishing attacks pose for your company and a simple way to guard against them. If you have more than 10 minutes, listen to the entire interview here for more cyber insights. This is a podcast for tech and manufacturing  entrepreneurs exploring the tech ecosystem, from cyber security and AI to SaaS, robotics, and life sciences, featuring insights to satisfy the tech curious.

Phishing e-mail that hides malicious links from Outlook users Jan found a phishing email that hides the malicious link from Outlook users. The email uses specific HTML comment clauses Outlook interprets to render or not render specific parts of the email s HTML code. Jan suggests that the phishing email is intented to not expose users of https://isc.sans.edu/diary/Phishing%20e-mail%20that%20hides%20malicious%20link%20from%20Outlook%20users/32010 Amazon changing default logging from blocking to non-blocking Amazon will change the default logging mode from blocking to non-blocking. Non-blocking logging will not stop the application if logging fails, but may result in a loss of logs. https://aws.amazon.com/blogs/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/ Cisco Removes Backdoor Cisco fixed a Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7 Infoblox Vulnerability Details disclosed Details regarding several vulnerabilities recently patched in Infoblox s NetMRI have been made public. In particular an unauthenticated remote code execution issue should be considered critical. https://rhinosecuritylabs.com/research/infoblox-multiple-cves/

The  confirmation call has long been hailed as a safeguard against fraud. But it's not.  Let's delve into why and what can improve the process.Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:   Get the Vendor Callback Confirmation Toolkit(TM) Today: https://training.debrarrichardson.com/course/callback-confirmation-toolkitCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Welcome to a special RSAC 2025 episode of the Breaking Badness Cybersecurity Podcast! Today, we delve into the critical role of domains in modern cyber attacks. From sophisticated nation-state operations to AI-powered phishing kits and malicious browser extensions, domains are the foundational infrastructure for threat actors. Host Kali Fencl is joined by four leading cybersecurity experts Joe Slowik, Robert Duncan, John Fokker and Vivek Ramachandran to break down how domains are weaponized and what organizations can do to defend themselves on this ever-evolving frontline

Phishing remains to be the number one way fraudsters are scamming people into giving away both personal and financial information. In the latest episode of Wallet Watch “Unraveling Card Fraud”, Melissa, Manager of Card Fraud shares ways consumers have given away sensitive financial information like their card and account numbers, not realizing it was a scam until after the fact. She is also sharing safe card practices that could help you better recognize fraud attempts and ways to help keep your personal and financial sensitive information safe and secure. Don't miss out- tune in now!

Ransomware attacks, phishing scams, and third-party vendor breaches emphasize the need for advanced cybersecurity strategies and stronger collaboration between IT and supply chain teams. Learn how organizations are strengthening their cybersecurity efforts to be ready when hackers come knocking.

Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what's keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. Cyber Resilience in Action: A Guide for Mid-Market Firms This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them! Nightwing Interview Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today's threat landscape. This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them! Segment 2 Libraesva Interview Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message. This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them! IRONSCALES Interview Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception. Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes. Assessing Organizational Readiness in the Face of Emerging Cyber Threat Using AI to Enhance Defensive Cybersecurity white paper The Hidden Gaps of SEG Protection white paper This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them! Segment 3 Illumio Interview In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph. Segment Resources: Rethinking Threat Detection in a Decentralized World Illumio Insights Announcement More information about Illumio Insights This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiorsac for information on Illumio Insights or to sign up for a private preview! ESET Interview The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. Segment Resources: https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/ https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/ This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-409

Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what's keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. Cyber Resilience in Action: A Guide for Mid-Market Firms This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them! Nightwing Interview Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today's threat landscape. This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them! Segment 2 Libraesva Interview Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message. This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them! IRONSCALES Interview Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception. Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes. Assessing Organizational Readiness in the Face of Emerging Cyber Threat Using AI to Enhance Defensive Cybersecurity white paper The Hidden Gaps of SEG Protection white paper This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them! Segment 3 Illumio Interview In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph. Segment Resources: Rethinking Threat Detection in a Decentralized World Illumio Insights Announcement More information about Illumio Insights This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiorsac for information on Illumio Insights or to sign up for a private preview! ESET Interview The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. Segment Resources: https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/ https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/ This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-409

In this conversation, Dr. Chase Cunningham and Michael Shieh from Mammoth Cyber discuss the evolution of Zero Trust security, focusing on browser security and AI's role in enhancing security measures. They explore the concept of data-first security, the significance of mobile security, and the future of Zero Trust in the context of increasing cyber threats. Michael emphasizes the need for a browser-centric approach to security, which allows for better control and visibility over user behavior and data access.TakeawaysMammoth Cyber focuses on browser-centric security solutions.The evolution of web applications has increased data leakage risks.AI tools are becoming integral to browser security.Data isolation allows users to access data without downloading it.User productivity should not be hindered by security measures.The attack surface for cyber threats is broader than ever.Browser security is essential for all users, not just enterprises.Phishing training is less effective than implementing browser isolation.Mobile security is crucial as users access company data on personal devices.The future of Zero Trust will heavily involve browser security solutions.

Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what's keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. Cyber Resilience in Action: A Guide for Mid-Market Firms This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them! Nightwing Interview Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today's threat landscape. This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them! Segment 2 Libraesva Interview Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message. This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them! IRONSCALES Interview Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception. Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes. Assessing Organizational Readiness in the Face of Emerging Cyber Threat Using AI to Enhance Defensive Cybersecurity white paper The Hidden Gaps of SEG Protection white paper This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them! Segment 3 Illumio Interview In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph. Segment Resources: Rethinking Threat Detection in a Decentralized World Illumio Insights Announcement More information about Illumio Insights This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiorsac for information on Illumio Insights or to sign up for a private preview! ESET Interview The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. Segment Resources: https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/ https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/ This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Show Notes: https://securityweekly.com/esw-409

If you're company is a small or medium sized business, don't get comfortable about fraud – you're being targeted too.  Troy Baker is back to talk fraud and how the fraud prevention resources at the Better Business Bureau can help you protect your payments from fraudsters.Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:   Better Business Bureau Links:  Main Webpage:  https://www.bbb.org Scam Tracker:  https://www.bbb.org/scamtracker Scam News/Tips:  https://www.bbb.org/all/scamtips Sign-Up for Scam Alerts: https://signup.e2ma.net/signup/1900156/1902645/ Michigan Better Business Bureau:  https://www.bbb.org/miprograms Validate Charities:  https://www.give.org Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

  In this episode of Cybersecurity Today, host Jim Love explores the intricacies behind phishing emails that cleverly spoof Microsoft addresses, making many fall for scams despite appearing legitimate. Love emphasizes the need for a stringent 'zero trust' approach to counter these advanced tactics. Additionally, the episode delves into the activities of the hacking group Hazy Hawk, which exploits misconfigured DNS records to hijack trusted domains and propagate malware. Organizations are warned about the importance of regular DNS audits to prevent such attacks. The episode also covers the alarming wave of departures at the Cybersecurity and Infrastructure Security Agency (CISA), raising concerns over the agency's effectiveness amid increasing cyber threats. In another segment, Love discusses a sophisticated fraud operation out of Hanoi, where perpetrators manipulated X's Creator Revenue Sharing Program to siphon funds through fraudulent engagement metrics. The need for built-in fraud prevention mechanisms in digital reward systems is stressed. The episode concludes with a call for listener feedback and support. 00:00 Introduction and Overview 00:27 Phishing Scams: Authentic-Looking Emails 02:58 DNS Misconfigurations and Hazy Hawk 05:36 CISA Leadership Exodus 08:16 X's Creator Revenue Sharing Fraud 10:56 Conclusion and Contact Information

Phishing with Sam Fischer

Ob Fake-Mail vom Finanzamt oder ein vermeintlicher Anruf Deiner Bank – Phishing hat viele Gesichter. In dieser Folge erfährst Du: - wie Du Phishing-Mails, gefälschte Webseiten und betrügerische Anrufe erkennst - worauf Du beim Online-Shopping achten solltest, damit Deine Daten sicher bleiben - warum regelmäßige Kontochecks und sichere Passwörter so wichtig sind - wie Passwortmanager Dir helfen, den Überblick zu behalten - was Du tun kannst, wenn doch mal Geld vom Konto verschwindet - welche einfachen Routinen Deine Finanzen langfristig schützen Du bekommst konkrete Tipps, wie Du Dich im Alltag und online souverän schützt – ohne Panik, aber mit klaren Strategien. Rentenlücke berechnen und herausfinden, wie Du sie schließen kannst mit der finanz-heldinnen App: https://finanzheldinnen.comdirect.de/ Kennst Du schon unseren Finanzplaner? Hier geht es zu unserem Buch, das Dich Schritt für Schritt auf Deinem Weg zur finanz-heldin begleitet: https://finanz-heldinnen.de/planer Tägliche Inspiration und geballtes Finanzwissen findest Du auf dem finanz-heldinnen Instagram-Kanal: https://www.instagram.com/finanzheldinnen/ Und wenn Du Dich tiefer in Themen einlesen willst, dann schau Dir doch mal unsere Beiträge, Interviews und Checklisten auf unserer Website an: https://finanz-heldinnen.de/

Did you know you can find lots of fraud prevention resources from the Better Business Bureau?  In this episode, Troy Baker from the Michigan Better Business Bureau talks about fraud, using the BBB for validations and what we both think is the best thing to do that will keep your company protected from fraud.   Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:   Better Business Bureau Links:  Main Webpage:  https://www.bbb.org Scam Tracker:  https://www.bbb.org/scamtracker Scam News/Tips:  https://www.bbb.org/all/scamtips Sign-Up for Scam Alerts: https://signup.e2ma.net/signup/1900156/1902645/ Michigan Better Business Bureau:  https://www.bbb.org/miprograms Validate Charities:  https://www.give.org Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Il furto di migliaia di dati sensibili di clienti Coinbase ci ricorda per quale motivo gli exchange centralizzati vanno sempre evitati come la peste.Inoltre: ancora aggiornamenti sul dibattito OP_RETURN, analizziamo lo stato degli UTXO set, Wallet of Satoshi aggiorna una versione non custodial dell'app, sempre più aziende nel mondo adottano bitcoin nella loro strategia.It's showtime!

Sam Fischer Joins the show! Summer time Ball Standby list Day Bet Make My Day See omnystudio.com/listener for privacy information.

xorsearch.py: Python Functions Didier s xorsearch tool now supports python functions to filter output https://isc.sans.edu/diary/xorsearch.py%3A%20Python%20Functions/31858 Pwn2Own Berlin 2025 Last weeks Pwn2Own contest in Berlin allowed researchers to demonstrate a number of new exploits with a large focus on privilege escalation and virtual machine escape. https://www.zerodayinitiative.com/blog/2025/5/17/pwn2own-berlin-2025-day-three-results Senior US Officials Impersonated in Malicious Messaging Campaign The FBI warns of senior US officials being impersonated in text and voice messages. https://www.ic3.gov/PSA/2025/PSA250515 Scattered Spider: TTP Evolution in 2025 Pushscurity provided an update on how Scattered Spider evolved. One thing they noted was that Scattered Spider takes advantage of legit dynamic domain name systems to make detection more difficult https://pushsecurity.com/blog/scattered-spider-ttp-evolution-in-2025/

This week, Dave speaks with Max Gannon of Cofense Intelligence to dive into his team's research on "The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders." Threat actors continuously develop new tactics, techniques, and procedures (TTPs) to bypass existing defenses. When defenders identify these methods and implement countermeasures, attackers adapt or create more sophisticated approaches. This research explores how cybercriminals are leveling up their credential phishing tactics using Precision-Validated Phishing, a technique that leverages real-time email validation to ensure only high-value targets receive the phishing attempt. The research can be found here: The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders⁠⁠⁠⁠⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Today's blockchain and crypto news Binance, Kraken successfully thwart phishing attacks simialar to Coinbase hack World Liberty Financial rebuts Senate Democrat's probe Coinshift's stablecoin tops $100 million in TVL Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Dave speaks with Max Gannon of Cofense Intelligence to dive into his team's research on "The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders." Threat actors continuously develop new tactics, techniques, and procedures (TTPs) to bypass existing defenses. When defenders identify these methods and implement countermeasures, attackers adapt or create more sophisticated approaches. This research explores how cybercriminals are leveling up their credential phishing tactics using Precision-Validated Phishing, a technique that leverages real-time email validation to ensure only high-value targets receive the phishing attempt. The research can be found here: The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders⁠⁠⁠⁠⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Content warning: This episode contains descriptions of exploitation, self-harm, and abuse. Listener discretion is advised. A network called 764 has turned abuse into currency. It spread through Discord, Telegram, and gaming platforms—built around “lorebooks,” collections of coerced violence traded for status. In a strange twist, this harm group has connections to cybercrime groups we've covered on this show before. Note: I was recording in an office, which between that and the subject matter, explains why my tone is pretty hushed in this one. Hacked is brought to you by Push Security—helping companies stop identity attacks before they happen. Phishing, credential stuffing, session hijacking—Push tackles it right where it starts: in the browser. Smart, seamless, and built for how people actually work. Check them out at pushsecurity.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Is your vendor master file and customer master file the same?  Don't miss taking advantage of these key benefits when they are one in the same.  What are they?  Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:   Customer Master File Training (50% off Through 6/15/25):  3 Step Customer Setup & Maintenance Process Workshop Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Josef is the founder of BrikMate, a company using AI to transform how commercial real estate teams manage, analyze, and extract insights from complex lease data. In this episode, KJ and Josef delve into the importance of confidence and curiosity for innovators and the potential of AI to revolutionize the service industry. Key Takeaways: 05:41 Evolution of Cybersecurity Threats 08:14 Modern Phishing and Social Engineering Tactics 10:32 Deepfake and Advanced Cyber Attacks 19:50 AI in Cybercrime: The Nigerian Email Scam 26:19 Future of Cybersecurity: AI vs. Human Quote of the Show (19:00): “The customer doesn't always know what they want. It takes someone who's confident, curious, and willing to take action" – Josef Pipoly Join our Anti-PR newsletter where we’re keeping a watchful and clever eye on PR trends, PR fails, and interesting news in tech so you don't have to. You're welcome. Want PR that actually matters? Get 30 minutes of expert advice in a fast-paced, zero-nonsense session from Karla Jo Helms, a veteran Crisis PR and Anti-PR Strategist who knows how to tell your story in the best possible light and get the exposure you need to disrupt your industry. Click here to book your call: https://info.jotopr.com/free-anti-pr-eval Ways to connect with Josef Pipoly: LinkedIn: https://www.linkedin.com/in/josefpipoly Company LinkedIn: https://www.brikmate.com/ How to get more Disruption/Interruption: Amazon Music - https://music.amazon.com/podcasts/eccda84d-4d5b-4c52-ba54-7fd8af3cbe87/disruption-interruption Apple Podcast - https://podcasts.apple.com/us/podcast/disruption-interruption/id1581985755 Spotify - https://open.spotify.com/show/6yGSwcSp8J354awJkCmJlDSee omnystudio.com/listener for privacy information.

What do people have to do with cybersecurity?  A lot. As with other fields of human risk, it's people that are typically the root cause of problems in the cybersecurity world.  Which is where my guest's expertise in behavioural design comes into play.On this episode, I'm speaking with Sarah Aalborg, a cybersecurity and behavioural design expert who's on a mission to change how organisations approach IT security.Rather than focusing on firewalls and tech solutions, Sarah examines the human behaviours that can undermine even the best-designed security systems.Her new book, Secure by Choice, challenges conventional security thinking by exploring how cognitive biases affect security professionals and how to use behavioural design to reshape security culture. We discuss the pitfalls of traditional security training – particularly those phishing tests that feel more like traps than training – and how to flip the script by focusing on what we want people to do rather than what we want them to avoid.Sarah shares practical strategies for using positive reinforcement, creating engaging training experiences, and making security less about fear and more about action. By applying principles of behavioural science and risk-based thinking, Sarah explains how we can bridge the gap between security policies and everyday human behaviour. Guest BiographySarah Aalborg is a cybersecurity expert and behavioural design advocate, focusing on how cognitive biases impact IT security professionals and their decision-making processes. She is the author of Secure by Choice, a book that challenges conventional approaches to cybersecurity training by applying principles of behavioural science to security culture. With a background in IT security spanning over two decades, Sarah speaks at major security events and consults with organisations on how to create more effective, engaging, and human-centric security programs. AI-Generated Timestamped Summary[00:00:00] Introduction [00:01:00] Meet Sarah Aalborg – Why she wrote Secure by Choice and her journey into behavioural design.[00:03:00] The '20-centimetre above the keyboard' exercise – How human inaction impacts tech security.[00:05:00] Why phishing tests feel like entrapment – and how to flip the script.[00:08:00] Turning phishing tests into positive reinforcement opportunities. [00:10:00] How a simple 'Report Suspicious Email' button can change behaviours.[00:12:00] The problem with fear-based messaging in cybersecurity.[00:14:00] Why telling people what NOT to do isn't effective. [00:15:00] Sarah's four-step framework for creating risk-aware security cultures. [00:17:00] Why most security training is designed to address the wrong problem. [00:20:00] The McDonald's kiosk example – What we can learn from other industries.[00:25:00] The importance of actionable examples in security training.[00:30:00] The generative AI paradox – When tech meets human bias. [00:35:00] Why AI is the ultimate behavioural science challenge. [00:40:00] The 'Operating System' analogy – Why the human brain is still running Stone Age software.[00:50:00] Why cyber professionals need to look outside their own industry for inspiration.[00:55:00] The role of curiosity and exploration in designing effective security programs. Links:Sarah's website: https://securebychoice.com/Sarah on LinkedIn: https://www.linkedin.com/in/sarah-aalborg-bb348a1/Secure by Choice:https://securityblendbooks.com/products/secure-by-choice?

Erich and Javvad summarize this week's cyber soap opera and bring you a tangled web of digital deceit, artificial “intelligence,” and just enough government extradition drama to keep things spicy. From Spain With Wire Fraud: Alleged “Scattered Spider” member Tyler Buchanan thought sunny Spain was a safe hideout—until the long arm of U.S. justice said hola. Extradited for allegedly scamming Caesars and MGM, his toolkit included SIM swapping and social engineering. Welcome to America, Tyler—hope you like federal courtrooms. Phishing with Google's Seal of Approval: Meanwhile, phisherfolk are reusing Google's DKIM signatures like they're leftover lasagna—slapping them onto spoofed emails from no-reply@accounts.google.com and tricking even the most paranoid clickers. The result? Legit-looking credential traps hosted on Google Sites. It's like gourmet phishing, served with a side of irony. Darcula Gets a Brain Upgrade: And if you thought cybercrime required effort, think again. The Darcula phishing kit now uses generative AI to do all the heavy lifting. Bad grammar and clunky templates? Gone. Now, even your cousin Steve with zero hacking skills can impersonate a bank in 100 languages. Thanks, AI. Tune in for a romp through the latest digital deceptions, complete with dark web drama and facepalms galore. Stay sharp—because the hackers definitely are.

Of course – the IRS has updated the 1099-MISC and 1099-NEC again effective for reporting Tax Year 2025 payments to your vendors.  It's not that bad though….Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team.  Links mentioned in the podcast + other helpful resources:   Training:  From an Accounts Payable Perspective:  Year-End Checklist for 1099-MISC, 1099-NEC and 1042-S Reporting IRS:  Instructions for Forms 1099-MISC and 1099-NEC (Rev. April 2025) IRS:  Form 1099-MISC (Rev. April 2025)  https://www.irs.gov/pub/irs-pdf/f1099msc.pdf IRS:  Form 1099-NEC (Rev. April 2025) https://www.irs.gov/pub/irs-pdf/f1099nec.pdf Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Ross Lazer is the Co-Founder and CEO of Mirage Security, a company using AI to simulate realistic spear-phishing attacks, including voice-based simulations using deepfakes, to train employees to recognize and resist social engineering tactics. In this episode, KJ and Ross uncover the evolving landscape of cybersecurity where attackers are increasingly targeting human weaknesses using sophisticated AI techniques. Ross reveals how Mirage Security is utilizing AI to simulate realistic phishing attacks, including voice and video deepfakes, to train employees and outsmart potential threats. They discuss the rapid advancements in social engineering tactics, the importance of contrarian thinking in innovation, and the future of cybersecurity training. Key Takeaways: 05:41 Evolution of Cybersecurity Threats 08:14 Modern Phishing and Social Engineering Tactics 10:32 Deepfake and Advanced Cyber Attacks 19:50 AI in Cybercrime: The Nigerian Email Scam 26:19 Future of Cybersecurity: AI vs. Human Quote of the Show (16:00): “In cybersecurity, the real challenge isn't just the technology; it's transforming the human side from our greatest vulnerability into our strongest defense." – Ross Lazer Join our Anti-PR newsletter where we’re keeping a watchful and clever eye on PR trends, PR fails, and interesting news in tech so you don't have to. You're welcome. Want PR that actually matters? Get 30 minutes of expert advice in a fast-paced, zero-nonsense session from Karla Jo Helms, a veteran Crisis PR and Anti-PR Strategist who knows how to tell your story in the best possible light and get the exposure you need to disrupt your industry. Click here to book your call: https://info.jotopr.com/free-anti-pr-eval Ways to connect with Ross Lazer: LinkedIn: https://www.linkedin.com/in/rosslazer/ Company LinkedIn: https://www.linkedin.com/company/miragesecurity/ How to get more Disruption/Interruption: Amazon Music - https://music.amazon.com/podcasts/eccda84d-4d5b-4c52-ba54-7fd8af3cbe87/disruption-interruption Apple Podcast - https://podcasts.apple.com/us/podcast/disruption-interruption/id1581985755 Spotify - https://open.spotify.com/show/6yGSwcSp8J354awJkCmJlDSee omnystudio.com/listener for privacy information.

Python InfoStealer with Embedded Phishing Webserver Didier found an interesting infostealer that, in addition to implementing typical infostealer functionality, includes a web server suitable to create local phishing sites. https://isc.sans.edu/diary/Python%20InfoStealer%20with%20Embedded%20Phishing%20Webserver/31924 Android Update Fixes Freetype 0-Day Google released its monthly Android update. As part of the update, it patched a vulnerability in Freetype that is already being exploited. Android is not alone in using Freetype. Freetype is a very commonly used library to parse fonts like Truetype fonts. https://source.android.com/docs/security/bulletin/2025-05-01 CISA Warns of Unsophistacted Cyber Actors CISA released an interesting title report warning operators of operational technology networks of ubiquitous attacks by unsophisticated actors. It emphasizes how important it is to not forget basic security measures to defend against these attacks. https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology

Send us a textThe relentless race for cloud dominance continues as AWS reports 16.9% growth year-over-year—a number that would thrill most companies but falls short of expectations for the cloud giant. Tim and Chris dig into what's behind these numbers and why Microsoft and Google continue gaining ground with stronger-than-anticipated growth rates. Microsoft's massive 53% increase in capital spending signals their aggressive push into AI infrastructure, raising questions about whether AWS can maintain its leadership position.Cybersecurity threats are evolving in concerning ways according to Threat Labs' 2025 Phishing Report. While overall phishing attempts have declined, attacks have become more targeted and sophisticated. The hosts explore disturbing trends including the rise of cryptocurrency scams with fake wallets and an increase in job-related phishing that exploits today's challenging employment market. Most alarming is how threat actors are capitalizing on AI hype, creating fraudulent agent websites that mimic legitimate platforms to steal credentials. This exposes a critical vulnerability in emerging technologies like Multi-agent Collaboration Protocol systems that currently lack robust security frameworks.The conversation shifts to more positive developments with Kubernetes 1.33 "Octarine" release, which brings sidecar containers to stable status—a significant improvement for managing service mesh implementations. The hosts break down how this and other updates like in-place resource resizing make Kubernetes more flexible and easier to manage for enterprise deployments.The episode closes with a somber discussion of Intel's announcement of potential layoffs affecting up to 20% of its workforce following substantial quarterly losses. Tim and Chris challenge the new CEO's assertion that requiring more office days will make the company "lean, fast and agile," questioning whether return-to-office mandates have more to do with real estate investments than actual productivity improvements.What tech news matters most to you? We'd love your feedback on our news format and what topics you'd like us to cover in future episodes!Purchase Chris and Tim's new book on AWS Cloud Networking: https://www.amazon.com/Certified-Advanced-Networking-Certification-certification/dp/1835080839/ Check out the Fortnightly Cloud Networking Newshttps://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/Visit our website and subscribe: https://www.cables2clouds.com/Follow us on BlueSky: https://bsky.app/profile/cables2clouds.comFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatj

We discuss a schism years in the making — the infamous imageboard 4chan gets hacked by its own offshoot, Soyjak.party, in a breach that exposed moderator identities, source code, and shattered the myth of online anonymity. Then, we look at Cluely — an AI tool built by a suspended student to help users “cheat” on job interviews — and the viral campaign pitching it as a revolution. Is it a tech breakthrough, a social bluff, or both? Hacked is brought to you by Push Security—helping companies stop identity attacks before they happen. Phishing, credential stuffing, session hijacking—Push tackles it right where it starts: in the browser. Smart, seamless, and built for how people actually work. Check them out at . Learn more about your ad choices. Visit podcastchoices.com/adchoices

It's 2025, so why are malicious advertising URLs still going strong? Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL. https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%20advertising%20URLs%20still%20going%20strong%3F/31880 ChatGPT Fingerprinting Documents via Unicode ChatGPT apparently started leaving fingerprints in texts, which it creates by adding invisible Unicode characters like non-breaking spaces. https://www.rumidocs.com/newsroom/new-chatgpt-models-seem-to-leave-watermarks-on-text Asus AI Cloud Security Advisory Asus warns of a remote code execution vulnerability in its routers. The vulnerability is related to the AI Cloud feature. If your router is EoL, disabling the feature will mitigate the vulnerability https://www.asus.com/content/asus-product-security-advisory/ PyTorch Vulnerability PyTorch fixed a remote code execution vulnerability exploitable if a malicious model was loaded. This issue was exploitable even with the weight_only=True" setting selected https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit