Podcasts about Phishing

Phishing with Sam Fischer

Did you know you can find lots of fraud prevention resources from the Better Business Bureau?  In this episode, Troy Baker from the Michigan Better Business Bureau talks about fraud, using the BBB for validations and what we both think is the best thing to do that will keep your company protected from fraud.   Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:   Better Business Bureau Links:  Main Webpage:  https://www.bbb.org Scam Tracker:  https://www.bbb.org/scamtracker Scam News/Tips:  https://www.bbb.org/all/scamtips Sign-Up for Scam Alerts: https://signup.e2ma.net/signup/1900156/1902645/ Michigan Better Business Bureau:  https://www.bbb.org/miprograms Validate Charities:  https://www.give.org Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Il furto di migliaia di dati sensibili di clienti Coinbase ci ricorda per quale motivo gli exchange centralizzati vanno sempre evitati come la peste.Inoltre: ancora aggiornamenti sul dibattito OP_RETURN, analizziamo lo stato degli UTXO set, Wallet of Satoshi aggiorna una versione non custodial dell'app, sempre più aziende nel mondo adottano bitcoin nella loro strategia.It's showtime!

Sam Fischer Joins the show! Summer time Ball Standby list Day Bet Make My Day See omnystudio.com/listener for privacy information.

xorsearch.py: Python Functions Didier s xorsearch tool now supports python functions to filter output https://isc.sans.edu/diary/xorsearch.py%3A%20Python%20Functions/31858 Pwn2Own Berlin 2025 Last weeks Pwn2Own contest in Berlin allowed researchers to demonstrate a number of new exploits with a large focus on privilege escalation and virtual machine escape. https://www.zerodayinitiative.com/blog/2025/5/17/pwn2own-berlin-2025-day-three-results Senior US Officials Impersonated in Malicious Messaging Campaign The FBI warns of senior US officials being impersonated in text and voice messages. https://www.ic3.gov/PSA/2025/PSA250515 Scattered Spider: TTP Evolution in 2025 Pushscurity provided an update on how Scattered Spider evolved. One thing they noted was that Scattered Spider takes advantage of legit dynamic domain name systems to make detection more difficult https://pushsecurity.com/blog/scattered-spider-ttp-evolution-in-2025/

This week, Dave speaks with Max Gannon of Cofense Intelligence to dive into his team's research on "The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders." Threat actors continuously develop new tactics, techniques, and procedures (TTPs) to bypass existing defenses. When defenders identify these methods and implement countermeasures, attackers adapt or create more sophisticated approaches. This research explores how cybercriminals are leveling up their credential phishing tactics using Precision-Validated Phishing, a technique that leverages real-time email validation to ensure only high-value targets receive the phishing attempt. The research can be found here: The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders⁠⁠⁠⁠⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Today's blockchain and crypto news Binance, Kraken successfully thwart phishing attacks simialar to Coinbase hack World Liberty Financial rebuts Senate Democrat's probe Coinshift's stablecoin tops $100 million in TVL Learn more about your ad choices. Visit megaphone.fm/adchoices

Content warning: This episode contains descriptions of exploitation, self-harm, and abuse. Listener discretion is advised. A network called 764 has turned abuse into currency. It spread through Discord, Telegram, and gaming platforms—built around “lorebooks,” collections of coerced violence traded for status. In a strange twist, this harm group has connections to cybercrime groups we've covered on this show before. Note: I was recording in an office, which between that and the subject matter, explains why my tone is pretty hushed in this one. Hacked is brought to you by Push Security—helping companies stop identity attacks before they happen. Phishing, credential stuffing, session hijacking—Push tackles it right where it starts: in the browser. Smart, seamless, and built for how people actually work. Check them out at pushsecurity.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Inoltre, l'impatto della disciplina in tema di IA sulle professioni legali e nell'attività giudiziaria, il phishing, i maltrattamenti in famiglia e la L. n. 69/2025 di conversione del Decreto P.A.>> Leggi anche l'articolo: https://tinyurl.com/2m8jup6e>> Scopri tutti i podcast di Altalex: https://bit.ly/2NpEc3w

Is your vendor master file and customer master file the same?  Don't miss taking advantage of these key benefits when they are one in the same.  What are they?  Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:   Customer Master File Training (50% off Through 6/15/25):  3 Step Customer Setup & Maintenance Process Workshop Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Digitalizzazione della giustizia, regolamentazione del mercato digitale, le linee guida delle Procure sulle intercettazioni, una sentenza in tema di phishing e colpa del cliente, la voce ''Rapina'' di AltalexPedia.>> Leggi anche l'articolo: https://tinyurl.com/nrk9wue7>> Scopri tutti i podcast di Altalex: https://bit.ly/2NpEc3w

Video - https://youtu.be/OpOAoPUMfoUEver get that weird feeling when someone rushes you for sensitive info or tries a little too hard to be helpful? You might be facing a social engineering attack—and not the phishing kind. In this video, we break down the 3 biggest red flags you need to spot before it's too late. Don't get played—get prepared. I used ChatGPT-4o, ScreenPal, and Pictory.ai to put this information together.If you're interested in trying Pictory.ai please use the following link. https://pictory.ai?ref=t015o

Rik van Duijn keert terug aan tafel en vertelt hoe zijn bedrijven Zolder en Attic Security het Nederlandse mkb helpen veiliger te werken met Microsoft 365. We bespreken waarom Microsoft jouw omgeving niet vanzelf optimaal beveiligt, hoe Rik een app bouwde die security toegankelijk maakt, en waarom zijn klanten variëren van vier tot vijfduizend gebruikers. Verder duiken we in zuurdeeg, phishing-as-a-service, Teams-miserie en het hackverleden van Rik – inclusief virussen op z'n ouderlijk huisnetwerk. Kortom: een aflevering over digitale veiligheid, menselijke fouten, ethisch hacken én barcodescanners op 4G.Waar Zolder focust op consultancy en pentesten, biedt Etic een SaaS-oplossing die security-advies combineert met monitoring en eenvoudige instellingen via een app. Rik legt uit hoe het framework werkt, waarom het ook buiten Microsoft 365 toepasbaar is, en waarom hun grootste uitdaging geen techniek maar communicatie is. Daarnaast bespreken we business email compromise, money mules, en de culturele barrière die e-mail en Teams veroorzaken bij cybersecurity.ShownotesAttic SecurityZolderRSA Conference San FranciscoIC3 (Internet Crime Complaint Center) rapporten van de FBIAzure Sentinel SIEM van MicrosoftMicrosoft Security BlogOver backdoor software zoals NetBus en Back OrificeDe Pathé fraudezaakNIS2-richtlijnTijdschema0:00:00 Waarom Microsoft 365 extra beveiliging nodig heeft0:01:50 Zuurdesem maken uit de lucht, gisten en afvallen0:04:13 San Francisco sourdough en RSA Conference0:05:32 Wat doen Zolder en Etic Security precies0:09:30 Waarom Microsoft het niet zelf dichttimmert0:12:49 De Attic-app: security voor elke gebruiker via pushnotificaties0:16:19 Azure Sentinel en baseline securitychecks0:20:30 Business email compromise: fraude groter dan ransomware0:25:22 Phishing-as-a-service en cookie hijacking0:29:20 Groeien buiten Nederland met app-gebaseerde security0:34:01 Teams vs Slack: zware apps, matige UX0:39:03 Favoriete pentest-klussen: barcodescanners en cloudinfra0:44:26 Security-by-design en samenwerken met devteams0:48:46 Het hacker-verleden van Rik: NetBus, MSN en GTA warez0:52:44 Van kok in de keuken naar securityconsultant#security #microsoft365 #startups #ethicalhacking #zolder #attic #emailfraude #pentesting #teams #phishing #shownotes #mnodt #techpodcastZie het privacybeleid op https://art19.com/privacy en de privacyverklaring van Californië op https://art19.com/privacy#do-not-sell-my-info.

What do people have to do with cybersecurity?  A lot. As with other fields of human risk, it's people that are typically the root cause of problems in the cybersecurity world.  Which is where my guest's expertise in behavioural design comes into play.On this episode, I'm speaking with Sarah Aalborg, a cybersecurity and behavioural design expert who's on a mission to change how organisations approach IT security.Rather than focusing on firewalls and tech solutions, Sarah examines the human behaviours that can undermine even the best-designed security systems.Her new book, Secure by Choice, challenges conventional security thinking by exploring how cognitive biases affect security professionals and how to use behavioural design to reshape security culture. We discuss the pitfalls of traditional security training – particularly those phishing tests that feel more like traps than training – and how to flip the script by focusing on what we want people to do rather than what we want them to avoid.Sarah shares practical strategies for using positive reinforcement, creating engaging training experiences, and making security less about fear and more about action. By applying principles of behavioural science and risk-based thinking, Sarah explains how we can bridge the gap between security policies and everyday human behaviour. Guest BiographySarah Aalborg is a cybersecurity expert and behavioural design advocate, focusing on how cognitive biases impact IT security professionals and their decision-making processes. She is the author of Secure by Choice, a book that challenges conventional approaches to cybersecurity training by applying principles of behavioural science to security culture. With a background in IT security spanning over two decades, Sarah speaks at major security events and consults with organisations on how to create more effective, engaging, and human-centric security programs. AI-Generated Timestamped Summary[00:00:00] Introduction [00:01:00] Meet Sarah Aalborg – Why she wrote Secure by Choice and her journey into behavioural design.[00:03:00] The '20-centimetre above the keyboard' exercise – How human inaction impacts tech security.[00:05:00] Why phishing tests feel like entrapment – and how to flip the script.[00:08:00] Turning phishing tests into positive reinforcement opportunities. [00:10:00] How a simple 'Report Suspicious Email' button can change behaviours.[00:12:00] The problem with fear-based messaging in cybersecurity.[00:14:00] Why telling people what NOT to do isn't effective. [00:15:00] Sarah's four-step framework for creating risk-aware security cultures. [00:17:00] Why most security training is designed to address the wrong problem. [00:20:00] The McDonald's kiosk example – What we can learn from other industries.[00:25:00] The importance of actionable examples in security training.[00:30:00] The generative AI paradox – When tech meets human bias. [00:35:00] Why AI is the ultimate behavioural science challenge. [00:40:00] The 'Operating System' analogy – Why the human brain is still running Stone Age software.[00:50:00] Why cyber professionals need to look outside their own industry for inspiration.[00:55:00] The role of curiosity and exploration in designing effective security programs. Links:Sarah's website: https://securebychoice.com/Sarah on LinkedIn: https://www.linkedin.com/in/sarah-aalborg-bb348a1/Secure by Choice:https://securityblendbooks.com/products/secure-by-choice?

Erich and Javvad summarize this week's cyber soap opera and bring you a tangled web of digital deceit, artificial “intelligence,” and just enough government extradition drama to keep things spicy. From Spain With Wire Fraud: Alleged “Scattered Spider” member Tyler Buchanan thought sunny Spain was a safe hideout—until the long arm of U.S. justice said hola. Extradited for allegedly scamming Caesars and MGM, his toolkit included SIM swapping and social engineering. Welcome to America, Tyler—hope you like federal courtrooms. Phishing with Google's Seal of Approval: Meanwhile, phisherfolk are reusing Google's DKIM signatures like they're leftover lasagna—slapping them onto spoofed emails from no-reply@accounts.google.com and tricking even the most paranoid clickers. The result? Legit-looking credential traps hosted on Google Sites. It's like gourmet phishing, served with a side of irony. Darcula Gets a Brain Upgrade: And if you thought cybercrime required effort, think again. The Darcula phishing kit now uses generative AI to do all the heavy lifting. Bad grammar and clunky templates? Gone. Now, even your cousin Steve with zero hacking skills can impersonate a bank in 100 languages. Thanks, AI. Tune in for a romp through the latest digital deceptions, complete with dark web drama and facepalms galore. Stay sharp—because the hackers definitely are.

En la sección de Consumo, Enrique García, portavoz de OCU analiza si el banco debe reponer el dinero en casos de estafa por phishing, cuando se hacen pasar por una persona o empresa para que la víctima revele información confidencial como por ejemplo sus datos bancarios.

Of course – the IRS has updated the 1099-MISC and 1099-NEC again effective for reporting Tax Year 2025 payments to your vendors.  It's not that bad though….Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team.  Links mentioned in the podcast + other helpful resources:   Training:  From an Accounts Payable Perspective:  Year-End Checklist for 1099-MISC, 1099-NEC and 1042-S Reporting IRS:  Instructions for Forms 1099-MISC and 1099-NEC (Rev. April 2025) IRS:  Form 1099-MISC (Rev. April 2025)  https://www.irs.gov/pub/irs-pdf/f1099msc.pdf IRS:  Form 1099-NEC (Rev. April 2025) https://www.irs.gov/pub/irs-pdf/f1099nec.pdf Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

#vinayakjoshi #kannadainterviews #podcast 00:00 - Titles00:26 - Online scams in India14:52 - Honey traps explained19:24 - Hacking and Identity Theft24:39 - How to stay safe online?28:50 - Reforming rowdy elements34:52 - Funny experiences as a Police OfficerIn this gripping follow-up episode, DySP Rajesh L.Y returns to shine a light on one of the biggest threats of our time - cyber crime. From phishing to data theft, he breaks down the digital dangers lurking behind screens and shares real-life insights from his frontline experience in cyber investigations.

Python InfoStealer with Embedded Phishing Webserver Didier found an interesting infostealer that, in addition to implementing typical infostealer functionality, includes a web server suitable to create local phishing sites. https://isc.sans.edu/diary/Python%20InfoStealer%20with%20Embedded%20Phishing%20Webserver/31924 Android Update Fixes Freetype 0-Day Google released its monthly Android update. As part of the update, it patched a vulnerability in Freetype that is already being exploited. Android is not alone in using Freetype. Freetype is a very commonly used library to parse fonts like Truetype fonts. https://source.android.com/docs/security/bulletin/2025-05-01 CISA Warns of Unsophistacted Cyber Actors CISA released an interesting title report warning operators of operational technology networks of ubiquitous attacks by unsophisticated actors. It emphasizes how important it is to not forget basic security measures to defend against these attacks. https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology

Send us a textThe relentless race for cloud dominance continues as AWS reports 16.9% growth year-over-year—a number that would thrill most companies but falls short of expectations for the cloud giant. Tim and Chris dig into what's behind these numbers and why Microsoft and Google continue gaining ground with stronger-than-anticipated growth rates. Microsoft's massive 53% increase in capital spending signals their aggressive push into AI infrastructure, raising questions about whether AWS can maintain its leadership position.Cybersecurity threats are evolving in concerning ways according to Threat Labs' 2025 Phishing Report. While overall phishing attempts have declined, attacks have become more targeted and sophisticated. The hosts explore disturbing trends including the rise of cryptocurrency scams with fake wallets and an increase in job-related phishing that exploits today's challenging employment market. Most alarming is how threat actors are capitalizing on AI hype, creating fraudulent agent websites that mimic legitimate platforms to steal credentials. This exposes a critical vulnerability in emerging technologies like Multi-agent Collaboration Protocol systems that currently lack robust security frameworks.The conversation shifts to more positive developments with Kubernetes 1.33 "Octarine" release, which brings sidecar containers to stable status—a significant improvement for managing service mesh implementations. The hosts break down how this and other updates like in-place resource resizing make Kubernetes more flexible and easier to manage for enterprise deployments.The episode closes with a somber discussion of Intel's announcement of potential layoffs affecting up to 20% of its workforce following substantial quarterly losses. Tim and Chris challenge the new CEO's assertion that requiring more office days will make the company "lean, fast and agile," questioning whether return-to-office mandates have more to do with real estate investments than actual productivity improvements.What tech news matters most to you? We'd love your feedback on our news format and what topics you'd like us to cover in future episodes!Purchase Chris and Tim's new book on AWS Cloud Networking: https://www.amazon.com/Certified-Advanced-Networking-Certification-certification/dp/1835080839/ Check out the Fortnightly Cloud Networking Newshttps://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/Visit our website and subscribe: https://www.cables2clouds.com/Follow us on BlueSky: https://bsky.app/profile/cables2clouds.comFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatj

The Trump admin's Signal clone gets hacked, a six-year-old backdoor comes to life to hijack online stores, a Phishing kingpin identified as a 24-year-old Chinese man, and Ireland fines TikTok for transferring EU user data to China. Show notes

Si elles attirent de plus en plus d'investisseurs, les cryptomonnaies sont également devenues une cible de choix pour les cybercriminels. Phishing, faux sites d'échanges, malwares... Les méthodes de piratage se multiplient, et les erreurs courantes sont souvent fatales. Comment protéger au mieux ses actifs numériques ?-----------------------------------------------------------------------SMART TECH - Le magazine quotidien de l'innovationDans SMART TECH, l'actu du numérique et de l'innovation prend tout son sens. Chaque jour, des spécialistes décryptent les actualités, les tendances, et les enjeux soulevés par l'adoption des nouvelles technologies.

We discuss a schism years in the making — the infamous imageboard 4chan gets hacked by its own offshoot, Soyjak.party, in a breach that exposed moderator identities, source code, and shattered the myth of online anonymity. Then, we look at Cluely — an AI tool built by a suspended student to help users “cheat” on job interviews — and the viral campaign pitching it as a revolution. Is it a tech breakthrough, a social bluff, or both? Hacked is brought to you by Push Security—helping companies stop identity attacks before they happen. Phishing, credential stuffing, session hijacking—Push tackles it right where it starts: in the browser. Smart, seamless, and built for how people actually work. Check them out at . Learn more about your ad choices. Visit podcastchoices.com/adchoices

Amy King hosts your Thursday Wake Up Call.  ABC News White House correspondent Karen Travers opens the show talking about President Trump speaking on why the US economy shrank for first time in 3 years. ABC News national reporter Jim Ryan discusses the latest phishing bait using pro athletes. Amy is headed to… PARIS! We ‘Get in Your Business' with Bloomberg's Courtney Donohoe discussing business and Wall Street. The show closes with Amy talking with Dr. Charity Chandler Cole about the Reimagine Gala at CASA of Los Angeles.  

Giorgio apre la puntata 560 di Scientificast con un'analisi dei rischi e delle conseguenze di una contaminazione interna da materiale radioattivo: cosa è più pericoloso? dopo quanto tempo smetto di essere radioattivo? come faccio a contaminarmi? queste alcune delle domande a cui cerchiamo risposta.Leonardo ha Intervistato Alessio Botta, che ci parla di un tema che conosciamo tutti: il phising!Andrea, infine, ha scovato uno studio curioso: come si forma il suono che sentiamo quando applaudiamo? la risposta è nei risuonatori di Helmholtz...Diventa un supporter di questo podcast: https://www.spreaker.com/podcast/scientificast-la-scienza-come-non-l-hai-mai-sentita--1762253/support.

Invoice automation is great for invoice processing and even has artificial intelligence tools that can help spot attempted fraud – but it's really the vendor setup and maintenance process that will save you from making fraudulent electronic and check payments. Keep listening.  Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team.  Links mentioned in the podcast + other helpful resources:    Training: The BANK of AP: An Internal Control System to Combat Business Email Compromise Training: AVM 3 Step Vendor Setup & Maintenance process Workshop Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

In this eye-opening episode of Insurance Journal's Academy of Insurance After Show, host George sits down with Academy Director Patrick Wraight and cybersecurity expert Tom Wetzel to unpack … Read More » The post IJA Aftershow with Tom Wetzel: AI, Cybercrime & the Multiverse of Threats? appeared first on Insurance Journal TV.

In this episode of The Other Side of the Firewall podcast, Ryan Williams Sr. and Shannon Tynes discuss the intersection of cybersecurity and emerging trends in technology, particularly focusing on the risks associated with AI-generated action figures and the implications of social media on personal privacy. They explore how seemingly harmless fun can lead to significant security risks and the importance of being aware of one's digital footprint. Article: The viral AI-generated action figure trend is potentially putting your cybersecurity at risk, experts warn https://ca.news.yahoo.com/viral-ai-generated-action-figure-190750164.html Please LISTEN

It's 2025, so why are malicious advertising URLs still going strong? Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL. https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%20advertising%20URLs%20still%20going%20strong%3F/31880 ChatGPT Fingerprinting Documents via Unicode ChatGPT apparently started leaving fingerprints in texts, which it creates by adding invisible Unicode characters like non-breaking spaces. https://www.rumidocs.com/newsroom/new-chatgpt-models-seem-to-leave-watermarks-on-text Asus AI Cloud Security Advisory Asus warns of a remote code execution vulnerability in its routers. The vulnerability is related to the AI Cloud feature. If your router is EoL, disabling the feature will mitigate the vulnerability https://www.asus.com/content/asus-product-security-advisory/ PyTorch Vulnerability PyTorch fixed a remote code execution vulnerability exploitable if a malicious model was loaded. This issue was exploitable even with the weight_only=True" setting selected https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6

What's the best thing small businesses can do to improve their security posture?

Agent Derek Meister from the Geek Squad spoke to Bill about Don't Fall for This New Gmail Phishing Scheme and How to identify and avoid phishing email scams

Social media strategist Scott Kleinberg joins Bob Sirott to explain the differences between phishing and smishing scams and how to know when you come across a scam. He also shares tips on how to protect yourself from potential scams and answers this week’s genius bar question.

We're on the road to RSAC 2025 — or maybe on a quantum-powered highway — and this time, Sean and I had the pleasure of chatting with someone who's not just riding the future wave, but actually building it.Marc Manzano, General Manager of the Cybersecurity Group at SandboxAQ, joined us for this Brand Story conversation ahead of the big conference in San Francisco. For those who haven't heard of SandboxAQ yet, here's a quick headline: they're a spin-out from Google, operating at the intersection of AI and quantum technologies. Yes — that intersection.But let's keep our feet on the ground for a second, because this story isn't just about tech that sounds cool. It's about solving the very real, very painful problems that security teams face every day.Marc laid out their mission clearly: Active Guard, their flagship platform, is built to simplify and modernize two massive pain points in enterprise security — cryptographic asset management and non-human identity management. Think: rotating certificates without manual effort. Managing secrets and keys across cloud-native infrastructure. Automating compliance reporting for quantum-readiness. No fluff — just value, right out of the box.And it's not just about plugging a new tool into your already overloaded stack. What impressed us is how SandboxAQ sees themselves as the unifying layer — enhancing interoperability across existing systems, extracting more intelligence from the tools you already use, and giving teams a unified view through a single pane of glass.And yes, we also touched on AI SecOps — because as AI becomes a standard part of infrastructure, so must security for it. Active Guard is already poised to give security teams visibility and control over this evolving layer.Want to see it in action? Booth 6578, North Expo Hall. Swag will be there. Demos will be live. Conversations will be real.We'll be there too — recording a deeper Brand Story episode On Location during the event.Until then, enjoy this preview — and get ready to meet the future of cybersecurity.⸻Keywords:sandboxaq, active guard, rsa conference 2025, quantum cybersecurity, ai secops, cryptographic asset management, non-human identity, cybersecurity automation, security compliance, rsa 2025, cybersecurity innovation, certificate lifecycle management, secrets management, security operations, quantum readiness, rsa sandbox, cybersecurity saas, devsecops, interoperability, digital transformation______________________Guest: Marc Manzano,, General Manager of the Cybersecurity Group at SandboxAQMarc Manzano on LinkedIn

At this year's RSAC Conference, the team from ThreatLocker isn't just bringing tech—they're bringing a challenge. Rob Allen, Chief Product Officer at ThreatLocker, joins Sean Martin and Marco Ciappelli for a lively pre-conference episode that previews what attendees can expect at booth #854 in the South Expo Hall.From rubber ducky hacks to reframing how we think about Zero Trust, the conversation highlights the ways ThreatLocker moves beyond the industry's typical focus on reactive detection. Allen shares how most cybersecurity approaches still default to allowing access unless a threat is known, and why that mindset continues to leave organizations vulnerable. Instead, ThreatLocker's philosophy is to “deny by default and permit by exception”—a strategy that, when managed effectively, provides maximum protection without slowing down business operations.ThreatLocker's presence at the conference will feature live demos, short presentations, and hands-on challenges—including their popular Ducky Challenge, where participants test whether their endpoint defenses can prevent a rogue USB (disguised as a keyboard) from stealing their data. If your system passes, you win the rubber ducky. If it doesn't? They (temporarily) get your data. It's a simple but powerful reminder that what you think is secure might not be.The booth won't just be about tech. The team is focused on conversations—reconnecting with customers, engaging new audiences, and exploring how the community is responding to a threat landscape that's growing more sophisticated by the day. Allen emphasizes the importance of in-person dialogue, not only to share what ThreatLocker is building but to learn how security leaders are adapting and where gaps still exist.And yes, there will be merch—high-quality socks, t-shirts, and even a few surprise giveaways dropped at hotel doors (if you resist the temptation to open the envelope before visiting the booth).For those looking to rethink endpoint protection or better understand how proactive controls can complement detection-based tools, this episode is your preview into a very different kind of cybersecurity conversation—one that starts with a challenge and ends with community.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage______________________Keywords: rsac conference, cybersecurity, endpoint, zero trust, rubber ducky, threat detection, data exfiltration, security strategy, deny by default, permit by exception, proactive security, security demos, usb attack, cyber resilience, network control, security mindset, rsac 2025, event coverage, on location, conference____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

LevelBlue's latest Threat Trends Report pulls no punches: phishing, malware, and ransomware attacks are not just continuing—they're accelerating. In this episode of ITSPmagazine's Brand Story podcast, hosts Sean Martin and Marco Ciappelli are joined by Kenneth Ng, a threat hunter and lead incident responder on LevelBlue's Managed Detection and Response (MDR) team, to unpack the findings and recommendations from the report.Phishing as a Service and the Surge in Email CompromisesOne of the most alarming trends highlighted by Kenneth is the widespread availability of Phishing-as-a-Service (PhaaS) kits, including names like RaccoonO365, Mamba 2FA, and Greatness. These kits allow attackers with little to no technical skill to launch sophisticated campaigns that bypass multi-factor authentication (MFA) by hijacking session tokens. With phishing attacks now leading to full enterprise compromises, often through seemingly innocuous Microsoft 365 access, the threat is more serious than ever.Malware Is Smarter, Simpler—and It's Spreading FastMalware, particularly fake browser updates and credential stealers like Lumma Stealer, is also seeing a rise in usage. Kenneth points out the troubling trend of malware campaigns that rely on basic user interactions—like copying and pasting text—leading to full compromise through PowerShell or command prompt access. Basic group policy configurations (like blocking script execution for non-admin users) are still underutilized defenses.Ransomware: Faster and More Automated Than EverThe speed of ransomware attacks has increased dramatically. Kenneth shares real-world examples where attackers go from initial access to full domain control in under an hour—sometimes in as little as ten minutes—thanks to automation, remote access tools, and credential harvesting. This rapid escalation leaves defenders with very little room to respond unless robust detection and prevention measures are in place ahead of time.Why This Report MattersRather than presenting raw data, LevelBlue focuses on actionable insights. Each major finding comes with recommendations that can be implemented regardless of company size or maturity level. The report is a resource not just for LevelBlue customers, but for any organization looking to strengthen its defenses.Be sure to check out the full conversation and grab the first edition of the Threat Trends Report ahead of LevelBlue's next release this August—and stay tuned for their updated Futures Report launching at RSA Conference on April 28.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Kenneth Ng, threat hunter and lead incident responder on LevelBlue's Managed Detection and Response (MDR) team | On LinkedIn: https://www.linkedin.com/in/ngkencyber/ResourcesDownload the LevelBlue Threat Trends Report | Edition One: https://itspm.ag/levelbyqdpLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The RSA Conference has long served as a meeting point for innovation and collaboration in cybersecurity—and in this pre-RSAC episode, ITSPmagazine co-founders Marco Ciappelli and Sean Martin welcome Akamai's Rupesh Chokshi to the conversation. With RSAC 2025 on the horizon, they discuss Akamai's presence at the event and dig into the challenges and opportunities surrounding AI, threat intelligence, and enterprise security.Chokshi, who leads Akamai's Application Security business, describes a landscape marked by explosive growth in web and API attacks—and a parallel shift as enterprises embrace generative AI. The double-edged nature of AI is central to the discussion: while it offers breakthrough productivity and automation, it also creates new vulnerabilities. Akamai's dual focus, says Chokshi, is both using AI to strengthen defenses and securing AI-powered applications themselves.The conversation touches on the scale and sophistication of modern threats, including an eye-opening stat: Akamai is now tracking over 500 million large language model (LLM)-driven scraping requests per day. As these threats extend from e-commerce to healthcare and beyond, Chokshi emphasizes the need for layered defense strategies and real-time adaptability.Ciappelli brings a sociological lens to the AI discussion, noting the hype-to-reality shift the industry is experiencing. “We're no longer asking if AI will change the game,” he suggests. “We're asking how to implement it responsibly—and how to protect it.”At RSAC 2025, Akamai will showcase a range of innovations, including updates to its Guardicore platform and new App & API Protection Hybrid solutions. Their booth (6245) will feature interactive demos, theater sessions, and one-on-one briefings. The Akamai team will also release a new edition of their State of the Internet report, packed with actionable threat data and insights.The episode closes with a reminder: in a world that's both accelerating and fragmenting, cybersecurity must serve not just as a barrier—but as a catalyst. “Security,” says Chokshi, “has to enable innovation, not hinder it.”⸻Keywords: RSAC 2025, Akamai, cybersecurity, generative AI, API protection, web attacks, application security, LLM scraping, Guardicore, State of the Internet report, Zero Trust, hybrid digital world, enterprise resilience, AI security, threat intelligence, prompt injection, data privacy, RSA Conference, Sean Martin, Marco Ciappelli______________________Guest: Rupesh Chokshi, SVP & GM, Akamai https://www.linkedin.com/in/rupeshchokshi/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsAKAMAI:https://itspm.ag/akamailbwc____________________________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageRupesh Chokshi Session at RSAC 2025The New Attack Frontier: Research Shows Apps & APIs Are the Targets - [PART1-W09]____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

This week, our hosts Dave Bittner and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines, while our other host, Maria Varmazis is at a conference. We begin with some follow-up, as Joe reflects on the density of gold. Then, Dave shares some heartfelt and moving words about the recent passing of his father. Dave's story follows how confusion sparked by Trump's erratic tariff policies is fueling a global surge in cyber scams, phishing sites, and crypto cons, as threat actors exploit the chaos to mislead, defraud, and manipulate online users. Joe has two stories this week, the first is about the "blessing scam," a con that targets older Chinese women with promises of spiritual cleansing that ends in financial ruin. The second covers a new FTC rule requiring companies to make subscription cancellations as easy as sign-ups, cracking down on deceptive practices. Our catch of the day this week comes from MontClair University, as they are warning of a phishing scam offering a “free 2014 Airstream Sport 16′ Travel Trailer.” Resources and links to stories: Trump Tariff Confusion Fuels Online Scams Oklahoma woman charged with laundering $1.5M from elderly women in online romance scam A new ‘jackpotting' scam has drained more than $236,000 from Texas ATMs — but who foots the loss? Opportunity To Own A Free 2014 Airstream Sport 16′ Travel Trailer Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

Apple has a new policy on how the data on your device will be used to train its AI features. iMessage phishing scams seem to work because they're still thriving worldwide. Google may say it's cracking down on ad spam, but they don't seem to be able to prevent it from proliferating. And buying a refurbished phone may save you some money, but we're here to remind you of some other factors also worth considering. Show Notes: Apple to Analyze User Data on Devices to Bolster AI Technology Understanding Aggregate Trends for Apple Intelligence Using Differential Privacy Urgent: macOS Sequoia 15.4.1, iOS 18.4.1 address 2 zero-day vulnerabilities Buy Refurbished Tech to Avoid Tariffs What you should know before buying refurbished gadgets Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs Google: Our 2024 Ads Safety Report shows how we use AI to safeguard consumers Chrome 136 fixes 20-year browser history privacy risk Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.

Vendor team members need to be vigilant when collecting and confirming bank account information.  Now, some vendors are doing the same.  If you want to hear what tactics the vendors are using to secure their banking information and how it benefits vendor teams….Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:   Authentication Training (Free): AVM 3 Step Vendor Setup & Maintenance process Workshop Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

In this episode, James Maude chats with cyber threat intel pro Brian Kime, whose journey from the Army's infamous “chemical guy” to security expert was partly inspired by Starship Troopers. Brian dishes on his legendary Dell SecureWorks phishing op that hit a wild 50% click rate—by predicting an IPO years ahead of time. He also unpacks why vulnerability management can stall business and how design thinking can reshape threat intel.

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Register for upcoming webcasts & summits - https://poweredbybhis.comChapters00:00 - PreShow Banter™ — A Complex Business06:40 - BHIS - Talkin' Bout [infosec] News 2025-04-0707:34 - Story # 1: Oracle quietly admits data breach, days after lawsuit accused it of cover-up12:47 - Story # 2: Twitter (X) Hit by 2.8 Billion Profile Data Leak in Alleged Insider Job21:13 - Story # 3: Phishing platform ‘Lucid' behind wave of iOS, Android SMS attacks28:14 - Story # 4: GitHub expands security tools after 39 million secrets leaked in 202437:28 - Story # 5: The 10 Biggest Crypto Hacks in History40:11 - Story # 6: OpenAI tests watermarking for ChatGPT-4o Image Generation model45:44 - Story # 7: National Security Agency chief fired as Trump ousts another top military officer

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Send us a textIn this week's episode we discussed the world of scams and fraud in the modern age, exploring how technology has made it easier for criminals to deceive individuals and businesses alike. From phishing emails to complex financial frauds, we discuss the latest tactics used by scammers, how to spot the red flags, and tips to protect yourself in an increasingly digital world.Our Links:Retrospect

A Tale of Two Phishing Sties Two phishing sites may use very different backends, even if the site itself appears to be visually very similar. Phishing kits are often copied and modified, leading to sites using similar visual tricks on the user facing site, but very different backends to host the sites and reporting data to the miscreant. https://isc.sans.edu/diary/A%20Tale%20of%20Two%20Phishing%20Sites/31810 A Phihsing Tale of DOH and DNS MX Abuse Infoblox discovered a new variant of the Meerkat phishing kit that uses DoH in Javascript to discover MX records, and generate better customized phishing pages. https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/ Using OpenID Connect for SSH Cloudflare opensourced it's OPKSSH too. It integrates SSO systems supporting OpenID connect with SSH. https://github.com/openpubkey/opkssh/

Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Craig Taylor, Co-Founder and CEO of CyberHoot. They explored how CyberHoot helps businesses manage cyber risks and improve cyber literacy with tools that are smart, simple, and human-focused.Craig explained how CyberHoot supports small businesses who often face big cybersecurity challenges with limited resources. Their platform skips passwords and makes training easy, using short lessons, clear policies, and phishing simulations.They also discussed how CyberHoot uses positive reinforcement and gamification to make training fun and effective—helping employees learn to spot threats like phishing emails without fear or blame. The conversation touched on the power of storytelling in cybersecurity education and why putting people at the center of security is key to long-term success.Support the show