Podcasts about pulse secure vpn

Picture of the week. "You're Doing IoT RNG" The Pulse Secure VPN remains in trouble. And Cisco, too... Flaws found in another popular embedded TCP/IP library. Microsoft Edge gets "Super Duper Secure Mode" Closing the Loop. Apple's CSAM Mistake. We invite you to read our show notes at https://www.grc.com/sn/SN-831-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT plextrac.com/twit wwt.com/twit

Picture of the week. "You're Doing IoT RNG" The Pulse Secure VPN remains in trouble. And Cisco, too... Flaws found in another popular embedded TCP/IP library. Microsoft Edge gets "Super Duper Secure Mode" Closing the Loop. Apple's CSAM Mistake. We invite you to read our show notes at https://www.grc.com/sn/SN-831-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT plextrac.com/twit wwt.com/twit

Picture of the week. "You're Doing IoT RNG" The Pulse Secure VPN remains in trouble. And Cisco, too... Flaws found in another popular embedded TCP/IP library. Microsoft Edge gets "Super Duper Secure Mode" Closing the Loop. Apple's CSAM Mistake. We invite you to read our show notes at https://www.grc.com/sn/SN-831-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT plextrac.com/twit wwt.com/twit

Picture of the week. "You're Doing IoT RNG" The Pulse Secure VPN remains in trouble. And Cisco, too... Flaws found in another popular embedded TCP/IP library. Microsoft Edge gets "Super Duper Secure Mode" Closing the Loop. Apple's CSAM Mistake. We invite you to read our show notes at https://www.grc.com/sn/SN-831-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT plextrac.com/twit wwt.com/twit

Picture of the week. "You're Doing IoT RNG" The Pulse Secure VPN remains in trouble. And Cisco, too... Flaws found in another popular embedded TCP/IP library. Microsoft Edge gets "Super Duper Secure Mode" Closing the Loop. Apple's CSAM Mistake. We invite you to read our show notes at https://www.grc.com/sn/SN-831-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT plextrac.com/twit wwt.com/twit

Picture of the week. "You're Doing IoT RNG" The Pulse Secure VPN remains in trouble. And Cisco, too... Flaws found in another popular embedded TCP/IP library. Microsoft Edge gets "Super Duper Secure Mode" Closing the Loop. Apple's CSAM Mistake. We invite you to read our show notes at https://www.grc.com/sn/SN-831-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT plextrac.com/twit wwt.com/twit

Picture of the week. "You're Doing IoT RNG" The Pulse Secure VPN remains in trouble. And Cisco, too... Flaws found in another popular embedded TCP/IP library. Microsoft Edge gets "Super Duper Secure Mode" Closing the Loop. Apple's CSAM Mistake. We invite you to read our show notes at https://www.grc.com/sn/SN-831-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT plextrac.com/twit wwt.com/twit

Picture of the week. "You're Doing IoT RNG" The Pulse Secure VPN remains in trouble. And Cisco, too... Flaws found in another popular embedded TCP/IP library. Microsoft Edge gets "Super Duper Secure Mode" Closing the Loop. Apple's CSAM Mistake. We invite you to read our show notes at https://www.grc.com/sn/SN-831-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT plextrac.com/twit wwt.com/twit

Picture of the week. "You're Doing IoT RNG" The Pulse Secure VPN remains in trouble. And Cisco, too... Flaws found in another popular embedded TCP/IP library. Microsoft Edge gets "Super Duper Secure Mode" Closing the Loop. Apple's CSAM Mistake. We invite you to read our show notes at https://www.grc.com/sn/SN-831-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT plextrac.com/twit wwt.com/twit

Jesse Trucks is the Minister of Magic at Splunk, where he consults on security and compliance program designs and develops Splunk architectures for security use cases, among other things. He brings more than 20 years of experience in tech to this role, having previously worked as director of security and compliance at Peak Hosting, a staff member at freenode, a cybersecurity engineer at Oak Ridge National Laboratory, and a systems engineer at D.E. Shaw Research, among several other positions. Of course, Jesse is also the host of Meanwhile in Security, the podcast about better cloud security you're about to listen to.Links: Autonomous drone attacked soldiers in Libya all on its own: https://www.cnet.com/news/autonomous-drone-attacked-soldiers-in-libya-all-on-its-own/ 3 SASE—or ‘sas-ee'-Misconceptions to Consider: https://www.darkreading.com/cloud/3-sase-misconceptions-to-consider-/a/d-id/1341088 Chinese APT Groups Continue to Pound Away on Pulse Secure VPNs: https://www.darkreading.com/attacks-breaches/chinese-apt-groups-continue-to-pound-away-on-pulse-secure-vpns/d/d-id/1341174 Cybersecurity M&A Roundup: 36 Deals Announced in May 2021: https://www.securityweek.com/cybersecurity-ma-roundup-36-deals-announced-may-2021 The VC View: Identity = Zero Trust for Everything: https://www.securityweek.com/vc-view-identity-zero-trust-everything Three Things Holding Back Cloud Security: https://securityboulevard.com/2021/05/three-things-holding-back-cloud-security/ What does the Future Hold for Cloud Security: https://hackernoon.com/what-does-the-future-hold-for-cloud-security-i82e35md Report: Cloud Security Breaches Surpass On-Prem Ones for the First Time: https://www.mariakorolov.com/2021/report-cloud-security-breaches-surpass-on-prem-ones-for-the-first-time/ What is DevSecOps, and how Can it Improve Your Security: https://biztechmagazine.com/article/2021/05/what-devsecops-and-how-can-it-improve-your-security-perfcon State of Security Research Zeroes in on Data Strategies: https://www.splunk.com/en_us/blog/leadership/state-of-security-research-zeroes-in-on-data-strategies.html TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Announcer: If your mean time to WTF for a security alert is more than a minute, it's time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you're building a secure business on AWS with compliance requirements, you don't really have time to choose between antivirus or firewall companies to help you secure your stack. That's why Lacework is built from the ground up for the cloud: low effort, high visibility, and detection. To learn more, visit lacework.com. That's lacework.com.Jesse: Automation of processes is crucial for speed and reliable repeatability. However, automating tasks and procedures should be done with a certain amount of caution. Start by automating discrete tasks, then group or chain those tasks after thorough testing for safety. As you build experience and confidence in these groups of tasks, you can automate larger collections of operations. This is where security orchestration, automation, and response—or SOAR platforms—are critical to maintain automated operations in a cost-effective manner with minimal overhead.In large-scale dynamic cloud deployments, whether using full-system stacks, containers, or cloud-native microservices, automating security operations is a requirement for functional response. This necessitates a high level of trust in your automation. Likely you'll migrate into more machine learning and fuzzy-logic-based decision criteria that could have unintended consequences if you don't put the right guardrails in place. Unfettered machine-based decision-making is how Skynet [laugh] is born. Please do be careful on your testing and implementation and production.Meanwhile, in the news. Autonomous drone attacked soldiers in Libya all on its own. This is Skynet straight out of a Terminator movie. Remember this story when you are implementing automation in your environment. Unchecked and unmonitored automation can cause serious problems where there were none.3 SASE—or ‘sas-ee'—Misconceptions to Consider. If you thought this was about self-addressed stamped envelopes, you are at least as old as I am. It's pronounced ‘sas-ee', which is all wrong phonetically. SASE, like my dog named Sassy, is a very valuable member of the family, but it won't cure all your woes.Announcer: This episode is sponsored by ExtraHop. ExtraHop provides threat detection and response for the Enterprise (not the starship). On-prem security doesn't translate well to cloud or multi-cloud environments, and that's not even counting IoT. ExtraHop automatically discovers everything inside the perimeter, including your cloud workloads and IoT devices, detects these threats up to 35 percent faster, and helps you act immediately. Ask for a free trial of detection and response for AWS today at extrahop.com/trial. That's extrahop.com/trial.Jesse: Chinese APT Groups Continue to Pound Away on Pulse Secure VPNs. I hope you've patched your Pulse Secure VPN because if you haven't, a nation-state will own you soon. Go patch it and turn up monitoring if you haven't already.Cybersecurity M&A Roundup: 36 Deals Announced in May 2021. None of us should wonder why the cybersecurity vendor market is so confusing after seeing the list of mergers that happen routinely. Just like with other tech markets, the big companies are slowly eating their way through the startups.The VC View: Identity = Zero Trust for Everything. I don't think I beat on the zero-trust topic often enough. [laugh]. I concur with the argument laid out in this one that identity management is rapidly becoming synonymous with zero trust. You might as well sigh the great sigh while deploying precursors to a full zero trust architecture. You'll need it soon enough anyway, so you might as well get a jump on it.Three Things Holding Back Cloud Security. I often tell people there are various things I've never learned how to do correctly but rather, I've learned what not to do. Knowing what is wrong behavior is extremely useful, but what is even more powerful is knowing what things to do that are right thinking. This article ought to improve your security posture.What does the Future Hold for Cloud Security? We all need some calculated guessing to know the future. Getting out the magic eight ball might seem almost as accurate, but knowing the trends that are current and predicted into the future helps you build larger, more complex, and highly flexible future services.Report: Cloud Security Breaches Surpass On-Prem Ones for the First Time. Pay attention to this one. Even if you don't read the article, the headline has enough to catch the most important indicator. Cloud systems and services are being targeted by attacks more often than traditional systems and services.What is DevSecOps, and how Can it Improve Your Security? Know your terms, I used to say all the time. Whether or not we use things like DevSecOps, or shifting left, or the whole red versus blue versus purple team thing, we need to know what these things mean. I rarely use the terms red, blue, or purple teams, but security people commonly toss the words about. Here's your cheat sheet: red equals attack, blue equals defense, and purple equals a combo of red and blue on a single team.State of Security Research Zeroes in on Data Strategies. Not enough companies are publishing data they gather in their normal course of business. Splunk—disclosure: I am an employee of Splunk—has released its first-ever such reports about a variety of topics. It has some great insights into how companies operate. My favorite chart shows the hidden costs of security incidents on page four.P8O or Potato? The horse in the 1800s named Potoooooooo—aka ‘Pot-8-Os'—is clearly the precursor to a recent trend of naming things with a count of the letters in the middle of the word such as K8s—pronounced ‘Kates'—for Kubernetes, and O11Y—pronounced ‘Ollie'—for observability.And now for the tip of the week. Enable multi-factor authentication—or MFA—for cloud account access. Because MFA means accessing a user account requires more than just the password, it is more difficult to compromise an account through brute force or other password discovery methods. The barrier for entry is raised high enough that other attack vectors which take more nuanced and sophistication must be used to successfully break through your defenses. To do this with AWS IAM, first read the documentation on MFA and decide whether a software-based authenticator is within your acceptable risk profile or if you need to implement a hardware solution. Then go to your AWS Management Console, Services, then Security Identity and Compliance section, IAM, then Access Management, and Users to edit your users. Choose a user to edit, then go to the security credentials tab, follow the Manage link after Assigned MFA Devicesthen follow the prompts.Pro tip here: hardware takes time to acquire and implement. Therefore, immediately enable software MFA everywhere, even if you plan on implementing a hardware solution for some of your accounts. Then you can migrate those specific accounts, or all of the accounts to the hardware solution when that is ready for production. And that's a wrap for the week, folks. Securely yours, Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.

Today's podcast outlines good news/bad news on Windows support scams, new Nobelium attacks detected and another warning to Pulse Secure VPN users

Recent spying attacks against Pulse Secure VPN are just the latest example of a long-simmering cybersecurity meltdown.

Join Scott Young and Shaun Sturby from Optrics Engineering as they discuss the fix for a vulnerability with Pulse Secure VPN, 21 vulnerabilities in open source mail server Exim, the effects of Colonial Pipeline being hit by ransomware and how Signal is trying to take out Instagram ads. For more IT tips go to: > www.OptricsInsider.com Timecodes: 0:00 - Intro 0:20 - Today's 3 topics 0:40 - Topic 1: Pulse Secure VPN Fix 6:20 - Topic 2: 21 Nails in Exim 8:29 - Topic 3: Colonial Pipeline Ransomware 12:40 - Topic 4: Signal vs. Instagram Ads 17:48 - Closing remarks Links: > SA44784 - 2021-04: Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4 > 21 Nails in Exim Mail > US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day > Find out what percentage of your employees are Phish-prone > Download a copy of the Social Media Red Flags PDF > Find out which of your users take the bait and reply to a spoofed email > Find out how vulnerable your network is against Ransomware and cryptomining attacks > Find out which of your users are vulnerable to a social media phishing attack > Learn more about the Red Flags of URLS > The Instagram Ads You Will Never See --- Send in a voice message: https://anchor.fm/optrics-insider/message

Recent spying attacks against Pulse Secure VPN are just the latest example of a long-simmering cybersecurity meltdown.

ShadowTalk hosts Alec, Ivan, Sean, and Digital Shadows CISO, Rick, bring you the latest in threat intelligence. This week they cover: - Sean discusses Pulse Secure VPN vulnerabilities - what are the latest updates and who is being targeted? - The team talks about supply chain compromise - what is it? - Sean takes us through the DDoS attack on Belnet - Babuk is hanging up their hat - Ivan brings us the latest - Ryuk gets ahold of bio research through a student Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-07-may ***Resources from this week’s podcast*** Pulse Secure: https://www.bleepingcomputer.com/news/security/pulse-secure-fixes-vpn-zero-day-used-to-hack-high-value-targets/ Belnet: https://www.zdnet.com/article/this-massive-ddos-attack-took-large-sections-of-a-countrys-internet-offline/ Babuk: https://threatpost.com/babuk-ransomware-gang-mulls-retirement/165742/ Ryuk: https://www.zdnet.com/article/ryuk-ransomware-finds-foothold-in-bio-research-institute-through-a-student-who-wouldnt-pay-for-software/#ftag=RSSbaffb68 The Technology Adoption Lifecycle Of Genesis Market Blog: https://www.digitalshadows.com/blog-and-research/the-technology-adoption-lifecycle-of-genesis-market/ The Top 5 Dark Web Monitoring Use Cases Blog: https://www.digitalshadows.com/blog-and-research/the-top-5-dark-web-monitoring-use-cases/ Password Day Blog: https://www.digitalshadows.com/blog-and-research/creating-security-aware-passwords/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Podcast: Unsolicited Response Podcast (LS 30 · TOP 10% what is this?)Episode: April - ICS Security Month In ReviewPub date: 2021-05-06Patrick Miller joins Dale Peterson to discuss the months top three stories and then give their prediction, win and fail for the month. The stories 1) What to make of the US Government's efforts in ICS security in the first 100 days of the Biden administration. 2) The Pulse Secure VPN vulnerabilities and active exploitation, the impact on ICS asset owners, and what should be done. 3) ICS Security Training ... with Joel Langill back in the game Patrick and Dale look at the offerings. TweetMe: @digitalbond Get my Friday News & Notes: https://friday.dale-peterson.com/signupThe podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Patrick Miller joins Dale Peterson to discuss the months top three stories and then give their prediction, win and fail for the month. The stories 1) What to make of the US Government's efforts in ICS security in the first 100 days of the Biden administration. 2) The Pulse Secure VPN vulnerabilities and active exploitation, the impact on ICS asset owners, and what should be done. 3) ICS Security Training ... with Joel Langill back in the game Patrick and Dale look at the offerings. TweetMe: @digitalbond Get my Friday News & Notes: https://friday.dale-peterson.com/signup

The US Government expands its investigation into Pulse Secure VPN compromises. Microsoft discloses its discovery of BadAlloc IoT and OT vulnerabilities. Someone’s distributing Purple Lambert spyware. Chinese intelligence services seem to be backdooring the Russian defense sector. Financially motivated criminals are exploiting SonicWall VPN vulnerabilities. A look at the emerging criminal market for deepfakes. Josh Ray from Accenture Security on Why Cybersecurity Community Service Matters. Our guest Manish Gupta of ShiftLeft looks at cyber attacks on the CI/CD pipeline. And the World Health Organization attracted impersonators early this month. Again. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/83

Breaking news this week:  A Pulse Secure VPN zero-day vulnerability found with NO FIX!We unpack what that means for the thousands of customers out there and what measures could be put in place to be in a Permanent State of Readiness should you get breached by a vulnerability such at this.And of course we couldn't let the Facebook incident go without an honorable mention along with their take on how to handle the PR of  such a huge leak...Get in touch for an inside scoop on how you can protect your organisation from zero-day threats.  hello@therantgroup.com

ShadowTalk hosts Alec, Ivan, Charles, and newcomer, Sean, bring you the latest in threat intelligence. This week they cover: - Ivan dives into FBI actions against web-shells from compromised Exchange servers - Codecov supply chain attacks - Charles brings us the latest - The team discuss the Pulse Secure VPN bug - Plus, don’t forget our special 200th episode next week! Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-23-april ***Resources from this week’s podcast*** FBI Web Shells: https://www.welivesecurity.com/2021/04/14/fbi-removes-malware-compromised-exchange-servers/ Codecov: https://www.bleepingcomputer.com/news/security/hundreds-of-networks-reportedly-hacked-in-codecov-supply-chain-attack/ REvil vs. Apple: https://www.bleepingcomputer.com/news/security/revil-gang-tries-to-extort-apple-threatens-to-sell-stolen-blueprints/ Pulse Secure VPN: https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/ https://www.bleepingcomputer.com/news/security/cisa-orders-federal-orgs-to-mitigate-pulse-secure-vpn-bug-by-friday/ Q1 Vulnerability Blog: https://www.digitalshadows.com/blog-and-research/q1-vulnerability-roundup/ Emotet Shutdown Blog: https://www.digitalshadows.com/blog-and-research/the-emotet-shutdown-explained/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Agencies continue to respond to the Pulse Secure VPN vulnerabilities. Updates on the SolarWinds compromise show that it remains a threat, and that it was designed to escape detection and, especially, attribution. A cryptojacking botnet is exploiting vulnerable Microsoft Exchange Server instances. Facebook takes down two Palestinian groups distributing spyware. Ransomware draws more attention. Craig Williams from Cisco Talos looks at cheating the cheater. Our guest is Bruno Kurtic from Sumo Logic on their Continuous Intelligence Report. And a Cellebrite vulnerability is exposed. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/77

On this week’s Cyber Security Brief, Alan Neville joins Brigid O Gorman and Dick O’Brien to discuss the recent discovery of a zero-day vulnerability in popular VPN product Pulse Secure. We also discuss some recent developments in the SolarWinds and Microsoft Exchange Server stories. Finally, we discuss a recent potential data breach at software testing company Codecov, and look at why UK authorities are warning government employees about potential approaches from foreign spies on social media.

Pulse Secure VPN 0-Day Exploited https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilities https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/ Synology Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more Air Fryer Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html

SonicWall zero-days are under active exploitation; mitigations are available. Pulse Secure VPN is also undergoing exploitation, probably by China, and mitigations are available here, too. The US begins work on shoring up power grid cybersecurity. Cyber ops rise with Russo-Ukrainian tension. The help desk at ISIS tells jihadists to stay away from Bitcoin. Joe Carrigan looks at cryptocurrency anonymity. Our guest is Bert Kashyap from SecureW2 on what needs to be done before devices used for learning from home return to schools. And is your password inspired by cinema? For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/76

Pulse Secure VPN 0-Day Exploited https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilities https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/ Synology Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more Air Fryer Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html

In today's podcast we cover four crucial cyber and technology topics, including: 1. 1.3 Million Clubhouse user' data exposed 2. Pulse Secure VPN not working for Windows users 3. IcedID tricks users into requesting email to evade security filters 4. Ransomware creates grocery shortages for European giant Albert Heijn I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com