Podcasts about Phishing

This Morning's Headlines1. Kim Jong-un to China2. Phishing crackdown3. Local tax cuts4. Rate freeze5. SKT fined

According to The Kaplan Group, tax scams have resulted in 2025 YTD reported financial losses of $5,742,463.91.  Monthly tax scam reports rose 62% year-over-year, from 227 in 2024 to 368 in 2025, and have increased by 323% since 2020.  So what can you do to protect yourself? To help you stay safe, here are three key takeaways: The IRS will almost always contact you by MAIL first.  If you get a text, email, or surprise phone call demanding personal information or payment, it's almost certainly a scam. Phishing and "smishing" are at an all-time high.  Scammers try to lure you with messages about fake refunds, threats, or "unusual activity." Never click suspicious links or share your personal info. Double-check everything.  Unsure about a tax communication?  Review it with your tax professional, or check official IRS resources (linked on the podcast and IRS website).  Remember—the IRS won't email or text you unless you've explicitly given permission. Stay vigilant, and don't let scammers get between you and your hard-earned money! Connect with Paul Contact Paul here or schedule a time to meet with Paul here. For resources discussed in this episode, visit tammacapital.com/podcast. Follow Paul on LinkedIn and YouTube. And feel free to email Paul at pfenner@tammacapital.com with any feedback, questions, or ideas for future guests and topics. Resources Featured in This Episode: How to know it's the IRS Dirty Dozen tax scams for 2025: IRS warns taxpayers to watch out for dangerous threats Understanding your IRS notice or letter

Die richtige Story zur richtigen Zeit – und es kann auch DICH treffen! Im diesem Podcast spricht Sandro Müller mit Carlo Canova, langjähriger Security Consultant bei goSecurity AG. Carlo erzählt von einem Phishing, das ihn persönlich erreicht hat – und das im schlimmsten Fall der ganzen Firma erheblichen Schaden hätte zufügen können. Zum Glück wurde der Incident sofort richtig behandelt. Eine spannende und lehrreiche Episode für alle, die verstehen wollen, wie schnell jeder zum Ziel werden kann – und warum es so wichtig ist, vorbereitet zu sein.

Send us a textWhat do street food in Vietnam, varsity football, and DMARC email authentication have in common? In this immersive episode, Joey Pinz sits down with Michael Chester for a lively conversation that connects personal transformation with global impact.

Microsoft has launched Project IR, an advanced AI capable of reverse-engineering malware with a remarkable 90% accuracy rate. This autonomous agent utilizes a combination of large language models and specialized cybersecurity tools to identify threats effectively, achieving a low false positive rate of just 2%. Recent tests demonstrated its capability to analyze thousands of unclassified files and accurately flag a significant majority as malicious. However, as cybersecurity technology advances, so do the tactics of cybercriminals, with a notable increase in phishing attacks targeting managed service providers (MSPs), which now account for over half of all phishing incidents.The rise of AI-powered phishing and social engineering tactics has been highlighted in a recent Acronis report, revealing that 52% of phishing attacks are aimed at MSPs. Additionally, new research indicates that AI browsers may inadvertently assist scammers, as they can overlook red flags that human users would typically catch. A survey from One Password further emphasizes the challenges organizations face with the rapid adoption of AI tools, with many lacking visibility and control over these applications, leading to potential security vulnerabilities.Gartner has issued a warning to corporate leaders, stating that they have a limited timeframe to integrate AI agents into their operations or risk falling behind competitors. Despite the urgency, Gartner also acknowledges that a significant percentage of AI projects fail, raising concerns about the pressure vendors may place on businesses to adopt these technologies hastily. Meanwhile, XAI's claims regarding its Grok 2.5 model being open-sourced have been criticized as misleading, as the licensing terms impose restrictions that contradict open-source principles.In the realm of cybersecurity solutions, companies like SonicWall and VMware are introducing new tools and technologies to enhance security and operational efficiency. SonicWall has launched a new generation of firewalls with a unique cyber warranty, while VMware is focusing on ARM architecture to meet the growing demand for energy-efficient servers. However, the podcast emphasizes the importance of cutting through vendor noise and focusing on solutions that genuinely improve business operations, rather than getting caught up in marketing hype.Three things to know today 00:00 Microsoft's Project Ire Shows AI Can Catch Malware, But Attacks on MSPs Are Rising Faster06:36 AI Urgency, Open-Washing, and Federal Adoption: Sorting Hype From Reality10:09 From Billing Fixes to Firewalls and VMware's Arm Gamble: What Really Matters for MSPs   Supported by:  https://getnerdio.com/  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Tech commentator Tony Grasso joins Kathryn to talk about the big news in the cyber-crime world.

Christopher und Sylvester sind aus dem Urlaub zurück, haben direkt mehr Themen als in einen Passwort-Podcast passen und teilen deshalb auf: In dieser Folge geht es um eine großangelegte Studie, der zufolge viele übliche Anti-Phishing-Maßnahmen kaum oder gar nicht helfen. Außerdem grübeln die beiden über das Tempo, mit dem Let's Encrypt seine alten CT-Logs abschalten will, und verzweifeln an Microsoft. Die Firma aus Redmond ist mit gleich zwei Geschichten im Podcast vertreten, die nicht nur von Sicherheitslücken und (zweifelhaften) technischen Lösungen handeln, sondern auch totale Kommunikationsdesaster skizzieren. - Phrack Ausgabe 72: https://phrack.org/issues/72/1 - Phising-Studie: https://arianamirian.com/docs/ieee-25.pdf - Slide-Deck der Phishing-Studie: https://i.blackhat.com/BH-USA-25/Presentations/US-25-Dameff-Pwning-Phishing-Training-Through-Scientific-Lure-Crafting-Wednesday.pdf - Blogpost von Microsoft Threat Intelligence zu den Sharepoint- Angriffen: https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities - Jürgen Schmidts Kommentar zu Microsofts Secure Future Initiative: https://heise.de/-10505985 - Video des Vortrags „Living off Microsoft Copilot“: https://www.youtube.com/watch?v=FH6P288i2PE - Windows' Kopieren-Dialog: https://xkcd.com/612/ - Copilot broke your audit log: https://pistachioapp.com/blog/copilot-broke-your-audit-log - Folgt uns im Fediverse: - @christopherkunz@chaos.social - @syt@social.heise.de

Der Dreh- und Angelpunkt in unserem digitalen Leben ist unser E-Mail-Account: Über diesen melden wir uns beim Onlineshopping oder bei Apps und Websiten an. Und wir hinterlegen ihn, um Benutzerkennwörter zurückzusetzen. Genau deshalb sind E-Mail-Accounts ein beliebtes Ziel von Hackern. Wie diese vorgehen und welche Schutzmaßnahmen es gibt, darüber sprechen Schlien und Hardy mit dem BSI-Experten Alexander Härtel in dieser Folge von #UpdateVerfügbar. Ihr erfahrt, wie die neuesten Phishing-Methoden funktionieren und wie ihr überprüfen könnt, ob eure eigene E-Mail-Adresse missbraucht wurde. Dazu tauchen Schlien und Hardy tief in die dunklen Ecken ihrer eigenen E-Mail-Postfächer ein. So könnt ihr leicht nachvollziehen, wo die Stolperfallen liegen. Überzeugt euch selbst!

If Salesforce flutters its wings in San Francisco... How is this still tricking people? From tagging to bagging Huge thanks to our sponsor, Prophet Security Security teams are drowning in alerts - many companies generate upwards of 1000 or more alerts a day, and nearly half go ignored. That's where Prophet Security comes in. Their AI SOC platform automatically triages and investigates alerts, so your team can focus on real threats instead of busywork. Faster response, less burnout, and lower risk to your business. Learn more atprophetsecurity.ai.  

Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year's Oktane event, and we aim to kick off the conversations a little early - with this interview! Segment Resources: Check out securityweekly.com/oktane for all our live coverage during the event this year! More information about the event and how you can attend can be found here: https://www.okta.com/oktane/ AI at Work 2025: Securing the AI-powered workforce Topic - Indirect Prompt Injection Getting Out of Hand Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen. Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack. Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible. What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done? News Finally, in the enterprise security news, Drones are coming for you… to help? One of the most powerful botnets ever goes down Phishing training is still pointless Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff vulns galore in commercial ZTNA apps GenAI projects are struggling to make it to production Adblockers could be made illegal - in Germany Windows is getting native Agentic support Automating bug discovery AND remediation? Public service announcement: time is running out for Windows 10 All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-421

Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year's Oktane event, and we aim to kick off the conversations a little early - with this interview! Segment Resources: Check out securityweekly.com/oktane for all our live coverage during the event this year! More information about the event and how you can attend can be found here: https://www.okta.com/oktane/ AI at Work 2025: Securing the AI-powered workforce Topic - Indirect Prompt Injection Getting Out of Hand Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen. Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack. Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible. What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done? News Finally, in the enterprise security news, Drones are coming for you… to help? One of the most powerful botnets ever goes down Phishing training is still pointless Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff vulns galore in commercial ZTNA apps GenAI projects are struggling to make it to production Adblockers could be made illegal - in Germany Windows is getting native Agentic support Automating bug discovery AND remediation? Public service announcement: time is running out for Windows 10 All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-421

Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year's Oktane event, and we aim to kick off the conversations a little early - with this interview! Segment Resources: Check out securityweekly.com/oktane for all our live coverage during the event this year! More information about the event and how you can attend can be found here: https://www.okta.com/oktane/ AI at Work 2025: Securing the AI-powered workforce Topic - Indirect Prompt Injection Getting Out of Hand Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen. Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack. Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible. What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done? News Finally, in the enterprise security news, Drones are coming for you… to help? One of the most powerful botnets ever goes down Phishing training is still pointless Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff vulns galore in commercial ZTNA apps GenAI projects are struggling to make it to production Adblockers could be made illegal - in Germany Windows is getting native Agentic support Automating bug discovery AND remediation? Public service announcement: time is running out for Windows 10 All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-421

Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year's Oktane event, and we aim to kick off the conversations a little early - with this interview! Segment Resources: Check out securityweekly.com/oktane for all our live coverage during the event this year! More information about the event and how you can attend can be found here: https://www.okta.com/oktane/ AI at Work 2025: Securing the AI-powered workforce Topic - Indirect Prompt Injection Getting Out of Hand Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen. Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack. Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible. What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done? News Finally, in the enterprise security news, Drones are coming for you… to help? One of the most powerful botnets ever goes down Phishing training is still pointless Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff vulns galore in commercial ZTNA apps GenAI projects are struggling to make it to production Adblockers could be made illegal - in Germany Windows is getting native Agentic support Automating bug discovery AND remediation? Public service announcement: time is running out for Windows 10 All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-421

In this first-ever English-language episode of the My Precious Data Podcast, Eddy Willems, international cybersecurity expert, sits down with Luis Corrons, longtime friend and Global Security Evangelist at GEN (formerly AVAST). With decades of experience between them, they explore the shifting cybersecurity landscape — from the early days of antivirus to today's AI-driven threats and misinformation campaigns.What to expect:A look back at the evolution of cybersecurity over the last 25 yearsHow GEN is adapting to modern cyber threatsThe role of user trust, awareness, and digital ethicsReal-world challenges in protecting users at a global scaleA candid discussion between two veteran cyber evangelistsMemorable quotes:“Cybersecurity is no longer just about protection. It's about trust, resilience, and digital responsibility.” — Eddy Willems“We're not just fighting malware anymore. We're up against disinformation, deepfakes, and AI-generated attacks.” — Luis Corrons“We need to empower users, not just shield them.” — Luis CorronsWhether you're a cybersecurity professional, policymaker, or simply interested in how the digital world is evolving, this episode offers valuable global insights with a personal touch.

Validating vendor information and checking that they are not on any applicable sanction lists is a part of your vendor on-boarding process, but what about after the on-boarding process? Today's episode is a webinar that not only has a five-step process for recurring vendor validations, but lots of five downloads to help you get started.  Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    On-Demand Webinar:  Recurring Vendor Validations: Ensure Post-Onboarding Compliance https://training.debrarrichardson.com/course/september2024Free Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Microsoft releases emergency out-of-band (OOB) Windows updates. Trump targets NSA's leading AI and cyber expert in clearance revocations. A breach may have compromised the privacy of Ohio medical marijuana patients. Cybercriminals exploit an AI website builder to rapidly create phishing sites. Warlock ransomware operators target Microsoft's SharePoint ToolShell vulnerability. Google and Mozilla patch Chrome and Firefox. European officials report two cyber incidents targeting water infrastructure. A federal appeals court has upheld fines against T-Mobile and Sprint for illegally selling customer location data. Authorities dismantle DDoS powerhouse Rapper Bot. On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, speaking about ShinyHunters and the problems with securing Salesforce. Microsoft Copilot gets creative with compliance.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, who is speaking about ShinyHunters and the problems with securing Salesforce. You can hear more from Matt here. Selected Reading Microsoft releases emergency updates to fix Windows recovery (Bleeping Computer) Trump Revokes Security Clearances of 37 Former and Current Officials (The New York Times) Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database (WIRED) AI Website Builder Lovable Abused for Phishing and Malware Scams (Hackread) Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell Exploit (InfoSecurity Magazine) High-Severity Vulnerabilities Patched in Chrome, Firefox (SecurityWeek) Russia-linked European attacks renew concerns over water cybersecurity (CSO Online) T-Mobile claimed selling location data without consent is legal, judges disagree (Ars Technica) Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator (CyberScoop) Copilot Broke Your Audit Log, but Microsoft Won't Tell You (Pistachio Blog) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today on the radio show. 1 - Smoko chat. Top 10 pubs in NZ. 5 - Great bars in NZ. 9 - Phishing emails. 13 - Aussie trauma. 18 - What have you had in your ear. 23 - Must watch. https://bit.ly/3HF7J5u 25 - Nickname ninjas vol. 10. 27 - Antiques Road Show Gone Wild. 32 - Mindbenders. 36 - The Grab a Bite. 41 - Aussie battlers on the news. 43 - Late mail. 47 - Last drinks. Get in touch with us: https://linktr.ee/therockdrive

Ann Westerheim, founder and president of Ekaru, discusses the concept of "last mile services" in technology, emphasizing the importance of making advanced IT and cybersecurity accessible to small businesses. Drawing from her background in the semiconductor industry, she highlights the gap between cutting-edge technology and its practical application for Main Street USA businesses. Her approach focuses on empowering clients to improve their cybersecurity posture through simple, actionable steps, such as implementing strong passwords and multi-factor authentication.Westerheim introduces her CyberFit 21-day program, designed to demystify cybersecurity for non-technical users. She aims to replace the overwhelming jargon of the tech industry with relatable concepts that resonate with small business owners. By simplifying complex topics, she helps clients understand the risks they face and the straightforward measures they can take to mitigate them. This approach not only educates but also empowers clients to take control of their cybersecurity.The conversation shifts to the impact of artificial intelligence (AI) on cybersecurity, particularly in phishing attacks. Westerheim notes that AI is being used to create highly sophisticated phishing emails that are indistinguishable from legitimate communications. She emphasizes the need for businesses to establish acceptable use policies regarding AI and to educate employees about the potential security risks associated with its use. This proactive approach is crucial as many employees may be using AI tools without understanding the implications.As the discussion wraps up, Westerheim reflects on the current mood among small business clients, who are feeling overwhelmed by rapid technological changes and external economic pressures. She stresses the importance of taking small, manageable steps to adapt to these changes rather than succumbing to paralysis by analysis. By fostering open dialogues about technology and security, she aims to guide her clients through this period of uncertainty, helping them to embrace the opportunities that come with technological advancements. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

A ransomware attack exposes personal medical records of VA patients. New joint guidance from CISA and the NSA emphasizes asset inventory and OT taxonomy. The UK government reportedly spent millions to cover up a data breach. Researchers identified two critical flaws in a widely used print orchestration platform.  Phishing attacks increasingly rely on personalization. Rooting and jailbreaking frameworks pose serious enterprise risks. Fortinet warns of a critical command injection flaw in FortiSIEM. Estonian nationals are sentenced in a crypto Ponzi scheme. Michele Campobasso from Forescout joins us to unpack new research separating the hype from reality around “vibe hacking.” Meet the Blockchain Bandits of Pyongyang. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Michele Campobasso from Forescout joins us to unpack new research separating the hype from reality around “vibe hacking.” Their team tested open-source, underground, and commercial AI models on vulnerability research and exploit development tasks—finding high failure rates and significant limitations, even among top commercial systems. Selected Reading Medical records for 1 million dialysis patients breached in data hack of VA vendor (Stars and Stripes) NSA Joins CISA and Others to Share OT Asset Inventory Guidance (NSA.gov) CISA warns of N-able N-central flaws exploited in zero-day attacks (Bleeping Computer) U.K. Secretly Spent $3.2 Million to Stop Journalists From Reporting on Data Breach (The New York Times) From Support Ticket to Zero Day  (Horizon3.ai) Personalization in Phishing: Advanced Tactics for Malware Delivery (Cofense) The Root(ing) Of All Evil: Security Holes That Could Compromise Your Mobile Device (Zimperium) Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild (Bleeping Computer) Estonians behind $577 million cryptomining fraud sentenced to 16 months (The Record) Someone counter-hacked a North Korean IT worker: Here's what they found (Cointelegraph) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A vendor in your vendor master file is inactive – and for good reason, because the last time your company paid that vendor was four years ago.  Now your company wants to use that vendor again – don't just change the status that can lead to failed payments and bad vendor data.  Why and what should you do instead? `Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team.  Links mentioned in the podcast + other helpful resources:    Training Session:  Build a Substitute W-9 Form to Combine Your Vendor Setup Form and IRS Form W-9 https://training.debrarrichardson.com/course/substitute-irs-w9Training Session:  Build a Substitute W-8BEN and W-8BEN-E FormFree On-Demand Webinar:  8 Steps to Clean Your Vendor Master File https://training.debrarrichardson.com/course/cleanupFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

We're back! Pen Tester and Team Ambush member Morgan Trust walks us through his journey into the cybersecurity field. With a can-do approach, Morgan discusses how he has developed professionally, expanding his expertise across public speaking and competitive hacking. His presentation, "The New Era of Deception: AI, Deep Fakes, and The Dark Web" has hit many a stage with these essential points to keep in mind: - AI is increasingly being used in sophisticated phishing attacks. - Cybersecurity practices should be proactive; be prepared for a situation- Understanding the evolving nature of cyber threats is vital. Enjoy this episode featuring a balance of hobby pursuits, shared experiences in security, and informative points.We want to hear from you! Contact us at unsecurity@frsecure.com and follow us for more! LinkedIn: https://www.linkedin.com/company/frsecure/ Instagram: https://www.instagram.com/frsecureofficial/ Facebook: https://www.facebook.com/frsecure/ BlueSky: https://bsky.app/profile/frsecure.bsky.social About FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

Personal Security 101: Die Security-Basics für Entwickler*innenDenkst du, Passwortmanager sind in 2025 längst Standard? Dann kennst du vermutlich noch nicht die Realität von vielen Devs. Selbst bei den Profis landen SSH-Schlüssel, API-Keys oder Secrets oft unverschlüsselt auf der Festplatte.In dieser Episode gehen wir zurück zu den Security-Basics. Wir sprechen offen darüber, was wirklich Best Practice ist und was in der Praxis (und bei uns privat) anklang findet. Warum sind Passwortmanager ein echtes Must-have? Wann reicht TOTP – und wann brauchst du Hardware-Tokens wie den Yubikey? Welche Kompromisse gehst du zwischen UX, Sicherheit und „Faulheit“ ein? Außerdem diskutieren wir, wie du SSH-Keys richtig schützt und wie du sensible Umgebungsvariablen verwaltest. Weiterhin klären wir, was Phishing, Typosquatting und homographische Angriffe sind.Engagiere dich in unserer Community, teile deine Security-Stories und verrate uns deine Lieblings-Tools – oder die Hacks, auf die du heute lieber nicht mehr stolz bist. Vielleicht schaffen wir es gemeinsam, Security 2025 ein Stück besser zu machen.Unsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:

In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico's Field CTO about making account recovery and onboarding for employees phishing-resistant. They also discuss the problems and opportunities of syncable passkeys. Show notes

In this episode of Breaking into Cybersecurity, Craig Taylor, CEO of Cyber Hoo, shares his journey into the cybersecurity field. With a background in psychology, Taylor discusses his early career, the establishment of his company, and the challenges he faced along the way. He emphasizes the importance of positive reinforcement in cybersecurity training, the impact and implications of AI in the field, and the evolving landscape of security threats. Taylor also offers valuable guidance for those seeking to follow a similar path in cybersecurity, highlighting free resources to help individuals enhance their cyber literacy.Helpful links:https://cyberhoot.com/cybrary/identity-theft/https://cyberhoot.com/solutions/for-individuals/00:00 Introduction and Guest Welcome01:00 Craig Taylor's Journey into Cybersecurity03:56 Founding Cyber Hoo and Early Challenges05:59 The Role of AI in Cybersecurity09:04 AI's Impact on Phishing and Data Privacy24:50 Positive Reinforcement in Cybersecurity Training32:33 Final Thoughts and Advice for Aspiring Cybersecurity ProfessionalsSponsored by CPF Coaching LLC - http://cpf-coaching.comThe Breaking into Cybersecurity: It's a conversation about what they did before, why did they pivot into cyber, what the process was they went through Breaking Into Cybersecurity, how they keep up, and advice/tips/tricks along the way.The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. We focus on the skills and competencies associated with cybersecurity leadership and tips/tricks/advice from cybersecurity leaders.Check out our books:Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level https://amzn.to/3443AUIHack the Cybersecurity Interview: Navigate Cybersecurity Interviews with Confidence, from Entry-level to Expert roleshttps://www.amazon.com/Hack-Cybersecurity-Interview-Interviews-Entry-level/dp/1835461298/Hacker Inc.: Mindset For Your Careerhttps://www.amazon.com/Hacker-Inc-Mindset-Your-Career/dp/B0DKTK1R93/About the hosts:Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/Download a free copy of her book at magnetichiring.com/bookChristophe Foulon focuses on helping to secure people and processes, using a solid understanding of the technology involved. He has over ten years of experience as an Information Security Manager and Cybersecurity Strategist. He is passionate about customer service, process improvement, and information security. He has significant expertise in optimizing the use of technology while balancing the implications for people, processes, and information security through a consultative approach.https://www.linkedin.com/in/christophefoulon/Find out more about CPF-Coaching at https://www.cpf-coaching.comWebsite: https://www.cyberhubpodcast.com/breakingintocybersecurityPodcast: https://podcasters.spotify.com/pod/show/breaking-into-cybersecuriYouTube: https://www.youtube.com/c/BreakingIntoCybersecurityLinkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/Twitter: https://twitter.com/BreakintoCyberTwitch: https://www.twitch.tv/breakingintocybersecurity

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

Did you know that the IRS has working group meetings for the Information Returns Intake System (IRIS)?  To find out three things I learned when I attended, what the IRS says FIRE users should do now and how you can attend the next one..Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:     YouTube Video:  Demo of the IRS e-News Subscriptions IRS: IRIS working group meetings and notes Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

The final episode of Wallet Watch Season 13 is here, and it's all about one of the most common forms of cyber security fraud: phishing. In the newest episode titled “Phishing 101: Don't Take the Bait,” host Jessica Rubio speaks with Erin Landis, Chief Information Security Officer (CISO) from MSU Federal Credit Union, about how phishing scams are evolving — and how you can protect yourself. Erin shares insights into the personal and corporate risks of phishing, how AI is making scams more convincing, and the top red flag of urgency to watch for. If a message pushes you to act fast, slow down — it could be a trap. To wrap the season up, the message is clear. The more we educate ourselves, the better equipped we are to outsmart fraudsters.

Phishing (fraud) phone calls are getting more sophisticated all the time, and they are using AI to help find out info about you and customize their call scripts    #SupportUkraine #Ukraine #StandingWithUkraine #UkraineRussiaWar #StopRussia

In this episode of Hashtag Trending, host Jim Love discusses a variety of consumer protection and scam-related stories. Topics include an Airbnb host accused of using AI-generated photos for a fake $9,000 damage claim, scammers sending mystery packages with QR codes for phishing attacks, and AI's impact on consulting firms like McKinsey. Additionally, the episode covers a US court blocking the click-to-cancel rule meant to simplify subscription cancellations, and Atlassian's controversial use of prerecorded videos to lay off staff. The overarching theme highlights the increasing challenges consumers face as technology advances. 00:00 Introduction and Overview 00:52 AI-Generated Scams: The Airbnb Incident 02:34 QR Code Phishing Scams 04:07 AI's Impact on Consulting Firms 05:45 Consumer Protection Setback: Click to Cancel Rule 07:25 Atlassian's Controversial Layoffs 08:47 Conclusion and Sign-Off

If a co-worker or colleague contacted you on social media – how do you tell if it's them or not?Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Free Authentication Training:  3 Step Vendor Setup & Maintenance Process WorkshopBloomberg Article:  ‘I Need to Identify You':  How One Question Saved Ferrari From a Deepfake Scam Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

In this week's episode of Search with Candour, Jack Chambers-Ward and Mark Williams-Cook discuss the evolving landscape of search in the context of Large Language Models (LLMs), the challenges they bring, including A LOT of spam and how they are being manipulated in search.They talk about the potential future of AI search, and the implications for brands and consumers as well as the responsibilities of monitoring and mitigating misinformation, the need for in-depth product data, and the feasibility of AI taking over transactional tasks.Sponsored by fatjoe:Are you ready to get started? Sign up for your free fatjoe account: https://fatjoe.com/References:Use The Brand Control Quadrant To Reclaim Your Brand Narrative: https://www.youtube.com/watch?v=mMx3u6fgg5wWhy OpenAI & Perplexity want clickstream data: https://www.linkedin.com/posts/myriamjessier_ai-search-marketing-activity-7348972981231988738-jDHIHacked sites and expired domains are being cited by ChatGPT: https://digitaloft.co.uk/hacked-sites-and-expired-domains-are-being-used-as-chatgpt-sources/00:00 Introduction and banter01:28 Discussing LLM Spam and Manipulation02:16 Sponsor Message: Fatjoe03:59 The Uses of LLMs in Search06:03 Challenges and Future of AI Search16:38 Phishing and Security Concerns with LLMs19:54 Responsibility and Brand Protection24:47 The Future of AI and Search31:10 Damage Control in the Age of Generative AI31:41 LLMs are Leaky Buckets32:48 Firefighting Tools for AI Errors34:22 The Importance of Brand Reputation35:15 High-Value Leads and Conversion Rates36:46 Misleading AI Conversations37:27 SEO Strategies for E-commerce40:14 The Future of AI in E-commerce44:33 The Impact of AI on Consumer Behaviour47:23 Concluding Thoughts and Upcoming Events

This is repeat of a broadcast from last October, still relevant, especially in the light of so many current breaches which have begun not with technical weaknesses but with phishing and social engineering.   In this deeper dive episode of 'Cybersecurity Today,' hosts Jim Love and David Shipley, a top cybersecurity expert from Beauceron Security, explore the evolution, intricacies, and impact of phishing attacks. They highlight recent sophisticated phishing strategies that combine AI, complex setups, and psychological manipulation to deceive even the most knowledgeable individuals. The discussion covers various types of phishing including spearphishing, whaling, sharking, QR phishing, and the emotional and psychological tactics employed by attackers. They also delve into practical defense mechanisms such as Multi-Factor Authentication (MFA), passkeys, and the importance of fostering a security-conscious workplace culture. The episode emphasizes the need for a diversified security approach involving technology, training, and emotional intelligence, while encouraging assertiveness in questioning potentially fraudulent communication. 00:00 Introduction to Cybersecurity Today 00:40 The Evolution of Phishing Attacks 01:44 Deep Dive into Phishing Techniques 03:31 History of Phishing 06:04 Types of Phishing: From Email to Whaling 10:06 Advanced Phishing Tactics 19:25 The Psychology Behind Phishing 26:03 Phishing Tactics: Free Gift Card Scams 26:33 The Power of Scarcity in Phishing 28:27 Authority and Phishing: Impersonation Tactics 29:11 Consistency: Small Requests Leading to Big Scams 30:14 Liking and Social Proof in Social Engineering 32:15 The Evolution of Phishing Techniques 35:31 The Role of MFA in Enhancing Security 38:35 Passkeys and the Future of Authentication 44:57 Building a Security-Conscious Workplace Culture 48:47 Conclusion and Final Thoughts

In this episode of Campus Technology Insider Podcast Shorts, Rhea Kelly discusses the U.S. Department of Education's new guidance on using federal grant funds for AI-based learning tools, BforeAI's findings on a phishing campaign targeting ED's G5 portal, and a new AI literacy program for underserved youth by Operation HOPE and Georgia State University. 00:00 Introduction and Overview 00:16 AI in Education: New Federal Guidance 01:01 Cybersecurity Alert: Phishing Campaign Targeting Education Sector 01:30 AI Literacy Initiative for Underserved Youth 02:06 Conclusion and Further Resources Source links: ED Issues Guidance on the Use of Federal Grant Funds to Support Learner Outcomes with AI Phishing Campaign Targets ED Grant Portal Georgia State U and Operation HOPE Program Fosters AI Literacy in Underserved Youth Campus Technology Insider Podcast Shorts are curated by humans and narrated by AI.

Check fraud is increasing, they take longer to settle, and they cost more in supplies and manpower.  All great reasons to convert your check payment vendors to ACH payment.  But don't use that as a way to clean your vendor master file, that task needs to be done first.  Here are five do's and one big don't that you need to think about before you get started.  Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Digital Product:  Vendor Banking Form Template  On-Demand Webinar:  8 Steps to Clean Your Vendor Master File Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Microsoft links Sharepoint ToolShell attacks to Chinese hackers Russian threat actors target NGOs with new OAuth phishing tactics Silicon Valley engineer admits theft of US missile tech secrets Huge thanks to our sponsor, Nudge Security Nudge Security discovers every SaaS app used in your org, secures configurations, enforces MFA, and manages app-to-app access so you can prevent identity based attacks. Start a free 14-day trial today at NudgeSecurity.com

In an era where technology is intertwined with our daily lives, fraudsters are continually devising new strategies to steal sensitive information from unsuspecting individuals. Among their most insidious tactics is phishing—a deceptive practice designed to manipulate you into divulging your personal information without your awareness.  Learn more about KnowBe4 Awareness Check out TCU University for financial education tips and resources! Follow us on Facebook, Instagram and Twitter! Learn more about Triangle Credit Union  Transcript: Welcome to Money Tip Tuesday, brought to you by the Making Money Personal podcast!   Today, we're sharing crucial insights inspired by an article from KnowBe4 Security Awareness and Training Solutions.  Security Tips: How to Detect Phishing Emails  As phishing activities increasingly proliferate, remaining vigilant is of paramount importance. Here are some key indicators to scrutinize before you take any action on an email:  Is it Expected? - Take a moment to consider whether you were anticipating this email. If it appeared unexpectedly, exercise caution as it may not be legitimate.  Is it Reasonable? - Context matters. Ask yourself whether it makes sense for you to receive this type of correspondence. If the content feels out of place or irrelevant, it's wise to be skeptical. Are There Grammatical Errors? - Pay close attention to the language used in the email. Messages that claim to be from established companies often contain spelling mistakes or poor grammar—this is frequently a clear warning sign of a phishing attempt. Does It Contain a Link? - Always hover your mouse over links without clicking to verify their authenticity. For example, if an email claims to be from emailaddress@google.com but the link leads to a suspicious domain like website.yahoo.com, you're facing a significant red flag. Does It Have an Attachment? - Be cautious about opening attachments, as they might harbor malicious programs disguised as harmless files. It's best to avoid clicking on attachments from unfamiliar sources. Does It Create a Sense of Urgency? - A common tactic among phishing emails is to instill a sense of panic, prompting you to act quickly. They may claim to be from a high-ranking official or require immediate attention. Resist the urge to respond hastily—take a moment to assess and critically evaluate the situation to protect yourself from potential phishing attempts.  Stay vigilant and take proactive steps to safeguard your personal information!  If there are any other tips or topics you'd like us to cover, let us know at tcupodcast@trianglecu.org. Also, remember to like and follow our Making Money Personal Facebook and Instagram to share your thoughts. Finally, remember to look for our sponsor, Triangle Credit Union, on Facebook and LinkedIn.         Thanks for listening to today's Money Tip Tuesday. Check out our other tips and episodes on the Making Money Personal podcast. 

SharePoint Servers Exploited via 0-day CVE-2025-53770 Late last week, CodeWhite found a new remote code execution exploit against SharePoint. This vulnerability is now actively exploited. https://isc.sans.edu/diary/Critical+Sharepoint+0Day+Vulnerablity+Exploited+CVE202553770+ToolShell/32122/ Veeam Voicemail Phishing Attackers appear to impersonate VEEAM in recent voicemail-themed phishing attempts. https://isc.sans.edu/diary/Veeam%20Phishing%20via%20Wav%20File/32120 Passkey Phishing Attack A currently active phishing attack takes advantage of the ability to use QR codes to complete the Passkey login procedure https://expel.com/blog/poisonseed-downgrading-fido-key-authentications-to-fetch-user-accounts/

In this episode of Cybersecurity Today, host David Shipley discusses several pressing cybersecurity issues. First, popular NPM Linter packages were hijacked via phishing to spread malware, affecting millions of downloads.  Concurrently, Ukrainian CERT uncovers new phishing campaigns tied to APT28 using large language models for command and control. Microsoft discontinues the use of China-based engineers for US Department of Defense systems following a controversial report. Lastly, social engineering, facilitated by AI, becomes a greater threat than zero-day exploits. The episode emphasizes the need for stronger maintainer security, multifactor authentication, and a comprehensive understanding of social engineering risks.  00:00 Introduction - 10 Million Downloads 01:30 NPM Linter Packages Hijacked 05:05 Social Engineering and AI in Cybersecurity 08:57 Microsoft's China-Based Engineers Controversy 12:15 The Real Threat: Social Engineering 16:39 Conclusion and Call to Action

In this episode of Cyber Crime Junkies, host Dean Mauro explores listener question of who do hackers target the most. He explains the real truth about cyber crime,  recent examples of Cyber crime This year, Small business cyber attacks, and he evaluates FBI IC3 Report 2025Send us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com

The first computer virus is believed to have been used in 1969 at the University of Washington Computer Center. A person who has never been named installed a program that came to be known as “RABBITS Virus” on one of the computers. The program began replicating itself until it overwhelmed the computer causing it to shut down. Over the years, the scale and sophistication of cyber attacks has increased and with the advent of AI, digital criminals have jumped on the AI bandwagon and become more lethal.

The FBI has issued a warning - phishing with a medical theme is on the rise. The problem is healthcare providers keep losing client info and sending out warnings. What is a patient to do? We'll talk it over on this edition of The Checklist brought to you by SecureMac. Check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com

Are you performing security audits, so you know who has access to your systems?  Listen to today's episode to for 4 scenarios when employees or contractors used their system access for fraudulent purposes.  Then see how you can get a 5-step plan to perform a system audit.Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Webinars: A Security Audit to Protect Vendor Data and Avoid Fraud  Prevent Payments to Internal Fraudsters - Stopping Bad Actors in Your Organization Collusion CasesTD Bank Employee's Bribery Scheme: A $37,000 Fraud That Cost the Bank $72,000  Postal Service says many checks stolen through the mail are done by its own employees  Brazilian police arrest IT worker over $100 million cyber theft Former Banker Arrested for Allegedly Obtaining $2.7 Million in COVID Business-Relief Funds Using Stolen IDs of Disabled Persons Vendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Vendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

News and Updates: A Purdue University study found anti-phishing training may be worse than ineffective. Testing 12,000+ fintech employees, researchers saw no reduction in phishing link clicks — and in some cases, trained staff clicked slightly more often. Experts say companies should shift focus from costly training to technical defenses. TikTok is reportedly developing a new U.S.-only app, codenamed “M2,” to sidestep a pending federal ban. The replacement could debut in September as part of a sale to an Oracle-led investor group. Current TikTok would stay active until early 2026 under the tentative plan. The Kids Off Social Media Act (KOSMA) advanced in the U.S. Senate, proposing a ban on social media accounts for kids under 13 and limits on algorithms for users under 17. Critics warn the bill's AI-based age estimation could misidentify millions of users, raising privacy and constitutional concerns.

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Ledger phishing campaigns on the rise https://www.ledger.com/phishing-campaigns-status   Brazilian banks hacked through compromised employee https://www.bleepingcomputer.com/news/security/employee-gets-920-for-credentials-used-in-140-million-bank-heist/  https://cointelegraph.com/news/coin-center-us-treasury-appeal-tornado-cash   Security company hacks customers https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-networks-to-pitch-security-services/    New cruise rules 2025 https://legalunitedstates.com/carnival-cruise-new-rules-2025/     Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Glenn - https://www.linkedin.com/in/glennmedina/ Victor - https://www.linkedin.com/in/victordeluca/

Bob Burke, Chief Information Security Officer at Beyond Identity, challenges the effectiveness of traditional multi-factor authentication (MFA) in the evolving landscape of cybersecurity. He argues that legacy MFA solutions, which often rely on out-of-band authorization methods like push notifications or one-time passwords, are no longer sufficient against the rising tide of sophisticated cyber threats. With the advent of services like phishing-as-a-service, attackers can easily bypass these outdated security measures, necessitating a shift towards phishing-resistant authentication methods. Burke emphasizes the need for organizations to adopt solutions that not only enhance security but also consider device posture and trustworthiness.Burke also critiques the current state of FIDO2 and passkeys, acknowledging their potential while highlighting their limitations, particularly in terms of device posture and user experience. He suggests that small to mid-sized businesses (SMBs) should prioritize phishing-resistant solutions that integrate both browser protection and device authentication. Furthermore, he raises concerns about the pricing models of many Software as a Service (SaaS) providers, which often place essential security features behind higher-tier subscriptions, effectively discouraging customers from adopting more secure practices.The conversation shifts to the endpoint detection and response (EDR) market, where Burke notes that while EDR solutions are still necessary, they are evolving into more comprehensive offerings like extended detection and response (XDR). He points out that many of these solutions are priced for enterprise-level organizations, leaving SMBs and mid-market companies struggling to find affordable options. Burke encourages these organizations to seek out solutions that fit their budget while still providing essential security capabilities.Finally, Burke shares insights from his experience with the FedRAMP certification process, emphasizing the importance of building internal security competencies and integrating security into product design from the outset. He advocates for a clear internal compliance program, such as NIST, to guide organizations in their security efforts. As the cybersecurity landscape continues to evolve, Burke warns that the tempo and scope of attacks are increasing, driven by advancements in AI, and urges organizations to reassess their security architectures to stay ahead of emerging threats.  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Managed service providers (MSPs) are currently facing unprecedented pressure from clients regarding cybersecurity, with a significant increase in expectations for MSPs to manage their cybersecurity infrastructure. A recent survey revealed that 84% of MSPs report their clients now expect them to handle cybersecurity end-to-end, a notable rise from 65% the previous year. This shift comes as MSPs themselves are under increased scrutiny, with 77% reporting heightened oversight of their security practices. The growing concern over emerging threats, particularly those related to artificial intelligence, has further complicated the landscape, as MSPs find themselves caught between rising client demands and a lack of accountability from cybersecurity vendors.In a related development, a fraudulent impersonator has been using artificial intelligence to mimic the voice and writing style of U.S. Secretary of State Marco Rubio, successfully contacting several high-level officials to manipulate them for sensitive information. This incident highlights the vulnerabilities in secure communication channels and the ease with which attackers can exploit lax data security among government officials. The FBI has issued warnings about ongoing malicious messaging campaigns that utilize AI-generated voice messaging, emphasizing the need for enhanced verification protocols in executive communications.Additionally, attackers have been exploiting Microsoft 365's direct send feature to launch phishing attacks, impacting over 70 organizations. This method allows attackers to send emails that appear to come from legitimate internal addresses, bypassing traditional security measures. Research indicates that conventional phishing awareness training is largely ineffective, with many employees failing to recognize phishing attempts even after training. The study suggests a shift towards interactive training methods, which have proven more effective in reducing the likelihood of falling victim to such scams.Ingram Micro has begun restoring customer ordering capabilities following a ransomware attack that temporarily disabled its systems, but the company's lack of communication during the crisis has raised concerns among partners. The incident serves as a case study in breach communication, highlighting the importance of transparency and effective communication in maintaining trust. Meanwhile, Kaseya has expanded its community investment with the Technology Marketing Toolkit, aimed at enhancing resources for MSPs. However, questions remain about the potential cultural clash and the impact on the independence of the Toolkit's offerings within Kaseya's larger ecosystem. Four things to know today 00:00 MSPs Face Rising Cybersecurity Pressure as Clients Demand Full Protection and Vendors Sidestep Shared Risk04:25 AI Deepfake Impersonates Secretary of State in Sophisticated Attack, Exposing Risks for Executive Security09:17 Ingram Micro Begins System Restoration After Ransomware Attack, But Silence Frustrates12:07 Robin Robins Sells Technology Marketing Toolkit; Joins Kaseya as Strategic Advisor This is the Business of Tech.    Supported by:  https://getnerdio.com/nerdio-manager-for-msp/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Segment 1 with Dave Whorton starts at 0:00. The “Get Big Fast” startup era is crumbling. Sky-high valuations, zero profits, and a fixation on rapid scaling have left businesses fragile and the economy unstable. It's time for entrepreneurs to skip the funding rounds and rethink how they approach growth.In his new book "Another Way - Building Companies That Last…and Last…and Last",  former Kleiner Perkins Venture Capitalist Dave Whorton lays out a path forward. After seeing firsthand the risks of speculative growth, he rejected the Silicon Valley unicorn obsession he helped fuel, and now helps entrepreneurs thrive better in our volatile times.Segment 2 with Marcelo Barros starts at 20:28.Phishing attacks are forever changing and getting more creative. What do we need to know as small business owners and how should be educate our team?Marcelo Barros is the Global Director of Hacker Rangers. He is an IT professional with over 30 years of experience and a strong interest in cybersecurity. As the Global Markets Leader at Hacker Rangers, a gamification company, he spearheads the company's expansion into markets outside of Brazil. Before this position, Marcelo dedicated 17 years to IBM, where he worked in cybersecurity, sales, and management, delivering solutions and achieving outcomesBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-small-business-radio-show--3306444/support.

The Jurassic World: Rebirth film is coming out. Does it look dino-riffic? The Plugged In team looks at the newest installment and the franchise as a whole, letting you in on what you need to know. The team then discusses online phishing scams and how you can be vigilant to protect your and your family. Connect with us! www.ThePluggedInShow.com Connect on Facebook Find us on Instagram EMAIL: team@thepluggedinshow.com PHONE: 800-A-FAMILY (800-262-3459) Read the full review: · Jurassic World: Rebirth · Jurassic World: Dominion · Jurassic World: Fallen Kingdom · Jurassic World · Jurassic Park III · The Lost World: Jurassic Park · Jurassic Park · Jurassic World: Camp Cretaceous · The Beekeeper Check out the Plugged In Blog: · On the Radar: Social Media Phishing Gender Gap with Teens and Tiktok Amber Alerts The Plugged In Tech Guide Focus on the Family with Jim Daly Episode: How Your Family Can Manage Technology Well Part 1 How You Can Make Wise Entertainment Choices for Your Family Donate Now! We'd love to hear from you! Visit our Homepage to leave us a voicemail. If you've listened to any of our podcasts, please give us your feedback.