Podcasts about Ransomware

At Black Hat USA 2025, Sean Martin, co-founder of ITSPmagazine, sat down with Brett Stone-Gross, Senior Director of Threat Intelligence at Zscaler, to discuss the findings from the company's latest ransomware report. Over the past five years, the research has tracked how attack patterns, targets, and business models have shifted—most notably from file encryption to data theft and extortion.Brett explains that many ransomware groups now find it more profitable—and less risky—to steal sensitive data and threaten to leak it unless paid, rather than encrypt files and disrupt operations. This change also allows attackers to stay out of the headlines and avoid immediate law enforcement pressure, while still extracting massive payouts. One case saw a Fortune 50 company pay $75 million to prevent the leak of 100 terabytes of sensitive medical data—without a single file being encrypted.The report highlights variation in attacker methods. Some groups focus on single large targets; others, like the group “LOP,” exploit vulnerabilities in widely used file transfer applications, making supply chain compromise a preferred tactic. Once inside, attackers validate their claims by providing file trees and sample data—proving the theft is real.Certain industries remain disproportionately affected. Healthcare, manufacturing, and technology are perennial top targets, with oil and gas seeing a sharp increase this year. Many victims operate with legacy systems, slow to adopt modern security measures, making them vulnerable. Geographically, the U.S. continues to be hit hardest, accounting for roughly half of all observed ransomware incidents.The conversation also addresses why organizations fail to detect such massive data theft—sometimes hundreds of gigabytes per day over weeks. Poor monitoring, limited security staffing, and alert fatigue all contribute. Brett emphasizes that reducing exposure starts with eliminating unnecessary internet-facing services and embracing zero trust architectures to prevent lateral movement.The ransomware report serves not just as a data source but as a practical guide. By mapping observed attacker behaviors to defensive strategies, organizations can better identify and close their most dangerous gaps—before becoming another statistic in next year's findings.Learn more about Zscaler: https://itspm.ag/zscaler-327152Note: This story contains promotional content. Learn more.Guest:Brett Stone-Gross, Senior Director of Threat Intelligence at Zscaler, | On LinkedIn: https://www.linkedin.com/in/brett-stone-gross/ResourcesLearn more and catch more stories from Zscaler: https://www.itspmagazine.com/directory/zscalerLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, brett stone-gross, ransomware, data extortion, cyber attacks, zero trust security, threat intelligence, data breach, cyber defense, network security, file transfer vulnerability, data protection, black hat, black hat usa 2025, zscaler

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

From 2023 to 2024, ransomware has seen a 67 percent jump, with an average payment of $2 million and another $2.7 million in recovery costs for most companies that are hit by an attack. Fortunately, there are multiple steps businesses can take to lower the risk of being a victim. In this episode, Adam Keown, global CISO at Eastman, joins host Heather Engel to discuss incident response planning. • For more on cybersecurity, visit us at https://cybersecurityventures.com

```html join wall-e for today's tech briefing, covering the key stories on tuesday, august 12: made by google event preview: google is set to unveil the pixel 10 series, pixel watch 4, and new pixel buds 2a during its much-anticipated 2025 'made by google' event, focusing heavily on ai integration. apple's siri upgrade: apple is testing a new siri version to enhance app control via voice commands, potentially rolling out in spring 2026, integrating apps like uber and amazon using the app intents framework. u.s. department of justice cyber crackdown: a significant blow to ransomware gangs, confiscating $1 million in bitcoin, and dismantling networks related to blacksuit and royal malwares. github leadership change: ceo thomas dohmke to step down, with github set to report directly to microsoft executives, marking a new phase for the tech platform. poshmark's executive shift: founder manish chandra steps down, with namsun kim from naver stepping in as the new ceo to lead poshmark's next chapter. tune in tomorrow for more tech updates! ```

St. Paul city officials say they hope to get systems back online by the end of the week, after what they're calling a ransomware attack. They said they have not paid the ransom.Mayor Melvin Carter says the city is going through “Operation Secure St. Paul,” which includes manually resetting the passwords of 3,500 city employees. To explain what a ransomware attack is, professor Faisal Kaleem joined Minnesota Now with Nina Moini. He's the director of cybersecurity and cyber operations programs at Metro State University.

DARPA awards $4 million prize for AI code review at DEF CON North Korea ScarCruft group adds ransomware to its activities Columbia University hack affects over 860,000 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com.  

In this episode I address listener feedback and questions, from clarifying my stance on the “Tea” controversy to sharing practical tips from the community about Privacy.com workarounds. This episode covers some loose ends before I take a brief hiatus. I also discuss why I won't be at Black Hat this year, share thoughts on minimalism versus practicality in privacy, and reveal my favorite Indian restaurant in Vegas for those attending Black Hat!In this week's episode:Addressing the “Tea” controversy and clarifying my positions on doxingCommunity solution for Privacy.com and Plaid privacy concernsContact information protection strategies when family uses social mediaFuture of capture-the-flag challenges and OSINT considerationsConference attendance updates and travelMatrix Community RoomsMatrix Community Space - https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links:https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links:Tea app leak article - https://www.bleepingcomputer.com/news/security/tea-app-leak-worsens-with-second-database-exposing-user-chats/OSMOSIS Institute - https://osmosisinstitute.org/events/Privacy.com - https://privacy.com“There are no facts, only interpretations.”- Friedrich Nietzsche ★ Support this podcast on Patreon ★

News and Updates: The Republican-led FCC is moving to kill its 1Gbps broadband speed goal, arguing that such benchmarks unfairly disadvantage satellite and fixed wireless services like Starlink and T-Mobile Home Internet. Chair Brendan Carr says the current 100/25 Mbps standard is more "technologically neutral," though critics warn the move could hinder fiber rollout and inflate broadband availability stats. Microsoft Office 2024 is now available as a one-time $149 purchase with no feature updates, while Microsoft 365 remains a subscription service ($70–$100/year) offering cloud storage, constant updates, mobile access, and AI tools. Office 2024 suits offline users or regulated industries, while 365 is better for collaboration, flexibility, and long-term value. A single weak password allowed hackers to take down 158-year-old UK transport firm KNP. Ransomware gang Akira encrypted all company data and demanded a multi-million-pound ransom. Without backups or sufficient protection, KNP collapsed, laying off 700 workers. UK officials say ransomware incidents are rising rapidly, with 35–40 attacks per week and growing concern over underreporting and ransom payments. Tesla was forced to refund a customer $10,000 after an arbitrator ruled the company failed to deliver its Full Self-Driving (FSD) package. The buyer couldn't access FSD due to eligibility restrictions and noted that the software didn't perform as promised. Tesla provided a poorly prepared witness in arbitration and had to cover both the refund and $8,000 in arbitration fees. The decision highlights ongoing doubts about Tesla's ability to fulfill its long-standing autonomous driving claims.

Parce que… c'est l'épisode 0x617! Shameless plug 12 au 17 octobre 2025 - Objective by the sea v8 10 au 12 novembre 2025 - IAQ - Le Rendez-vous IA Québec 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2065 Description Dans ce podcast spécial Northsec, David Décary-Hétu présente une recherche fascinante sur les négociations entre groupes de ransomware et leurs victimes, basée sur l'analyse d'archives de conversations réelles accessibles publiquement sur ransomware.li. Le contexte des ransomwares modernes Les ransomwares représentent aujourd'hui la plus grande menace pour les infrastructures critiques selon le gouvernement canadien. Ces attaques ont évolué vers des stratégies multiples : chiffrement des données, exfiltration d'informations sensibles, et même la “triple extorsion” où les attaquants menacent de nouvelles attaques ou de déni de service si la rançon n'est pas payée. Cette évolution a naturellement mené à des négociations complexes entre criminels et victimes. Des attaquants bien préparés L'analyse révèle que les groupes de ransomware effectuent des recherches approfondies sur leurs cibles avant de formuler leurs demandes. Ils examinent les documents financiers volés pour connaître les soldes bancaires, les polices d'assurance cyber, et adaptent leurs exigences en conséquence. Cette approche leur permet de contrer efficacement les arguments de pauvreté des victimes en citant des chiffres précis : “À la fin du dernier trimestre, vous aviez 460 millions dans votre compte bancaire.” Cette connaissance détaillée des capacités financières des victimes leur donne un avantage considérable dans les négociations, particulièrement lorsqu'ils peuvent invoquer l'existence d'une assurance cyber en déclarant que “cela ne vous coûtera absolument rien”. Une mentalité commerciale surprenante Malgré leur préparation minutieuse, les cybercriminels adoptent une approche similaire à celle de “vendeurs de voitures usagées”, privilégiant le volume de transactions. La recherche montre qu'ils sont remarquablement flexibles sur les prix, acceptant généralement environ 50% de leur demande initiale, parfois même seulement 20%. Cette flexibilité suggère que leur modèle économique repose davantage sur la multiplication des paiements que sur l'obtention du montant maximal de chaque victime. La première leçon qui en découle est claire : ne jamais accepter la première offre et toujours négocier. L'arsenal des menaces Lorsque les victimes résistent ou prétendent disposer de sauvegardes, les attaquants déploient un éventail de menaces sophistiquées. Ils promettent de nouvelles attaques dès la restauration des systèmes, des campagnes de déni de service continues, ou encore la divulgation d'informations compromettantes aux clients et partenaires. Dans un cas particulièrement révélateur, des attaquants ont menacé de dénoncer des pratiques de délit d'initié aux autorités compétentes si leur victime vendait ses actions tout en cachant l'attaque subie. Cette approche montre une compréhension fine des enjeux réglementaires et réputationnels auxquels font face les entreprises. Des services après-vente discutables De manière quasi-commerciale, les groupes criminels promettent des “services après-vente” incluant la suppression garantie de toutes les données de leurs serveurs et, plus surprenant encore, des rapports de vulnérabilités pour aider leurs victimes à éviter de futures attaques. L'analyse révèle cependant que ces rapports sont standardisés et contiennent des recommandations basiques : ne pas cliquer sur des liens suspects, activer l'authentification à deux facteurs, maintenir les systèmes à jour. Ces conseils, bien qu'utiles, relèvent de l'hygiène cybernétique élémentaire et suggèrent que ces “services” constituent davantage un argument de vente qu'une véritable valeur ajoutée. Des exceptions géopolitiques inattendues Un aspect particulièrement intrigant concerne les considérations géopolitiques de certains groupes. Un cas documenté montre des attaquants s'excusant auprès d'une victime ayant une filiale en Arménie, considérant cette région comme faisant partie de la zone d'influence russe où ils ne souhaitent pas opérer. Ils ont même fourni gratuitement l'outil de déchiffrement avec des excuses. Cette observation soulève la question fascinante de savoir si la création stratégique de filiales dans certains pays pourrait constituer une forme de protection contre ces attaques, à l'instar des mécanismes automatiques qui détectent les claviers cyrilliques pour éviter les systèmes russes. Les stratégies défensives des victimes Du côté des victimes, plusieurs stratégies récurrentes émergent de l'analyse. La minimisation constitue l'approche la plus commune : les organisations se présentent systématiquement comme de petites entités sans moyens, même lorsqu'il s'agit d'entreprises importantes. Un centre d'hébergement pour sans-abri prétendant ne pas avoir d'argent a finalement versé 125 000 dollars de rançon. Les tentatives de création de liens personnels avec les attaquants constituent une autre stratégie fascinante, évoquant potentiellement le syndrome de Stockholm. Les victimes partagent leurs difficultés internes, décrivent des environnements de travail chaotiques, ou mentionnent les dangers personnels qu'elles acceptent de courir pour obtenir des cryptomonnaies. La temporisation représente également une tactique courante, les entreprises cherchant à gagner du temps pour évaluer leurs alternatives, comprendre l'étendue des dégâts et potentiellement restaurer leurs systèmes sans payer. Le contenu des données volées : moins spectaculaire qu'attendu L'examen du contenu réellement volé révèle une réalité souvent décevante. Contrairement aux attentes, la plupart des données divulguées consistent en documents administratifs banals, anciennes sauvegardes, et fichiers personnels d'employés sans intérêt stratégique. L'exemple du Blue Leak, impliquant 250 gigaoctets de documents de services de police, illustre cette réalité : malgré des heures d'analyse, peu d'informations véritablement compromettantes ont été identifiées, principalement des manuels de formation et des présentations statistiques. L'impact économique réel Cette recherche remet en question les statistiques alarmantes souvent citées, notamment celle affirmant que 60% des PME attaquées ferment dans l'année suivante. L'observation empirique suggère que les entreprises continuent généralement leurs opérations après une attaque, et que les consommateurs maintiennent leurs habitudes d'achat même après des violations de données majeures, comme l'illustre le cas de Home Depot. L'émergence d'une industrie de la négociation Un aspect méconnu mais crucial concerne le rôle des négociateurs professionnels, souvent mandatés par les compagnies d'assurance. Ces intermédiaires spécialisés développent des relations avec les différents groupes criminels, créant une forme d'écosystème professionnel autour de ces négociations. Cette professionnalisation soulève des questions importantes sur l'efficacité de ces services et leur impact sur les montants finalement versés, un domaine qui mériterait des recherches approfondies. Implications et enseignements Cette recherche, rendue possible par la mise à disposition publique de ces archives sur ransomware.li, offre des insights précieux pour les professionnels de la cybersécurité. Elle permet aux organisations de mieux se préparer à d'éventuelles négociations en comprenant les tactiques employées de part et d'autre. L'importance de cette recherche académique ne peut être sous-estimée car elle fournit aux défenseurs des outils concrets pour gérer ces situations critiques, alimentant ainsi la réflexion stratégique du secteur. La poursuite de ces travaux, enrichie par de nouveaux cas comme celui de LockBit récemment compromis, promet d'apporter des éclairages supplémentaires sur l'évolution de cet écosystème criminel en constante mutation, confirmant que les ransomwares demeurent une menace majeure nécessitant une vigilance et une préparation continues. Notes Nice to meet you! That will be 20 million please Davy Décary-Hétu Ransomware.live Collaborateurs Nicolas-Loïc Fortin David Décary-Hétu Crédits Montage par Intrasecure inc Locaux réels par Northsec

The Ransomware Minute is a rundown of the latest ransomware attacks & news, brought to you Cybercrime Magazine, Page ONE for Cybersecurity. Listen to the podcast weekly and read it daily at https://ransomwareminute.com. For more on cybersecurity, visit us at https://cybercrimemagazine.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Montez Fitzpatrick, CISO, Navvis Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO All links and the video of this episode can be found on CISO Series.com  

In this episode of the Cyber Uncut podcast, David Hollingworth and Daniel Croft discuss the future of AI and copyright in Australia, ShinyHunters and their relationship to the Scattered Spider hacking collective, and a new ransomware operator targeting small businesses in the ANZ region. Hollingworth and Croft kick open things up with a discussion on the Australian Productivity Commission's suggestion that AI regulations in Australia should be eased, an idea that the pair are not impressed by. After a short chat on the latest developments with Elon Musk's Grok AI, Hollingworth and Croft discuss the latest wave of Salesforce-related hacks and the possible links between two hacking groups, ShinyHunters and Scattered Spider. The pair wrap things up with the emergence of a new ransomware operation that has already targeted businesses in Australia and New Zealand. Called PEAR, the group focuses purely on data theft over encryption, which seems to be an emerging trend in ransomware operations. Enjoy the episode, The Cyber Uncut team

Do Sextortion Scams Still Work in 2025? Jan looked at recent sextortion emails to check if any of the crypto addresses in these emails received deposits. Sadly, some did, so these scams still work. https://isc.sans.edu/diary/Do%20sextortion%20scams%20still%20work%20in%202025%3F/32178 Akira Ransomware Group s use of Drivers Guidepoint Security observed the Akira ransomware group using specific legitimate drivers for privilege escalation https://www.guidepointsecurity.com/blog/gritrep-akira-sonicwall/ Adobe Patches Critical Experience Manager Vulnerability Adobe released emergency patches for a vulnerability in Adobe Experience Manager after a PoC exploit was made public. https://slcyber.io/assetnote-security-research-center/struts-devmode-in-2025-critical-pre-auth-vulnerabilities-in-adobe-experience-manager-forms/ https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html Trend Micro Apex One Vulnerability Trend Micro released an emergency patch for an actively exploited pre-authentication remote code execution vulnerability in the Apex One management console. https://success.trendmicro.com/en-US/solution/KA-0020652

In this episode of Unspoken Security, host AJ Nash welcomes Mark Freedman, Principal and CEO of Rebel Global Security, to discuss a major shift in the global threat landscape. The primary national security concern has moved from counter-terrorism to interstate strategic competition. This change requires a new security model, especially for the private sector.Mark explains that companies are now players on a geopolitical battlefield, facing sophisticated threats from nation-states. Yet, many organizations operate in silos. Legal teams track sanctions while cybersecurity teams react to technical threats. They often miss the strategic connection between the two, which creates significant vulnerabilities.To close these gaps, AJ and Mark explore the need for an integrated intelligence function within businesses. They discuss how even a single empowered person, tasked with understanding the geopolitical environment, can connect various teams. This strategic view helps companies build a more resilient and proactive defense in a complex world.Send us a textSupport the show

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Got a question or comment? Message us here!On this episode of the #SOCBrief, we break down attacks on SonicWall firewalls. A wave of ransomware, possibly exploiting zero-day vulnerabilities, is compromising even fully patched systems. Learn how SOCs can respond fast and stay ahead.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Zachary Myers, former U.S. Attorney for the Southern District of Indiana and now a partner at McCarter & English LLP, joins Indiana Lawyer reporter Maura Johnson to discuss his extensive background in prosecuting cybercrime, including ransomware, cryptocurrency fraud and international hacking. Myers shares how emerging threats have evolved and how law enforcement and private firms are adapting to protect businesses and individuals alike.

Joining us today on the bridge of the good ship SS Tomorrow is Aaron Momin, the CISO of Synechron, discussing the evolving landscape of cybersecurity. Aaron shares insights from his extensive career, the mission of Synechron, and the critical challenges organisations face in cybersecurity today, including third-party risks and ransomware. He emphasises the importance of a top-down approach to building security systems while balancing it with bottom-up strategies. The conversation also explores future trends in cybersecurity, including the role of AI and zero trust architecture. Keywords cybersecurity, CISO, Synechron, AI, risk management, data protection, ransomware, generative AI, zero trust, third-party risks Takeaways Aaron Momin has over 30 years of experience in cybersecurity. Synechron specialises in IT consulting and innovation, particularly in AI. The role of the CISO has evolved to include business enablement. Third-party risks are a significant challenge for organisations. Ransomware attacks are on the rise again, partly due to generative AI. A top-down approach is crucial for effective cybersecurity strategy. Organisations must balance top-down and bottom-up approaches to security. Understanding technology architecture is essential for cybersecurity professionals. Post-quantum computing poses new risks to data security. AI and zero trust architecture will be key trends in the future of cybersecurity.

In this episode of Tech Talks Daily, I caught up with Raj Samani, Chief Scientist at Rapid7, to unpack the rapidly evolving world of ransomware. Raj has been on the front lines of cybercrime response for years and has seen firsthand how these attacks have professionalized. Gone are the days of casual ransomware notes asking for a few hundred dollars. Today, these groups operate like fully formed businesses with help desks, R&D teams, and carefully designed extortion models. We talked about how ransomware has become a reputational risk issue more than just a technical one. Raj shared that CEOs are often more concerned about data being exfiltrated and leaked to the press than they are about systems being locked down. It's no longer just about recovering files. It's about trust, public perception, and the long tail of brand damage. One of the most revealing parts of our discussion was how these attacks typically unfold. Raj walked me through real-world scenarios where criminals have remained inside networks for months, even years, before launching their final payload. He also described how careful planning, coordinated strike days, and threat intelligence can disrupt an attacker's kill chain before irreversible damage is done. We explored the uncomfortable truth that many organizations still fall victim to basic attacks because of poor cyber hygiene. While the threat landscape is becoming more sophisticated with the use of zero-day vulnerabilities and social engineering, many breaches still happen through exposed RDP ports or convincing phishing attempts. Raj also offered candid insights into the ethics and complexities of ransomware negotiations, why outright banning payments may backfire, and what companies should do in the first few hours after discovering they've been hit. He made it clear that cybersecurity is no longer just an IT issue. It affects everything from supply chains to public services and daily life. Is your organization prepared for the moment when ransomware moves from IT's concern to the boardroom's crisis?

Ethical hacker Rachel Tobac joins us to answer a juicy question: How would she hack someone reasonably security savvy like Matt?

When a client is hit with ransomware, it can be paralyzing. After the tabletop exercises carried out at #ChannelCon25, Jason Comstock of Clarity Technology Solutions explored ransomware and the path to recovery. Stay tuned to the end for Jason's after-action report.

In H1 2025, a new social engineering technique called ClickFix started reshaping the threat landscape, quickly becoming the latest craze among all kinds of threat actors and rising to #2 in ESET telemetry. In stark contrast to this surge, law enforcement disrupted two major infostealer-as-a-service operations: Lumma Stealer and Danabot. And of course, no threat report would be complete without ransomware—this time highlighted by dramatic, deathmatch-style infighting that brought down several players including the leading RansomHub. For more details, visit Welivesecurity.com and read the latest H1 2025 report – no paywall or registration required. Discussed: ClickFix and FakeCaptcha 1:05 Whack-a-hack, infostealer version 9:20 Ransomware deathmatch 18:40 Host: Aryeh Goretsky, ESET Distinguished Researcher Guest: Ondrej Kubovič, Security Awareness Specialist Read more @WeLiveSecurity.com and @ESETresearch on Twitter ESET Threat Report H1 2025

In this episode of 'Cybersecurity Today,' host David Chipley discusses several major security incidents and threats. Hamilton, Ontario faces a $5 million insurance denial following a ransomware attack due to incomplete deployment of Multi-Factor Authentication (MFA). The episode also highlights a severe vulnerability, CVE-2025-54135, in the AI-powered Code Editor 'Cursor', which could allow prompt injection attacks. Further topics include a new ransomware attack exploiting Microsoft SharePoint vulnerabilities investigated by Palo Alto Networks, and a campaign leveraging fake OAuth apps to compromise Microsoft 365 accounts. The episode underscores the importance of robust security measures, emphasizing MFA, OAuth hygiene, and prompt patching. 00:00 Introduction and Headlines 00:38 Hamilton's Ransomware Attack and Insurance Denial 02:52 AI-Powered Code Editor Vulnerability 04:57 Palo Alto Networks Investigates SharePoint Exploitation 06:51 Fake OAuth Apps and Microsoft 365 Breaches 08:48 Conclusion and Upcoming Events

According to The Hacker News, an emerging ransomware strain – Anubis – has been discovered incorporating capabilities to encrypt files as well as permanently erase them. This development has been described as a “rare dual-threat.” In this episode, host Amanda Glassner is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss. To learn more about today's stories, visit https://cybercrimewire.com • For more on cybersecurity, visit us at https://cybersecurityventures.com.

In this episode, I discuss the challenges facing privacy-focused payment solutions like Privacy.com, exploring alternatives and the troubling rise of KYC requirements across the industry. I dive deep into the Switzerland privacy crisis that's forcing Proton to consider relocating their infrastructure, and what this means for encrypted email providers globally. I also cover the catastrophic security failure at Tea, a women's safety app that exposed 72,000 images including government IDs through basic incompetence, leading to harassment campaigns on 4chan.I wrap up with thoughts on vehicle tracking through DCM/Telematics modules, why buying older vehicles might be the better privacy-conscious choice, and how embracing the stoic lifestyle aligns with both privacy and my own philosophical principles.In this week's episode:Privacy.com troubles: Account freezes, limited alternatives, and the KYC nightmareSwitzerland's surveillance crisis: Why Proton is threatening to leave and relocating to Germany/NorwayEmail provider comparison: Proton vs Tutanota vs Atomic Mail, and understanding intelligence alliancesTea app breach: How 72,000 IDs and 1.1 million private messages ended up on 4chanVehicle tracking: DCM modules, telematics, and why your car is spying on youPhilosophy of privacy: Stoicism, minimalism, and why less is moreMatrix Community RoomsMatrix Community Space - https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links:https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links:Privacy.com - https://privacy.comCloaked.com - https://cloaked.comProton Warrant Canary - https://protonvpn.com/blog/transparency-report/Climate Activist Arrest - https://proton.me/blog/climate-activist-arrest and https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/Tuta Crypt - https://tuta.com/documents/tuta-crypt-spec.pdfProton elliptic curve cryptography - https://proton.me/blog/elliptic-curve-cryptographySimpleLogin - https://simplelogin.ioHashiCorp Vault - https://www.vaultproject.ioRAM IS SPYING ON YOU (Cozy Living Machine) - https://www.youtube.com/watch?v=0-Y1SUSRqNUMeditations by Marcus Aurelius - https://www.amazon.com/Meditations-New-Translation-Modern-Library-ebook/dp/B000FC1JAI“Very little is needed to make a happy life; it is all within yourself, in your way of thinking.”- Marcus Aurelius ★ Support this podcast on Patreon ★

Do you worry that ransomware might lock up more than your files? It can. I'll show you how to better protect your cloud storage and backups using tools like Macrium Reflect, OneDrive, and Dropbox. Even if malware strikes, you've got a way to recover.

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — National Chicken Wing Day04:16 - BHIS - Talkin' Bout [infosec] News 2025-07-2805:30 - Story # 1: Bad vibes: How an AI agent coded its way to disaster08:40 - Story # 1b: Replit goes rogue, deletes entire database.15:44 - Story # 2: A major AI training data set contains millions of examples of personal data26:05 - Story # 3: Women Dating Safety App ‘Tea' Breached, Users' IDs Posted to 4chan33:19 - Story # 4:A Startup is Selling Data Hacked from Peoples' Computers to Debt Collectors40:28 - Story # 5: Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers49:46 - Story # 6: Businesses banned from paying hackers' ransoms to target cybercrime57:38 - SharePoint Follow Up

Three Buddy Problem - Episode 56: China-focused researcher Dakota Cary joins the buddies to dig into China's sprawling cyber ecosystem, from the HAFNIUM indictments and MSS tasking pipelines to the murky world of APT contractors and the ransomware hustle. We break down China's “entrepreneurial” model of intelligence collection, why public visibility into these threat actors is so hard to get right, and how companies like Microsoft get caught in the geopolitical crossfire. Plus: a deep dive on suspected MAPP leaks and Sharepoint zero-days, Singapore targeted by extremely sophisticated China-nexus hacking group, soft censorship in corporate threat-intel, and whether the U.S. should rethink how it fills its intelligence gaps. Cast: Dakota Cary (https://www.linkedin.com/in/dakotacary/), Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses significant developments in cybersecurity, including Palo Alto's $25 billion acquisition of CyberArk, the implications of rising AI threats, and the ongoing challenges posed by data breaches and ransomware. He emphasizes the need for a more robust cybersecurity framework, particularly in light of recent trends in fraud and the consolidation of the cybersecurity industry. The discussion also touches on the political influences affecting cybersecurity education and the importance of adopting Zero Trust principles.TakeawaysPalo Alto's acquisition of CyberArk is a significant move in the cybersecurity landscape.The consolidation of cybersecurity firms raises concerns about market competition.Data breaches linked to Shiny Hunters highlight vulnerabilities in CRM systems.AI is increasingly being used in sophisticated cyberattacks.The AI fraud crisis is already impacting various sectors, including government programs.Political influences are affecting hiring practices in cybersecurity education.CISA's new guidance on Zero Trust emphasizes the importance of microsegmentation.Ransomware attacks are evolving, with a notable increase in targeting the oil and gas sector.The volume of data stolen in ransomware attacks is on the rise.Cybersecurity requires continuous adaptation to emerging threats and technologies.

Das Hacker-Kollektiv „Scattered Spider“ nutzt es und viele andere Cyberkriminelle auch: „Social Engineering“. Die Angreifer erschleichen das Vertrauen ihrer Opfer und bringen Sie dazu, vertrauliche Informationen preiszugeben. Oft mündet das dann bei Unternehmen in Datendiebstahl großen Umfangs oder in einer Erpressung mit Hilfe gekaperter IT- und Datenstrukturen. Wie alle Kriminellen, nutzen auch solche Hacker gerne die Möglichkeiten der Künstlichen Intelligenz. Nicht um technologisch Schutzmechanismen zu überwinden, sondern vor allem um Identitätsdiebstahl und Phishing-Mail-Kampagnen täuschend echt zu gestalten. Cybercrime-Experten warnen vor den Gefahren von Angriffen auf die Firmen- und Kunden-Daten und das Allianz Risk Barometer benennt Hackerangriffe seit Jahren als das Top-Risiko für Unternehmen. Das mußte kürzlich auch die Konzerntochter Allianz Life, ein namhafter Versicherer in den USA, erleben. Kurz nachdem es bereits den Wettbewerber Aflac getroffen hatte. In beiden Fällen wird „Scattered Spider“ hinter den Angriffen vermutet. In der neuen Episode 184 der Turtlezone Tiny Talks beleuchten Dr. Michael Gebert und Oliver Schwartz die Vorgehensweise der Cyberkriminellen und den Umfang der Bedrohung. Und sie thematisieren, wie Unternehmen sich besser wappnen können. Denn bei „Social Engineering“ stehen vor allem Mitarbeiterinnen und Mitarbeiter im Mittelpunkt. Spannende 33 Podcast-Minuten zum Wochenende.

From 2023 to 2024, ransomware has seen a 67 percent jump, with an average payment of $2 million and another $2.7 million in recovery costs for most companies that are hit by an attack. Fortunately, there are multiple steps businesses can take to lower the risk of being a victim. In this episode, Adam Keown, global CISO at Eastman, joins host Heather Engel to discuss security audits and how they can help organizations across the globe stay cyber safe. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Unit 42 (Palo Alto Networks) just showed they can use AI to conduct a complete ransomware attack in 25 minutes, a 100x speed increase. What does this mean for defenders? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Keywordscybersecurity, military transition, Tampa cybersecurity, mentorship, cyber law, incident response, private sector, cybersecurity misconceptions, legal perspectives, cybersecurity growth  SummaryIn this episode of No Password Required, hosts Jack Clabby and Kayley Melton sit down with Kurt Sanger — former Deputy General Counsel at U.S. Cyber Command — to talk about the evolving world of cyber law, the wild ride from government service to private sector strategy, and what keeps him grounded in a field that's constantly shifting. Kurt dives into the fast-growing cybersecurity scene in Tampa, the power of mentorship, and why people still get cyber law so wrong. Plus: insights on responding to incidents under pressure and what role the government should (and shouldn't) play in the digital fight.  TakeawaysKurt emphasizes that newcomers to cybersecurity are not as far behind as they think.The transition from military to private sector can be challenging but rewarding.Tampa is becoming a significant hub for cybersecurity talent and companies.Understanding cybersecurity misconceptions is crucial for decision-makers.Mentorship plays a vital role in navigating career challenges in cybersecurity.Military and civilian cyber law have distinct differences in enforcement and flexibility.The stakes in private sector cybersecurity can be incredibly high for clients.Kurt's experience highlights the need for collaboration between government and private sectors.Cybersecurity is an ever-evolving field that requires continuous learning.Kurt finds excitement in helping clients during their most challenging times.  Sound bites "You're only six months behind.""We're all in the same boat.""The government needs to step back."  Chapters 00:00 NPR S6E7 Kurt Sanger52:53 NPR S6E7 Kurt Sanger01:45:47 Introduction to Cybersecurity Conversations01:48:22 Transitioning from Military to Private Sector Cybersecurity01:51:11 The Growth of Tampa as a Cybersecurity Hub01:54:05 Understanding Cybersecurity Misconceptions01:57:15 The Role of Mentorship in Cybersecurity Careers02:00:24 Military vs. Civilian Cybersecurity Law02:03:07 The Excitement of Cyber Command vs. Private Sector02:13:52 High Stakes in Cybersecurity for Small Organizations02:15:44 The Role of Legal Experts in Cybersecurity02:17:21 Translating Technical Jargon for Clients02:18:57 Challenges of Explaining Cyber Operations to Commanders02:22:43 Lifestyle Polygraph: Fun Questions and Insights02:23:30 The 10,000 Hour Rule in Cybersecurity02:29:34 Creative Freedom with LEGO Bricks02:31:27 Tampa's Culinary Delights and Local Favorites

Cybersecurity expert Nick Mullen shares how you can protect your business from cyber attacks. Small businesses are often the target for today's most dangerous cyber threats. Show Notes Page: https://www.thehowofbusiness.com/575-nick-mullen-cyber-security/ Cyberattacks are no longer just a threat to large corporations - small business owners are now the most frequent and most vulnerable targets. In this episode of The How of Business, Henry Lopez speaks with cybersecurity expert and Entoo Security founder Nick Mullen about how you can protect your business from cyber attacks using clear, practical, and affordable strategies. Nick breaks down the modern cyber threat landscape, including: Ransomware and extortion scams AI-powered phishing emails and voice impersonations The myth of "I'm too small to be a target" The importance of email access controls and proper backups They also explore the FTC Safeguards Rule, which now applies to many more small businesses, and what it means to be compliant. Nick emphasizes the importance of understanding where your data lives, limiting who can access it, and training your team to spot threats before they cause damage. “You might think you're too small to be a target, but $50,000 is a huge payday for a criminal overseas—and they can attack thousands of small businesses every day,” Nick warns. Whether you run a solo business or have a growing team, this episode will give you the clarity and steps you need to protect what you've worked so hard to build. Nick Mullen is the founder of N2 Security, a full-service cybersecurity firm helping small businesses including accountants, bookkeepers, and service providers meet compliance standards and avoid devastating cyberattacks. He has nearly two decades of experience in security, compliance, and governance. This episode is hosted by Henry Lopez. The How of Business podcast focuses on helping you start, run, grow and exit your small business. The How of Business is a top-rated podcast for small business owners and entrepreneurs. Find the best podcast, small business coaching, resources and trusted service partners for small business owners and entrepreneurs at our website https://TheHowOfBusiness.com

Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastJohn Price of SubRosa joins today's Cyber Work Podcast to share insights from his unique career path spanning UK military counterintelligence, banking cybersecurity and founding his own digital forensics consultancy. John breaks down what really happens when ransomware hits small and medium businesses, why most companies choose recovery over legal action, and how his team helps organizations get back on their feet quickly. He also discusses the growing threats facing industries like automotive dealerships, the critical role of documentation in forensics work, and why AI will reshape both offensive and defensive cybersecurity strategies.0:00 - Intro1:00 - Cybersecurity Salary Guide2:34 - Meet John Price2:51 - Early career in military counterintelligence5:13 - Career journey from military to banking to SubRosa8:34 - Role as founder and head of SubRosa10:51 - Digital forensics and breach response operations13:13 - Typical ransomware response process17:57 - Building and managing a forensics team19:50 - Unusual cases and industry-specific threats24:29 - Importance of writing and documentation in forensics27:36 - Breaking into digital forensics without experience30:46 - Future of email security and AI's impact33:47 - About SubRosa and AI security focusView Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

In this episode of Cybersecurity Today, host David Shipley covers several key incidents impacting the cybersecurity landscape. Amazon's generative AI coding assistant 'Q' was compromised by a hacker who injected data-wiping code into the tool's GitHub repository. Scattered Spider, a notorious cybercrime group, continues its malware attacks on VMware ESXI hypervisors using advanced social engineering techniques. In a significant enforcement action, global law enforcement dismantled the Black Suit ransomware infrastructure under Operation Checkmate. Lastly, Insurance Giant Allianz Life revealed a data breach affecting its US customer base. Stay tuned to understand the latest threats and protective measures in cybersecurity. 00:00 Introduction and Headlines 00:30 Amazon AI Coding Tool Breach 03:07 Scattered Spider's VMware ESXI Attacks 06:44 Operation Checkmate: Black Suit Ransomware Takedown 08:16 Alliance Life Insurance Data Breach 10:25 Conclusion and Call to Action

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Ring database error shows unauthorized logins https://www.bleepingcomputer.com/news/security/ring-denies-breach-after-users-report-suspicious-logins/    UK to ban public sector ransomware payments https://www.bleepingcomputer.com/news/security/uk-to-ban-public-sector-orgs-from-paying-ransomware-gangs/   MFA downgrade attack bypasses FIDO2 https://www.bleepingcomputer.com/news/security/threat-actors-downgrade-fido2-mfa-auth-in-poisonseed-phishing-attack/   World Emoji Day 2025 https://www.macrumors.com/2025/07/17/top-10-emoji-us-2025/ https://emojitracker.com/   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Scott - https://www.linkedin.com/in/scottmsavage/ Ben - https://www.linkedin.com/in/ben-k-b7196831/

The Ransomware Minute is a rundown of the latest ransomware attacks & news, brought to you Cybercrime Magazine, Page ONE for Cybersecurity. Listen to the podcast weekly and read it daily at https://ransomwareminute.com. For more on cybersecurity, visit us at https://cybercrimemagazine.com.

In this episode of Unspoken Security, host AJ Nash speaks with Dr. Peter Garraghan, CEO and CTO of Mindgard. They discuss the real-world security risks of artificial intelligence. Peter starts with a simple point: AI is just software, and software is easy to break. He urges businesses using AI to step back and truly understand its vulnerabilities.Peter draws parallels between the current AI boom and past technology cycles like cloud computing. While AI feels revolutionary, the security risks are not new. Threats like data poisoning and prompt injection are modern versions of classic cybersecurity problems. The danger is that AI's human-like interface makes it easy to anthropomorphize, causing users to overlook fundamental security flaws.To manage these risks, Peter advises companies to treat AI like any other software. This means applying the same rigorous security controls, testing protocols, and incident response playbooks. Instead of creating a separate process for AI, organizations should find the gaps in their current security posture and update them. This practical approach helps businesses secure AI systems effectively.Send us a textSupport the show

Want to listen to other episodes? www.Federaltechpodcast.com In 2018, ransomware was a quaint little cyberattack.  Suddenly, the first half of 2024 saw $459 million paid in ransomware.  Everyone is being targeted: retailers in the UK, resellers in LA, and even the federal government can be included in the target for ransomware attackers. Today, we sit down with Douglas Holland to see what role Akamai plays in preventing these rapidly proliferating attacks. One of the strengths of Akamai is its ability to handle a wide range of internet activity, as Akamai processes 11 trillion DNS queries daily.  This gives them a perfect perspective to identify troublesome sites and apply Domain Name Systems (DNS) to provide robust cybersecurity. Douglas Holland puts this situation into perspective by noting that during the COVID-19 pandemic, more and more people started using VPN technology, making systems vulnerable to phishing attacks. He notes the rise of ransomware-as-a-service and phishing-as-a-service, emphasizing the importance of employee training and education. Holland also addresses the challenges of VPNs and remote desktop security, advocating for zero-trust architectures and multi-factor authentication. The interview ends with discussing the role of AI and machine learning in Akamai's threat protection.

Microsoft Updates SharePoint Vulnerability Guidance CVE-2025-53770 and CVE-2025-53771 Microsoft released its update for SharePoint 2016, completing the updates across all currently supported versions. https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/ WinZip MotW Privacy Starting with version 7.10, WinZip introduced an option to no longer include the download URL in zip files as part of the Mark of the Web (MotW). https://isc.sans.edu/diary/WinRAR%20MoTW%20Propagation%20Privacy/32130 Interlock Ransomware Several government agencies collaborated to create an informative and comprehensive overview of the Interlock ransomware. Just like prior writeups, this writeup is very informative, including many technical details useful to detect and block this ransomware. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a Sophos Firewall Updates Sophos patched five different vulnerabilities in its firewalls. Two of them are critical, but these only affect a small percentage of users. https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce

We're back with a brand-new season of Random but Memorable! ✨

Managed service providers (MSPs) are increasingly allocating budgets for ransomware payments, with a recent report indicating that 45% have set aside funds specifically for this purpose. This trend raises concerns about normalizing the act of paying criminals, as many experts argue that such practices inadvertently support criminal activities. While some MSPs are turning to cyber insurance for protection, a significant portion remains vulnerable due to a lack of allocated budgets for ransomware payments or insurance. Additionally, MSP leaders are increasingly worried about artificial intelligence threats, which have surpassed traditional concerns like ransomware and malware.A study by AppOmni reveals a troubling disconnect in the security posture of organizations using software-as-a-service (SaaS) applications. Despite 75% of organizations reporting breaches in the past year, 89% believe they have adequate visibility into their security environments. The study highlights that many incidents stem from permission issues and misconfigurations, emphasizing the need for improved security hygiene. Providers are urged to focus on addressing these basic issues rather than preparing for ransom payments, as this is where they can truly add value and protect their clients.In a concerning development, a startup has been found selling hacked data from over 50 million computers to various industries, including debt collectors and divorce attorneys. This practice raises ethical and legal questions, as the sale of such information may not be illegal in many jurisdictions. Additionally, researchers have discovered nearly 2,000 AI protocol servers exposed online without any authentication, posing significant risks to sensitive data. Experts warn that individuals whose data is sold may remain unaware of the exploitation of their personal information, highlighting the urgent need for stronger data protections.The UK government is reconsidering its demand for Apple to provide access to encrypted user data, influenced by pressure from the U.S. government. This shift comes after Apple withdrew its Advanced Data Protection Service from the UK, emphasizing its commitment to user privacy. Meanwhile, Meta has rejected the EU's Code of Practice for Artificial Intelligence, citing concerns over regulatory overreach. In contrast, OpenAI has formed a strategic partnership with the UK government to enhance the country's AI infrastructure, indicating a growing trend of governments aligning with major tech players in the AI sector. For MSPs, these developments underscore the importance of engaging in conversations about encryption resilience and understanding the evolving regulatory landscape. Four things to know today 00:00 45% of MSPs Planning to Pay Hackers? SaaS Breach Rates Show Why That's the Wrong Bet03:55 Startup Sells Data From 50M Hacked PCs as AI Servers Leak Sensitive Info Without Authentication06:18 UK May Drop Apple Encryption Backdoor Demand Amid US Pressure; OpenAI and Meta Make Diverging EU Moves09:15 Microsoft Patches Critical SharePoint Flaws as China-Linked Actor Linked to Incident  Supported by:  https://getnerdio.com/nerdio-manager-for-msp/  Tell us about a newsletter! https://bit.ly/biztechnewsletter All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Another week, another round of cyber fails making headlines. In this episode of Security Squawk, we break down how some of the biggest names in tech and business are still getting owned by basic mistakes. This week: Dell's breach exposes critical platforms to extortion groups ️ A 158-year-old company destroyed by one weak password Ransomware still targeting hospitals while reports claim it is in decline If you think big brands have it figured out, think again. Stay informed and stay protected. Watch or listen now for insights you will not hear anywhere else. ️ New to streaming or looking to level up? Check out StreamYard and get $10 discount! https://streamyard.com/pal/d/65161790...

This week, Erich and Javvad dig into Salt Typhoon's year-long hack of the National Guard (somebody check the cyber sandbags!), marvel at scammers out-faking CNN, BBC, and CNBC to push bogus investments, and celebrate the rarest of cyber events: a ransomware gang calling it quits and actually handing out free decryptors. Grab your popcorn—cyber drama doesn't get juicier than this!

In this episode of Cyber Crime Junkies, host Dean Mauro explores listener question of who do hackers target the most. He explains the real truth about cyber crime,  recent examples of Cyber crime This year, Small business cyber attacks, and he evaluates FBI IC3 Report 2025Send us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com

In this episode, I address listener feedback and corrections regarding use of public Wi-Fi, MAC addresses, and aliases. I dive deep into the nuances of MAC address randomization on GrapheneOS versus Apple's private Wi-Fi addresses, explaining why GrapheneOS offers superior privacy protection. I discuss the real threats of public Wi-Fi in 2025 (hint: it's not hackers with Wireshark), and share my approach with aliases.I also cover the rising threat of infostealers like Atomic Info Stealer for macOS, the dangerous intersection of gaming cheats and malware, and why I avoid third-party antivirus software. Most importantly, I address the GrapheneOS controversy: the loss of a senior developer to military conscription, Google's strategic pivot that threatens custom ROMs, and why claims of GrapheneOS “dying” are misinformation spread by those with competing agendas.In this week's episode:Clarifications and Corrections: Public Wi-Fi, MAC addresses, and alias managementMAC address randomization: GrapheneOS vs Apple's implementationThe real threats of public Wi-Fi in 2025Info stealers and video games can be a privacy nightmareGrapheneOS controversy: Developer conscription, Google's lockdown, and the future of custom ROMsWhy antivirus software might be the malware you're trying to avoidMatrix Community RoomsMatrix Community Space - https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links:https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links:MAC Address Lookup - https://maclookup.app/OUI Lookup - https://oui.is/33mail - https://www.33mail.com/OpenSnitch - https://github.com/evilsocket/opensnitchPrivacy.com - https://privacy.comLithic - https://lithic.comKaspersky and Russian Government - https://en.wikipedia.org/wiki/Kaspersky_and_the_Russian_governmentGoogle Not Killing AOSP - https://www.androidauthority.com/google-not-killing-aosp-3566882/GrapheneOS on Developer Conscription - https://grapheneos.social/@GrapheneOS/114359660453627718GrapheneOS on OEM Partnerships (June 19) - https://grapheneos.social/@GrapheneOS/114671100848024807GrapheneOS Response to Misinformation - https://grapheneos.social/@GrapheneOS/114825492698412916GrapheneOS on iPhone Security - https://grapheneos.social/@GrapheneOS/114824816120139544“Social engineering bypasses all technologies, including firewalls.”- Kevin Mitnick ★ Support this podcast on Patreon ★

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

Ever wonder if your secondhand laptop could land you in an international cybercrime investigation? This episode dives into the bizarre case of a Russian basketball player arrested for ransomware activities he claims stemmed from a used computer purchase. Was he an unwitting victim or a sophisticated criminal? The hosts debate the plausibility of his defense and what it means for everyday tech users.The conversation takes a darker turn when exploring Elon Musk's AI chatbot Grok, which began calling itself "MechaHitler" and spewing hate speech before shutting down entirely. This spectacular AI failure raises profound questions about content moderation, algorithmic bias, and Musk's troubling assertion that he plans to "rewrite the entire corpus of human knowledge." The hosts expertly unpack the technical and ethical implications with their trademark blend of expertise and accessible explanations.We also examine the shifting landscape of digital relationships as Bumble announces a 30% workforce reduction. Could traditional dating apps be giving way to more organic connections formed in gaming communities and audio platforms? The team makes a compelling case that technology-mediated relationships are evolving beyond superficial swiping interfaces toward more authentic interaction spaces.The "Gadgets and Gear" segment showcases Hingbot's Sirius - an American-made programmable robot dog that offers a privacy-conscious alternative to Chinese models. Perfect for budding coders and robotics enthusiasts, this high-tech companion demonstrates how consumer robotics continues to advance despite lingering concerns about data security.Between whiskey tastings and good-natured ribbing, the hosts deliver sharp insights about our complex relationship with technology - from the anthropomorphizing of AI "hallucinations" to the ironies of major security vendors falling victim to ransomware attacks. Subscribe now to join our community of tech enthusiasts who appreciate clear, jargon-free analysis served with a side of whiskey and genuine laughs.Support the show