Podcasts about Phishing

The RSA Conference has long served as a meeting point for innovation and collaboration in cybersecurity—and in this pre-RSAC episode, ITSPmagazine co-founders Marco Ciappelli and Sean Martin welcome Akamai's Rupesh Chokshi to the conversation. With RSAC 2025 on the horizon, they discuss Akamai's presence at the event and dig into the challenges and opportunities surrounding AI, threat intelligence, and enterprise security.Chokshi, who leads Akamai's Application Security business, describes a landscape marked by explosive growth in web and API attacks—and a parallel shift as enterprises embrace generative AI. The double-edged nature of AI is central to the discussion: while it offers breakthrough productivity and automation, it also creates new vulnerabilities. Akamai's dual focus, says Chokshi, is both using AI to strengthen defenses and securing AI-powered applications themselves.The conversation touches on the scale and sophistication of modern threats, including an eye-opening stat: Akamai is now tracking over 500 million large language model (LLM)-driven scraping requests per day. As these threats extend from e-commerce to healthcare and beyond, Chokshi emphasizes the need for layered defense strategies and real-time adaptability.Ciappelli brings a sociological lens to the AI discussion, noting the hype-to-reality shift the industry is experiencing. “We're no longer asking if AI will change the game,” he suggests. “We're asking how to implement it responsibly—and how to protect it.”At RSAC 2025, Akamai will showcase a range of innovations, including updates to its Guardicore platform and new App & API Protection Hybrid solutions. Their booth (6245) will feature interactive demos, theater sessions, and one-on-one briefings. The Akamai team will also release a new edition of their State of the Internet report, packed with actionable threat data and insights.The episode closes with a reminder: in a world that's both accelerating and fragmenting, cybersecurity must serve not just as a barrier—but as a catalyst. “Security,” says Chokshi, “has to enable innovation, not hinder it.”⸻Keywords: RSAC 2025, Akamai, cybersecurity, generative AI, API protection, web attacks, application security, LLM scraping, Guardicore, State of the Internet report, Zero Trust, hybrid digital world, enterprise resilience, AI security, threat intelligence, prompt injection, data privacy, RSA Conference, Sean Martin, Marco Ciappelli______________________Guest: Rupesh Chokshi, SVP & GM, Akamai https://www.linkedin.com/in/rupeshchokshi/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsAKAMAI:https://itspm.ag/akamailbwc____________________________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageRupesh Chokshi Session at RSAC 2025The New Attack Frontier: Research Shows Apps & APIs Are the Targets - [PART1-W09]____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

LevelBlue's latest Threat Trends Report pulls no punches: phishing, malware, and ransomware attacks are not just continuing—they're accelerating. In this episode of ITSPmagazine's Brand Story podcast, hosts Sean Martin and Marco Ciappelli are joined by Kenneth Ng, a threat hunter and lead incident responder on LevelBlue's Managed Detection and Response (MDR) team, to unpack the findings and recommendations from the report.Phishing as a Service and the Surge in Email CompromisesOne of the most alarming trends highlighted by Kenneth is the widespread availability of Phishing-as-a-Service (PhaaS) kits, including names like RaccoonO365, Mamba 2FA, and Greatness. These kits allow attackers with little to no technical skill to launch sophisticated campaigns that bypass multi-factor authentication (MFA) by hijacking session tokens. With phishing attacks now leading to full enterprise compromises, often through seemingly innocuous Microsoft 365 access, the threat is more serious than ever.Malware Is Smarter, Simpler—and It's Spreading FastMalware, particularly fake browser updates and credential stealers like Lumma Stealer, is also seeing a rise in usage. Kenneth points out the troubling trend of malware campaigns that rely on basic user interactions—like copying and pasting text—leading to full compromise through PowerShell or command prompt access. Basic group policy configurations (like blocking script execution for non-admin users) are still underutilized defenses.Ransomware: Faster and More Automated Than EverThe speed of ransomware attacks has increased dramatically. Kenneth shares real-world examples where attackers go from initial access to full domain control in under an hour—sometimes in as little as ten minutes—thanks to automation, remote access tools, and credential harvesting. This rapid escalation leaves defenders with very little room to respond unless robust detection and prevention measures are in place ahead of time.Why This Report MattersRather than presenting raw data, LevelBlue focuses on actionable insights. Each major finding comes with recommendations that can be implemented regardless of company size or maturity level. The report is a resource not just for LevelBlue customers, but for any organization looking to strengthen its defenses.Be sure to check out the full conversation and grab the first edition of the Threat Trends Report ahead of LevelBlue's next release this August—and stay tuned for their updated Futures Report launching at RSA Conference on April 28.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Kenneth Ng, threat hunter and lead incident responder on LevelBlue's Managed Detection and Response (MDR) team | On LinkedIn: https://www.linkedin.com/in/ngkencyber/ResourcesDownload the LevelBlue Threat Trends Report | Edition One: https://itspm.ag/levelbyqdpLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

This week, our hosts Dave Bittner and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines, while our other host, Maria Varmazis is at a conference. We begin with some follow-up, as Joe reflects on the density of gold. Then, Dave shares some heartfelt and moving words about the recent passing of his father. Dave's story follows how confusion sparked by Trump's erratic tariff policies is fueling a global surge in cyber scams, phishing sites, and crypto cons, as threat actors exploit the chaos to mislead, defraud, and manipulate online users. Joe has two stories this week, the first is about the "blessing scam," a con that targets older Chinese women with promises of spiritual cleansing that ends in financial ruin. The second covers a new FTC rule requiring companies to make subscription cancellations as easy as sign-ups, cracking down on deceptive practices. Our catch of the day this week comes from MontClair University, as they are warning of a phishing scam offering a “free 2014 Airstream Sport 16′ Travel Trailer.” Resources and links to stories: Trump Tariff Confusion Fuels Online Scams Oklahoma woman charged with laundering $1.5M from elderly women in online romance scam A new ‘jackpotting' scam has drained more than $236,000 from Texas ATMs — but who foots the loss? Opportunity To Own A Free 2014 Airstream Sport 16′ Travel Trailer Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

Vendor team members need to be vigilant when collecting and confirming bank account information.  Now, some vendors are doing the same.  If you want to hear what tactics the vendors are using to secure their banking information and how it benefits vendor teams….Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:   Authentication Training (Free): AVM 3 Step Vendor Setup & Maintenance process Workshop Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

In this episode, James Maude chats with cyber threat intel pro Brian Kime, whose journey from the Army's infamous “chemical guy” to security expert was partly inspired by Starship Troopers. Brian dishes on his legendary Dell SecureWorks phishing op that hit a wild 50% click rate—by predicting an IPO years ahead of time. He also unpacks why vulnerability management can stall business and how design thinking can reshape threat intel.

Mit Julius Muth (Company Shield Staffel #12 Folge #4 | #Marketing_021 Der Podcast über Marketing, Vertrieb, Entrepreneurship und Startups *** www.company-shield.com/ https://www.linkedin.com/in/julius-muth-7aa860b1/ *** Im neuesten "Marketing From Zero To One"-Podcast war Julius Muth zu Gast – Mitgründer und CEO von Company Shield, einem Berliner Cybersecurity-Startup, das sich auf moderne Sicherheitslösungen im Zeitalter der Künstlichen Intelligenz spezialisiert hat. Julius blickt auf Stationen bei PwC, Celonis und Project A zurück und bringt sowohl Beratungserfahrung als auch fundierte Tech- und Vertriebskenntnisse mit. Company Shield konzentriert sich auf den Faktor Mensch in der IT-Sicherheit – mit personalisierten, KI-basierten Simulationen realer Angriffe, die Mitarbeitende gezielt auf moderne Bedrohungen wie Deepfakes, Voice Cloning oder Phishing via WhatsApp vorbereiten. Im Gespräch berichtete Julius, wie er mit zwei Ex-Kollegen aus der Celonis-Zeit gründete, welche Ideen Company Shield vorangingen, und wie sie mithilfe eines ungewöhnlichen MVP-Ansatzes – per Brief und persönlichem Pitch – die ersten Kunden gewannen. Besonders spannend: die Kombination aus Automatisierung und KI, mit der Angriffe simuliert, personalisiert und sofortige Lernmomente geschaffen werden. Auch die Nutzung von KI im Alltag, etwa für Research, interne Tools oder Produktentwicklung, wurde diskutiert. Mit dabei war wieder Michael Högemann, der insbesondere nach Einsatzszenarien von KI für Company Shield fragte. *** 01:58 – Was Company Shield macht und warum der Mensch im Zentrum steht 03:37 – Stationen vor der Gründung: PwC, Celonis, Start-up-Projekte im Studium 08:45 – Erste Gründungserfahrungen und der Weg zur Selbstständigkeit 10:14 – Einstieg bei Celonis und Rolle im internationalen Vertrieb 14:56 – Gründungsidee und strukturierte Ideation mit Brief-Experimenten 18:25 – Warum Cybersecurity sofort Resonanz erzeugte 22:14 – Der erste zahlende Kunde und das improvisierte MVP 25:12 – Herausforderungen im B2B-Vertrieb und Early Adopter 30:08 – Brief, E-Mail, Anruf – der Mix macht's 40:03 – Einsatz von Deepfakes im Vertrieb (und wo es rechtlich kritisch wurde) 42:36 – Seriosität vs. Kreativität: Die richtige Balance im Start-up-Vertrieb 44:12 – Über 20 Angel-Investoren, darunter die Celonis-Gründer und Mario Götze 44:55 – Warum es Company Shield ohne KI nicht gäbe 49:10 – Deepfake-Angriffe in der Praxis: Der Fall Arup und andere Beispiele 50:53 – Wie das Training mit Company Shield konkret aussieht 52:18 – Technische Umsetzung: Automatisierung, Sprachmodelle, Datenintegration 54:03 – Einsatz von KI im internen Arbeitsalltag 56:57 – Effektivste Tools und KI-Anwendungen im Start-up 58:31 – Der „KI-Zwilling“ als nächster großer Schritt in der Produktentwicklung 59:40 – Warum Cybersecurity nicht mission-critical, aber trotzdem entscheidend ist 1:02:00 – Tipps gegen Cyberangriffe & menschliche Schwächen im System *** Die Zeitangaben können leicht abweichen.

If you perform a web search and use the results to find your vendor contact information or to confirm their information – you might want to hear what the Federal Trade Commission (FTC) warns against.  Plus what you can do instead. Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    FTC Article:  Online search results: The good, the bad, and the scammyAVM Toolkit – Internal Vendor Request Form Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

בפרק זה של הפודקאסט "על המשמעות" עו"ד תמיר דורטל מארח את עינת מירון, מומחית סייבר המסייעת לארגונים בהתמודדות עם מתקפות סייבר, לשיחה מרתקת ומטרידה על המציאות שמאחורי הכותרות הנוצצות של "מעצמת הסייבר".השיחה נפתחת בפרשת מוריה אשרף במשרד ראש הממשלה, כמקרה בוחן לכשלים פיזיים שעלולים להפוך בקלות לאירועי סייבר הרסניים, וממשיכה לצלול לעומקם של אירועי סייבר גדולים שהתרחשו בישראל ובעולם. עינת מירון מפרטת את ההשלכות הקשות של מתקפת הסייבר על בית החולים הילל יפה – השבתה של 54 ימים ועלות מוערכת של עשרות מיליוני שקלים למשלם המיסים – ומדגימה כיצד גם ארגונים גדולים ומתוקצבים, כמו חברת הביטוח שירביט (שנסגרה ונמכרה בסכום זעום בעקבות מתקפה) או תאגיד הענק כלורוקס, אינם חסינים.האם ישראל באמת "מעצמת סייבר" או שמא מדובר במיתוג מוצלח שמסתיר פערים מדאיגים בהגנה האמיתית על תשתיות וארגונים? מירון טוענת שהתוקפים, בין אם מדינתיים ובין אם פליליים, תמיד נמצאים צעד אחד לפנינו, מונעים ממוטיבציה גבוהה ופועלים ללא מגבלות, בעוד שהארגונים המותקפים כבולים ברגולציה שלעיתים אינה יעילה (כמו תקן ISO שלא תמיד מיושם כראוי) ובמגבלות תקציב ונהלים. היא אף מותחת ביקורת על מערך הסייבר הלאומי, שלטענתה אינו מסוגל לתת מענה אמיתי לכלל הארגונים במשק.מירון מספקת גם שורה של המלצות מעשיות וצעדים שכל אדם וכל ארגון, קטן כגדול, יכולים וצריכים לנקוט כדי להקשות על התוקפים ולצמצם נזקים פוטנציאליים, כולל חשיבותם של גיבויים (גם פיזיים!), החלפת סיסמאות, שימוש באימות דו-שלבי (2FA) והיערכות לתרחיש שבו המערכות הדיגיטליות פשוט קורסות.00:00:00-00:03:34 הקדמה ופתיחה: מוריה אסרף והחדירה למשרד ראש הממשלה00:03:34-00:06:50 מתקפת הסייבר על בית חולים הלל יפה והשלכותיה00:06:50-00:11:16 כשל בתקינה הבינלאומית ודוגמת חברת Clorox00:11:16-00:14:46 לינקדין כפלטפורמת תקיפה ופרשת פגסוס00:14:46-00:17:57 קשר בין שבת למערך הסייבר ופעילות האקרים00:17:57-00:21:30 ישראל ומעצמות סייבר - מציאות לעומת פוטנציאל00:21:30-00:25:27 הפרצות של חברות הייטק ופינטק ומתקפות סייבר יומיומיות00:25:27-00:29:31 מקרה שירביט והשלכותיו על עובדי מדינה ואנשי ביטחון00:29:31-00:33:18 סיכוני סייבר נלווים - דוגמת הקייטרינג בבית חולים מעייני הישועה00:33:18-00:41:05 תפקיד מערך הסייבר, נהלים לא יעילים והצורך בגיבויים פיזיים00:41:05-00:48:50 המלצות מעשיות לאבטחת מידע00:48:50-00:51:08 סיכום והמלצות נוספות להתנהלות נכונה בעולם הסייבר#פודקאסט #על_המשמעותSupport the show◀️ פרסמו אצלנו - לקבלת הצעת מחיר: פנו לג'ו - 054-236-0136 - https://wa.me/972542360136▶️

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Register for upcoming webcasts & summits - https://poweredbybhis.comChapters00:00 - PreShow Banter™ — A Complex Business06:40 - BHIS - Talkin' Bout [infosec] News 2025-04-0707:34 - Story # 1: Oracle quietly admits data breach, days after lawsuit accused it of cover-up12:47 - Story # 2: Twitter (X) Hit by 2.8 Billion Profile Data Leak in Alleged Insider Job21:13 - Story # 3: Phishing platform ‘Lucid' behind wave of iOS, Android SMS attacks28:14 - Story # 4: GitHub expands security tools after 39 million secrets leaked in 202437:28 - Story # 5: The 10 Biggest Crypto Hacks in History40:11 - Story # 6: OpenAI tests watermarking for ChatGPT-4o Image Generation model45:44 - Story # 7: National Security Agency chief fired as Trump ousts another top military officer

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Send us a textIn this week's episode we discussed the world of scams and fraud in the modern age, exploring how technology has made it easier for criminals to deceive individuals and businesses alike. From phishing emails to complex financial frauds, we discuss the latest tactics used by scammers, how to spot the red flags, and tips to protect yourself in an increasingly digital world.Our Links:Retrospect

In this episode of Cybersecurity Today, host David Shipley covers a range of crucial issues. With tax day approaching, Microsoft reports a rise in sophisticated tax-themed phishing campaigns. The IRS has issued a warning against using its name in phishing simulations to avoid legal repercussions. Furthermore, cybersecurity journalist Brian Krebs reveals that Minnesota cybersecurity expert Mark Lanterman is under FBI investigation for potentially falsifying his credentials, impacting thousands of court cases. Lastly, several Australian superannuation funds have been targeted in a cyber scam, raising questions about the necessity of multifactor authentication for financial services. The episode emphasizes the need for stringent standards in cybersecurity expertise and shared responsibility in financial security. 00:00 Introduction and Headlines 00:24 Tax-Themed Phishing Scams on the Rise 00:36 Microsoft's Findings and IRS Warnings 01:32 Phishing Simulations and Legal Risks 02:53 Educating Employees on Phishing 03:15 Minnesota Cybersecurity Expert Under Scrutiny 04:25 Allegations and Legal Implications 05:52 Australian Retirement Funds Cyber Scam 06:16 Impact and Response to the Breach 07:07 The Need for Stronger Security Measures 08:26 Conclusion and Contact Information

No episódio de hoje do Podcast Canaltech, abordamos um dos maiores desafios da segurança digital: o phishing. Com ataques cada vez mais sofisticados, entender como identificá-los e se proteger é fundamental para empresas e indivíduos. Para nos ajudar a desvendar esse tema, convidamos William Pessoa, Especialista em Inteligência de Ameaças do SafeLabs. Com ampla experiência no combate a ameaças cibernéticas, William compartilha suas análises sobre as táticas mais usadas pelos cibercriminosos e como as tecnologias emergentes estão impactando o cenário do phishing digital. Durante a conversa, ele também oferece dicas práticas para proteger suas informações e dados, além de discutir os desafios enfrentados pelas empresas na luta contra essas ameaças. Você também vai conferir: nova pílula anticoncepcional mais segura, o marcapasso minúsculo que pode ser injetado com uma seringa, os novos dispositivos da TCL com tela que imita papel. Tem também a polêmica da Starlink, que promete internet via satélite direto no celular, mas está deixando usuários frustrados. E, claro, as estreias bombásticas da Netflix em abril. Este podcast foi roteirizado e apresentado por Fernanda Santos e contou com reportagens de Vinicius Moschen, Nathan Vieira e Paulinha Alves. A trilha sonora é de Guilherme Zomer, a edição de Jully Cruz e a arte da capa é de Erick Teixeira.See omnystudio.com/listener for privacy information.

In this episode, Cary Sinnett is joined by renowned CPA and tax expert Bob Keebler to unpack the complexities of theft and casualty loss deductions under IRC Section 165. From pig butchering scams to IRA fraud and Ponzi schemes, this episode dives deep into the kinds of losses the IRS will—and won't—let you deduct, what qualifies as a profit motive, and how financial planners can guide their clients through one of the most emotionally and financially painful tax situations. Five Key Insights for CPA Financial Planners: Profit Motive Determines Deductibility To qualify under Section 165(c)(2), a theft or loss must stem from a transaction entered into for profit. Losses from romantic or emotional scams—where no profit motive exists—do not qualify. Five Scam Archetypes to Know A recent IRS CCA outlined five fraud scenarios: Compromised account scams Pig butchering (crypto fraud) Phishing and impersonation Romance scams Kidnapping/extortion schemes Only the first three had profit motives and were deductible. The IRA Trap: The Tax Hit Before the Scam If a client is duped into withdrawing funds from an IRA and then loses the money to a scam, they face a double blow—taxable income and no deductible loss. CPA advisors must flag this risk early. Documentation Is Critical for IRS Support To substantiate a theft loss, clients need: Bank records (e.g., wire transfers) Law enforcement reports A clear, detailed paper trail showing the loss and the attempt to recover funds Directing the IRS to the assigned FBI agent can strengthen the claim. Mitigation and Planning: Protecting Vulnerable Clients Encourage older or high-net-worth clients to follow a “1–2% rule” on risky investments. Foster opens dialogue with family members and advisors to prevent fraud and ensure support if it occurs. Access resources related to this podcast: Note: If you're using a podcast app that does not hyperlink to the resources, visit Libsyn (PFP) to access show notes with direct links. IRC Section 165 IRS CCA 2025-101015 (the ruling discussed) Revenue Procedure 2009-20 (Ponzi Scheme Safe Harbor) AICPA PFP Section Guiding your clients who are financial caregivers Scam Tracker Risk Report This episode is brought to you by the AICPA's Personal Financial Planning Section, the premier provider of information, tools, advocacy, and guidance for professionals who specialize in providing tax, estate, retirement, risk management and investment planning advice. Also, by the CPA/PFS credential program, which allows CPAs to demonstrate competence and confidence in providing these services to their clients. Visit us online to join our community, gain access to valuable member-only benefits or learn about our PFP certificate program. Subscribe to the PFP Podcast channel at Libsyn to find all the latest episodes or search “AICPA Personal Financial Planning” on your favorite podcast app.  

Ronnie Manning is the Chief Brand Associate at Yubico, a global cybersecurity company renowned for inventing the YubiKey, which offers phishing-resistant multi-factor authentication solutions. With over 20 years of experience in agency and corporate communications, he has focused on public relations and marketing strategies to bring new technology products to market. Prior to joining Yubico, Ronnie held positions at Raytheon/Websense and Edelman Public Relations. At Yubico, he has been instrumental in promoting the adoption of hardware-based authentication solutions and advocating for enhanced cybersecurity measures. In this episode… Cyber threats are evolving faster than ever, yet many users and organizations still rely on outdated or weak authentication methods. With phishing attacks on the rise and data breaches growing costlier, the need for robust-yet-intuitive security solutions has never been greater. But how do you convince people to adopt a physical device for digital protection in a world that's increasingly mobile and virtual? According to Ronnie Manning, a cybersecurity branding expert, the answer lies in simplicity. He explains that strong security doesn't necessitate complicated processes. Ronnie also highlights how real-world usability, like eliminating the need to fumble with codes or apps, drives faster adoption. This shift toward user-friendly security builds trust, saves time, and reduces risk. He adds that educating new markets with human-centered storytelling plays a key role in overcoming resistance and legacy perceptions about hardware-based solutions. In this episode of the Revenue Engine Podcast, host Alex Gluz sits down with Ronnie Manning, Chief Brand Associate at Yubico, to talk about making cybersecurity simple, scalable, and phishing resistant. They explore how physical keys streamline enterprise authentication, why user education is key to adoption, and how phishing-resistant methods like FIDO are gaining traction. Ronnie also shares strategies for large-scale rollout and onboarding in hybrid work environments.

The latest macOS Sequoia update patches a near record number of vulnerabilities. Apple faces a class action lawsuit over how ebooks are sold, a lawsuit that could have far reaching effects for digital media sales. And Apple is not the only company that over promises and under delivers on AI features. Show Notes: Computing would be totally different had Apple not been formed 49 years ago, today iOS 18.4 Bug Seemingly Resurrects Previously Deleted iPhone Apps Apple Intelligence is now available on Vision Pro Apple Hit With $5 Billion Class Action Lawsuit Over eBooks Availability Arc browser for macOS didn't get zero-day patched last week Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks It's not just Apple Intelligence: Alexa+ also launching without key features Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.

Fraudsters are using snail mail to deliver scams – watch out for this one reported by the US Postal Inspection Service.  Keep listening.  Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:  New Scam Alert: Ransomware Scam Letters Training:  Frauds and New Scam Alerts + How To Prevent Them  On-Demand Webinar:  Vendor Validations Recommended for Compliance - Manual vs Automated https://training.debrarrichardson.com/course/june2024-2Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Phishing, smishing and vishing attacks. You’ve probably heard of them, but what are they? What are the differences between them? And what can you do to avoid being a victim of them? To help us understand, John Landecker is joined by Herb Weisbaum, The ConsumerMan, an Emmy-award-winning broadcaster and one of America's top consumer experts. He's been […]

I'm joined by guests Rob Hamilton & Future Paul to go through the list.Timecodes coming soon...Links & Contacts:Website: https://bitcoin.review/Substack: https://substack.bitcoin.review/Twitter: https://twitter.com/bitcoinreviewhqNVK Twitter: https://twitter.com/nvkTelegram: https://t.me/BitcoinReviewPodEmail: producer@coinkite.comNostr & LN: ⚡nvk@nvk.org (not an email!)Full show notes: https://bitcoin.review/podcast/episode-94

FTC sends warning to future 23andMe buyer Global phishing threat targets 88 countries Samsung data breach tied to old stolen credentials Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk Management. Visit qualys.com/etm for more information."  

In this episode, the hosts discuss the alarming rise of sophisticated phishing attacks, particularly focusing on a new phishing-as-a-service (PhaaS) platform, Morphing Meerkat, that utilizes DNS and mail exchange records to create realistic fake login pages for over 114 brands. They emphasize the importance of vigilance and best practices in cybersecurity, highlighting the need for continuous training and awareness to combat these evolving threats. Article: New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims' DNS Email Records https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html?m=1&fbclid=IwZXh0bgNhZW0CMTAAAR3fTY3wgimnsnbCvjwP_BdODwGunTLc_PtYoXhCMORlLIuDVXlp4zuA4jE_aem_LgbRCbQ3z8lkAHbuvqsSZg Please LISTEN

A Tale of Two Phishing Sties Two phishing sites may use very different backends, even if the site itself appears to be visually very similar. Phishing kits are often copied and modified, leading to sites using similar visual tricks on the user facing site, but very different backends to host the sites and reporting data to the miscreant. https://isc.sans.edu/diary/A%20Tale%20of%20Two%20Phishing%20Sites/31810 A Phihsing Tale of DOH and DNS MX Abuse Infoblox discovered a new variant of the Meerkat phishing kit that uses DoH in Javascript to discover MX records, and generate better customized phishing pages. https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/ Using OpenID Connect for SSH Cloudflare opensourced it's OPKSSH too. It integrates SSO systems supporting OpenID connect with SSH. https://github.com/openpubkey/opkssh/

REPLAY (Original Air Date May 27, 2024) *Please note that this episode contains discussions regarding abuse that some may find disturbing. Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. Today, Chris is joined by Nadja El Fertasi. Nadja is a leading figure in fostering emotional resilience within the digital age. Her comprehensive expertise spans crisis management, strategic stakeholder communication, and emotional intelligence, creating a unified approach to enhance the human side of digital advancements. Having spent nearly two decades at NATO, including a significant role in the NATO Communications and Information Agency focusing on Digital Transformation & Cybersecurity, Nadja has been a pivotal figure in strategic engagement and communications. This role highlighted her commitment to navigating and leading through the complexities of cybersecurity and digital transformation. With over 15 years dedicated to cybersecurity at NATO, Nadja has emerged as a respected expert in her field. Her contribution to the cybersecurity community was acknowledged in "Hacking Gender Barriers: Europe's Top Cyberwomen," by the Women4Cyber foundation, which recognized her as one of Europe's influential figures in cybersecurity. Today, Nadja is the voice behind the EQ Elevator Podcast, where she assists businesses in cultivating leadership that's resilient and equipped for the digital age's challenges. Her work is dedicated to shaping a safer, more emotionally intelligent digital landscape, where individuals and organizations can thrive amidst technological disruptions. [May 27, 2024]   00:00 - Intro 00:19 - 2024 State of Vishing Report 01:01 - Intro Links -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                 03:11 - Nadja El Fertasi Intro 05:02 - The Importance of Sharing 07:14 - Romance Scam: Nadja's Story 13:51 - The Other Side 15:59 - The Red Flags 19:13 - A Gift and a Curse 23:22 - Taking Responsibility 25:24 - Love, Not Romance 27:05 - Navigating the Apps 32:28 - Reality Check 37:27 - Being Human 39:39 - Learning From "No" 41:28 - Where to Report 42:25 - Wrap Up 43:58 - Find Nadja El Fertasi Online -          LinkedIn: in/nadja-elfertasi -          Instagram: @nadjafertasi 45:17 - Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org   Find us online -          Chris Hadnagy -          Twitter: @humanhacker -          LinkedIn: linkedin.com/in/christopherhadnagy

Deepfake, phishing s pomocou umelej inteligencie či ransomvér útoky schopné prispôsobiť sa každej firme. Kyberbezpečnosť čelí novým výzvam, na ktoré musíme byť pripravení všetci. O tom, ale aj o smernici NIS2, hovorí Július Selecký zo spoločnosti ESET. Článok s označením We Know How vznikol v spolupráci s komerčným partnerom.

❤️ Visite nossa campanha de financiamento coletivo e nos apoie!

France runs a phishing test on two and a half million students, Google fixes a Chrome zero-day abused for espionage, China publishes new facial recognition rules, and the DragonForce ransomware group hacks two rivals. Show notes

Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Craig Taylor, Co-Founder and CEO of CyberHoot. They explored how CyberHoot helps businesses manage cyber risks and improve cyber literacy with tools that are smart, simple, and human-focused.Craig explained how CyberHoot supports small businesses who often face big cybersecurity challenges with limited resources. Their platform skips passwords and makes training easy, using short lessons, clear policies, and phishing simulations.They also discussed how CyberHoot uses positive reinforcement and gamification to make training fun and effective—helping employees learn to spot threats like phishing emails without fear or blame. The conversation touched on the power of storytelling in cybersecurity education and why putting people at the center of security is key to long-term success.Support the show

Craig Taylor is a seasoned cybersecurity expert and entrepreneur with nearly 30 years of experience managing risk across industries—from Fortune 500 corporations to SMBs. As the Co-Founder and CEO of CyberHoot, he has pioneered a positive reinforcement approach to cybersecurity education, helping businesses eliminate risky behaviors and build a positive cybersecurity culture. With a background in psychology and extensive experience leading security programs at Chase Paymentech, Vistaprint, and DXC Technology, Craig specializes in incident response, governance, and compliance. A CISSP-certified professional since 2001, he is a recognized thought leader, public speaker, and advocate for making cybersecurity training engaging, fun, and effective. 00:00 Introduction01:16 Our guest08:40 There are two types of companies10:00 We taught them how to Phish12:12 Business Email compromise13:50 Go back to the way your parents ran security16:19 What do I do first?26:12 Changing your passwords is not good for you29:00 Encryption31:30 What to look for in a Password Manager35:17 “Unsubscribe” button mishap46:15 Cyberhoot49:05 Free Training from Cyberhoot-----------------------------------------------------------------To learn more about Cyberhoot visit https://cyberhoot.com/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com

Are you performing all required vendor validations to avoid non-compliance fines and penalties? Identify non-compliance risks, and get vendor validation recommendations for regulatory, watchlist,  and electronic payment compliance.Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    On-Demand Webinar:  Vendor Validations Recommended for Compliance - Manual vs Automated Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Craig Taylor is a seasoned cybersecurity expert and entrepreneur with nearly 30 years of experience managing risk across industries—from Fortune 500 corporations to SMBs. As the Co-Founder and CEO of CyberHoot, he has pioneered a positive reinforcement approach to cybersecurity education, helping businesses eliminate risky behaviors and build a positive cybersecurity culture. With a background in psychology and extensive experience leading security programs at Chase Paymentech, Vistaprint, and DXC Technology, Craig specializes in incident response, governance, and compliance. A CISSP-certified professional since 2001, he is a recognized thought leader, public speaker, and advocate for making cybersecurity training engaging, fun, and effective. 00:00 Introduction01:16 Our guest08:40 There are two types of companies10:00 We taught them how to Phish12:12 Business Email compromise13:50 Go back to the way your parents ran security16:19 What do I do first?26:12 Changing your passwords is not good for you29:00 Encryption31:30 What to look for in a Password Manager35:17 “Unsubscribe” button mishap46:15 Cyberhoot49:05 Free Training from Cyberhoot-----------------------------------------------------------------To learn more about Cyberhoot visit https://cyberhoot.com/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com

Why does Hollywood get hacking wrong in so many movies and TV series?

The FBI issued a Public Service Announcement that check theft via mail is increasing.  See five ways they say criminals are stealing your vendor checks from the mail, and some resources to prevent check fraud. Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    On-Demand Webinar:  Avoid Paper Check Fraud When Paying Your Vendors – In 5 StepsNew Scam Alert: FBI Issues PSA On Check FraudVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

A critical vulnerability could let attackers hijack and potentially disable vulnerable servers. Europol warns of a “shadow alliance” between state-backed threat actors and cybercriminals. Sekoia examines ClearFake. A critical PHP vulnerability is under active exploitation. A sophisticated scareware phishing campaign has shifted its focus to macOS users. Phishing as a service attacks are on the rise. A new jailbreak technique bypasses security controls in popular LLMs. Microsoft has uncovered StilachiRAT. CISA confirms active exploitation of a critical Fortinet vulnerability. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. AI coding assistants get all judgy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources. This week, Chris is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. Today's question comes from N2K's ISACA® Certified Information Security Manager® (CISM®) Practice Test. The CISM exam helps to affirm your ability to assess risks, implement effective governance, proactively respond to incidents and is the preferred credential for IT managers, according to ISACA.To learn more about this and other related topics under this objective, please refer to the following resource: CISM Review Manual, 15th Edition, 1.0, Information Security Governance, Introduction. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isaca.org/credentialing/cism#1 Selected Reading Critical AMI MegaRAC bug can let attackers hijack, brick servers (bleepingcomputer) Europol Warns of “Shadow Alliance” Between States and Criminals (Infosecurity Magazine) ClearFake's New Widespread Variant: Increased Web3 Exploitation for Malware Delivery (Sekoia.io Blog) PHP RCE Vulnerability Actively Exploited in Wild to Attack Windows-based Systems (cybersecuritynews) Scareware Combined With Phishing in Attacks Targeting macOS Users (securityweek) Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge (Infosecurity Magazine) New Jailbreak Technique Bypasses DeepSeek, Copilot, and ChatGPT to Generate Chrome Malware (gbhackers) Microsoft Warns of New StilachiRAT Malware (SecurityWeek) Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns (Infosecurity Magazine) AI coding assistant Cursor reportedly tells a 'vibe coder' to write his own damn code (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

(March 19, 2025)Chris Merril is in for Bill while he is out on vacation. When astronauts Suni Williams and Butch Wilmore return to Earth. Chief Justice Roberts disagrees with Trump; Trump asks for his impeachment. NewsNation guest Tom Dempsey joins the show to speak on the issue. Why are young adults vulnerable to phishing scams. blame it on FOMO. FBI issues spring break travel warnings. Places you should not go if you want to live through it. Are people bringing their ratty kids to adults only hotels.

Send us a textOn this episode:  With Kvsha on vacation, Bram accepts an invite from the group chat to the show. He expresses respect for the island's creatives & pushes the need to share ideas. The guys talk “Phishing”, group chat etiquette & campaign trail meetings. Should there be restrictions on people running for office? The need for “Term limits”, plus 19 district councils, this & much more! Support the show

Mirai Bot Now Incorporating Malformed DrayTek Vigor Router Exploits One of the many versions of the Mirai botnet added some new exploit strings attempting to take advantage of an old DrayTek Vigor Router vulnerability, but they got the URL wrong. https://isc.sans.edu/diary/Mirai%20Bot%20now%20incroporating%20%28malformed%3F%29%20DrayTek%20Vigor%20Router%20Exploits/31770 Compromised GitHub Action The popular GitHub action tj-actions/changed-files was compromised and leaks credentials via the action logs https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised ruby-saml authentication bypass A confusion in how to parse SAML messages between two XML parsers used by Ruby leads to an authentication bypass in saml-ruby. https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/ GitHub Fake Security Alerts Fake GitHub security alerts are used to trick package maintainers into adding OAUTH privileges to malicious apps. https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/

Today we're going to talk about AI phishing scams, especially for YouTube creators. But this really affects any kind of phishing thing with all these deep fakes going around and craziness. Screw The Commute Podcast Show Notes Episode 974 How To Automate Your Business - https://screwthecommute.com/automatefree/ Internet Marketing Training Center - https://imtcva.org/ Higher Education Webinar – https://screwthecommute.com/webinars See Tom's Stuff – https://linktr.ee/antionandassociates 00:23 Tom's introduction to AI Phishing 00:58 Deepfakes and doing bad things 02:09 Happens in all kinds of fields Entrepreneurial Resources Mentioned in This Podcast Higher Education Webinar - https://screwthecommute.com/webinars Screw The Commute - https://screwthecommute.com/ Screw The Commute Podcast App - https://screwthecommute.com/app/ College Ripoff Quiz - https://imtcva.org/quiz Know a young person for our Youth Episode Series? Send an email to Tom! - orders@antion.com Have a Roku box? Find Tom's Public Speaking Channel there! - https://channelstore.roku.com/details/267358/the-public-speaking-channel How To Automate Your Business - https://screwthecommute.com/automatefree/ Internet Marketing Retreat and Joint Venture Program - https://greatinternetmarketingtraining.com/ KickStartCart - http://www.kickstartcart.com/ Copywriting901 - https://copywriting901.com/ Become a Great Podcast Guest - https://screwthecommute.com/greatpodcastguest Training - https://screwthecommute.com/training Disabilities Page - https://imtcva.org/disabilities/ Tom's Patreon Page - https://screwthecommute.com/patreon/ Tom on TikTok - https://tiktok.com/@digitalmultimillionaire/ Email Tom: Tom@ScrewTheCommute.com Internet Marketing Training Center - https://imtcva.org/ Related Episodes Easy Bonuses - https://screwthecommute.com/973/ More Entrepreneurial Resources for Home Based Business, Lifestyle Business, Passive Income, Professional Speaking and Online Business I discovered a great new headline / subject line / subheading generator that will actually analyze which headlines and subject lines are best for your market. I negotiated a deal with the developer of this revolutionary and inexpensive software. Oh, and it's good on Mac and PC. Go here: http://jvz1.com/c/41743/183906 The Wordpress Ecourse. Learn how to Make World Class Websites for $20 or less. https://screwthecommute.com/wordpressecourse/ Join our Private Facebook Group! One week trial for only a buck and then $37 a month, or save a ton with one payment of $297 for a year. Click the image to see all the details and sign up or go to https://www.greatinternetmarketing.com/screwthecommute/ After you sign up, check your email for instructions on getting in the group.

Unveiling Cyber Security Insights with David Shipley: The Truth Behind Phishing and Technology Bias Join Jim Love and cybersecurity expert David Shipley in this insightful episode of 'Cyber Security Today.' They delve into the realities of phishing in the workplace, revealing surprising data about email filter leakage rates and the critical role of human behavior in cybersecurity. Discover the importance of balanced security training, the dangers of over-reliance on technology, and the psychological biases that can compromise your organization. Gain actionable insights and learn how to benchmark your cybersecurity efforts effectively. 00:00 Introduction to Cybersecurity Today 00:10 The Fascination with Science and Truth 00:31 Heroes and Influences 00:47 The Reality of Tech Research 01:43 Phishing Email Statistics 03:52 Technology Bias in Cybersecurity 07:30 The Importance of Security Awareness 15:02 Effective Training Strategies 20:53 Optimism Bias and Security 21:57 Exploring Popular Courses and Their Impact 23:33 Understanding Phishing Metrics: Click Rate and Report Rate 26:28 The Importance of Post-Click Report Rate 31:39 Analyzing Industry Trends in Phishing 35:00 Key Takeaways and Future Directions 39:29 Accessing the Annual Report and Final Thoughts

Medusa ransomware continues to attack infrastructure DoJ seeks to break up Google Another phishing campaign hits Booking.com Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com.

Revisit Episode #205 with us where we learned about phishing scams, got job hunting advice from Steve Gray, Senior Vice President, Private Client Advisor with Bank of America, and we talked with David Paull and Dustin Fernandes, two of the people behind the wildly popular TEDx Portland, plus...being a panda nanny might be the best job in the world.

Mark of the Web: Some Technical Details Windows implements the "Mark of the Web" (MotW) as an alternate data stream that contains not just the "zoneid" of where the file came from, but may include other data like the exact URL and referrer. https://isc.sans.edu/diary/Mark%20of%20the%20Web%3A%20Some%20Technical%20Details/31732 Havoc Sharepoint with Microsoft Graph API A recent phishing attack observed by Fortinet uses a simple HTML email to trick a user into copy pasting powershell into their system to execute additional code. Most of the malware interaction uses a Sharepoint site via Microsoft's Graph API futher hiding the malicious traffic https://www.fortinet.com/blog/threat-research/havoc-sharepoint-with-microsoft-graph-api-turns-into-fud-c2 Paragon Partition Manager Exploit A vulnerable Paragon Partition Manager has been user recently to escalate privileges for ransomware deployment. Even if you to not have PAragon installed: An attacker may just "bring the vulnerable driver" to your system. https://kb.cert.org/vuls/id/726882

Unfurl Update Released Unfurl released an Update fixing a few bugs and adding support to decode BlueSky URLs. https://isc.sans.edu/diary/Unfurl%20v2025.02%20released/31716 Google Confirms GMail To Ditch SMS Code Authentication Google no longer considers SMS authentication save enough for GMail. Instead, it pushes users to use Passkeys, or QR code based app authentication https://www.forbes.com/sites/daveywinder/2025/02/23/google-confirms-gmail-to-ditch-sms-code-authentication/ Beware of Paypal New Address Feature Abuse Attackers are using "address change" e-mails to send links to phishing sites or trick users into calling fake tech support phone numbers. Attackers are just adding the malicious content as part of the address. The e-mail themselves are legitimate PayPal emails and will pass various spam and phishing filters. https://www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails/ Exim SQL Injection Vulnerability Exim, with sqlite support and ETRN enabled, is vulnerable to a simple SQL injection exploit. A PoC has been released https://www.exim.org/static/doc/security/CVE-2025-26794.txt https://github.com/OscarBataille/CVE-2025-26794? XMLlib patches https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 0-Day in Parallels https://jhftss.github.io/Parallels-0-day/