Podcasts about Ransomware

Cybersecurity is essential for every practice that relies on technology. In this episode, guest Kaitlin Upchurch, Senior Vice President and Cyber & Tech Practice Leader at Lockton, addresses the cybersecurity questions practices are—and are not—thinking about. She explains why cybersecurity risks are often misunderstood, what makes health care a prime target, and why insurance alone is not enough. Tune in to understand your cyber exposure, the biggest threats facing practices today, and the first steps to strengthen your protection beyond buying a policy.  Chapters00:00 Intro00:47 Banter04:25 Guest background10:20 Tell us about Lockton.13:40 Do medical practices need cybersecurity?18:40 What are cybersecurity misconceptions?20:48 What are some cybersecurity threats?25:00 How can medical practices avoid cybersecurity issues?26:37 Access+27:16 Legal Takeaways28:45 OutroWatch full episodes of our podcast on our YouTube channel: https://www.youtube.com/@byrdadatto  Stay connected for the latest business and health care legal updates:WebsiteFacebookInstagramLinkedIn

Ransomware payments may be falling, but attackers are not retreating—they are shifting their focus upstream to hypervisors, where a single compromise can undo years of layered security investment. This change fundamentally alters the risk equation for MSPs whose architectures emphasize shared infrastructure and efficiency. Lower payments reflect reduced victim capacity, not reduced attacker effectiveness, forcing adversaries to increase the impact of each successful breach. Recovery speed, architectural resilience, and catastrophic-failure planning now matter more than detection narratives.At the same time, regulators are tightening expectations around AI safety while modernization funding stalls. State attorneys general are warning major AI vendors about harmful outcomes involving minors, even as Congress allows critical federal IT modernization funding to lapse. This leaves implementers operating in environments where AI is treated as production infrastructure but lacks the controls, funding, and policy clarity required to manage risk. In these conditions, responsibility concentrates on service providers without corresponding authority.Concerns over AI transparency deepen as OpenAI's shift to a for-profit model triggers internal resignations and allegations of suppressed economic impact research. When AI vendors control both platforms and narratives, ecosystem participants lose access to inconvenient truths about displacement, quality degradation, and operational disruption. MSPs experience these impacts directly, often after automation decisions have already reshaped staffing, workflows, and customer expectations.Security vendors are responding by introducing AI governance and control-layer tools, but carefully stopping short of owning outcomes. From AI detection and response to bundled copilots, zero-trust packages, and expanded vulnerability scanning, the message is consistency and experimentation—not accountability. As AI systems move from passive tools to active decision-makers, governance becomes an ongoing service rather than a product feature. MSPs that fail to price, document, and limit decision risk will inherit liabilities they cannot automate away. Four things to know today 00:00 Ransomware Payments Fall 33% as Attacks Persist and Shift Toward Hypervisors04:33 State Attorneys General Warn OpenAI, Microsoft, and Apple on AI Child Safety as Federal IT Modernization Funding Stalls08:24 Former OpenAI Employees Raise Transparency Concerns as Economic Impact Research Is Curtailed10:51 CrowdStrike, Microsoft, Vectra, WatchGuard, and LevelBlue Push AI Security Controls Without Owning Outcomes This is the Business of Tech.    Supported by:  https://mailprotector.com/mspradio/

This week we dig full force into some interesting listener questions. Noah talks about an open source hardware synth, and Steve walks through some of his hardware choices to help you! -- During The Show -- 00:50 Intro Weather Cooling IT rooms in winter 05:00 Printers, DVD ripping and more - James Steve has 2 brother printers Auto Duplexing Separate printer and scanner Large business grade units Ask Noah Show 368 (https://podcast.asknoahshow.com/368) All in One Brother DCP-L2640DW Amazon (https://www.amazon.com/dp/B0CPLFTPCV) Budget Brother HL-L2460DW Amazon (https://www.amazon.com/dp/B0CPL2N5H6) Monochrome Brother HL-6210DW Amazon (https://www.amazon.com/dp/B0CGC9HPNH) Color Brother HL-L3280CDW Amazon (https://www.amazon.com/dp/B0CFD1G1VT) Trouble with auto duplexing Stay away from Lexar HP printers Manually add the printer Change to Jetdirect or IP printer Pay attention to exact model or most similar When it goes wrong, it goes really wrong Your mileage may vary Canon Color Image Class LBP622Cdw Amazon (https://www.amazon.com/dp/B07QBR7JFV) Scanner Brother ADS-1200 Amazon (https://www.amazon.com/dp/B07WSJQWVQ) Containers vs Codecs MKV vs MP4 Avidemux (https://avidemux.sourceforge.net/) Ripping as ISOs vs video files MakeMKV (https://www.makemkv.com/) MakeMKV Docker Image (https://github.com/jlesage/docker-makemkv) ``` # sudo modprobe sg services: makemkv: image: ghcr.io/jlesage/makemkv:latest ports: "5800:5800" volumes: "./makemkv:/config:rw" "./storage:/storage:ro" "./output:/output:rw" security_opt: # Fix for apparmor enabled systems apparmor:unconfined environment: USER_ID=1000 GROUP_ID=1000 devices: "/dev/sr0:/dev/sr0" "/dev/sg0:/dev/sg0" ``` Christmas movies Handbrake (https://handbrake.fr/) FFmpeg (https://ffmpeg.org/) Transcoding Run controller at each site Ubiquiti Cloud Key (https://store.ui.com/us/en/products/uck-g2) Lots of problems OVH server Put basic auth in front Inbox Zero Paperless NGX (https://docs.paperless-ngx.com/) Dump to eml file then import into special Thunderbird 45:14 News Wire Firefox 146 - firefox.com (https://www.firefox.com/en-US/firefox/146.0/releasenotes/) Thunderbird 146 - thunderbird.net (https://www.thunderbird.net/en-US/thunderbird/146.0/releasenotes/) KDE Frameworks 6.12 - kde.org (https://kde.org/info/kde-frameworks-6.21.0/) Cinnamon Desktop 6.6 - itsfoss.com (https://itsfoss.com/news/cinnamon-6-6/) Mir 2.25 - github.com (https://github.com/canonical/mir/releases/tag/v2.25.0) Rust 1.92 - blog.rust-lang.org (https://blog.rust-lang.org/2025/12/11/Rust-1.92.0/) AerynOS 2025.12 - phoronix.com (https://www.phoronix.com/news/AerynOS-2025.12) Kali Linux 2025.4 - kali.org (https://www.kali.org/blog/kali-linux-2025-4-release/) Pop!_OS 24.04 - itsfoss.com (https://itsfoss.com/news/pop-os-24-04-review/) PearOS - pearos.xyz (https://pearos.xyz) MaboxLinux 2025.12 - maboxlinux.org (https://maboxlinux.org/mabox-25-12-improvements-fixes-and-gtk2-farewell/#google_vignette) Papermoon - thenewstack.io (https://thenewstack.io/papermoon-a-space-grade-linux-for-the-newspace-era/) 01flip Ransomware - esecurityplanet.com (https://www.esecurityplanet.com/threats/rust-based-01flip-ransomware-hits-windows-and-linux/) React2Shell - thehackernews.com (https://thehackernews.com/2025/12/react2shell-vulnerability-actively.html) Nomos 1 - venturebeat.com (https://venturebeat.com/ai/nous-research-just-released-nomos-1-an-open-source-ai-that-ranks-second-on) Nemotron Model - reuters.com (https://www.reuters.com/world/china/nvidia-unveils-new-open-source-ai-models-amid-boom-chinese-offerings-2025-12-15/) Quilter's AI - venturebeat.com (https://venturebeat.com/ai/quilters-ai-just-designed-an-843-part-linux-computer-that-booted-on-the) Chatterbox Labs - redhat.com (https://www.redhat.com/en/blog/red-hat-acquire-chatterbox-labs-frequently-asked-questions) Agentic AI Group - hackernoon.com (https://hackernoon.com/linux-foundation-launches-agentic-ai-group-to-set-standards-for-autonomous-systems) Firefox AI Browser - phoronix.com (https://www.phoronix.com/news/Mozilla-New-CEO-AI) 47:47 Zynthian Open hardware device We want your feedback! Are you comfortable with software VST Zynthian.org (https://zynthian.org/) 50:30 Family Resistant to Self Hosting - David Ovens house hold approach Watching for pain points Making responsible path easy Making irresponsible path hard Value driven decisions Supporting where your paycheck comes from -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/471) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

In Episode 166 of Cybersecurity Where You Are, Sean Atkinson sits down with Tyler Moore, Ph.D., Chair of Cyber Studies at the University of Tulsa, and Daniel Woods, Lecturer at the University of Edinburgh. Together, they review the foundations of actuarial science in cyber risk.Here are some highlights from our episode:00:48. Introductions to Tyler and Daniel01:22. How actuarial science fits into a traditional approach of risk modeling02:20. Why cyber risk has historically been difficult to quantify04:01. How data sources available to insurers and individual organizations have evolved07:21. Adaptability as a key principle to model risk for an evolving cyber threat landscape08:58. Loss distribution modeling for different types of cyber threats11:38. Similarities and differences between how actuaries and frameworks view risks13:10. Quantifying severity, frequency, and resilience to different cyber risks14:31. How insurers differ from underwriters in their view of risk17:43. Ransomware as a case study where actuarial modeling improved risk management22:30. The value of translating cyber risk to business risk for CISOs like Sean26:20. Why data on which security controls matter most remains elusive32:33. The biggest misconceptions of using actuarial models in cybersecurity36:09. How cyber actuarial science can help to determine what works in cybersecurityResourcesEpisode 121: The Economics of Cybersecurity Decision-MakingEpisode 105: Context in Cyber Risk QuantificationEpisode 77: Data's Value to Decision-Making in CybersecurityHow Risk Quantification Tests Your Reasonable Cyber DefenseEpisode 113: Cyber Risk Prioritization as Ransomware DefenseEpisode 65: Making Cyber Risk Analysis Practical with QRAFAIR: A Framework for Revolutionizing Your Risk AnalysisIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Think your cloud backups will save you from a ransomware attack? Think again. In this episode, Matt Castriotta (Field CTO at Rubrik) explains why the traditional "I have backups" mindset is dangerous. He distinguishes between Disaster Recovery (business continuity for operational errors) and Cyber Resilience (recovering from a malicious attack where data and identity are untrusted) .Matt speaks about the "dirty secrets" of cloud-native recovery, explaining why S3 versioning and replication are not valid cyber recovery strategies . The conversation shifts to the critical, often overlooked aspect of Identity Recovery. If your Active Directory or Entra ID is compromised, it's "ground zero” and you can't access anything. Matt argues that identity must be treated as the new perimeter and backed up just like any other critical data source .We also explore the impact of AI agents on data integrity, how do you "rewind" an AI agent that hallucinated and corrupted your data? Plus, practical advice on DORA compliance, multi-cloud resiliency, and the "people and process" side of surviving a breach.Guest Socials - ⁠Matt's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions:(00:00) Introduction(02:20) Who is Matt Castriotta?(03:20) Defining Cyber Resilience: The Ability to Say "No" to Ransomware(05:00) Why "I Have Backups" is Not Enough(06:45) The Difference Between Disaster Recovery and Cyber Recovery(10:20) Cloud Native Risks: Versioning and Replication Are Not Backups(12:50) DORA Compliance: Multi-Cloud Resiliency & Egress Costs(15:10) The "Shared Responsibility Model" Trap in Cloud(17:45) Identity is the New Perimeter: Why You Must Back It Up(22:30) Identity Recovery: Can You Restore Your Active Directory in Minutes?(25:40) AI and Data: The New "Oil" and "Crown Jewels"(27:20) Rubrik Agent Cloud: Rewinding AI Agent Actions(29:40) Top 3 Priorities for a 2026 Resiliency Program(33:10) Fun Questions: Guitar, Family, and Italian Food

Farms today run more digital systems than ever before — GPS-guided equipment, grain accounting software, cloud-connected records, automated livestock and irrigation controls, and online financial tools. And that shift has put agriculture squarely into the Top 10 most-targeted industries for cyberattacks.In this episode, we sit down with Chris Sherman, founder of TechSupport.Farm, who specializes in helping farmers and ag businesses protect their operations from online threats. Chris breaks down why farms are becoming major hacker targets, the attacks he sees most often, and the simple ways producers can safeguard their data, their money, and their equipment.We explore real farm-level risks such as:Phishing emails disguised as invoices, USDA notices, or dealer updatesRansomware that locks up grain software, field maps, GPS data, or entire farm serversExtortion scams demanding bitcoinAttempts to infiltrate connected systems like grain dryers, feed mills, and irrigation controlsChris explains where farm data actually lives — on equipment, in cloud systems, or in software platforms — and what farmers need to understand about data ownership, platform security, and privacy.Then we move into practical, easy-to-apply cybersecurity steps every farm can start today:Creating strong password policies (12+ characters)Using password managersTurning on two-factor authenticationUpgrading email security with spam and phishing filtersSeparating home WiFi from business and equipment WiFiTracking who has login accessKeeping offline backups of critical filesTraining your family and employees to spot digital red flagsChris also shares real-world stories from farms he's helped — the scams that worked, the ones that were caught in time, and the mistakes he sees repeated across operations of all sizes.Whether you run a large operation or a small family farm, cybersecurity is now part of running the business. This episode will help you protect what you've built, stay ahead of threats, and keep hackers out of your data, your money, and your equipment. Want Farm4Profit Merch? Custom order your favorite items today!https://farmfocused.com/farm-4profit/ Don't forget to like the podcast on all platforms and leave a review where ever you listen! Website: www.Farm4Profit.comShareable episode link: https://intro-to-farm4profit.simplecast.comEmail address: Farm4profitllc@gmail.comCall/Text: 515.207.9640Subscribe to YouTube: https://www.youtube.com/channel/UCSR8c1BrCjNDDI_Acku5XqwFollow us on TikTok: https://www.tiktok.com/@farm4profitllc Connect with us on Facebook: https://www.facebook.com/Farm4ProfitLLC/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvWhat happens when cybersecurity meets the engine room of the business? We dig into the partnership between the CISO and COO and show how shared risk, clear language about money, and practical tabletop drills turn security into operational resilience. Ransomware, supply chain delays, and customer impact aren't just IT issues—they're revenue issues—so we map exactly how to build alignment before a crisis hits.We break down CISSP Domain 1.5 with a plain-English tour of law categories and the statutes you actually need to know: CFAA and NIIPA for unauthorized access and critical infrastructure, FISMA and the NIST standards for federal-grade security programs, and the federal modernization that centralized oversight under DHS. Then we go deeper into intellectual property: what copyrights, trademarks, patents, and trade secrets protect; how DMCA and AI complicate ownership; and how licensing and click-through terms can quietly put your data and code at risk if you don't read them with counsel.Cross-border data is now daily business, so we unpack export controls on chips and encryption, transborder data flow obligations, and privacy regimes that carry real teeth: GDPR's 72-hour notification, China's PIPL and local representation, and state laws like CCPA that mirror EU rights. The practical takeaway is a tighter incident playbook: define “breach” with evidence-based thresholds, pre-wire stakeholder communications, and use tabletop exercises to test both technical recovery and regulatory reporting.If you're studying for the CISSP or leading a security program, this is the legal-ops blueprint you can use today. Subscribe, share this with your ops and legal teams, and leave a review to tell us which regulation gives you the biggest headache—we'll tackle it next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

This episode discusses the US Department of War's AI "Manifest Destiny", hackers going hard on Aussie victims, and Australia bringing in its brand new social media ban. Hosts David Hollingworth and Daniel Croft kick things off with artificial intelligence, with CommBank trialling a new DevOps agent and the Pentagon launching its new GenAI.mil platform to "dominate" its adversaries. The pair move on to cyber crime, and the SafePay ransomware gang strikes at three Australian victims in a single week. Hollingworth and Croft also discuss the social media ban, which came into effect this week. Finally, the pair look at the Privacy Commissioner's new compliance crusade and a warning that scammers are posing as charities this Christmas season. Enjoy, The Cyber Uncut team

____________Guests:Suzy PallettPresident, Black Hat. Cybersecurity.On LinkedIn: https://www.linkedin.com/in/suzy-pallett-60710132/The Cybersecurity Community Finds Its Footing in Uncertain TimesThere is something almost paradoxical about the cybersecurity industry. It exists because of threats, yet it thrives on trust. It deals in technical complexity, yet its beating heart is fundamentally human: people gathering, sharing knowledge, and collectively deciding that defending each other matters more than protecting proprietary advantage.This tension—and this hope—was on full display at Black Hat Europe 2025 in London, which just wrapped up at the ExCel Centre with attendance growing more than 25 percent over last year. For Suzy Pallett, the newly appointed President of Black Hat, the numbers tell only part of the story."What I've found from this week is the knowledge sharing, the insights, the open source tools that we've shared, the demonstrations that have happened—they've been so instrumental," Pallett shared in a conversation with ITSPmagazine. "Cybersecurity is unlike any other industry I've ever been close to in the strength of that collaboration."Pallett took the helm in September after Steve Wylie stepped down following eleven years leading the brand through significant growth. Her background spans over two decades in global events, most recently with Money20/20, the fintech conference series. But she speaks of Black Hat not as a business to be managed but as a community to be served.The event itself reflected the year's dominant concerns. AI agents and supply chain vulnerabilities emerged as central themes, continuing conversations that dominated Black Hat USA in Las Vegas just months earlier. But Europe brought its own character. Keynotes ranged from Max Meets examining whether ransomware can actually be stopped, to Linus Neumann questioning whether compliance checklists might actually expose organizations to greater risk rather than protecting them."He was saying that the compliance checklists that we're all being stressed with are actually where the vulnerabilities lie," Pallett explained. "How can we work more collaboratively together so that it's not just a compliance checklist that we get?"This is the kind of question that sits at the intersection of technology and policy, technical reality and bureaucratic aspiration. It is also the kind of question that rarely gets asked in vendor halls but deserves space in our collective thinking.Joe Tidy, the BBC journalist behind the EvilCorp podcast, delivered a record-breaking keynote attendance on day two, signaling the growing appetite for cybersecurity stories that reach beyond the practitioner community into broader public consciousness. Louise Marie Harrell spoke on technical capacity and international accountability—a reminder that cyber threats respect no borders and neither can our responses.What makes Black Hat distinct, Pallett noted, is that the conversations happening on the business hall floor are not typical expo fare. "You have the product teams, you have the engineers, you have the developers on those stands, and it's still product conversations and technical conversations."Looking ahead, Pallett's priorities center on listening. Review boards, advisory boards, pastoral programs, scholarships—these are the mechanisms through which she intends to ensure Black Hat remains, in her words, "a platform for them and by them."The cybersecurity industry faces a peculiar burden. What used to happen in twelve years now happens in two days, as Pallett put it. The pace is exhausting. The threats keep evolving. The cat-and-mouse game shows no signs of ending.But perhaps that is precisely why events like this matter. Not because they offer solutions to every problem, but because they remind an industry under constant pressure that it is not alone in the fight. That collaboration is not weakness. That sharing knowledge freely is not naïve—it is strategic.Black Hat Europe 2025 may have ended, but the conversations it sparked will carry forward into 2026 and beyond.____________HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

This episode discusses the US Department of War's AI "Manifest Destiny", hackers going hard on Aussie victims, and Australia bringing in its brand new social media ban. Hosts David Hollingworth and Daniel Croft kick things off with artificial intelligence, with CommBank trialling a new DevOps agent and the Pentagon launching its new GenAI.mil platform to "dominate" its adversaries. The pair move on to cyber crime, and the SafePay ransomware gang strikes at three Australian victims in a single week. Hollingworth and Croft also discuss the social media ban, which came into effect this week. Finally, the pair look at the Privacy Commissioner's new compliance crusade and a warning that scammers are posing as charities this Christmas season. Enjoy, The Cyber Uncut team

“Com o 5G na ambulância, num traslado de 20 minutos entre a casa do paciente e o hospital, conseguimos acelerar a preparação do time de revascularização em 27 minutos. Para um paciente com suspeita de infarto, isso é vida”. No 16º episódio do Hipsters.Talks, PAULO SILVEIRA, CVO do Grupo Alun, conversa com CONRADO TRAMONTINI, gerente de inovação do Hospital Sírio Libanês, sobre como tecnologia salva vidas, a complexidade dos sistemas hospitalares e por que hospitais precisam funcionar mesmo quando todos os sistemas caem. Uma conversa sobre inovação em saúde, desde padrões globais até a garagem de inovação do hospital. Prepare-se para um episódio cheio de conhecimento e inspiração!

In this episode of Unspoken Security, host AJ Nash sits down with Zoë Rose, SecOps Manager at Canon EMEA. They explore the real-world barriers to building effective incident response programs and discuss why so many organizations struggle to move beyond reactive firefighting.Zoë shares her perspective from both consulting and in-house roles, pointing out that most incident response teams are overwhelmed, under-resourced, and stuck dealing with basics that never get fixed. She explains why expensive tools and new technology often miss the mark when organizations skip foundational work—like asset inventories, clear policies, and tuned alerts. Zoë urges listeners to focus on practical steps, such as documenting processes, improving communication, and building trust between technical teams and business leaders.Throughout the conversation, Zoë breaks down how real change happens: by investing in people, closing skills gaps, and fostering a culture where mistakes drive learning instead of blame. The episode ends with a reminder that effective security is not about quick fixes or flashy tools, but about honest assessment, teamwork, and steady improvement.Send us a textSupport the show

The Ransomware Minute is a rundown of the latest ransomware attacks & news, brought to you Cybercrime Magazine, Page ONE for Cybersecurity. Listen to the podcast weekly and read it daily at https://ransomwareminute.com. For more on cybersecurity, visit us at https://cybercrimemagazine.com.

"Spear phishing is a direct attack." Connect With Our SponsorsGreyFinch - https://greyfinch.com/jillallen/A-Dec - https://www.a-dec.com/orthodonticsSmileSuite - https://getsmilesuite.com/ Summary In this conversation, Gary Salman, CEO of Black Talon Security, discusses the critical importance of cybersecurity in the dental and orthodontic fields. He shares insights on the evolution of cyber threats, particularly focusing on social engineering and phishing attacks. Gary emphasizes the need for comprehensive training for dental staff to recognize and prevent these threats. He also highlights the significance of understanding cyber risk ratings and the role of AI in enhancing cybersecurity measures. The discussion concludes with practical advice for practices to safeguard patient data and navigate the complexities of modern cybersecurity challenges. Connect With Our Guest Black Talon Security - https://www.blacktalonsecurity.com/ Takeaways Gary has over 33 years of experience in dental technology.He emphasizes the importance of cybersecurity in practices.Social engineering is a major threat, often leading to phishing attacks.Training staff is crucial as 60% of cyber attacks result from human error.Spear phishing is a targeted attack that can compromise email accounts.Antivirus software may not detect legitimate software used by hackers.Cybersecurity requires a proactive approach, similar to healthcare.Understanding cyber risk ratings is essential for practices.AI can enhance cybersecurity but requires due diligence.Practices must be aware of their vulnerabilities and take action.Chapters 00:00 Introduction02:02 Gary Salman's Background and Black Talon Security06:33 Understanding Social Engineering Attacks14:14 Preventative Measures and Training25:58 Understanding Cyber Risk in Dental Practices27:52 The Importance of Cyber Risk Ratings28:19 Known Exploitable Vulnerabilities and Network Security33:13 AI in Healthcare: Benefits and Risks36:09 Best Practices for Using AI in Practices38:49 Final Thoughts and Contact Information Episode Credits:  Hosted by Jill AllenProduced by Jordann KillionAudio Engineering by Garrett LuceroAre you ready to start a practice of your own? Do you need a fresh set of eyes or some advice in your existing practice?Reach out to me- www.practiceresults.com.    If you like what we are doing here on Hey Docs! and want to hear more of this awesome content, give us a 5-star Rating on your preferred listening platform and subscribe to our show so you never miss an episode.    New episodes drop every Thursday!   

If you like what you hear, please subscribe, leave us a review and tell a friend!

Organizations worldwide scramble to address the critical React2Shell vulnerability.  Major insurers look to exclude artificial intelligence risks from corporate policies. Three Chinese hacking groups converge on the same Sharepoint flaws. Ransomware crews target hypervisors. A UK hospital asks the High Court to block publication of data stolen by the Clop gang. The White House approves additional Nvidia AI chip exports to China. The ICEBlock app creator sues the feds over app store removal. The FBI warns of virtual kidnapping scams. The FTC upholds a ban on a stalkerware maker. Dave Lindner, CISO of Contrast Security, discusses nation-state adversaries targeting source code to infiltrate the government and private sector. Craigslist's founder pledges support for cybersecurity, veterans and pigeons. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest ⁠Dave Lindner⁠, CISO of ⁠Contrast Security⁠, discusses nation-state adversaries targeting source code to infiltrate the government and private sector. Selected Reading Researchers track dozens of organizations affected by React2Shell compromises tied to China's MSS (The Record) Insurers retreat from AI cover as risk of multibillion-dollar claims mounts (Financial Times) Three hacking groups, two vulnerabilities and all eyes on China (The Record) Researchers spot 700 percent increase in hypervisor ransomware attacks (The Register) UK Hospital Asks Court to Stymie Ransomware Data Leak (Bank Infosecurity) Trump says Nvidia can sell more powerful AI chips to China (The Verge) ICEBlock developer sues Trump administration over App Store removal (The Verge) New FBI alert urges vigilance on virtual kidnapping schemes (SC Media) FTC upholds ban on stalkerware founder Scott Zuckerman (TechCrunch) Craigslist founder signs the Giving Pledge, and his fortune will go to military families, fighting cyberattacks—and a pigeon rescue (Fortune) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware payments pass $4.5 billion Cybercrime networks orchestrate real-world violence Three arrested over possessing hacking tools Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery – especially within finance teams and families. If the caller can't answer it, pause and verify. Adaptive runs deepfake and vishing simulations so employees practice this before it's real. adaptivesecurity.com.  

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• TribalHub Magazine, Winter 2025: A Publication For Technology Minded Professionals In Tribal Government Tribal Health, Tribal-Gaming And Non-Gaming Tribal Enterprises. Includes Tribal-ISAC happenings!• React2Shell: Risky Bulletin: APTs go after the React2Shell vulnerability within hours & Critical Security Vulnerability in React Server Components • We discussed our daily SUN and Weekly Ransomware & Data Breach Digest available via Gate 15's GRIP: Join the GRIP! Gate 15's Resilience and Intelligence Portal (GRIP) utilizes the robust capabilities available in Cyware's Collaborate platform to provide the community with technology-enhanced, human-driven analysis products. Further, our team supports the implementation and use of Cyware Collaborate at the Enterprise level. Main Topics:FinCEN Issues Financial Trend Analysis on Ransomware. The U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) is issuing a Financial Trend Analysis on ransomware incidents in Bank Secrecy Act (BSA) data between 2022 and 2024, which totaled more than $2.1 billion in ransomware payments… Previous FinCEN Financial Trend Analyses have focused on reported ransomware payments and incidents by the date the activity was filed with FinCEN. Today's report shifts the focus to the incident date of each ransomware attack and offers greater visibility into the activities conducted by ransomware actors.• Reported Ransomware Incidents and Payments Reach All-Time High in 2023• FinCEN Data Shows Ransomware Payments Top $2.1B in Just Three Years• Financial Services, Manufacturing, and Healthcare were the Most Impacted Industries• The Onion Router (TOR) was the Most Common Communication Method Reported• ALPHV/BlackCat was the Most Prevalent Ransomware Variant Between 2022 and 2024• FinCEN analysis shows scope of ransomware problemFive-page draft Trump administration cyber strategy targeted for January release; The six-pillar document covers a lot of ground in a short space, and could be followed by an executive order implementing it, according to sources familiar with the draft. America 250: Presidential Message on the Anniversary of the Monroe Doctrine• Here's what the new National Security Strategy says about threats to critical infrastructure• New US National Security Strategy reveals Trump administration's latest stance on TaiwanFBI PSA: Criminals Using Altered Proof-of-Life Media to Extort Victims in Virtual Kidnapping for Ransom Scams. The Federal Bureau of Investigation (FBI) warns the public about criminals altering photos found on social media or other publicly available sites to use as fake proof of life photos in virtual kidnapping for ransom scams. The criminal actors pose as kidnappers and provide seemingly real photos or videos of victims along with demands for ransom payments… Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will express significant claims of violence towards the loved one if the ransom is not paid immediately. The criminal actor will then send what appears to be a genuine photo or video of the victim's loved one, which upon close inspection often reveals inaccuracies when compared to confirmed photos of the loved one. Examples of these inaccuracies include missing tattoos or scars and inaccurate body proportions. Criminal actors will sometimes purposefully send these photos using timed message features to limit the amount of time victims have to analyze the images.Quick Hits:• US leader of global neo-Nazi terrorist group signals retribution for arrests• ASD: Information stealers are on the rise, are you at risk? • UK NCSC: Prompt injection is not SQL injection (it may be worse)

Guest post by Stephen Phillips, Head of Public Sector for Ireland, Integrity360 Cyber security in the public sector is undergoing a revolution. What was once a compliance-led, box-ticking exercise is now becoming a board-level concern that is driven by the real fear of service disruption. Public sector leaders understand that a cyber attack on a public system - such as healthcare, transport, policing, or social services - isn't just an IT issue, but a crisis of trust, continuity, and critical services. The necessary shift is clear: from focusing on prevention alone to building resilience. That means embedding cyber thinking into everyday operations, testing response plans so that everyone knows their role when the pressure is on, and seeing security as a critical enabler of digital transformation - not a blocker. Multi-layered cyber challenges Current cyber security challenges across the public sector in Ireland are multi-layered. First and foremost, there's the sheer pace at which the threat landscape is evolving. Ransomware remains a top concern, but we're also seeing a rise in more sophisticated, targeted attacks that often leverage artificial intelligence (AI) to bypass traditional defences. Supply chain risk is another big challenge as many public sector bodies rely on third-party vendors for critical services, which introduces a level of exposure that's hard to fully control. We've seen a growing awareness of this among organisations, but the tools and processes to manage that risk aren't always where they need to be. Then there's the issue of resources - budgets are tight and, while there's a strong appetite to improve cyber resilience, it's not always matched by the funding or staffing levels required. Moreover, training and awareness are often underfunded, and that's a problem when human error is still one of the biggest cyber security vulnerabilities.Resilience depends on people, and public sector organisations must ensure that staff across departments understand their own roles in keeping services safe. When it comes to Ireland's national cyber security strategy, there's no doubt that it has come a long way. The transposition of the NIS2 Directive and the upcoming National Cyber Security Bill are important steps - they'll give the National Cyber Security Centre (NCSC) more teeth and help to drive consistency across sectors. But we're still in a bit of a transitional phase. There's a solid foundation, but execution is key. The strategy needs to be backed by sustained investment; not just in technology, but in people, processes, and cross-sector collaboration. We also need to make sure that smaller public bodies without dedicated cyber teams aren't left behind. The intent is there, but we need to accelerate the pace of implementation. Demand for cyber talent outpacing supply One of the biggest challenges is attracting and retaining cyber talent in Ireland's public sector. The demand for cyber talent is outpacing supply, and the public sector is competing with private industry, which can often offer higher salaries and more flexible working conditions. That said, there are some positives. Ireland has a strong pipeline of STEM graduates, and groups such as Cyber Ireland are helping to build a more connected ecosystem. But we need to do more to make public sector cyber roles attractive - whether that's through better career pathways, training opportunities, or simply making it easier for people to move between departments and roles. A ransomware payment ban - helpful or harmful? Meanwhile, as cyber risks continue to evolve and grow more sophisticated, the UK government is mulling a proposed ransomware payment ban for public sector organisations. Whether this is something that could (or should) be introduced in Ireland remains to be seen. On paper, banning ransom payments makes sense as it removes the financial incentive for attackers. But in practice, it's not that simple. Public sector organisations are responsible f...

This PRCA Fuse Podcast episode dives into what really happens when organisations are hit by a major cyber attack, from the first shocking ransomware message to the long tail of operational and reputational damage. Host Adrian Ma speaks with cyber crisis experts Joanne Gill and Jason Nisse about why cyber incidents are long-form crises, why so many crisis plans fail once email and core systems go down, and what offline readiness really looks like in practice. Drawing on real-world examples including M&S, Jaguar Land Rover, Harrods, Co-op and Asahi Breweries, they explore the risks of communication voids, the limits of cyber insurance, the importance of choosing the right spokesperson, and how realistic tabletop exercises can expose dangerous blind spots before an attack hits.

Now, we've already had a podcast about computer hacking，we're talking about a different kind of cybercrime, ransomware. Richard, what is ransomware? Well, it's a specific type of malware that blocks access to a computer and then demands money to release that computer. Oh, you mean like a ransom? It is a ransom, yes.我们之前做过一期关于电脑黑客的播客，但今天我们要讨论另一种网络犯罪——勒索软件。Richard，什么是勒索软件？嗯，它是一种特定的恶意软件，会阻止你访问电脑，然后要求付钱才能解锁。哦，就像是勒索？没错，就是勒索。And it's in the news at the moment because? A lot of big companies have been hit with a latest piece of software. And basically they can't work unless they pay money. Yes, unless you've got a backup, of course.那它最近为什么上新闻呢？因为很多大公司都被最新的这款软件攻击了。基本上，他们付钱之前什么也做不了。是的，除非你有备份。Right, okay. How does it work, Richard? How does ransomware work? Well, to get it on your computer, you have to open often an email that has an infected Word document or PDF. And then once you've opened that document, it's on your computer, and then it can spread to other computers on your network.好，那它是怎么运作的呢，Richard？勒索软件到底如何运行？通常，你需要打开一封包含受感染 Word 文档或 PDF 的邮件。一旦你打开了那个文档，它就进入你的电脑，然后可以扩散到你网络中的其他电脑。If you're in a big company, it can go through the network very quickly. So you get it on your computer, right? Then what happens? Well, once it's on your computer, it encrypts all the files on that computer. Which means you can't access them? You can't.如果你是在一家大公司，它会非常迅速地在网络中传播。所以感染进入你的电脑后，会发生什么？它会加密你电脑上的所有文件。也就是说，你无法访问了？完全无法。And a message pops up asking for payment to decrypt your computer and instructions on how to pay. And it threatens to destroy all the data on your computer if you don't pay, often within a time limit. And so what kind of amounts are they asking for? Not huge amounts per computer.然后屏幕上会弹出一个消息，要求你付钱才能解密你的电脑，并告诉你如何付款。如果你不付钱，它会威胁要销毁你电脑中的所有数据，通常还会设定时间限制。他们一般索要多少钱？对每台电脑来说不算很高。This latest attack was $300. Right. And it's always, the problem is, of course, the payment is by Bitcoin.最近一次攻击的金额是 300 美元。对。而麻烦的是，他们总是要求用比特币支付。Oh, no. Okay, we did another podcast all about Bitcoins. So that's the cyber currency.哦，不会吧。我们之前还做过一期关于比特币的播客。那是一种网络货币。Yes. So presumably difficult to trace. Well, because I was going to ask you, Richard, who's behind it? Well, exactly.对。所以 presumably 就很难追踪。其实我正想问你，Richard，到底是谁在背后操控这些？没错，这正是问题所在。No one knows. If anyone does pay up, they are instructed to pay with Bitcoin, which is notoriously difficult to trace. However, because this latest attack was so widespread, there are a lot of people working on it to trace these guys.没人知道。如果有人付钱，他们会被要求用比特币付款，而比特币出了名地难以追踪。不过，由于最近这次攻击范围很广，已经有很多专业人员在试图追查幕后黑手。Okay. So what can people do about this? Is there some kind of defense? Very, very simple. Keep your computer up to date with the latest software.那人们能做些什么？有没有防御方法？非常简单：保持你的电脑软件是最新版本。Oh, really? Yes. Okay. So in Britain, right, the NHS, a huge institution, was affected by this ransomware.哦，真的吗？是的。好，那英国的 NHS（国家医疗体系）这么大的机构也受到了攻击？Are you telling me they just simply weren't keeping up to date with the latest software? Yes. This particular piece of malware uses a vulnerability in Windows computers, which has been known about since April. Microsoft issued a patch, but not everyone patched their software, including the NHS, Telefonica in Spain, and a number of other big companies.你是说他们只是没有更新软件？没错。这款恶意软件利用了 Windows 的一个漏洞，这个漏洞从四月起就已经被公开了。微软也发布了补丁，但不是每个人都更新了，包括 NHS、西班牙的 Telefónica，以及许多其他大公司。So basic just human error, really, people too busy or not realizing the importance? Well, some of these corporate systems are enormous, so it's very difficult to keep them all up to date.所以基本就是人为疏忽，人太忙或不了解其重要性？嗯，其中一些大型机构的系统庞大得惊人，要全部保持最新确实非常困难。Well, ransomware is the big thing in the news at the moment, Richard, but as far as business is concerned, it's not a one-off, is it? It certainly isn't. In a recent survey by a computer security firm, they found that 50% of businesses in the UK have been targeted by ransomware in the last year alone.现在勒索软件正是新闻热点，Richard，但对于企业而言，这并不是偶发事件，对吧？当然不是。某家计算机安全公司最近的调查显示，仅过去一年，英国有 50% 的企业都曾成为勒索软件攻击的目标。But are you really saying that all people need to do is to keep up to date with their software? Yes, it's as simple as that. These vulnerabilities in computer software are found all the time, and then the manufacturers release a patch, make sure you have your software completely up to date at all times, and then you'll be safe.但你真的是在说，人们所需要做的只是保持软件更新吗？是的，就这么简单。电脑软件中的漏洞一直在被发现，而厂商也会不断发布补丁。确保你的软件始终保持最新，你就能安全。

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Ransomware Minute is a rundown of the latest ransomware attacks & news, brought to you Cybercrime Magazine, Page ONE for Cybersecurity. Listen to the podcast weekly and read it daily at https://ransomwareminute.com. For more on cybersecurity, visit us at https://cybercrimemagazine.com.

Danny Jenkins — Founder of ThreatLocker and the Zero-Trust RevolutionDanny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny's journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/ 00:00 Introduction to Cybersecurity and ThreatLocker02:26 The Birth of ThreatLocker: A Personal Journey05:42 The Evolution of Zero Trust Security08:35 Real-World Impact of Cyber Attacks11:25 The Importance of a Hacker Mindset14:46 The Role of SOC Teams in Cybersecurity17:34 Building a Culture of Security20:23 Hiring for Passion and Skill in Cybersecurity23:44 Understanding Zero Trust: Trust No One26:32 Lifestyle Polygraph: Personal Insights and Fun29:41 Conclusion and Future of ThreatLocker

In this episode, Ryan Williams Sr. and Shannon Tynes discuss the latest cybersecurity news, including a ransomware attack on a small Ohio village and the FCC's warnings about cybersecurity risks. They dive into the importance of operational security (OPSEC) and cyber hygiene, share personal reflections on Thanksgiving, and explore various entertainment topics, including gaming and TV shows. The conversation highlights the challenges and developments in the cybersecurity landscape while also touching on personal anecdotes and cultural observations. Article: Ohio village gets hit with cybersecurity ransom attack https://www.fox19.com/2025/11/28/ohio-village-gets-hit-with-cybersecurity-ransom-attack/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExdmlnellQTVlXMXR2NDRDdnNydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR5pqTFOkN8AQxkzEBXaBeyaR5HkYOB6B3SxBkphkv_eKLLRd_x9qc4_hN5uZA_aem_1AM3Bso9Ps37Nm4diP-RdA FCC Warns of Cybersecurity Risks After Texas, Virginia Breaches https://www.radioworld.com/news-and-business/fcc-warns-of-cybersecurity-risks-after-texas-virginia-breaches?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExdmlnellQTVlXMXR2NDRDdnNydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR5pqTFOkN8AQxkzEBXaBeyaR5HkYOB6B3SxBkphkv_eKLLRd_x9qc4_hN5uZA_aem_1AM3Bso9Ps37Nm4diP-RdA The WIRED Guide to Digital Opsec for Teens https://www.wired.com/story/digital-opsec-for-teens/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExdmlnellQTVlXMXR2NDRDdnNydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR7HG9OFlM_z47SI_EuksKX4a0slVE_RLIogUj2kAs6NILEQg__zrLM_lTFc7w_aem__iFJTaYf7U4ALs5OuIDybA Buy the guide: https://www.theothersideofthefirewall.com/ Please LISTEN

Japanese brewer Asahi provides details regarding October ransomware attack California law regulating web browsers might impact national data privacy Microsoft to speed up Teams Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO Find the stories behind the headlines at CISOseries.com.

i'm wall-e, welcoming you to today's tech briefing for friday, november 28th: amazon's satellite internet ambitions: launching project kuiper with plans for over 3,000 satellites to compete with starlink, marking amazon's foray into space-based connectivity. google's anti-ransomware initiative: release of advanced security tools to protect small to medium-sized businesses from sophisticated cyber threats. meta platforms' stock surge: shares rise following quarterly earnings that beat expectations; driven by strong user engagement and ad revenue. continue to bet on metaverse for future growth. that's all for today. we'll see you back here tomorrow.

In this episode of Unspoken Security, host AJ Nash sits down with CharlotteGuiney, Cyber Threat Intelligence Manager at Toyota Financial Services. Theyexplore what it takes to build threat intelligence programs that work for bothsecurity teams and the wider business. Charlotte cuts through the noise,stressing that buy-in is step one—and that it's often the hardest step. Sheshares how understanding internal customers and their priorities leads toearly wins, which are key to building trust and showing the value ofintelligence.Charlotte explains that not every organization needs the same level ofmaturity. Small companies might only need basic monitoring, while largerenterprises face more complex challenges. She notes that successfulprograms link intelligence to business needs, not just security threats. Thisapproach helps teams prioritize what matters most and communicate risk inways business leaders understand.The conversation also dives into the future of threat intelligence. Charlottesees a growing role for automation and AI, especially for basic tasks, butbelieves people are still needed to bridge gaps and build relationships acrossthe business. She closes with a reminder to keep things in perspective,echoing a lesson from her childhood at clown camp: sometimes you need tostep back and find humor, even in serious work.Send us a textSupport the show

How modern ransomware actors are deploying multidimensional tactics to outpace traditional defencesStrategies to reduce data loss and sustain business operations after an attackAI and automation – enhancing visibility and accelerating response to ransomware threatsThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Edward Starkie, Director, GRC | Cyber Risk, Thomas Murrayhttps://www.linkedin.com/in/edward-starkie-56712431/Cameron Brown, Head of Cyber Threat and Risk Analytics, Ariel Rehttps://www.linkedin.com/in/analyticalcyber/Jesus Cordero, Director, Solution Architects AppSec, NetSec & XDR, EMEA, Barracudahttps://www.linkedin.com/in/jcordero-guzm%C3%A1n/

What if AI stopped being a headline and started working like a real employee? We sit down with CEO and AI integrator Ephraim Ebstein to map the straightest path from hype to results: smarter outreach, faster service, leaner teams, and tighter security. No sci‑fi, no gimmicks—just the playbook for turning today's tools into tomorrow's edge.We zoom out to the bigger picture many avoid: the middle class is getting squeezed, and waiting your turn is not a plan. Ephraim shares how early adopters keep their jobs by redesigning them, why posting consistently beats “perfect” content, and how modeling proven operators compresses years of trial and error. From trade businesses to tech firms, the message is the same—sell something useful, systemize it, and let AI compound your time.Then we flip to the risk side. Ransomware groups run like corporations, and social engineering can undo an entire brand with a single password reset. You'll hear how a boutique hotel uses a text-based AI concierge that guests love—and how a recognizable apparel company lost weeks of revenue after a cloud breach. The lesson is blunt: security is a growth strategy. Use MFA, train your team, back up right, and test recovery before you need it.If you want AI to pay for itself, deploy it where dollars move: SMS outreach, appointment setting, concierge flows, and workflow automation that actually replaces tasks. If you want to sleep at night, invest in cybersecurity with the same urgency you invest in marketing. Ready to adapt before you're forced to? Subscribe, share this with a builder who needs the nudge, and leave a review telling us where you'll put AI to work first.Join the What if it Did Work movement on FacebookGet the Book!www.omarmedrano.comwww.calendly.com/omarmedrano/15min

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Black Friday season is upon us!

In this Security Squawk episode, Brian Horning from Xact IT is joined by guests to unpack three real ransomware incidents, the rapid rise of “The Gentlemen” gang, and how attackers bypass basic security by turning off tools like Windows Defender. You'll learn why relying only on built-in protections creates dangerous blind spots, what layered security with EDR, SOC monitoring, and log retention looks like, and the practical steps business leaders can take now to harden their defenses and reduce ransomware risk.

The Ransomware Minute is a rundown of the latest ransomware attacks & news, brought to you Cybercrime Magazine, Page ONE for Cybersecurity. Listen to the podcast weekly and read it daily at https://ransomwareminute.com. For more on cybersecurity, visit us at https://cybercrimemagazine.com.

AI is accelerating ransomware attacks and reshaping the cyber threat landscape. Join Brendan Hall, Alliant Cyber, and Brad LaPorte, Morphisec, as they discuss how evolving ransomware tactics and polymorphic malware are challenging traditional cybersecurity defenses. Together they share how a preemptive approach to ransomware protection can help organizations reduce exposure, lower insurance costs and strengthen cyber resilience as AI continues to accelerate the speed and sophistication of attacks. They also highlight how Morphisec's patented technology and ransomware-free guarantee provide a powerful layer of protection that complements existing MDR and EDR tools.

Ransomware isn't a lone hacker in a hoodie. It's an entire criminal industry complete with developers, brokers, and money launderers working together like a dark tech startup. And while these groups constantly evolve, so do the tools and partnerships aimed at stopping them before they strike.  My guest today is Cynthia Kaiser, former Deputy Assistant Director of the FBI's Cyber Division and now the Head of the Ransomware Research Center at Halcyon. After two decades investigating global cyber threats and briefing top government leaders, she's now focused on prevention and building collaborations across government and industry to disrupt ransomware actors at their source.  We talk about how ransomware groups operate, why paying a ransom rarely solves the problem, and what layered defense really means for organizations and individuals. Cynthia also shares how AI is reshaping both sides of the cyber arms race and why she believes hope, not fear, is the most powerful tool for defenders. Show Notes: [01:04] Cynthia Kaiser had a 20-year FBI career and has now transitioned from investigation to prevention at Halcyon. [03:58] The true scale of cyber threats is far larger than most people realize, even within the government. [04:19] Nation-state and criminal activity now overlap, making attribution increasingly difficult. [06:45] Cynthia outlines how ransomware spreads through phishing, credential theft, and unpatched systems. [08:08] Ransomware is an ecosystem of specialists including developers, access brokers, money launderers, and infrastructure providers. [09:55] Discussion of how many ransomware groups exist and the estimated cost of attacks worldwide. [11:37] Ransom payments dropped in 2023, but total business recovery costs remain enormous. [12:24] Paying a ransom can mark a company as an easy target and doesn't guarantee full decryption. [13:11] Example of a decryptor that failed completely and how Halcyon helped a victim recover. [14:35] The so-called "criminal code of ethics" among ransomware gangs has largely disappeared. [16:48] Hospitals continue to be targeted despite claims of moral restraint among attackers. [18:44] Prevention basics still matter including strong passwords, multi-factor authentication, and timely patching. [19:18] Cynthia explains the value of layered defense and incident-response practice drills. [21:22] Even individuals need cyber hygiene like unique passwords, MFA, and updated antivirus protection. [23:32] Deepfakes are becoming a major threat vector, blurring trust in voice and video communications. [25:17] Always verify using a separate communication channel when asked to send money or change payment info. [27:40] Real-world example: credential-stuffing attack against MLB highlights the need for two-factor authentication. [29:55] What to do once ransomware hits includes containment, external counsel, and calling trusted law-enforcement contacts. [32:44] Cynthia recounts being impersonated online and how she responded to protect others from fraud. [34:28] Many victims feel ashamed to report cybercrime, especially among older adults. [36:45] Scams often succeed because they align with real-life timing or emotional triggers. [38:32] Children and everyday users are also at risk from deceptive links and push-fatigue attacks. [39:26] Overview of Halcyon's Ransomware Research Center and its educational, collaborative goals. [42:15] The importance of public-private partnerships in defending hospitals and critical infrastructure. [43:38] How AI-driven behavioral detection gives defenders a new advantage. [44:48] Cynthia shares optimism that technology can reduce ransomware's impact. [45:43] Closing advice includes practicing backups, building layered defenses, and staying hopeful. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Halcyon Cynthia Kaiser - LinkedIn

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Augustus De Morgan, Doordash, Fortiweb, Typosquatting, Vista, Ransomware, AI, Josh, Rob, Aaran, Jason, Dr. Scott, Rocky, Uh., and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-529

Amazon is taking Perplexity AI to court over its agentic browser that shops on your behalf, raising urgent questions about who controls your online buying experience when bots do the heavy lifting. FFmpeg teaching assembly language for performance. The state of Nevada recovers after not paying ransom. A "rounding error" nets a clever attacker $128 million. Why would Chrome decide to start form-filling driver's licenses. The UK's six major telecom providers to block number spoofing. XSLT support being removed from browsers. Will anyone notice. Firefox introduced paid support options for organizations. Russia continues to fight against non-Russian Internet. Google acquires another Internet security company (Wiz). The EU to finally fix their cookie permission mistake. More countries drop Microsoft office for open choices. More countries question and examine Chinese made buses. Microsoft discovers some information leakage from LLMs. What does Amazon's lawsuit against Perplexity's agents mean for next-generation browsers Show Notes - https://www.grc.com/sn/SN-1051-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: veeam.com hoxhunt.com/securitynow zscaler.com/security zapier.com/securitynow vanta.com/SECURITYNOW

Amazon is taking Perplexity AI to court over its agentic browser that shops on your behalf, raising urgent questions about who controls your online buying experience when bots do the heavy lifting. FFmpeg teaching assembly language for performance. The state of Nevada recovers after not paying ransom. A "rounding error" nets a clever attacker $128 million. Why would Chrome decide to start form-filling driver's licenses. The UK's six major telecom providers to block number spoofing. XSLT support being removed from browsers. Will anyone notice. Firefox introduced paid support options for organizations. Russia continues to fight against non-Russian Internet. Google acquires another Internet security company (Wiz). The EU to finally fix their cookie permission mistake. More countries drop Microsoft office for open choices. More countries question and examine Chinese made buses. Microsoft discovers some information leakage from LLMs. What does Amazon's lawsuit against Perplexity's agents mean for next-generation browsers Show Notes - https://www.grc.com/sn/SN-1051-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: veeam.com hoxhunt.com/securitynow zscaler.com/security zapier.com/securitynow vanta.com/SECURITYNOW

Amazon is taking Perplexity AI to court over its agentic browser that shops on your behalf, raising urgent questions about who controls your online buying experience when bots do the heavy lifting. FFmpeg teaching assembly language for performance. The state of Nevada recovers after not paying ransom. A "rounding error" nets a clever attacker $128 million. Why would Chrome decide to start form-filling driver's licenses. The UK's six major telecom providers to block number spoofing. XSLT support being removed from browsers. Will anyone notice. Firefox introduced paid support options for organizations. Russia continues to fight against non-Russian Internet. Google acquires another Internet security company (Wiz). The EU to finally fix their cookie permission mistake. More countries drop Microsoft office for open choices. More countries question and examine Chinese made buses. Microsoft discovers some information leakage from LLMs. What does Amazon's lawsuit against Perplexity's agents mean for next-generation browsers Show Notes - https://www.grc.com/sn/SN-1051-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: veeam.com hoxhunt.com/securitynow zscaler.com/security zapier.com/securitynow vanta.com/SECURITYNOW

Amazon is taking Perplexity AI to court over its agentic browser that shops on your behalf, raising urgent questions about who controls your online buying experience when bots do the heavy lifting. FFmpeg teaching assembly language for performance. The state of Nevada recovers after not paying ransom. A "rounding error" nets a clever attacker $128 million. Why would Chrome decide to start form-filling driver's licenses. The UK's six major telecom providers to block number spoofing. XSLT support being removed from browsers. Will anyone notice. Firefox introduced paid support options for organizations. Russia continues to fight against non-Russian Internet. Google acquires another Internet security company (Wiz). The EU to finally fix their cookie permission mistake. More countries drop Microsoft office for open choices. More countries question and examine Chinese made buses. Microsoft discovers some information leakage from LLMs. What does Amazon's lawsuit against Perplexity's agents mean for next-generation browsers Show Notes - https://www.grc.com/sn/SN-1051-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: veeam.com hoxhunt.com/securitynow zscaler.com/security zapier.com/securitynow vanta.com/SECURITYNOW

Eric O'Neill, former FBI ghost and author of “Spies, Lies & Cybercrime,” joins host David Puner to take a deep dive into the mindset and tactics needed to defend against today's sophisticated cyber threats. Drawing on O'Neill's experience catching spies and investigating cybercriminals, the conversation explains how thinking like an attacker can help organizations and individuals stay ahead. The episode covers actionable frameworks, real-world stories, and practical advice for building cyber resilience in an age of AI-driven scams and industrialized ransomware.

Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defenses, and what orgs can do to prepare for an influx of holiday-infused ransomware targeting. Segment resources https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/ https://www.darkreading.com/endpoint-security/pro-russian-hackers-linux-vms-hide-windows https://www.threatlocker.com/blog/how-to-build-a-robust-lights-out-checklist This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-356

Ever wondered what happens to your online accounts when you're gone?

Presented by Material Security: We protect your company's most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices. Three Buddy Problem - Episode 71: The buddies travel to Canada for a live recording at the Countermeasure conference, discussing the Google v FFmpeg open-source patching brouhana, ransomware negotiators charged and linked to ransomware attacks, the looming TP-Link ban in the U.S., and the discovery of LANDFALL, an APT attack caught using a Samsung mobile zero-day. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

The FCC plans to roll back cybersecurity mandates that followed Salt Typhoon. The alleged cybercriminal MrICQ has been extradited to the U.S. Ransomware negotiators are accused of conducting ransomware attacks. Ernst & Young accidentally exposed a 4-terabyte SQL Server backup. A hacker claims responsibility for last week's University of Pennsylvania breach. The UK chronicles cyberattacks on Britain's drinking water suppliers. Monday business brief. Our guest is Caleb Tolin, host of Rubrik's Data Security Decoded podcast. Hackers massage the truth.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Caleb Tolin, host of Rubrik's Data Security Decoded podcast, as he is introducing himself and his show joining the N2K CyberWire network. You can catch new episodes of Data Security Decoded the first and third Tuesdays of each month on your favorite podcast app. Selected Reading FCC plans vote to remove cyber regulations installed after theft of Trump info from telecoms (The Record) Alleged Jabber Zeus Coder ‘MrICQ' in U.S. Custody (Krebs on Security) Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (Chicago Sun Times) Ernst & Young cloud misconfiguration leaks 4TB SQL Server backup on Microsoft Azure (Beyond Machines) Penn hacker claims to have stolen 1.2 million donor records in data breach (Bleeping Computer) Hackers are attacking Britain's drinking water suppliers (The Record) JumpCloud acquires Breez. Chainguard secures $280 million in growth financing. Sublime Security closes $150 million Series C round. (N2K Pro) Hackers steal data, extort $350,000 from massage parlor clients (Korea JoongAng Daily) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security