POPULARITY
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A report from Google on how to defend against UNC3944, better known as Scattered Spider.North Korea-backed threat actor TA406 has shifted its focus to targeting Ukrainian government agencies, according to new research from Proofpoint.Since October 2024, urlscan.io has been tracking a phishing campaign known as Oriental Gudgeon, which is targeting over 40 Japanese commercial entities—mostly in the financial services sector.Apple has released a substantial batch of security updates across its software ecosystem, including iOS 18.5, iPadOS, and the latest versions of macOS. And the article Matt mentions about CISA shifting their alert distribution strategy: https://www.infosecurity-magazine.com/news/cisa-alert-strategy-email-social/
Charter Communications has announced its acquisition of Cox Communications for $34.5 billion, a significant move that will merge two of the largest internet service providers in the United States. This merger is expected to require approval from the Federal Communications Commission due to Cox's critical operational licenses. The combined entity plans to adopt the Cox Communications name, with Spectrum serving as the consumer-facing brand in areas previously served by Cox. This merger could potentially impact service quality for small and medium-sized businesses (SMBs) that rely on Cox as their provider, especially during the integration phase.In another major development, Proofpoint has revealed its plans to acquire Hornet Security for $1 billion, aiming to enhance its cybersecurity offerings and expand its presence in the cloud security market. Hornet Security specializes in Microsoft 365 solutions and has shown impressive growth, reporting over $160 million in annual recurring revenue. This acquisition may alienate Hornet Security's managed service provider (MSP) partners if there are changes in pricing, support models, or access to services, creating an opportunity for competitors to attract disaffected partners.Arm is rebranding its system-on-a-chip product designs to focus on power savings for artificial intelligence workloads, targeting sectors like automotive and cloud computing. The company reported a significant revenue increase, driven by licensing and royalty revenue. Meanwhile, Box is enhancing its collaboration with Microsoft by introducing an AI agent that integrates with Microsoft 365 Copilot, allowing users to analyze documents and automate tasks more efficiently. These moves reflect the industry's shift towards AI integration and the importance of aligning with existing platforms to deliver value.Hewlett Packard Enterprise (HPE) has introduced updates to its Morpheus software and VM Essentials offerings, promising substantial cost savings for businesses in the virtualization market. HPE's new pricing model, based on server sockets rather than cores, aims to provide significant financial advantages, especially as VMware faces scrutiny over its pricing strategies. Additionally, the podcast discusses the challenges posed by shadow AI and the evolving landscape of artificial intelligence, emphasizing the need for governance and transparency as organizations increasingly adopt AI tools without formal approval. The episode concludes with a reflection on the implications of AI in education, highlighting the growing use of AI tools by professors and the concerns raised by students regarding the authenticity of their learning experience. Four things to know today 00:00 Charter-Cox Merger and Proofpoint's $1B Hornet Deal Signal New Era of Scale and Specialization in Tech Services 03:38 From Chips to Content: Arm and Box Shift Strategies to Embed AI Across Cloud, Automotive, and Microsoft 365 05:39 HPE Launches Morpheus and VM Essentials Updates With Up to 90% Savings Over VMware Licensing 07:45 Shadow AI, Specialized Models, and Student Backlash: The Growing Pains of Enterprise AI Adoption Supported by: https://mspradio.com/engage/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
David Knight is the founder and CEO of Avarra.ai, an AI company that's arming sales teams with the kind of intelligence that turns potential into performance and guesswork into game plans. David has a 30+ year track record leading GTM teams and building revenue engines that don't just grow—they dominate. He's been instrumental in scaling MULTIPLE Billion Dollar recurring revenue machines at Market leaders like WebEx and Proofpoint. He's been in the trenches, in the boardrooms, and on the front lines of tech revolutions. In his leadership journey, David has learned the importance of creating teams that are “Customer Ready.” How elite leaders need to help create intentional improvement…not just incremental effort. Today David shares how elite leaders treat creating readiness in ways very similar to how elite golfers treat their driving range in an episode that will change how you think about “readiness.” You can connect with David on LinkedIn here. (https://www.linkedin.com/in/davidrknight/) You can check out Avarra.ai here (https://www.avarra.ai/). For video excerpts of this and other episodes of the Sales Leadership Podcast, check out Sales Leadership United Here. (https://www.patreon.com/c/SalesLeadershipUnited) Be sure to check out the full video of this episode on our YouTube channel here.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and our newest co-host, Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Quintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss the growing trend of cybercriminals using legitimate remote monitoring and management (RMM) tools in email campaigns as a first-stage payload. They explore how these tools are being leveraged for data theft, financial fraud, and lateral movement within networks. With the decline of traditional malware delivery methods, including loaders and botnets, the shift toward RMMs marks a significant change in attack strategies. Tune in to learn more about this evolving threat landscape and how to stay ahead of these tactics.
ABOUT WADE CHAMBERSWade Chambers will be leading Engineering at Amplitude. Amplitude is the leading digital analytics platform that helps companies unlock the power of their products. Wade has over 25 years of engineering leadership experience, both advising companies and being hands-on in key leadership positions at companies such as Included Health, Twitter, TellApart, Proofpoint, Yahoo, and Opsware. He is a deep technical expert with a proven track record of scaling teams, leaders, market-defining technology innovations, and business growth. Build AI Voice Agents with ElevenLabsElevenLabs is the leading Voice AI platform for developers with thousands of ultra-realistic, human-like voices across 32 languages.Developers use ElevenLabs to build life-like, conversational AI voice agents to handle customer support queries, appointment scheduling, and even offer personalized 1-1 tutoring.Get started for free at elevenlabs.io/elc SHOW NOTES:Why empowering engineering teams to own their mission matters (3:16)Common traps that prevent eng leaders from empowering teams (5:15)Understanding the “why” behind ownership & systemizing individual ownership (7:09)Systems change for empowerment: Aligning company vision, outcomes, competencies & behaviors (9:48)How to bring someone from low ownership back to high ownership (13:49)Developing trust & having tough conversations around ownership (15:17)Nonobvious factors to that erode ownership over time (17:42)Empowering teams through meaningful missions, clear expectations, defining success, & ongoing check-ins (20:55)Identifying engineers w/ competencies & behaviors that align w/ your org's vision & goals (24:00)When having too much ownership becomes a problem (27:22)Wade's process for officially transferring ownership (28:47)Coaching and navigating conversations around ownership (32:01)Impactful questions to ask during the coaching / check in process (34:08)Closing gaps in leadership competencies & behaviors (37:27)Coaching leaders to align personal growth with org goals (39:25)Rapid fire questions (41:34)This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/
As Singapore gears up for its first General Election under Prime Minister Lawrence Wong, the stakes are higher than ever—not just politically, but digitally. With the rise of generative AI and deepfakes, the manipulation of political narratives has become easier, faster, and disturbingly more believable. Jennifer Cheng, Director of Cybersecurity Strategy for APJ at Proofpoint, joins the Breakfast Show to discuss how AI is transforming the disinformation landscape, what it means for Singapore’s democratic process, and how individuals and institutions can guard against this new wave of digital deception. Presented by: Audrey SiekProduced by: Dan KohEdited by: Chua Meng ChoonSee omnystudio.com/listener for privacy information.
Heather Harlos, Global Programs Enablement & Go-to-Market Leader at Proofpoint, joins Partnerships Unraveled to break down the strategies that truly empower partners and remove friction from the sales process.In this episode, Heather shares why Proofpoint made the uncommon decision to position its channel programs under sales instead of marketing and why it's paying off. She and Alex dive into the critical role of marketplaces in partner enablement, the balancing act of making marketplaces partner-inclusive, and how AI and automation are shaping the future of channel strategy.Key takeaways include:The shift from traditional channel tiers to behavior-based partner incentivesHow Proofpoint is enabling partners to sell and implement solutions without vendor involvementLessons from consumer marketing that can transform SMB channel strategiesWhy friction is the #1 killer of partner-driven revenue and how to eliminate itIf you're looking to build a high-impact, partner-led channel program, this is an episode you can't afford to miss.Connect with Heather: https://www.linkedin.com/in/heatherharlos/_________________________Learn more about Channext
2025 年に Microsoft Exchange Server のサポート終了が予定されています。本記事では、サポート終了によるリスクを明確にし、安全で効率的なメール環境を維持するための具体的な回避策をご紹介いたします。
In this interview, we discuss the current state of cybersecurity in health care with a specific focus on impersonation attacks, featuring Ryan Witt, Vice President, Industry Solutions at Proofpoint and Erik Decker, Vice President & Chief Information Security Officer at Intermountain Health.Witt shares many of the learnings from Proofpoint's healthcare customer advisory board where they learn about industry challenges and discuss solutions. He said that attackers particularly seek entry points through IT help desks, which the attackers contact while impersonating some doctor or other staff member. They can learn a lot about the person they're impersonating on the web or from less legitimate sources and answer a lot of the typical questions IT staff ask to validate a caller.Witt recommends looking through the organization chart to look for people that might be low-level and often forgotten, but who have access to sensitive information or systems and might be targetted or impersonated by attackers.Learn more about Proofpoint: https://www.proofpoint.com/usLearn more about Intermountain Health: https://intermountainhealthcare.org/Health IT Community: https://www.healthcareittoday.com/
In this episode of Tomorrow's Best Practices Today, Cari Jaquet—currently CMO at Normalize (acquired by Proofpoint)—joins us to talk candidly about what it really takes to grow as a marketing leader, navigate shifting company stages, and build high-performing teams. From her early days in demand gen to driving BigPanda's unicorn run, Cari reflects on the inflection points, missteps, and mindset shifts that shaped her career.We dive into:- The surprising power of “doing the work” in early-stage startups.- How to recognize when your company is truly ready for a CMO.- Building marketing from 2 people to 11 during a crisis—and what changed.- The underrated skill of knowing when to abandon a campaign.- Using AI as a creative partner (not a replacement).- Transitioning from VP to CMO: mentorship, scorecards, and honest reflection.- Why empathy for sales and customers still defines great marketing.Show Notes: 00:00 – Intro: Meet Cari Jaquet01:38 – Career Path: From Demand Gen to CMO05:48 – Matching Marketing Skills to Company Stage10:39 – Building a Marketing Team from Scratch15:25 – Market Timing and the BigPanda Unicorn Run18:26 – Creative Campaigns During COVID24:10 – Field Marketing and High-Touch Campaigns26:28 – When to Hire a CMO vs. Go Fractional33:54 – AI in Marketing: Hype vs. Help41:47 – Life Outside the Zoom Box-----CONNECT with us at:Website: https://leadtail.com/Leadtail TV: https://www.leadtailtv.com/LinkedIn: https://www.linkedin.com/company/lead...Twitter: https://twitter.com/leadtailFacebook: https://www.facebook.com/Leadtail/Instagram: https://www.instagram.com/leadtail/----#b2bmarketing #b2b
Joe welcomes Tracy Newell, a seasoned tech leader, mentor, and former Fortune 500 executive, to discuss her new book Hers For the Taking: Your Path to the C-Suite and Beyond. Tracy shares her insights on the challenges and opportunities for women in corporate leadership, drawing from her 30+ years of experience.The conversation kicks off with a look at the current state of gender diversity in the C-suite, where Tracy highlights both progress and the work still to be done. She emphasizes the importance of mentorship, managing through influence, and the power of asking the right questions to advance your career. Tracy also delves into practical strategies for navigating the corporate "jungle gym," overcoming burnout, and balancing professional ambitions with personal priorities.Tune in for an inspiring and empowering discussion that challenges the status quo and redefines what's possible in the world of leadership.TRACEY NEWELL, former president of Informatica and board member, is a renowned business leader. She spearheaded Proofpoint's hypergrowth and held executive roles at Polycom, Juniper Networks, Webex, and Cisco. Recognized as a Top 100 Sales Leader, Tracey serves on multiple boards including Druva, DataRobot, and Sailpoint, and contributes to non-profit organizations.
This week, we are sharing an episode of our monthly show, Only Malware in the Building. We invite you to join Dave Bittner and cohost Selena Larson as they explore "The new malware on the block." Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we're keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the latest shake-ups in the fake update threat landscape, including two new cybercriminal actors, fresh Mac malware, and the growing challenge of tracking these evolving campaigns. Learn more about your ad choices. Visit megaphone.fm/adchoices
Gang,This week, we're going to hear about how to protect yourself from social engineering attacks through the Proofpoint discarded podcast. You can Go to the magnatune page to find links to listen on Saturday starting at 7 CT, 5 PT. See you then!
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we're keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing. In this type of attack, an attacker sends a seemingly benign email, often containing an invoice or payment notification, along with a phone number. When the victim calls, they speak with the attacker, who convinces them to install remote access tools, leading to malware installation, phishing, and financial theft. Tune in as we explore how this deceptive tactic works and ways to protect yourself from falling victim to it.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Christina Shannon, CIO, KIK Consumer Products. Joining them is Jim Bowie, CISO, Tampa General Hospital. In this episode: A journey, not a destination The difference between pressure and stress Fighting commodity deepfakes Getting leadership on the same page HUGE thanks to our sponsors, Proofpoint, Cofense, & KnowBe4 With an integrated suite of cloud-based cybersecurity and compliance solutions, Proofpoint helps organizations around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Discover cutting-edge security insights and industry trends from leading experts at Proofpoint Power Series—a monthly virtual event designed to empower the security community. Learn more at proofpoint.com Powered by 35 million trained employee reporters, the exclusive Cofense® PhishMe® Email Security Awareness Training with Risk Validation and Phishing Threat Detection and Response Platforms combine robust training with advanced tools for phishing identification and remediation. Together, our solutions empower organizations to identify, combat, and eliminate phishing threats in real-time. Learn more at cofense.com KnowBe4's PhishER Plus is a lightweight SOAR platform that streamlines threat response for high-volume, potentially malicious emails reported by users. It automatically prioritizes messages, helping InfoSec and Security Operations teams quickly address the most critical threats, reducing inbox clutter and enhancing overall security efficiency. Learn more at knowbe4.com
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we're keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing. In this type of attack, an attacker sends a seemingly benign email, often containing an invoice or payment notification, along with a phone number. When the victim calls, they speak with the attacker, who convinces them to install remote access tools, leading to malware installation, phishing, and financial theft. Tune in as we explore how this deceptive tactic works and ways to protect yourself from falling victim to it.
プルーフポイントでは、攻撃の塊を攻撃キャンペーンとして定義しています。その分析結果から、なんと全世界のメール脅威のうち、1 月は 69.5 %、2 月は 80.2 %が日本をターゲットにしていることが分かりました。
Tech Industry Alliance is proud to announce the official launch of TechFest 2025, the South West's leading technology conference, bringing together industry pioneers, AI experts, and business leaders to explore how artificial intelligence, space innovation, and tech talent are shaping our future. TechFest is the Alliance's annual flagship technology conference and will be held at Rochestown Park Hotel, Cork, from 08:00 am on May 15, 2025. This year's theme, "Tech, AI & Humanity - Shaping Our Future," will examine the profound impact of AI on society, business, and the workforce of tomorrow. Tickets for the main conference are now on sale here. TechFest 2025 is delighted to welcome internationally acclaimed neuroscientist, broadcaster, and author Dr. Hannah Critchlow as the keynote speaker. Named a "Rising Star in Life Sciences" by Nature, Dr. Critchlow is a Fellow at Magdalene College, University of Cambridge, and a respected voice in neuroscience and AI. With frequent appearances on BBC, ABC, and global media, including The Life Scientific, Tomorrow's World Live, and BBC Radio 4's Destiny and the Brain, Dr. Critchlow will explore the intersection of neuroscience, AI, and human potential. Keeping the energy high and discussions insightful, Jonathan McCrea, an acclaimed science communicator and AI master trainer, will guide attendees through the event. Passionate about harnessing AI to drive productivity and innovation, Jonathan will ensure an engaging and thought-provoking experience. Other expert speakers on the day include Dan Rapp Chief AI and Data Officer - Proofpoint, Dr. Laura Maye - UCC Lecturer specialising in human-computer interaction and inclusive technology design, Rory Fitzpatrick - CEO of the National Space Centre, Cormac O' Sullivan from Mbyronics, Dr. Niall Smith - Head of Research at Munster Technological University, Tim Crowe, Co-Founder and CEO of WrxFlo, Emily Brick - Founder of Athena Analytics, plus many more. This year's conference will feature four engaging tracks addressing the biggest challenges and opportunities in tech: Tech, AI & Humanity - How Will Artificial Intelligence Reshape Society? The Future of Tech Talent - What Skills Will Define the Workforce of Tomorrow? Showcasing Evolving Tech Companies - Meet the Innovators Transforming the South West's Tech Sector Space & the Future of Humanity - Exploring the Next Frontier of Innovation Gerry Murphy, Tech Industry Alliance Chairperson, commented: "We are delighted to be announcing TechFest 2025, which will feature rare content, rich dialogue, and facilitate real connections. This event would not be possible without the vital support of our sponsors, who all recognise the importance of our sector to the Munster region. Following a highly successful TechFest last year, we are thrilled with this year's incredible lineup of speakers and the even greater opportunities to network with colleagues and businesses across the South West region." With over 400 attendees expected, TechFest 2025 will be an unparalleled opportunity to network, connect, and collaborate. Given the high demand, attendees are encouraged to secure their tickets early, as the event is expected to be a sell-out. TechFest 2025 sponsors - Tech Industry Alliance Skillnet, AIB, Proofpoint, PepsiCo Ireland, Skillnet Innovation Exchange, FIT (Fastrack into Information Technology), Barden, Trend Micro, Park Place Technologies, CyberSkills, NetApp, Aspen Grove, Deloitte, Cork City Council, Cork County Council, We are Cork, Kerry County Council, Discover Kerry, Voxxify, MTU, Nimbus Secure Your Spot Now: TechFest 2025 is THE must-attend event for tech professionals, business leaders, startups, and innovators who want to stay ahead of the curve. Register today and secure your spot.
難読化されたコードは、デバッグして動作を解析しなければ通信先の URL を特定することができません。解析には非常に複雑な処理が必要になるため、パターンベースの比較的レガシーな検知の仕組みは容易にすり抜けてしまうことにつながるわけです。
No Sociedade Digital dessa semana, Marcos Nehme, diretor de vendas da Proofpoint, conversa com André Miceli sobre cibersegurança e o que esperar desse mercado nos próximos anos.
Darren Lee, EVP and GM of the Threat Protection Group at Proofpoint joins Diane King Hall at the NYSE to discuss the company's global strategic alliance with Microsoft (MSFT). Darren points to his company's cybersecurity offerings, trends in cyberthreats and how A.I. is utilized in detecting cyberattacks.======== Schwab Network ========Empowering every investor and trader, every market day.Subscribe to the Market Minute newsletter - https://schwabnetwork.com/subscribeDownload the iOS app - https://apps.apple.com/us/app/schwab-network/id1460719185Download the Amazon Fire Tv App - https://www.amazon.com/TD-Ameritrade-Network/dp/B07KRD76C7Watch on Sling - https://watch.sling.com/1/asset/191928615bd8d47686f94682aefaa007/watchWatch on Vizio - https://www.vizio.com/en/watchfreeplus-exploreWatch on DistroTV - https://www.distro.tv/live/schwab-network/Follow us on X – https://twitter.com/schwabnetworkFollow us on Facebook – https://www.facebook.com/schwabnetworkFollow us on LinkedIn - https://www.linkedin.com/company/schwab-network/About Schwab Network - https://schwabnetwork.com/about
Law enforcement shutters Garantex crypto exchange. NTT discloses breach affecting corporate customers. Malvertising campaign hits nearly a million devices. AI's role in Canada's next election. Scammers target Singapore's PM in AI fraud. Botnets exploit critical IP camera vulnerability. In our International Women's Day and Women's History Month special, join Liz Stokes as she shares the inspiring stories of women shaping the future of cybersecurity. And how did Insider threats turn a glitch into a goldmine? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In this special International Women's Day edition, we shine a spotlight on the incredible women in and around our network who are shaping the future of cybersecurity. Join Liz Stokes as we celebrate Selena Larson, Threat Researcher at Proofpoint, and co-host of Only Malware in the Building, Gianna Whitver, CEO & Co-Founder of the Cybersecurity Marketing Society and co-host of the Breaking Through in Cybersecurity Marketing podcast, Maria Velasquez, Chief Growth Officer & Co-Founder of the Cybersecurity Marketing Society and co-host of the Breaking Through in Cybersecurity Marketing podcast, Chris Hare, Project Management Specialist and Content Developer at N2K Networks, and host of CertByte, Ann Lang, Project Manager at N2K Networks, Jennifer Eiben, Executive Producer at N2K Networks, and Maria Varmazis, host of the T-Minus Space Daily show at N2K Networks for their achievements, resilience, and the invaluable contributions they make to keeping our digital world secure. Selected Reading Russian crypto exchange Garantex's website taken down in apparent law enforcement operation (The Record) Data breach at Japanese telecom giant NTT hits 18,000 companies (BleepingComputer) Malvertising campaign leads to info stealers hosted on GitHub (Microsoft) Canadian intelligence agency warns of threat AI poses to upcoming elections (The Record) Deepfakes of Singapore PM Used to Sell Crypto, Residency Program (Bloomberg) Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets (SecurityWeek) Magecart: How Akamai Protected a Global Retailer Against a Live Attack (Akamai) Cybercrime 'crew' stole $635,000 in Taylor Swift concert tickets (BleepingComputer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we're keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the latest shake-ups in the fake update threat landscape, including two new cybercriminal actors, fresh Mac malware, and the growing challenge of tracking these evolving campaigns.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we're keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the latest shake-ups in the fake update threat landscape, including two new cybercriminal actors, fresh Mac malware, and the growing challenge of tracking these evolving campaigns.
This week, we are joined by Selena Larson from Proofpoint, and co-host of the "Only Malware in the Building" podcast, as she discusses the research on "Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk." The cybersecurity industry has historically prioritized Advanced Persistent Threats (APTs) from nation-state actors over cybercrime, but this distinction is outdated as cybercriminals now employ equally sophisticated tactics. Financially motivated threat actors, especially ransomware groups, have evolved to the point where they rival state-backed hackers in technical capability and impact, disrupting businesses, infrastructure, and individuals on a massive scale. To enhance security, defenders must shift focus from an APT-centric mindset to a broader approach that equally prioritizes combating cybercrime, which poses an immediate and tangible risk to global stability. The research can be found here: Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Selena Larson from Proofpoint, and co-host of the "Only Malware in the Building" podcast, as she discusses the research on "Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk." The cybersecurity industry has historically prioritized Advanced Persistent Threats (APTs) from nation-state actors over cybercrime, but this distinction is outdated as cybercriminals now employ equally sophisticated tactics. Financially motivated threat actors, especially ransomware groups, have evolved to the point where they rival state-backed hackers in technical capability and impact, disrupting businesses, infrastructure, and individuals on a massive scale. To enhance security, defenders must shift focus from an APT-centric mindset to a broader approach that equally prioritizes combating cybercrime, which poses an immediate and tangible risk to global stability. The research can be found here: Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk Learn more about your ad choices. Visit megaphone.fm/adchoices
Palo Alto Networks confirms a recently patched firewall vulnerability is being actively exploited. CISA warns of an actively exploited iOS vulnerability. Juniper Networks has issued a critical security advisory for an API authentication bypass vulnerability. The acting commissioner of the Social Security Administration (SSA) resigns after Elon Musk's team sought access to sensitive personal data of millions of Americans. The EagerBee malware framework is actively targeting government agencies and ISPs across the Middle East. Proofpoint researchers document a new macOS infostealer. A new phishing kit uses timesheet notification emails to steal credentials and two-factor authentication codes. JPMorgan Chase will begin blocking Zelle payments to social media contacts to combat online scams. Our guest is Tim Starks from CyberScoop discussing his interview with former National Cyber Director Harry Coker. Transferring your digital legacy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Tim Starks from CyberScoop discussing his interview with former National Cyber Director Harry Coker. You can read more about Tim's interview “National Cyber Director Harry Coker looks back (and ahead) on the Cyber Director office” and companion piece “Trump picks Sean Cairncross for national cyber director” on CyberScoop. Selected Reading Palo Alto Networks Confirms Exploitation of Firewall Vulnerability (SecurityWeek) CISA Warns of Apple iOS Vulnerability Exploited in Wild (Cyber Security News) Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products (Cyber Security News) Top Social Security Official Leaves After Musk Team Seeks Data Access (New York Times) EagerBee Malware Attacking Government Entities & ISPs To Deploy Backdoor (Cyber Security News) Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer (Infosecurity Magazine) Microsoft Warns of Improved XCSSET macOS Malware (SecurityWeek) Fake Timesheet Report Emails Linked to Tycoon 2FA Phishing Kit (GB Hackers) Chase will soon block Zelle payments to sellers on social media (Bleeping Computer) Digital Estate Planning: How to Prepare Your Social Media Accounts (New York Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc Learn more about your ad choices. Visit megaphone.fm/adchoices
Torque is the force that keeps a system stable and in motion—just like cybersecurity, where constant pressure, precision, and adaptability are critical to staying ahead of threats. Curt Vincent knows this well, having transitioned from troubleshooting turbine engines in the Army to leading cybersecurity at the highest levels of Wall Street. A retired U.S. Army Lieutenant Colonel with tech-heavy deployments in Desert Storm and post-9/11 cyber warfare, Curt went on to build and lead Morgan Stanley's 400-person Cyber Security Division, later holding executive roles at Bank of America and Goldman Sachs. Now a trusted advisor to C-suites and boards, Curt shares how the lessons of engineering, military strategy, and high-stakes cyber defense all come down to maintaining control under pressure.TIMESTAMPS:00:00 Curt Vincent's Journey to Cybersecurity14:40 Building Cybersecurity at Morgan Stanley28:39 Cultural Shifts in Cybersecurity Practices29:24 The Disconnect Between Cybersecurity and Business32:13 Accountability and Consequences in Cybersecurity35:12 Communication and Leadership in Cybersecurity38:40 Connecting with the Audience: The Role of Analogies39:14 Unique Experiences and Cultural PerspectivesSYMLINKS:Curt Vincent's Website - https://curtvincent.comCurt Vincent's speaker website where he shares insights on cybersecurity, leadership, and consulting.KnowBe4 - https://www.knowbe4.comA cybersecurity awareness training platform that specializes in phishing simulation and security education to help organizations mitigate human-related risks.Proofpoint - https://www.proofpoint.comA cybersecurity company providing threat intelligence, email security, and phishing prevention solutions to protect organizations from cyber threats.Morgan Stanley Cybersecurity - https://www.morganstanley.com/Morgan Stanley's approach to cybersecurity includes best practices and risk management strategies for businesses and individuals.Widener University - https://www.widener.eduThe university where Curt Vincent pursued his degree before re-entering the military and advancing in his cybersecurity career.CONNECT WITH USwww.barcodesecurity.comBecome a SponsorFollow us on LinkedInTweet us at @BarCodeSecurityEmail us at info@barcodesecurity.com
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode and since it is February (the month of love as Selena calls it), we talk about romance scams known throughout the security world as pig butchering. And, Rick's experiencing a bit of a Cyber Groundhog Day in his newly-realized retirement.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode and since it is February (the month of love as Selena calls it), we talk about romance scams known throughout the security world as pig butchering. And, Rick's experiencing a bit of a Cyber Groundhog Day in his newly-realized retirement.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the year's most impactful cyber trends and incidents—from the Snowflake hack and Operation Endgame to the rise of multi-channel scams and explosive growth in web inject attacks. Ransomware continued to wreak havoc, especially in healthcare, while callback phishing and MFA-focused credential attacks kept defenders on high alert. Join us as we reflect on these challenges and look ahead to what's next in 2025.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the year's most impactful cyber trends and incidents—from the Snowflake hack and Operation Endgame to the rise of multi-channel scams and explosive growth in web inject attacks. Ransomware continued to wreak havoc, especially in healthcare, while callback phishing and MFA-focused credential attacks kept defenders on high alert. Join us as we reflect on these challenges and look ahead to what's next in 2025.
Please enjoy this encore episode of Only Malware in the Building. Welcome in! You've entered, Only Malware in the Building. Grab your eggnog and don your coziest holiday sweater as we sleuth our way through cyber mysteries with a festive twist! Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our cyber ghosts delve into the past, present, and future of some of the season's most pressing threats: two-factor authentication (2FA), social engineering scams, and the return to consumer-targeted attacks. Together, Rick, Dave, and Selena deliver a ghostly—but insightful—message about the state of cybersecurity, past, present, and future. Can their advice save your holiday season from digital disaster? Tune in and find out. May your holidays be merry, bright, and free of cyber fright! Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome to this replay on The Cyber Threat Perspective! In this episode, Brad and Spencer dive into the mechanics and recent developments of email spoofing, shedding light on how attackers are bypassing advanced email protections.In this episode, we cover:The fundamentals of email spoofing and why it's a significant threat.Insight into the recent echo spoofing campaign exploiting Proofpoint's misconfiguration.The role of SPF, DKIM, and DMARC in combating email spoofing.How threat actors are using Microsoft 365 to bypass email protections.Mitigation strategies and the latest updates from Proofpoint and Microsoft to address these vulnerabilities.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
In this Risky Business News sponsor interview, Catalin Cimpanu talks with Proofpoint senior threat intelligence analyst Selena Larson about the rise of Attacker-in-the-Middle phishing and ClickFix social engineering campaigns. Show notes Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape
This week on the Revenue Insights Podcast, Guy Rubin, CEO of Ebsta, speaks with Dean Hickman-Smith, Chief Revenue Officer at HackerOne. In this episode, Guy and Dean explore the evolution of sales leadership, the power of community in B2B sales, and how AI is transforming sales enablement and performance. With over 20 years of experience scaling InfoSec and identity companies, Dean shares insights on building global teams, leveraging partner ecosystems, and creating effective sales enablement programs in today's virtual environment. Dean Hickman-Smith is the Chief Revenue Officer at HackerOne, where he leads a global team helping organizations find and fix critical vulnerabilities through ethical hacking. He has held leadership positions at companies including Netscreen, Proofpoint, and AeroHive. At HackerOne, he oversees a team of 70+ sellers globally, managing the world's largest network of ethical hackers with over 2 million people on their platform.
Welcome in! You've entered, Only Malware in the Building. Grab your eggnog and don your coziest holiday sweater as we sleuth our way through cyber mysteries with a festive twist! Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our cyber ghosts delve into the past, present, and future of some of the season's most pressing threats: two-factor authentication (2FA), social engineering scams, and the return to consumer-targeted attacks. Together, Rick, Dave, and Selena deliver a ghostly—but insightful—message about the state of cybersecurity, past, present, and future. Can their advice save your holiday season from digital disaster? Tune in and find out. May your holidays be merry, bright, and free of cyber fright!
Welcome in! You've entered, Only Malware in the Building. Grab your eggnog and don your coziest holiday sweater as we sleuth our way through cyber mysteries with a festive twist! Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our cyber ghosts delve into the past, present, and future of some of the season's most pressing threats: two-factor authentication (2FA), social engineering scams, and the return to consumer-targeted attacks. Together, Rick, Dave, and Selena deliver a ghostly—but insightful—message about the state of cybersecurity, past, present, and future. Can their advice save your holiday season from digital disaster? Tune in and find out. May your holidays be merry, bright, and free of cyber fright!
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Proofpoint's Greg Lesnewich and Microsoft's Greg Schloemer to share the unique threat posed by North Korea's (DPRK) state-sponsored cyber activities. The Gregs discuss their years of experience tracking North Korean cyber actors and the distinct tactics that set DPRK apart from other nation-sponsored threats. The conversation also explores North Korea's high stakes, as DPRK threat actors operate under intense pressure from government handlers, adding a layer of urgency and fear to their operations. They share insights into North Korea's aggressive use of stolen cryptocurrency to fund the regime's initiatives, like ballistic missile tests, and discuss the broader geopolitical impact. In this episode you'll learn: The technical sophistication and the relentlessness of DPRK cyber tactics Complex motives behind funding and sustaining the North Korean government The training and skills development of North Korean cyber operators Some questions we ask: How do North Korean threat actors set up their relay networks differently? What sets North Korea apart from other nation-sponsored threat actors? How do North Korean cyber actors differ from traditional e-crime actors? Resources: View Greg Schloemer on LinkedIn View Greg Lesnewich on LinkedIn View Sherrod DeGrippo on LinkedIn Blog links: Citrine Sleet Observed Exploiting Zero Day New North Korean Threat Actor Identified as Moonstone Sleet East Asia Threat Actor Technique Report Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about how threat actors are shifting tactics across the landscape, focusing more on advanced social engineering and refined initial access strategies than on sophisticated malware. We'll dive into Proofpoint's latest blog detailing a transport sector breach that, while involving relatively standard malware, showcases this growing trend of nuanced techniques and toolsets.
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: SEC fines tech firms for downplaying the Solarwinds hacks Anonymous Sudan still looks and quacks like a Russian duck Apple proposes max 10 day TLS certificate life Oopsie! Microsoft loses a bunch of cloud logs Veeam and Fortinet are bad and should feel bad North Koreans are good (at hacking) And much, much more. This week's episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish. This episode is also available on Youtube. Show notes Four cyber companies fined for SolarWinds disclosure failures U.S. charges Sudanese men with running powerful cyberattack-for-hire gang Hacker Charged With Seeking to Kill Using Cyberattacks on Hospitals | WIRED Risky Biz News: Anonymous Sudan's Russia Links Are (Still) Obvious Microsoft confirms partial loss of security log data on multiple platforms | Cybersecurity Dive Risky Biz News: Apple wants to reduce the lifespan of TLS certificates to 10 days Encrypted Chat App ‘Session' Leaves Australia After Visit From Police Crypto platform Radiant Capital says $50 million in digital coins stolen following account compromises North Korean hackers use newly discovered Linux malware to raid ATMs - Ars Technica Brazil Arrests ‘USDoD,' Hacker in FBI Infragard Breach – Krebs on Security Here's how SIM swap in alleged bitcoin pump-and-dump scheme worked - Ars Technica Critical Veeam CVE actively exploited in ransomware attacks | Cybersecurity Dive FortiGate admins report active exploitation 0-day. Vendor isn't talking. - Ars Technica Hackers reportedly impersonate cyber firm ESET to target organizations in Israel The latest in North Korea's fake IT worker scheme: Extorting the employers
This week's guest studied Logistics and supply chain management, as well as held roles from Server and Sales Associate in retail, to Named AE. He worked at companies such as Apple, Symantec, MongoDB, Metadata, and Proofpoint, before becoming the CEO of Dimmo, where they are changing the way people evaluate and buy software where you can watch SaaS demos without jumping into sales cycles. When he isn't at work, he is spending time golfing, and spending time with his family. Without further ado, please join me in welcoming Troy Munson to The 20% Podcast. In this week's episode, we discussed: - His early years - Studying Supply Chain and how it relates now - Discuss his experiences selling software - The lead up to Dimmo - The future of buying software Enjoy this week's episode with Troy Munson. I am now in the early stages of writing my first book! It will cover my journey into sales, the lessons learned, and include stories and advice from top sales professionals around the world. I'm excited to share these interviews and bring you along on this journey! Like the show? Subscribe to the email: Subscribe Here I want your feedback! Reach out at 20percentpodcastquestions@gmail.com or connect with me on LinkedIn. If you know anyone who would benefit from this show, please share it! If you have suggestions for guests, let me know! Enjoy the show!
Joshua Miller from Proofpoint is discussing their work on "Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset." Proofpoint identified Iranian threat actor TA453 targeting a prominent Jewish figure with a fake podcast interview invitation, using a benign email to build trust before sending a malicious link. The attack attempted to deliver new malware called BlackSmith, containing a PowerShell trojan dubbed AnvilEcho, designed for intelligence gathering and exfiltration. This malware consolidates all of TA453's known capabilities into a single script rather than the previously used modular approach. The research can be found here: Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome, witches, wizards, and cybersecurity sleuths! You've entered, Only Malware in the Building. Join us each month to brew potions of knowledge and crack the curses of today's most intriguing cyber mysteries. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we dive into how Proofpoint researchers uncovered an espionage campaign casting custom malware known as "Voldemort" in August 2024. The Dark Arts practitioner behind this campaign targeted global organizations, disguising themselves as mundane tax authorities and weaving clever enchantments like using Google Sheets for command and control (C2). While their ultimate motive remains as shadowy as a cursed Horcrux, this malware is built for intelligence gathering and is primed to unleash additional attacks — likely summoning something even darker, like Cobalt Strike. Prepare your wands, and let's dive into this tale of digital sorcery!
Scammers are good at manipulating teens. Join host Yanely Espinal and Proofpoint's Selena Larson to learn how to stay ahead of the scammers. Think you're financially inclined? Dig deeper into the world of cybersecurity: This article in Vox talks about the prevalence of scams amongst Gen Z Learn about common types of scams 4 online scams teens are falling for and how to avoid them Are you in an educational setting? Here's a handy listening guide. Thanks for listening to this episode of “Financially Inclined”! We'd love to hear what you learned from it or any questions you'd like us to answer in a future episode. You can shoot us an email at financiallyinclined@marketplace.org or tell us using this online form. This podcast is presented in partnership with Greenlight: the money app for teens — with investing. For a limited time, our listeners can earn $10 when they sign up today for a Greenlight account.
All links and images for this episode can be found on CISO Series. This week's episode was recorded in front of a live audience in Seattle as part of the National Cybersecurity Alliance's event Convene. Recording is hosted by me, David Spark (@dspark), producer of CISO Series and Nicole Ford, SVP and CISO, Nordstrom. Joining us is guest, Varsha Agrawal, head of information security, Prosper Marketplace. In this episode: Who guards the AI guardrails? What should security awareness training look like? The authentication point of failure Uncommon sense Thanks to our podcast sponsors, KnowBe4, Proofpoint, and Vanta! KnowBe4's PhishER Plus is a lightweight SOAR platform that streamlines threat response for high-volume, potentially malicious emails reported by users. It automatically prioritizes messages, helping InfoSec and Security Operations teams quickly address the most critical threats, reducing inbox clutter and enhancing overall security efficiency. Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations' greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber-attacks. Whether you're starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.
Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the abuse of legitimate services for malware delivery. Proofpoint has seen an increase in the abuse of tools like ScreenConnect and NetSupport, as well as Cloudflare Tunnel abuse and the use of IP filtering. They have also observed a rise in financially motivated malware delivery using TryCloudflare Tunnel abuse, focusing on remote access trojans (RATs) like Xworm and AsyncRAT. Today we look at how Cloudflare tunnels are used to evade detection and how they have evolved their tactics by incorporating obfuscation techniques, with ongoing research to identify the threat actors involved.
Google and iVerify clash over the security implications of an Android app. CISA has issued a warning about a critical vulnerability in SolarWinds Web Help Desk. Ransomware attacks targeting industrial sectors surge. Microsoft is rolling out mandatory MFA for Azure. Banshee Stealer is a new macOS-targeted malware developed by Russian threat actors. A popular flight tracking website exposes users' personal and professional information. San Francisco goes after websites generating deepfake nudes. Daniel Blackford, Director of Threat Research at Proofpoint, joins us to discuss emerging tactics used by threat actors and trends in e-crime tied to nation states. Scammers Use Google to Scam Google. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Daniel Blackford, Director of Threat Research at Proofpoint, joined us while he was out at Black Hat to discuss emerging tactics used by threat actors and trends in e-crime tied to nation states. Selected Reading Google to remove app from Pixel devices following claims that it made phones vulnerable (The Record) Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App (WIRED) SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day (SecurityWeek) Microsoft Mandates MFA for All Azure Sign-Ins (Infosecurity Magazine) New Banshee Stealer macOS Malware Priced at $3,000 Per Month (SecurityWeek) Dragos reports resurgence of ransomware attacks on industrial sectors, raising likelihood of targeting OT networks (Industrial Cyber) CISA Releases Eleven Industrial Control Systems Advisories (CISA) FlightAware Exposed Pilots' and Users' Info (404 Media) AI-powered ‘undressing' websites are getting sued (The Verge) Dozens of Google products targeted by scammers via malicious search ads (Malwarebytes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
With a 98% open rate—that's right, 98%—SMS marketing can be incredibly effective, but deliverability is key, and AI can help here. Today we're going to explore the transformative role of AI in SMS marketing strategies. Joining us is John Wright, CEO of TrueDialog, to discuss how AI-driven tools are enhancing SMS deliverability and overall marketing effectiveness. About John Wright John has served as CEO of TrueDialog Inc. since 2014. Prior to his role at TrueDialog, John held senior leadership positions with Flonetwork, (acquired by DoubleClick) and DoubleClick (acquired by Google), Fortiva (acquired by Proofpoint), and Digital Impact (acquired by Acxiom). John is considered a subject matter expert in online and offline data, database marketing, and marketing automation and high growth management, having spent much of his career connecting online and offline audiences with retailers through ad-tech, eCommerce, and CRM platforms. RESOURCES Connect with Greg on LinkedIn: https://www.linkedin.com/in/gregkihlstrom Don't miss the Mid-Atlantic MarCom Summit, the region's largest marketing communications conference. Register with the code "Agile" and get 15% off. Don't miss a thing: get the latest episodes, sign up for our newsletter and more: https://www.theagilebrand.show Check out The Agile Brand Guide website with articles, insights, and Martechipedia, the wiki for marketing technology: https://www.agilebrandguide.com The Agile Brand podcast is brought to you by TEKsystems. Learn more here: https://www.teksystems.com/versionnextnow The Agile Brand is produced by Missing Link—a Latina-owned strategy-driven, creatively fueled production co-op. From ideation to creation, they craft human connections through intelligent, engaging and informative content. https://www.missinglink.company
ZScaler uncovers the largest ransomware payment to date. IBM says the average cost of a breach is closing in on five million dollars. Hackers exploited Proofpoint's email protection platform to send millions of phishing emails. NIST launches Dioptra to test ML models. AcidPour targets Linux data storage devices for wiping. WhatsApp for Windows allows Python to run wild. The White House releases the National Standards Strategy for Critical and Emerging Technology (USG NSSCET) Implementation Roadmap. A bipartisan Senate bill aims to fund cybersecurity apprenticeships. CISA adds three exploits to its vulnerability catalog. Ben Yelin joins us today to discuss a U.S. District Court judge's recent dismissal of charges against SolarWinds. Loose lips sink ships, but leaky HDMI cables flood the airwaves with digital data. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin, co-host of our Caveat podcast and Program Director, Public Policy & External Affairs at University of Maryland Center for Health and Homeland Security, joins us today to discuss the U.S. District Court judge dismissing most charges against SolarWinds. For more detail on the SolarWinds decision, check out this article. Selected Reading Zscaler just uncovered what could be the largest ransomware payment of all time (ITPro) Hackers exploit Proofpoint to send millions of phishing emails (Tech Monitor) Average data breach cost jumps to $4.88 million, collateral damage increased (Help Net Security) NIST releases open-source platform for AI safety testing (SC Media) AcidPour Malware Attacking Linux Data Storage Devices To Wipe Out Data (GB Hackers) WhatsApp for Windows lets Python, PHP scripts execute with no warning (Bleeping Computer) US government debuts Implementation Roadmap for national standards strategy on critical and emerging technologies (Industrial Cyber) Bipartisan Senate bill would promote cybersecurity apprenticeship programs (CyberScoop) CISA warns of three new critical exploited vulnerabilities (The Stack) AI can reveal what's on your screen via signals leaking from cables (New Scientist) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices