Podcasts about qnap

  • 165PODCASTS
  • 350EPISODES
  • 57mAVG DURATION
  • 1WEEKLY EPISODE
  • Feb 28, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about qnap

Show all podcasts related to qnap

Latest podcast episodes about qnap

Cyber Security Headlines
Cyber espionage increase, Nakasone cyber warning, PolarEdge exploits Cisco

Cyber Security Headlines

Play Episode Listen Later Feb 28, 2025 8:09


Chinese cyber espionage jumped 150% last year Nakasone warns of U.S. falling behind adversaries in cyberspace PolarEdge botnet exploits Cisco, ASUS, QNAP, and Synology Huge thanks to our sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox. Which means all the follow up tasks you don't have time for are close behind.  What are you going to do? Here's a better question: what would Sue do? Sue is Conveyor's new AI Agent for Customer Trust. She handles the entire security review process like answering every customer request for a SOC 2 from sales, completing every questionnaire or executing every communications and coordination task in-between.  No more manual work. Just a quick review when she's done. Ready to let Sue take the reins? Learn more at www.conveyor.com. Find the stories behind the headlines at CISOseries.com.  

DekNet
Grok3 y una contestación

DekNet

Play Episode Listen Later Feb 22, 2025 25:10


TECNOLOGIA y LIBERTAD--------------------------twitter.com/D3kkaRBTC: dekkar$paystring.crypthttps://t.me/+0W_fPQXXOFAyNzE8

PC Perspective Podcast
Podcast #808 - RTX 5080 Performance, RTX 5090 Power, RX 9070 Pricing, GTX Drivers and MORE

PC Perspective Podcast

Play Episode Listen Later Feb 1, 2025 76:15


It's quite a lot about the latest Nvidia GPUs, power and performance numbers and value.  You GTX 10 series is going to be left behind soon, Windows is forcing some updates, and QNAP actually fixes something.  All that and so much more!00:00 Intro02:16 Food with Josh (a tragedy)05:32 RTX 5080 performance14:26 Compute performance is a underrated part of the RTX 50 Series story18:33 More RTX 5090 thoughts - putting power in perspective?26:21 AMD denies 899 USD RX 9070 price rumors (and a tangent or two)39:18 Could DeepSeek end the "ai" hardware boom (and run better on AMD)45:32 NVIDIA winding down GTX 10 Series support?50:43 Windows 11 24H2 is finally mainstream51:45 (in)Security Corner57:09 Gaming Quick Hits1:04:34 Picks of the Week1:14:40 Outro ★ Support this podcast on Patreon ★

2.5 Admins
2.5 Admins 225: Kinetic Response

2.5 Admins

Play Episode Listen Later Dec 12, 2024 30:06


The US government tells people to use encrypted messaging, mandated MFA in healthcare raises a scary geopolitical question, QNAP bungles a firmware update, and securing access to self hosted applications with mTLS.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Deploying pNFS file sharing with FreeBSD   […]

Late Night Linux All Episodes
2.5 Admins 225: Kinetic Response

Late Night Linux All Episodes

Play Episode Listen Later Dec 12, 2024 30:06


The US government tells people to use encrypted messaging, mandated MFA in healthcare raises a scary geopolitical question, QNAP bungles a firmware update, and securing access to self hosted applications with mTLS.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Deploying pNFS file sharing with FreeBSD  ... Read More

Packet Pushers - Full Podcast Feed
NB506: Billions Flow for US Chips; FCC Lets T-Mobile, SpaceX Make Phone Calls from Orbit

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Dec 3, 2024 24:31


Take a Network Break! We’ve got a full menu for our post-Thanksgiving episode. We start with a host of critical CVEs affecting Veritas and a couple more for QNAP. Cisco announces EOL for two version of its ACI software, Verizon runs field trials for 1.6Tbps throughput in a single wavelength (with Ciena optical transceivers), and... Read more »

Packet Pushers - Network Break
NB506: Billions Flow for US Chips; FCC Lets T-Mobile, SpaceX Make Phone Calls from Orbit

Packet Pushers - Network Break

Play Episode Listen Later Dec 3, 2024 24:31


Take a Network Break! We’ve got a full menu for our post-Thanksgiving episode. We start with a host of critical CVEs affecting Veritas and a couple more for QNAP. Cisco announces EOL for two version of its ACI software, Verizon runs field trials for 1.6Tbps throughput in a single wavelength (with Ciena optical transceivers), and... Read more »

Packet Pushers - Fat Pipe
NB506: Billions Flow for US Chips; FCC Lets T-Mobile, SpaceX Make Phone Calls from Orbit

Packet Pushers - Fat Pipe

Play Episode Listen Later Dec 3, 2024 24:31


Take a Network Break! We’ve got a full menu for our post-Thanksgiving episode. We start with a host of critical CVEs affecting Veritas and a couple more for QNAP. Cisco announces EOL for two version of its ACI software, Verizon runs field trials for 1.6Tbps throughput in a single wavelength (with Ciena optical transceivers), and... Read more »

מדברים סייבר
פרק 98: שישי השחור של הילל

מדברים סייבר

Play Episode Listen Later Dec 1, 2024 65:10


השבוע בתוכנית:

HKPUG Podcast 派樂派對
第 978 集:Enshittification 現象當道!如何才可實現 Deshittification?

HKPUG Podcast 派樂派對

Play Episode Listen Later Nov 27, 2024 156:55


0:00:00 – HKPUG 會訊 + 每週 IT 新聞 0:48:45 – 依輪乜事 1:08:23 – Main Topic 本集全長:2:36:54 Tag: 十二月茶聚, 海關呼籲市民停用兩款尿袋但不開名, 網民卻發現該產品曾受機電署認證, QNAP firmware 更新令 NAS 變磚, …

Cyber Morning Call
673 - Grupo hacktivista russo agora opera ransomware

Cyber Morning Call

Play Episode Listen Later Nov 26, 2024 5:29


[Referências do Episódio] TEMPEST TALKS - https://www.even3.com.br/tempest-talks-2024-497677/  CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks - https://www.sentinelone.com/labs/cybervolk-a-deep-dive-into-the-hacktivists-tools-and-ransomware-fueling-pro-russian-cyber-attacks/  Guess Who's Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024 - https://www.trendmicro.com/en_us/research/24/k/return-of-anel-in-the-recent-earth-kasha-spearphishing-campaign.html  Dozens of Machines Infected: Year-Long NPM Supply Chain Attack Combines Crypto Mining and Data Theft - https://checkmarx.com/blog/npm-supply-chain-attack-combines-crypto-mining-and-data-theft/  Zyxel firewalls targeted in recent ransomware attacks - https://securityaffairs.com/171382/cyber-crime/zyxel-firewall-ransomware-attacks.html  QNAP addresses critical flaws across NAS, router software - https://www.bleepingcomputer.com/news/security/qnap-addresses-critical-flaws-across-nas-router-software/   Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Giga TECH.täglich
Synology oder QNAP? Welcher NAS-Hersteller ist besser?

Giga TECH.täglich

Play Episode Listen Later Nov 6, 2024


Synology und QNAP sind die bekanntesten Hersteller von NAS-Servern. Aber welche Netzwerk-Speicher sind besser? Wir nennen Vor- und Nachteile.

CuriosITy
POLITICĂ SAU BĂLCI, DEZINFORMARE, APPLE M4, PS5 PRO, ONEPLUS 13, SEARCH GPT - #CURIOSITY 247

CuriosITy

Play Episode Listen Later Nov 2, 2024 144:24


Bun venit la emisiunea noastră de tehnologie, locul unde descoperim ultimele tendințe și inovații din lumea digitală! De la gadget-uri de ultimă generație și inteligență artificială la știri fierbinți din tehnologie și provocările lumii moderne, vă aducem informații relevante și surprinzătoare într-un format ușor de urmărit.În acest episod, vorbim despre gadget-uri noi, printre care telefoanele OnePlus 13 și Xiaomi 15, dar și despre cel mai nou NAS de la QNAP și Ryzen 7 9800X3D pentru cei pasionați de hardware. Discutăm, de asemenea, despre cum fake news și cheapfake-urile sunt folosite în social media și despre manipulările recente. Facem o incursiune în știri globale, cum ar fi inundațiile din Spania și mișcările de dezinformare din Rusia. În plus, analizăm impactul reciclării electronice și tendințele de detox digital, dar și noutăți în tehnologie cu subiecte variate – de la inteligența artificială la proiectele robotice pentru sprijinirea persoanelor cu dizabilități.

The CyberWire
Guarding the Vote

The CyberWire

Play Episode Listen Later Oct 31, 2024 33:47


CISA spins up an election operations war room. Microsoft neglected to restrict access to gender-detecting AI. Yahoo uncovers vulnerabilities in OpenText's NetIQ iManager. QNAP issues urgent patches for its NAS devices. Sysdig uncovers Emerald Whale. A malvertising campaign exploits Meta's ad platform to spread the SYS01 infostealer. Senator Ron Wyden wants to tighten rules aimed at preventing U.S. technologies from reaching repressive regimes. Researchers use AI to uncover an IoT zero-day. Sophos reveals a five year battle with firewall hackers. Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and critical infrastructure. Be afraid of spooky data. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and critical infrastructure. Selected Reading CISA Opens Election War Room to Combat Escalating Threats (GovInfo Security) Agencies face ‘inflection point' ahead of looming zero-trust deadline, CISA official says (CyberScoop) Microsoft Provided Gender Detection AI on Accident (404 Media) Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution (SecurityWeek) QNAP patches critical SQLi flaw (Beyond Machines) EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files (Sysdig) Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer (Hackread) Exclusive: Senator calls on Commerce to tighten proposed rules on exporting surveillance, hacking tech to problematic nations (CyberScoop) GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI (GreyNoise)  Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices (WIRED) Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats (Sophos News) Spooky Data at a Distance (LinkedIn) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Morning Call
657 - Coreia do Norte colaborou com ransomware Play, afirma estudo

Cyber Morning Call

Play Episode Listen Later Oct 31, 2024 6:07


[Referências do Episódio] Jumpy Pisces Engages in Play Ransomware - https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/  Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/  EMERALDWHALE:  15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files - https://sysdig.com/blog/emeraldwhale/  Крысиный король: как Android-троян CraxsRAT ворует данные пользователей - https://www.facct.ru/blog/craxsrat/  “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack - https://labs.guard.io/crossbarking-exploiting-a-0-day-opera-vulnerability-with-a-cross-browser-extension-store-attack-db3e6d6e6aa8?source=rss-6a038e71ff0f------2  QNAP patches second zero-day exploited at Pwn2Own to get root - https://www.bleepingcomputer.com/news/security/qnap-patches-second-zero-day-exploited-at-pwn2own-to-get-root/  Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack - https://checkmarx.com/blog/cryptocurrency-enthusiasts-targeted-in-multi-vector-supply-chain-attack/  Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages - https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

מדברים סייבר
פרק 73:סייבר התקפי זה סייבר מכוון טארגט

מדברים סייבר

Play Episode Listen Later May 26, 2024 69:00


Hacker Public Radio
HPR4081: The Oh No! News.

Hacker Public Radio

Play Episode Listen Later Mar 25, 2024


The Oh No! news. Oh No! News is Good News. TAGS: Oh No News, Threat analysis, QNAP Threat analysis; your attack surface. Source: QNAP warns of critical auth bypass flaw in its NAS devices. The Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and SQL injection. CVE-2024-21899: If exploited, the improper authentication vulnerability could allow users to compromise the security of the system via a network. CVE-2024-21900: If exploited, the injection vulnerability could allow authenticated users to execute commands via a network. CVE-2024-21901: If exploited, the SQL injection vulnerability could allow authenticated administrators to inject malicious code via a network. The flaws impact various versions of QNAP's operating systems, including QTS 5.1.x, QTS 4.5.x, QuTS hero h5.1.x, QuTS hero h4.5.x, QuTScloud c5.x, and the myQNAPcloud 1.0.x service. Source: Switzerland: Play ransomware leaked 65,000 government documents. In a new statement published today, the Swiss government confirmed that 65,000 government documents were leaked in the breach. Supporting Source: Hacker attack on Xplain: National Cyber Security Centre publishes data analysis report. Relevance of the published data volume. The data package published on the darknet comprised around 1.3 million files. Once the data had been downloaded, the NCSC took the lead in systematically categorising and triaging all documents relevant to the Federal Administration. The results showed that the volume of data relevant to the Federal Administration comprised around 65,000 documents, or approximately 5% of the total published data set. The majority of these files belonged to Xplain (47,413) with a share of over 70%; around 14% (9,040) belonged to the Federal Administration. Around 95% of the Federal Administration’s files belonged to the administrative units of the Federal Department of Justice and Police (FDJP): the Federal Office of Justice, Federal Office of Police, State Secretariat for Migration and the internal IT service centre ISC-FDJP. With just over 3% of the data, the Federal Department of Defence, Civil Protection and Sport (DDPS) is slightly affected and the other departments are only marginally affected in terms of volume. Proportion of sensitive data. Sensitive content such as personal data, technical information, classified information and passwords was found in around half of the Federal Administration's files (5,182). Personal data such as names, email addresses, telephone numbers and postal addresses were found in 4,779 of these files. In addition, 278 files contained technical information such as documentation on IT systems, software requirement documents or architectural descriptions, 121 objects were classified in accordance with the Information Protection Ordinance and 4 objects contained readable passwords. Supporting Source: Information about the hacker attack on Xplain. Xplain filed a criminal complaint after the incident, provided the authorities with all the necessary information and cooperated with them in investigating and limiting the damage. We rebuilt the entire IT infrastructure in accordance with the recommendations of the National Cyber Security Center (NCSC) and replaced the external operators. An external audit of the infrastructure and processes was completed in November. The NCSC subsequently wrote an assessment of the audit. The Federal Council's strategy crisis team on data leaks (PSC-D) took note of the report. Spoofed Zoom, Google & Skype Meetings Spread Corporate RATs. A threat actor is creating fake Skype, Google Meet, and Zoom meetings, mimicking these popular collaboration applications to spread various commodity malware that can steal sensitive data from both Android and Windows users. Additional Information. What is a "Data Breach"? A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. What is "Malware"? Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. What is a "Payload"? In the context of a computer virus or worm, the payload is the portion of the malware which performs malicious action; deleting data, sending spam or encrypting data. In addition to the payload, such malware also typically has overhead code aimed at simply spreading itself, or avoiding detection. What is "Phishing"? Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. Social engineering (security) In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. What is "Information Security" (InfoSec)? Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. Information Security Attributes: Confidentiality, Integrity and Availability (C.I.A.). Information Systems are composed in three main portions, hardware, software and communications with the purpose to help identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: physical, personal and organizational. Essentially, procedures or policies are implemented to tell administrators, users and operators how to use products to ensure information security within the organizations. What is "Risk management"? Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities. What is a "Vulnerability" (computing)? Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. What is an "Attack Surface"? The attack surface of a software environment is the sum of the different points (for "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure. What is an "Attack Vector"? In computer security, an attack vector is a specific path, method, or scenario that can be exploited to break into an IT system, thus compromising its security. The term was derived from the corresponding notion of vector in biology. An attack vector may be exploited manually, automatically, or through a combination of manual and automatic activity. What is "Standardization"? Standardization is the process of implementing and developing technical standards based on the consensus of different parties that include firms, users, interest groups, standards organizations and governments. Standardization can help maximize compatibility, interoperability, safety, repeatability, or quality. It can also facilitate a normalization of formerly custom processes. List of computer standards. List of technical standard organizations. What is a "Replay attack"? A replay attack is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. Another way of describing such an attack is: "an attack on a security protocol using a replay of messages from a different context into the intended (or original and expected) context, thereby fooling the honest participant(s) into thinking they have successfully completed the protocol run." What is a "Man-in-the-middle attack"? In cryptography and computer security, a man-in-the-middle, ..., attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties. What is "Transport Layer Security" (TLS)? Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible. What is a "Handshake" (computing)?. In computing, a handshake is a signal between two devices or programs, used to, e.g., authenticate, coordinate. An example is the handshaking between a hypervisor and an application in a guest virtual machine. What is Security theater? The practice of taking security measures that are considered to provide the feeling of improved security while doing little or nothing to achieve it. License: Creative Commons Attribution-ShareAlike 4.0 International This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Mostly Security
327: I'm Not Confused

Mostly Security

Play Episode Listen Later Mar 16, 2024 38:11


Eric survives a birthday at Benihana, laments the inability to game the system and looks forward to building a new 3D Printer. Jon is giddily gearing up for bee season and educates Eric on Yellowjackets. Roku discovers what its user accounts are worth on the dark web and Jon needs to update his QNAP. Again. The British Library is under-appraised the consequences of a cyber attack. Learning to program a computer is similar to learning a spoken language and Jon shares plans on how to build a Langstroth Hive. 0:00 - Introduction 11:24 - Roku Data Breach 15:49 - QNAP 17:35 - British Library Cyberattack 28:07 - Study on Learning to Code 33:19 - Langstroth Hive Plans

Black Hills Information Security
3/13/2024 - International Hacking Co. Featuring: Josh Mason

Black Hills Information Security

Play Episode Listen Later Mar 13, 2024 60:20


 00:00 - PreShow Banter™ — Death to Clippy 05:18 - BHIS - Talkin' Bout [infosec] News 2024-03-11 – Featuring Josh Mason 06:58 - Story # 1: Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol, and sex 13:43 - Story # 2: Top US cybersecurity agency hacked and forced to take some systems offline 23:39 - Story # 3: Microsoft admits Russian state hack still not contained. ‘This has tremendous national security implications' 30:27 - Story # 4: FBI's 2023 Internet Crime Report 38:18 - Story # 5: QNAP warns of critical auth bypass flaw in its NAS devices 50:42 - Story # 6: Automakers Are Sharing Consumers' Driving Behavior With Insurance Companies

Paul's Security Weekly
Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet and More - SWN #368

Paul's Security Weekly

Play Episode Listen Later Mar 12, 2024 32:28


Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet, and More are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-368

Paul's Security Weekly TV
Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet and More - SWN #368

Paul's Security Weekly TV

Play Episode Listen Later Mar 12, 2024 32:34


Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet, and More are on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-368

Hack Naked News (Audio)
Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet and More - SWN #368

Hack Naked News (Audio)

Play Episode Listen Later Mar 12, 2024 32:28


Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet, and More are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-368

Hack Naked News (Video)
Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet and More - SWN #368

Hack Naked News (Video)

Play Episode Listen Later Mar 12, 2024 32:34


Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet, and More are on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-368

MacVoices Video
MacVoices #24069: Zuckerburg's AVP reaction, QNAP Vulnerability

MacVoices Video

Play Episode Listen Later Mar 1, 2024 18:34


This MacVoices Live! panel of Chuck Joiner, David Ginsburg, Marty Jencius, Eric Bolden, Ben Roethig, Jeff Gamet, Jim Rea, and Mark Fuccio discuss Mark Zuckerberg's reaction to the Apple Vision Pro and his comments on Apple fans and a new vulnerability in QNAP's products that users need to be aware of.  This edition of MacVoices is brought to you by the MacVoices Dispatch, our weekly newsletter that keeps you up-to-date on any and all MacVoices-related information. Subscribe today and don't miss a thing. Show Notes: Chapters: 0:00:00 Introduction to Mark Zuckerberg's Opinions and QNAP Vulnerability 0:01:27 Comparison between Mark Zuckerberg and Steve Ballmer 0:03:51 Differentiating the Apple Vision Pro and Meta's Product 0:05:52 Concerns and Speculations about Mark Zuckerberg's Intentions 0:08:56 Transition to Discussion on QNAP Vulnerability 0:10:37 Details on the Vulnerability in QNAP Products 0:11:38 Call for Higher Accountability from Product Manufacturers 0:14:05 Highlighting Security Risks with Network-Attached Devices Links: Mark Zuckerberg's Apple Vision Pro Comments On His Instagram https://www.instagram.com/zuck/reel/C3TkhmivNzt/ Mark Zuckerberg Takes On Apple Fanboys, Tech Layoffs, Raising Cattle & More (on Morning Brew Daily)  https://www.youtube.com/watch?v=xQqsvRHjas4 New Vulnerability in QNAP QTS Firmware: CVE-2023-50358  https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/ Guests: Eric Bolden is into macOS, plants, sci-fi, food, and is a rural internet supporter. You can connect with him on Twitter, by email at embolden@mac.com, on Mastodon at @eabolden@techhub.social, and on his blog, Trending At Work. Brian Flanigan-Arthurs is an educator with a passion for providing results-driven, innovative learning strategies for all students, but particularly those who are at-risk. He is also a tech enthusiast who has a particular affinity for Apple since he first used the Apple IIGS as a student. You can contact Brian on twitter as @brian8944. He also recently opened a Mastodon account at @brian8944@mastodon.cloud. Mark Fuccio is actively involved in high tech startup companies, both as a principle at piqsure.com, or as a marketing advisor through his consulting practice Tactics Sells High Tech, Inc. Mark was a proud investor in Microsoft from the mid-1990's selling in mid 2000, and hopes one day that MSFT will be again an attractive investment. You can contact Mark through Twitter, LinkedIn, or on Mastodon. Jeff Gamet is a technology blogger, podcaster, author, and public speaker. Previously, he was The Mac Observer's Managing Editor, and the TextExpander Evangelist for Smile. He has presented at Macworld Expo, RSA Conference, several WordCamp events, along with many other conferences. You can find him on several podcasts such as The Mac Show, The Big Show, MacVoices, Mac OS Ken, This Week in iOS, and more. Jeff is easy to find on social media as @jgamet on Twitter and Instagram, jeffgamet on LinkedIn., @jgamet@mastodon.social on Mastodon, and on his YouTube Channel at YouTube.com/jgamet. David Ginsburg is the host of the weekly podcast In Touch With iOS where he discusses all things iOS, iPhone, iPad, Apple TV, Apple Watch, and related technologies. He is an IT professional supporting Mac, iOS and Windows users. Visit his YouTube channel at https://youtube.com/daveg65 and find and follow him on Twitter @daveg65 and on Mastodon at @daveg65@mastodon.cloud Dr. Marty Jencius has been an Associate Professor of Counseling at Kent State University since 2000. He has over 120 publications in books, chapters, journal articles, and others, along with 200 podcasts related to counseling, counselor education, and faculty life. His technology interest led him to develop the counseling profession ‘firsts,' including listservs, a web-based peer-reviewed journal, The Journal of Technology in Counseling, teaching and conferencing in virtual worlds as the founder of Counselor Education in Second Life, and podcast founder/producer of CounselorAudioSource.net and ThePodTalk.net. Currently, he produces a podcast about counseling and life questions, the Circular Firing Squad, and digital video interviews with legacies capturing the history of the counseling field. Generally, Marty is chasing the newest tech trends, which explains his interest in A.I. for teaching, research, and productivity. Marty is an active presenter and past president of the NorthEast Ohio Apple Corp (NEOAC). Jim Rea built his own computer from scratch in 1975, started programming in 1977, and has been an independent Mac developer continuously since 1984. He is the founder of ProVUE Development, and the author of Panorama X, ProVUE's ultra fast RAM based database software for the macOS platform. He's been a speaker at MacTech, MacWorld Expo and other industry conferences. Follow Jim at provue.com and via @provuejim@techhub.social on Mastodon. Ben Roethig has been in the Apple Ecosystem since the System 7 Days. He is the a former Associate Editor with Geek Beat, Co-Founder of The Tech Hangout and Deconstruct and currently shares his thoughts on RoethigTech. Contact him on  Twitter and Mastodon. Support: Become a MacVoices Patron on Patreon      http://patreon.com/macvoices      Enjoy this episode? Make a one-time donation with PayPal Connect: Web:      http://macvoices.com Twitter: http://www.twitter.com/chuckjoiner      http://www.twitter.com/macvoices Mastodon:      https://mastodon.cloud/@chuckjoiner Facebook:      http://www.facebook.com/chuck.joiner MacVoices Page on Facebook:      http://www.facebook.com/macvoices/ MacVoices Group on Facebook:      http://www.facebook.com/groups/macvoice LinkedIn:      https://www.linkedin.com/in/chuckjoiner/ Instagram:      https://www.instagram.com/chuckjoiner/ Subscribe:      Audio in iTunes      Video in iTunes      Subscribe manually via iTunes or any podcatcher: Audio: http://www.macvoices.com/rss/macvoicesrss      Video: http://www.macvoices.com/rss/macvoicesvideorss

Paul's Security Weekly
Jobs, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood - SWN #352

Paul's Security Weekly

Play Episode Listen Later Jan 9, 2024 32:13


Jobs and Money, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood, and more on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-352

Paul's Security Weekly TV
Jobs, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood - SWN #352

Paul's Security Weekly TV

Play Episode Listen Later Jan 9, 2024 32:14


Jobs and Money, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood, and more on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-352

Hack Naked News (Audio)
Jobs, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood - SWN #352

Hack Naked News (Audio)

Play Episode Listen Later Jan 9, 2024 32:13


Jobs and Money, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood, and more on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-352

Hack Naked News (Video)
Jobs, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood - SWN #352

Hack Naked News (Video)

Play Episode Listen Later Jan 9, 2024 32:14


Jobs and Money, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood, and more on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-352

Storm⚡️Watch by GreyNoise Intelligence

In this episode of Storm Watch our hosts discuss a variety of topics, including the top cyber conflicts, vulnerability remediation, and the latest issues with Confluence, F5, ApacheMQ, and VMware. The episode began with a brief introduction and some casual banter among the hosts. They discussed their Halloween experiences and a Glenn's obsession with Wordle. They also mentioned a movie called "Clown" that Kimber recommended for those with a fear of clowns. The hosts then moved on to discuss cybersecurity topics including: -Interview with Konstantin of CVECrowd.com - Good News: UK CVD legislation - Confluence Viz Activity - ActiveMQ Viz Activity - F5 Viz Activity - Okta breach update - QNAP vulns - Myth of the long-tail vulnerability - The release of CVSS4 - Quick FYI for the Microsoft/Foreign Policy "Digital Front Lines" magazine - Quick FYI on a Wiz blog - News about the joint Censys/GreyNoise workshop - Mention of the new GreyNoise Honeypots/honeytokens blog - Mention of the new GreyNoise Summary Stats Observable notebook - GreyNoise Tag roundup - KEV roundup - Notes that November is Critical Infra Security & Resilience Month The episode concluded with a discussion on the myth of the long tail vulnerability, a topic covered in a blog post by Ben from Cisco. The hosts agreed that the hype cycle for vulnerabilities is real and predictable, and there is no long tail vulnerability. This Episodes Slides >> Join our Community Slack >> Learn more about GreyNoise >>  

EasyApple
#637: Io non esco da quella porta

EasyApple

Play Episode Listen Later Nov 3, 2023 57:42


Si parla di come fare la lista delle cose da mettere in valigia, di come funziona il redirect di chat.easyapple.org, dei pregi e difetti di QNAP e Synology, di come automatizzare Amazon Ring e Nuki Pro, dei nuovi Mac con M3, dei problemi con i nuovi...

Paul's Security Weekly
VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804

Paul's Security Weekly

Play Episode Listen Later Oct 26, 2023 177:53


For the Security News, we officially welcome Bill Swearingen to our expert panel of PSW hosts, and discuss the news including hacking shenanigans, QNAP, recovering crypto currency, Android malware, and more! Then in a pre-recorded segment: Sonar Vulnerability Researchers Thomas Chauchefoin and Paul Gerste conducted research on the security of Visual Studio Code — the most popular code editor out there — which was presented at DEF CON 31 in August. The pair uncovered a few ways for attackers to gain code execution on a victim's computer if they clicked on a specially crafted link or opened a malicious folder in Visual Studio Code, bypassing existing mitigations like Workspace Trust. Developers tend to trust their IDEs and do not expect such security issues to exist. As developers have access to source code and production systems, they make for very interesting targets for threat actors. Important to note is that the security concepts that the two are able to demonstrate apply not just to Visual Studio Code, but to most other code editors. This is also the story of how the researchers got an unexpected $30,000 bounty from Microsoft for these bugs, by mistake! Segment Resources: BLOG POSTS Securing Developer Tools: Argument Injection in Visual Studio Code (https://www.sonarsource.com/blog/securing-developer-tools-argument-injection-in-vscode/) Securing Developer Tools: Git Integrations (https://www.sonarsource.com/blog/securing-developer-tools-git-integrations/) CVEs CVE-2023-36742 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742) CVE-2022-30129 (https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2022-30129) CVE-2021-43891 (https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-43891)   Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-804

Paul's Security Weekly TV
Shenanigans and more - PSW #804

Paul's Security Weekly TV

Play Episode Listen Later Oct 26, 2023 126:53


We officially welcome Bill Swearingen to our expert panel of PSW hosts, and discuss the news including hacking shenanigans, QNAP, recovering crypto currency, Android malware, and more! Show Notes: https://securityweekly.com/psw-804

Paul's Security Weekly (Podcast-Only)
VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Oct 26, 2023 177:53


For the Security News, we officially welcome Bill Swearingen to our expert panel of PSW hosts, and discuss the news including hacking shenanigans, QNAP, recovering crypto currency, Android malware, and more! Then in a pre-recorded segment: Sonar Vulnerability Researchers Thomas Chauchefoin and Paul Gerste conducted research on the security of Visual Studio Code — the most popular code editor out there — which was presented at DEF CON 31 in August. The pair uncovered a few ways for attackers to gain code execution on a victim's computer if they clicked on a specially crafted link or opened a malicious folder in Visual Studio Code, bypassing existing mitigations like Workspace Trust. Developers tend to trust their IDEs and do not expect such security issues to exist. As developers have access to source code and production systems, they make for very interesting targets for threat actors. Important to note is that the security concepts that the two are able to demonstrate apply not just to Visual Studio Code, but to most other code editors. This is also the story of how the researchers got an unexpected $30,000 bounty from Microsoft for these bugs, by mistake! Segment Resources: BLOG POSTS Securing Developer Tools: Argument Injection in Visual Studio Code (https://www.sonarsource.com/blog/securing-developer-tools-argument-injection-in-vscode/) Securing Developer Tools: Git Integrations (https://www.sonarsource.com/blog/securing-developer-tools-git-integrations/) CVEs CVE-2023-36742 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742) CVE-2022-30129 (https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2022-30129) CVE-2021-43891 (https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-43891)   Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-804

Paul's Security Weekly
PSW #779 - Sin Ming Loo

Paul's Security Weekly

Play Episode Listen Later Apr 7, 2023 189:30


The approach of cybersecurity workforce development and how someone with such technical background come to designing a degree program with non-traditional approach. What it takes to keep it going? Segment Resources: https://go.boisestate.edu/ucore https://go.boisestate.edu/gcore   In the Security News: Rorschach, QNAP and sudo, why bother signing things, why bother having a password, why bother updating firmware, smart screenshotting, TP-Link oh my, music with Grub2, byte arrays and UTF-8, what is my wifi password, Debian and systemd, opening garage doors, downgrade your firmware to be more secure, exploit databases, this is like a movie, unsolved CTFs, and Near-Ultrasound Inaudible Trojans! All that and more on this episode of Paul's Security Weekly!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw779

Security Now (MP3)
SN 912: The NSA @ Home - LastPass hack details, Signal says no to UK, more PyPI troubles, QNAP bug bounty

Security Now (MP3)

Play Episode Listen Later Mar 1, 2023 104:31


Picture of the Week. Windows 11? ... anyone? As Plain as Ever. Edge's new built-in VPN? LastPass Incident Update. Signal says NO to the UK. More PyPI troubles. The QNAP bug bounty program. SpinRite. The NSA @ Home. Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: kolide.com/securitynow

Security Now (Video HI)
SN 912: The NSA @ Home - LastPass hack details, Signal says no to UK, more PyPI troubles, QNAP bug bounty

Security Now (Video HI)

Play Episode Listen Later Mar 1, 2023 104:31


Picture of the Week. Windows 11? ... anyone? As Plain as Ever. Edge's new built-in VPN? LastPass Incident Update. Signal says NO to the UK. More PyPI troubles. The QNAP bug bounty program. SpinRite. The NSA @ Home. Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: kolide.com/securitynow

All TWiT.tv Shows (MP3)
Security Now 912: The NSA @ Home

All TWiT.tv Shows (MP3)

Play Episode Listen Later Mar 1, 2023 104:31


Picture of the Week. Windows 11? ... anyone? As Plain as Ever. Edge's new built-in VPN? LastPass Incident Update. Signal says NO to the UK. More PyPI troubles. The QNAP bug bounty program. SpinRite. The NSA @ Home. Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: kolide.com/securitynow

Security Now (Video HD)
SN 912: The NSA @ Home - LastPass hack details, Signal says no to UK, more PyPI troubles, QNAP bug bounty

Security Now (Video HD)

Play Episode Listen Later Mar 1, 2023 104:31


Picture of the Week. Windows 11? ... anyone? As Plain as Ever. Edge's new built-in VPN? LastPass Incident Update. Signal says NO to the UK. More PyPI troubles. The QNAP bug bounty program. SpinRite. The NSA @ Home. Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: kolide.com/securitynow

Radio Leo (Audio)
Security Now 912: The NSA @ Home

Radio Leo (Audio)

Play Episode Listen Later Mar 1, 2023 104:31


Picture of the Week. Windows 11? ... anyone? As Plain as Ever. Edge's new built-in VPN? LastPass Incident Update. Signal says NO to the UK. More PyPI troubles. The QNAP bug bounty program. SpinRite. The NSA @ Home. Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: kolide.com/securitynow

Security Now (Video LO)
SN 912: The NSA @ Home - LastPass hack details, Signal says no to UK, more PyPI troubles, QNAP bug bounty

Security Now (Video LO)

Play Episode Listen Later Mar 1, 2023 104:31


Picture of the Week. Windows 11? ... anyone? As Plain as Ever. Edge's new built-in VPN? LastPass Incident Update. Signal says NO to the UK. More PyPI troubles. The QNAP bug bounty program. SpinRite. The NSA @ Home. Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: kolide.com/securitynow

Security Now (MP3)
SN 909: How ESXi Fell - EU Internet Surveillance, QNAP returns, .DEV is always HTTPS

Security Now (MP3)

Play Episode Listen Later Feb 8, 2023 133:05


Picture of the Week. The European Union's Internet Surveillance Proposal. 30,000 patient records online? .DEV is always HTTPS! Google changes Chrome's release strategy. Russia shoots the messenger. A fool and his Crypto... QNAP is back. CVSS severity discrepancy. Closing the Loop. How ESXi Fell. Show Notes: https://www.grc.com/sn/SN-909-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit barracuda.com/securitynow canary.tools/twit - use code: TWIT

Security Now (Video HI)
SN 909: How ESXi Fell - EU Internet Surveillance, QNAP returns, .DEV is always HTTPS

Security Now (Video HI)

Play Episode Listen Later Feb 8, 2023 133:42


Picture of the Week. The European Union's Internet Surveillance Proposal. 30,000 patient records online? .DEV is always HTTPS! Google changes Chrome's release strategy. Russia shoots the messenger. A fool and his Crypto... QNAP is back. CVSS severity discrepancy. Closing the Loop. How ESXi Fell. Show Notes: https://www.grc.com/sn/SN-909-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit barracuda.com/securitynow canary.tools/twit - use code: TWIT

All TWiT.tv Shows (MP3)
Security Now 909: How ESXi Fell

All TWiT.tv Shows (MP3)

Play Episode Listen Later Feb 8, 2023 133:05


Picture of the Week. The European Union's Internet Surveillance Proposal. 30,000 patient records online? .DEV is always HTTPS! Google changes Chrome's release strategy. Russia shoots the messenger. A fool and his Crypto... QNAP is back. CVSS severity discrepancy. Closing the Loop. How ESXi Fell. Show Notes: https://www.grc.com/sn/SN-909-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit barracuda.com/securitynow canary.tools/twit - use code: TWIT

Security Now (Video HD)
SN 909: How ESXi Fell - EU Internet Surveillance, QNAP returns, .DEV is always HTTPS

Security Now (Video HD)

Play Episode Listen Later Feb 8, 2023 133:42


Picture of the Week. The European Union's Internet Surveillance Proposal. 30,000 patient records online? .DEV is always HTTPS! Google changes Chrome's release strategy. Russia shoots the messenger. A fool and his Crypto... QNAP is back. CVSS severity discrepancy. Closing the Loop. How ESXi Fell. Show Notes: https://www.grc.com/sn/SN-909-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit barracuda.com/securitynow canary.tools/twit - use code: TWIT

Radio Leo (Audio)
Security Now 909: How ESXi Fell

Radio Leo (Audio)

Play Episode Listen Later Feb 8, 2023 133:05


Picture of the Week. The European Union's Internet Surveillance Proposal. 30,000 patient records online? .DEV is always HTTPS! Google changes Chrome's release strategy. Russia shoots the messenger. A fool and his Crypto... QNAP is back. CVSS severity discrepancy. Closing the Loop. How ESXi Fell. Show Notes: https://www.grc.com/sn/SN-909-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit barracuda.com/securitynow canary.tools/twit - use code: TWIT

Security Now (Video LO)
SN 909: How ESXi Fell - EU Internet Surveillance, QNAP returns, .DEV is always HTTPS

Security Now (Video LO)

Play Episode Listen Later Feb 8, 2023 133:42


Picture of the Week. The European Union's Internet Surveillance Proposal. 30,000 patient records online? .DEV is always HTTPS! Google changes Chrome's release strategy. Russia shoots the messenger. A fool and his Crypto... QNAP is back. CVSS severity discrepancy. Closing the Loop. How ESXi Fell. Show Notes: https://www.grc.com/sn/SN-909-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit barracuda.com/securitynow canary.tools/twit - use code: TWIT

Paul's Security Weekly
SWN #271 - Chat-Gpt Seinfeld, Qnap, Google Fi, Headcrab, Banner, Goodrx, Oracle, & Goanywhere

Paul's Security Weekly

Play Episode Listen Later Feb 3, 2023 32:03


This week in the Security News Doug Chides: Chat-GPT, QNAP, Google FI, REDIS, Headcrab, Banner, GoodRx, Oracle, GoAnywhere, & more!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn271

Security Now (MP3)
SN 888: The EvilProxy Service - MooBot, Crypto Heist, Cyberwarfare, QNAP, The Silver Ships

Security Now (MP3)

Play Episode Listen Later Sep 14, 2022 122:04 Very Popular


Picture of the Week.  Cyberwarfare: Albania vs Iran.  Crypto Heist — this or that.  The White House "Tech Platform Accountability" Listening Session.  Changes to the Dutch Intelligence Law.  Another QNAP mess.  D-Link's being taken over by MooBot.  Sci-Fi Discovery: "The Silver Ships".  Closing The Loop.  The EvilProxy Service.  We invite you to read our show notes at https://www.grc.com/sn/SN-888-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow canary.tools/twit - use code: TWIT newrelic.com/securitynow

Risky Business
Risky Business #677 -- A day late and a dollar short: China doxxes NSA op

Risky Business

Play Episode Listen Later Sep 7, 2022 58:43


On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: China's super spies figure out Rob Joyce ran TAO ops FBI, French authorities fly to Montenegro to investigate ransomware attack NEWSFLASH: Cloudflare are still a bunch of Nazi cuddlers SIM swap drama spills into real world shootings, firebombings Yandex Taxi hack clogs Moscow streets The TikTok breach that wasn't Project Raven veterans get wings clipped Why recent BGP hijacks are getting a bit concerning Much, much more This week's show is brought to you by Corelight, the company that maintains Zeek. Corleight's Federal CTO Jean Schaffer joins us in this week's sponsor interview to talk about whether or not the White House's executive order on Zero Trust is actually changing anything. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Exclusive: Evidence shows US' NSA behind attack on email system of leading Chinese aviation university - Global Times Lukasz Olejnik on Twitter: "Chinese accusation of US/NSA cyberattacks on China's aviation university. Unusually, a strong protest issued by China's Foreign Ministry. Chinese media write about NSA extensively, and doxx/point at Rob Joyce, specifically. Highly amusing! https://t.co/PG1XzZoIcW https://t.co/wRMEAokhVj" / Twitter Patrick Gray on Twitter: "Great thread" / Twitter FBI and French officials arrive in Montenegro to investigate ransomware attack - The Record by Recorded Future Chile says gov't agency struggling with ransomware attack - The Record by Recorded Future Italy warns of cyberattacks on energy industry after Eni, GSE incidents - The Record by Recorded Future Ransomware Gang Accessed Water Supplier's Control System Experts warn of more Ragnar Locker attacks, days after group targets airline - The Record by Recorded Future Kevin Beaumont on Twitter: "IHG Hotel Group incident is ransomware" / Twitter Criminal hackers targeting K-12 schools, U.S. government warns QNAP warns of zero-day vulnerability in latest DeadBolt ransomware campaign - The Record by Recorded Future Cloudflare Suggests It Won't Cut Off Anti-Trans Stalking Forum Cloudflare reverses decision and drops trans trolling website Kiwi Farms | Internet | The Guardian Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire – Krebs on Security State Department debars ex-NSA cyber mercenaries who aided vast UAE surveillance operation Hackers Create Traffic Jam in Moscow by Ordering Dozens of Taxis at Once Through App Light Flashing, Siren Wailing: A Rich Muscovite in a Rush - The New York Times TikTok denies security breach after hackers leak user data, source code Samsung denies Social Security numbers involved in latest breach - The Record by Recorded Future Truth Behind the Celer Network cBridge cross-chain bridge incident: BGP hijacking | by SlowMist | Coinmonks | Aug, 2022 | Medium nanog: Yet another BGP hijacking towards AS16509 A Windows 11 Automation Tool Can Easily Be Hijacked | WIRED Actors behind PyPI supply chain attack have been active since late 2021 | Ars Technica Cybercriminal Service 'EvilProxy' Seeks to Hijack Accounts Careless Errors in Hundreds of Apps Could Expose Troves of Data | WIRED WatchGuard firewall exploit threatens appliance takeover | The Daily Swig Patched TikTok security flaw allowed one-click account takeovers - The Record by Recorded Future Chrome extensions with 1.4M installs covertly track visits and inject code | Ars Technica Peter Eckersley, co-creator of Let's Encrypt, dies at just 43 – Naked Security DownUnderCTF