Podcasts about Ransomware

In this episode, Ryan Williams Sr. and Shannon Tynes discuss the latest cybersecurity news, including a ransomware attack on a small Ohio village and the FCC's warnings about cybersecurity risks. They dive into the importance of operational security (OPSEC) and cyber hygiene, share personal reflections on Thanksgiving, and explore various entertainment topics, including gaming and TV shows. The conversation highlights the challenges and developments in the cybersecurity landscape while also touching on personal anecdotes and cultural observations. Article: Ohio village gets hit with cybersecurity ransom attack https://www.fox19.com/2025/11/28/ohio-village-gets-hit-with-cybersecurity-ransom-attack/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExdmlnellQTVlXMXR2NDRDdnNydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR5pqTFOkN8AQxkzEBXaBeyaR5HkYOB6B3SxBkphkv_eKLLRd_x9qc4_hN5uZA_aem_1AM3Bso9Ps37Nm4diP-RdA FCC Warns of Cybersecurity Risks After Texas, Virginia Breaches https://www.radioworld.com/news-and-business/fcc-warns-of-cybersecurity-risks-after-texas-virginia-breaches?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExdmlnellQTVlXMXR2NDRDdnNydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR5pqTFOkN8AQxkzEBXaBeyaR5HkYOB6B3SxBkphkv_eKLLRd_x9qc4_hN5uZA_aem_1AM3Bso9Ps37Nm4diP-RdA The WIRED Guide to Digital Opsec for Teens https://www.wired.com/story/digital-opsec-for-teens/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExdmlnellQTVlXMXR2NDRDdnNydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR7HG9OFlM_z47SI_EuksKX4a0slVE_RLIogUj2kAs6NILEQg__zrLM_lTFc7w_aem__iFJTaYf7U4ALs5OuIDybA Buy the guide: https://www.theothersideofthefirewall.com/ Please LISTEN

Japanese brewer Asahi provides details regarding October ransomware attack California law regulating web browsers might impact national data privacy Microsoft to speed up Teams Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO Find the stories behind the headlines at CISOseries.com.

i'm wall-e, welcoming you to today's tech briefing for friday, november 28th: amazon's satellite internet ambitions: launching project kuiper with plans for over 3,000 satellites to compete with starlink, marking amazon's foray into space-based connectivity. google's anti-ransomware initiative: release of advanced security tools to protect small to medium-sized businesses from sophisticated cyber threats. meta platforms' stock surge: shares rise following quarterly earnings that beat expectations; driven by strong user engagement and ad revenue. continue to bet on metaverse for future growth. that's all for today. we'll see you back here tomorrow.

In this episode of Unspoken Security, host AJ Nash sits down with CharlotteGuiney, Cyber Threat Intelligence Manager at Toyota Financial Services. Theyexplore what it takes to build threat intelligence programs that work for bothsecurity teams and the wider business. Charlotte cuts through the noise,stressing that buy-in is step one—and that it's often the hardest step. Sheshares how understanding internal customers and their priorities leads toearly wins, which are key to building trust and showing the value ofintelligence.Charlotte explains that not every organization needs the same level ofmaturity. Small companies might only need basic monitoring, while largerenterprises face more complex challenges. She notes that successfulprograms link intelligence to business needs, not just security threats. Thisapproach helps teams prioritize what matters most and communicate risk inways business leaders understand.The conversation also dives into the future of threat intelligence. Charlottesees a growing role for automation and AI, especially for basic tasks, butbelieves people are still needed to bridge gaps and build relationships acrossthe business. She closes with a reminder to keep things in perspective,echoing a lesson from her childhood at clown camp: sometimes you need tostep back and find humor, even in serious work.Send us a textSupport the show

How modern ransomware actors are deploying multidimensional tactics to outpace traditional defencesStrategies to reduce data loss and sustain business operations after an attackAI and automation – enhancing visibility and accelerating response to ransomware threatsThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Edward Starkie, Director, GRC | Cyber Risk, Thomas Murrayhttps://www.linkedin.com/in/edward-starkie-56712431/Cameron Brown, Head of Cyber Threat and Risk Analytics, Ariel Rehttps://www.linkedin.com/in/analyticalcyber/Jesus Cordero, Director, Solution Architects AppSec, NetSec & XDR, EMEA, Barracudahttps://www.linkedin.com/in/jcordero-guzm%C3%A1n/

What if AI stopped being a headline and started working like a real employee? We sit down with CEO and AI integrator Ephraim Ebstein to map the straightest path from hype to results: smarter outreach, faster service, leaner teams, and tighter security. No sci‑fi, no gimmicks—just the playbook for turning today's tools into tomorrow's edge.We zoom out to the bigger picture many avoid: the middle class is getting squeezed, and waiting your turn is not a plan. Ephraim shares how early adopters keep their jobs by redesigning them, why posting consistently beats “perfect” content, and how modeling proven operators compresses years of trial and error. From trade businesses to tech firms, the message is the same—sell something useful, systemize it, and let AI compound your time.Then we flip to the risk side. Ransomware groups run like corporations, and social engineering can undo an entire brand with a single password reset. You'll hear how a boutique hotel uses a text-based AI concierge that guests love—and how a recognizable apparel company lost weeks of revenue after a cloud breach. The lesson is blunt: security is a growth strategy. Use MFA, train your team, back up right, and test recovery before you need it.If you want AI to pay for itself, deploy it where dollars move: SMS outreach, appointment setting, concierge flows, and workflow automation that actually replaces tasks. If you want to sleep at night, invest in cybersecurity with the same urgency you invest in marketing. Ready to adapt before you're forced to? Subscribe, share this with a builder who needs the nudge, and leave a review telling us where you'll put AI to work first.Join the What if it Did Work movement on FacebookGet the Book!www.omarmedrano.comwww.calendly.com/omarmedrano/15min

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Black Friday season is upon us!

In this Security Squawk episode, Brian Horning from Xact IT is joined by guests to unpack three real ransomware incidents, the rapid rise of “The Gentlemen” gang, and how attackers bypass basic security by turning off tools like Windows Defender. You'll learn why relying only on built-in protections creates dangerous blind spots, what layered security with EDR, SOC monitoring, and log retention looks like, and the practical steps business leaders can take now to harden their defenses and reduce ransomware risk.

The Ransomware Minute is a rundown of the latest ransomware attacks & news, brought to you Cybercrime Magazine, Page ONE for Cybersecurity. Listen to the podcast weekly and read it daily at https://ransomwareminute.com. For more on cybersecurity, visit us at https://cybercrimemagazine.com.

AI is accelerating ransomware attacks and reshaping the cyber threat landscape. Join Brendan Hall, Alliant Cyber, and Brad LaPorte, Morphisec, as they discuss how evolving ransomware tactics and polymorphic malware are challenging traditional cybersecurity defenses. Together they share how a preemptive approach to ransomware protection can help organizations reduce exposure, lower insurance costs and strengthen cyber resilience as AI continues to accelerate the speed and sophistication of attacks. They also highlight how Morphisec's patented technology and ransomware-free guarantee provide a powerful layer of protection that complements existing MDR and EDR tools.

Ransomware isn't a lone hacker in a hoodie. It's an entire criminal industry complete with developers, brokers, and money launderers working together like a dark tech startup. And while these groups constantly evolve, so do the tools and partnerships aimed at stopping them before they strike.  My guest today is Cynthia Kaiser, former Deputy Assistant Director of the FBI's Cyber Division and now the Head of the Ransomware Research Center at Halcyon. After two decades investigating global cyber threats and briefing top government leaders, she's now focused on prevention and building collaborations across government and industry to disrupt ransomware actors at their source.  We talk about how ransomware groups operate, why paying a ransom rarely solves the problem, and what layered defense really means for organizations and individuals. Cynthia also shares how AI is reshaping both sides of the cyber arms race and why she believes hope, not fear, is the most powerful tool for defenders. Show Notes: [01:04] Cynthia Kaiser had a 20-year FBI career and has now transitioned from investigation to prevention at Halcyon. [03:58] The true scale of cyber threats is far larger than most people realize, even within the government. [04:19] Nation-state and criminal activity now overlap, making attribution increasingly difficult. [06:45] Cynthia outlines how ransomware spreads through phishing, credential theft, and unpatched systems. [08:08] Ransomware is an ecosystem of specialists including developers, access brokers, money launderers, and infrastructure providers. [09:55] Discussion of how many ransomware groups exist and the estimated cost of attacks worldwide. [11:37] Ransom payments dropped in 2023, but total business recovery costs remain enormous. [12:24] Paying a ransom can mark a company as an easy target and doesn't guarantee full decryption. [13:11] Example of a decryptor that failed completely and how Halcyon helped a victim recover. [14:35] The so-called "criminal code of ethics" among ransomware gangs has largely disappeared. [16:48] Hospitals continue to be targeted despite claims of moral restraint among attackers. [18:44] Prevention basics still matter including strong passwords, multi-factor authentication, and timely patching. [19:18] Cynthia explains the value of layered defense and incident-response practice drills. [21:22] Even individuals need cyber hygiene like unique passwords, MFA, and updated antivirus protection. [23:32] Deepfakes are becoming a major threat vector, blurring trust in voice and video communications. [25:17] Always verify using a separate communication channel when asked to send money or change payment info. [27:40] Real-world example: credential-stuffing attack against MLB highlights the need for two-factor authentication. [29:55] What to do once ransomware hits includes containment, external counsel, and calling trusted law-enforcement contacts. [32:44] Cynthia recounts being impersonated online and how she responded to protect others from fraud. [34:28] Many victims feel ashamed to report cybercrime, especially among older adults. [36:45] Scams often succeed because they align with real-life timing or emotional triggers. [38:32] Children and everyday users are also at risk from deceptive links and push-fatigue attacks. [39:26] Overview of Halcyon's Ransomware Research Center and its educational, collaborative goals. [42:15] The importance of public-private partnerships in defending hospitals and critical infrastructure. [43:38] How AI-driven behavioral detection gives defenders a new advantage. [44:48] Cynthia shares optimism that technology can reduce ransomware's impact. [45:43] Closing advice includes practicing backups, building layered defenses, and staying hopeful. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Halcyon Cynthia Kaiser - LinkedIn

This week, Lois Houston and Nikita Abraham are joined by Principal OCI Instructor Orlando Gentil to explore what truly keeps data safe, and what puts it at risk.   They discuss the CIA triad, dive into hashing and encryption, and shed light on how cyber threats like malware, phishing, and ransomware try to sneak past defenses.   Cloud Tech Jumpstart: https://mylearn.oracle.com/ou/course/cloud-tech-jumpstart/152992 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. ------------------------------------------ Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services. Nikita: Hey everyone! Last week, we discussed how you can keep your data safe with authentication and authorization. Today, we'll talk about various security risks that could threaten your systems. 00:48 Lois: And to help us understand this better, we have Orlando Gentil, Principal OCI Instructor, back with us. Orlando, welcome back! Let's start with the big picture—why is security such a crucial part of our digital world today? Orlando: Whether you are dealing with files stored on a server or data flying across the internet, one thing is always true—security matters. In today's digital world, it's critical to ensure that data stays private, accurate, and accessible only to the right people.  01:20 Nikita: And how do we keep data private, secure, and unaltered? Is there a security framework that we can use to make sense of different security practices? Orlando: The CIA triad defines three core goals of information security.  CIA stands for confidentiality. It's about keeping data private. Only authorized users should be able to access sensitive information. This is where encryption plays a huge role. Integrity means ensuring that the data hasn't been altered, whether accidentally or maliciously. That's where hashing helps. You can compare a stored hash of data to a new hash to make sure nothing's changed. Availability ensures that data is accessible when it's needed. This includes protections like system redundancy, backups, and anti-DDoS mechanisms. Encryption and hashing directly support confidentiality and integrity. And they indirectly support availability by helping keep systems secure and resilient. 02:31 Lois: Let's rewind a bit. You spoke about something called hashing. What does that mean? Orlando: Hashing is a one-way transformation. You feed in data and it produces a unique fixed length string called a hash. The important part is the same input always gives the same output, but you cannot go backward and recover the original data from the hash. It's commonly used for verifying integrity. For example, to check if a file has changed or a message was altered in transit. Hashing is also used in password storage. Systems don't store actual passwords, just their hashes. When you log in, the system hashes what you type it and compare the stored hash. If they match, you're in. But your actual password was never stored or revealed. So hashing isn't about hiding data, it's about providing it hasn't changed. So, while hashing is all about protecting integrity, encryption is the tool we use to ensure confidentiality. 03:42 Nikita: Right, the C in CIA. And how does it do that? Orlando: Encryption takes readable data, also known as plaintext, and turns it into something unreadable called ciphertext using a key. To get the original data back, you need to decrypt it using the right key. This is especially useful when you are storing sensitive files or sending data across networks. If someone intercepts the data, all they will see is gibberish, unless they have the correct key to decrypt it. Unlike hashing, encryption is reversible as long as you have the right key. 04:23 Lois: And are there different types of encryption that serve different purposes? Orlando: Symmetric and asymmetric encryption. With symmetric encryption, the same key is used to both encrypt and decrypt the data. It's fast and great for securing large volumes of data, but the challenge lies in safely sharing the key. Asymmetric encryption solves that problem. It uses a pair of keys: public key that anyone can use to encrypt data, and a private key that only the recipient holds to decrypt it. This method is more secure for communications, but also slower and more resource-intensive. In practice, systems often use both asymmetric encryption to exchange a secure symmetric key and then symmetric encryption for the actual data transfer. 05:21 Nikita: Orlando, where is encryption typically used in day-to-day activities? Orlando: Data can exist in two primary states: at rest and in transit. Data at rest refers to data stored on disk, in databases, backups, or object storage. It needs protection from unauthorized access, especially if a device is stolen or compromised. This is where things like full disk encryption or encrypted storage volumes come in. Data in transit is data being sent from one place to another, like a user logging into a website or an API sending information between services. To protect it from interception, we use protocols like TLS, SSL, VPNs, and encrypted communication channels. Both forms data need encryption, but the strategies and threats can differ. 06:19 Lois: Can you do a quick comparison between hashing and encryption? Orlando: Hashing is one way. It's used to confirm that data hasn't changed. Once data is hashed, it cannot be reversed. It's perfect for use cases like password storage or checking the integrity of files. Encryption, on the other hand, it's two-way. It's designed to protect data from unauthorized access. You encrypt the data so only someone with the right key can decrypt and read it. That's what makes it ideal for keeping files, messages, or network traffic confidential. Both are essential for different reasons. Hashing for trust and encryption for privacy. 07:11 Adopting a multicloud strategy is a big step towards future-proofing your business and we're here to help you navigate this complex landscape. With our suite of courses, you'll gain insights into network connectivity, security protocols, and the considerations of working across different cloud platforms. Start your journey to multicloud today by visiting mylearn.oracle.com.  07:39 Nikita: Welcome back! When we talk about cybersecurity, we hear a lot about threats and vulnerabilities. But what do those terms really mean? Orlando: In cybersecurity, a threat is a potential danger and a vulnerability is a weakness an asset possess that a threat can exploit. When a threat and a vulnerability align, it creates a risk of harm. A threat actor then performs an exploit to leverage that vulnerability, leading to undesirable impact, such as data loss or downtime. After an impact, the focus shifts to response and recovery to mitigate damage and restore operations.  08:23 Lois: Ok, let's zero in on vulnerabilities. What counts as a vulnerability, and what categories do attackers usually target first?  Orlando: Software and hardware bugs are simply unintended flaws in a system's core programming or design. Misconfigurations arise when systems aren't set up securely, leaving gaps. Weak passwords and authentication provide easy entry points for attackers. A lack of encryption means sensitive data is openly exposed. Human error involves mistakes made by people that unintentionally create security risks. Understanding these common vulnerability types is the first step in building more resilient and secure systems as they represent the critical entry points attackers leverage to compromise systems and data. By addressing these, we can significantly reduce our attack surface and enhance overall security.  09:28 Nikita: Can we get more specific here? What are the most common cybersecurity threats that go after vulnerabilities in our systems and data? Orlando: Malware is a broad category, including viruses, worms, Trojans, and spyware. Its goal is to disrupt or damage systems. Ransomware has been on the rise, targeting everything from hospitals to government agencies. It lock your files and demands a ransom, usually in cryptocurrency. Phishing relies on deception. Attackers impersonate legitimate contacts to trick users into clicking malicious links or giving up credentials. Insider threats are particularly dangerous because they come within employees, contractors, or even former staff with lingering access. Lastly, DDoS attacks aim to make online services unavailable by overwhelming them with traffic, often using a botnet—a network of compromised devices. 10:34 Lois: Orlando, can you walk us through how each of these common cybersecurity threats work? Orlando: Malware, short for malicious software, is one of the oldest and most pervasive types of threats. It comes in many forms, each with unique methods and objectives. A virus typically attaches itself to executable files and documents and spreads when those are shared or opened. Worms are even more dangerous in networked environments as they self-replicate and spread without any user action. Trojans deceive users by posing as harmless or helpful applications. Once inside, they can steal data or open backdoors for remote access. Spyware runs silently in the background, collecting sensitive information like keystrokes or login credentials. Adware might seem like just an annoyance, but it can also track your activity and compromise privacy. Finally, rootkits are among the most dangerous because they operate at a low system level, often evading detection tools and allowing attackers long-term access. In practice, malware can be a combination of these types. Attackers often bundle different techniques to maximize damage.  12:03 Nikita: And what about ransomware? Why it is such a serious threat? Orlando: Ransomware has become one of the most disruptive and costly types of cyber attacks in recent years. Its goal is simple but devastating, to encrypt your data and demand payment in exchange for access. It usually enters through phishing emails, insecure remote desktop protocol ports or known vulnerabilities. Once inside, it often spreads laterally across the network before activating, ensuring maximum impact. There are two common main forms. Crypto ransomware encrypts user files, making them inaccessible. Locker ransomware goes a step further, locking the entire system interface, preventing any use at all. Victims are then presented with a ransom note, typically requesting cryptocurrency payments in exchange for the decryption key. What makes ransomware so dangerous is not just the encryption itself, but the pressure it creates. Healthcare institutions, for instance, can't afford the downtime, making them prime targets.  13:18 Lois: Wow. Thanks, Orlando, for joining us today.  Nikita: Yeah, thanks Orlando. We'll be back next week with more on how you use security models to tackle these threats head-on. And if you want to learn about the topics we covered today, go to mylearn.oracle.com and search for the Cloud Tech Jumpstart  course. Until next time, this is Nikita Abraham… Lois: And Lois Houston, signing off! 13:42 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Report: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/2025/11/17/cats-got-your-files-lynx-ransomware/Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠⁠⁠⁠

A young undercover FBI operative risks everything to expose America's most devastating traitor — revealing how Cold-War spycraft evolved into today's cybercrime economy.The shocking true story of Robert Hanssen — the FBI mole who sold America's deepest secrets to Russia for over 20 years, leading to the execution of multiple double agents and triggering the worst intelligence breach in U.S. history.

Augustus De Morgan, Doordash, Fortiweb, Typosquatting, Vista, Ransomware, AI, Josh, Rob, Aaran, Jason, Dr. Scott, Rocky, Uh., and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-529

Augustus De Morgan, Doordash, Fortiweb, Typosquatting, Vista, Ransomware, AI, Josh, Rob, Aaran, Jason, Dr. Scott, Rocky, Uh., and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-529

Augustus De Morgan, Doordash, Fortiweb, Typosquatting, Vista, Ransomware, AI, Josh, Rob, Aaran, Jason, Dr. Scott, Rocky, Uh., and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-529

Augustus De Morgan, Doordash, Fortiweb, Typosquatting, Vista, Ransomware, AI, Josh, Rob, Aaran, Jason, Dr. Scott, Rocky, Uh., and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-529

Cyberthreats are everywhere, and while they may be inevitable, their impact can be manageable. Institutions who are prepared for cybersecurity disruptions are proactive and collaborative about their response. This episode of the Forward Thinking Podcast features FCCS SVP of Marketing and Communications Stephanie Barton, Lisa Parrinello, FCCS VP of Risk Management & Insurance Services and Naomi Baumann, FCCS VP of Claims & Insurance Services. Together they discuss how Farm Credit's Captive Insurance Company is helping institutions strengthen their cyberdefenses and what boards of directors need to know to stay ahead of the cybersecurity game.    Episode Insights Include:   The bigger picture of cyberthreats Cyberthreats used to be considered an IT-only problem, but that isn't the case anymore.  These enterprise-wide issues demand board-level attention.  Ransomware, extortion, targeted financial systems and AI deep-fake impersonations are some of today's biggest cyberthreats.  The goal today isn't just protection, it's resilience. A prepared institution can respond and recover from cyberthreats no matter where they hit.    The role of Farm Credit's Captive Insurance Company As the captive, they provide institutions cyber insurance and management services that go beyond what commercial insurance markets can offer.  They offer tailored protection designed specifically for the unique cooperative structure of Farm Credit.  Collaborative claims management proactively responds to any incident or threat of incident.  Their strategic access to commercial markets allows them to purchase insurance as well.  Over the years, Captive has saved an average of $50 million in insurance coverage.  Consistent system-wide learning whenever instances occur.    Resilience tools and strategies  Resilience requires a multi-layered approach based on assents and security needs.  Threat detection and response pinpoint vulnerability, endpoint detection, and tabletop exercises.  Human-centric risk management and ongoing employee training are critical for cyber risk management.  Employees and people are always going to be the weakest link in cybersecurity.  Data protection and resilience in communications in sensitive information need to be encrypted and backup tested.  Cybersecurity is not an impenetrable armor, it is an anatomy with multiple systems working together to respond and continue operating in a culture of proactive risk management.    The pivotal role of the board  Directors need to prioritize an approved annual cyber risk manual.  Ongoing development and maintenance of a robust program is essential.  Boards should receive quarterly reports on threats, vulnerabilities and mitigation actions.  Cyber oversight needs to be integrated into business technology planning.  FCA should be notified within 36 hours of any cyber incident.    The culture of cybersecurity Institutions build resilience when everyone is involved.  Third party oversight and engagement with cyber-focused legal counsel is crucial.  Most breeches don't happen in bad systems, they happen when good people let down their guard.  Muscle memory kicks in when crisis hits, but only when preparation has occurred.  Ultimately, cybersecurity is everyone's business.    This podcast is powered by FCCS.   Resources   Connect with Lisa Parrinello — Lisa Parrinello   Connect with Naomi Baumann — Naomi Baumann   Get in touch   info@fccsconsulting.com   "The goal isn't just protection – it's resilience." — Naomi Baumann   "The Captive provides consistent system-wide learning whenever instances occur." —  Lisa Parrinello    "Human-centric risk management and ongoing employee training are critical for cyber risk management." — Naomi Baumann   "Employees and people are always going to be the weakest link in cybersecurity." — Naomi Baumann   "Even without a deep technical knowledge, boards can strengthen resilience by asking the right questions and staying engaged." —  Lisa Parrinello    "Institutions build resilience when everyone is involved." — Naomi Baumann   Resilience is just as much about people as it is about systems." — Naomi Baumann

What really happens during a cyber attack? Not the Hollywood version — the real one. The kind businesses experience every single day when a single compromised password, phishing email, or zero-day vulnerability ignites a full-scale crisis.In this full episode, we take you inside the anatomy of a real data breach with digital first responders from NetGain Technologies — the cybersecurity professionals who live inside ransomware events, Business Email Compromise (BEC) incidents, and wire-fraud attacks every week.You'll see how attacks start, how fast they spread, what attackers do once they're inside your email, and the exact steps that decide whether a company recovers… or collapses.What You'll Learn: • How a phishing email turns into credential theft and internal compromise • Why Business Email Compromise (BEC) is now the #2 most expensive breach type • The tricks attackers use to hide inside inboxes and impersonate executives • How wire transfer fraud really happens — and how the 2-person rule stops it • What zero-days look like in the wild (and why patches aren't enough) • The role of MFA, phishing-resistant MFA, email controls, and layered security • Why backups must be immutable, air-gapped, and isolated • How incident response teams contain malware without destroying evidence • When to call cyber insurance, law enforcement, and breach counsel • The IR playbook: detection → containment → communication → forensics → recovery • Why every business — no matter how small — IS a target⌚ CHAPTERS 00:00 – Intro: What BEC Really Looks Like Today 03:42 – How One Email Starts the Attack Chain 11:20 – Why Finance Teams Are Target #1 19:05 – The Social Engineering Playbook 27:48 – Live Breakdown of a Real BEC Incident 38:22 – What Happens During Wire Fraud Recovery 46:10 – Technical Controls That Actually Work 55:36 – How to Build a No-NonsSend us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Support the show

Amazon is taking Perplexity AI to court over its agentic browser that shops on your behalf, raising urgent questions about who controls your online buying experience when bots do the heavy lifting. FFmpeg teaching assembly language for performance. The state of Nevada recovers after not paying ransom. A "rounding error" nets a clever attacker $128 million. Why would Chrome decide to start form-filling driver's licenses. The UK's six major telecom providers to block number spoofing. XSLT support being removed from browsers. Will anyone notice. Firefox introduced paid support options for organizations. Russia continues to fight against non-Russian Internet. Google acquires another Internet security company (Wiz). The EU to finally fix their cookie permission mistake. More countries drop Microsoft office for open choices. More countries question and examine Chinese made buses. Microsoft discovers some information leakage from LLMs. What does Amazon's lawsuit against Perplexity's agents mean for next-generation browsers Show Notes - https://www.grc.com/sn/SN-1051-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: veeam.com hoxhunt.com/securitynow zscaler.com/security zapier.com/securitynow vanta.com/SECURITYNOW

Amazon is taking Perplexity AI to court over its agentic browser that shops on your behalf, raising urgent questions about who controls your online buying experience when bots do the heavy lifting. FFmpeg teaching assembly language for performance. The state of Nevada recovers after not paying ransom. A "rounding error" nets a clever attacker $128 million. Why would Chrome decide to start form-filling driver's licenses. The UK's six major telecom providers to block number spoofing. XSLT support being removed from browsers. Will anyone notice. Firefox introduced paid support options for organizations. Russia continues to fight against non-Russian Internet. Google acquires another Internet security company (Wiz). The EU to finally fix their cookie permission mistake. More countries drop Microsoft office for open choices. More countries question and examine Chinese made buses. Microsoft discovers some information leakage from LLMs. What does Amazon's lawsuit against Perplexity's agents mean for next-generation browsers Show Notes - https://www.grc.com/sn/SN-1051-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: veeam.com hoxhunt.com/securitynow zscaler.com/security zapier.com/securitynow vanta.com/SECURITYNOW

Amazon is taking Perplexity AI to court over its agentic browser that shops on your behalf, raising urgent questions about who controls your online buying experience when bots do the heavy lifting. FFmpeg teaching assembly language for performance. The state of Nevada recovers after not paying ransom. A "rounding error" nets a clever attacker $128 million. Why would Chrome decide to start form-filling driver's licenses. The UK's six major telecom providers to block number spoofing. XSLT support being removed from browsers. Will anyone notice. Firefox introduced paid support options for organizations. Russia continues to fight against non-Russian Internet. Google acquires another Internet security company (Wiz). The EU to finally fix their cookie permission mistake. More countries drop Microsoft office for open choices. More countries question and examine Chinese made buses. Microsoft discovers some information leakage from LLMs. What does Amazon's lawsuit against Perplexity's agents mean for next-generation browsers Show Notes - https://www.grc.com/sn/SN-1051-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: veeam.com hoxhunt.com/securitynow zscaler.com/security zapier.com/securitynow vanta.com/SECURITYNOW

Amazon is taking Perplexity AI to court over its agentic browser that shops on your behalf, raising urgent questions about who controls your online buying experience when bots do the heavy lifting. FFmpeg teaching assembly language for performance. The state of Nevada recovers after not paying ransom. A "rounding error" nets a clever attacker $128 million. Why would Chrome decide to start form-filling driver's licenses. The UK's six major telecom providers to block number spoofing. XSLT support being removed from browsers. Will anyone notice. Firefox introduced paid support options for organizations. Russia continues to fight against non-Russian Internet. Google acquires another Internet security company (Wiz). The EU to finally fix their cookie permission mistake. More countries drop Microsoft office for open choices. More countries question and examine Chinese made buses. Microsoft discovers some information leakage from LLMs. What does Amazon's lawsuit against Perplexity's agents mean for next-generation browsers Show Notes - https://www.grc.com/sn/SN-1051-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: veeam.com hoxhunt.com/securitynow zscaler.com/security zapier.com/securitynow vanta.com/SECURITYNOW

Eric O'Neill, former FBI ghost and author of “Spies, Lies & Cybercrime,” joins host David Puner to take a deep dive into the mindset and tactics needed to defend against today's sophisticated cyber threats. Drawing on O'Neill's experience catching spies and investigating cybercriminals, the conversation explains how thinking like an attacker can help organizations and individuals stay ahead. The episode covers actionable frameworks, real-world stories, and practical advice for building cyber resilience in an age of AI-driven scams and industrialized ransomware.

Got a question or comment? Message us here!This week, we're digging into a case where ransomware negotiators allegedly became the attackers themselves, leveraging insider access to hit organizations they were supposed to help. This one raises real questions about trust, vendor oversight, and the human element in incident response. We break down what happened and what SOC teams can take away from it.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Google's Find Hub turns into remote-wipe weapon Qilin ransomware activity surges GootLoader is back Huge thanks to our sponsor, Vanta What's your 2 AM security worry?   Is it "Do I have the right controls in place?"   Or "Are my vendors secure?"   ....or the really scary one: "how do I get out from under these old tools and manual processes?   Enter Vanta.   Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit-ready—ALL…THE…TIME. With Vanta, you get everything you need to move faster, scale confidently—and get back to sleep.   Get started at vanta.com/headlines

Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defenses, and what orgs can do to prepare for an influx of holiday-infused ransomware targeting. Segment resources https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/ https://www.darkreading.com/endpoint-security/pro-russian-hackers-linux-vms-hide-windows https://www.threatlocker.com/blog/how-to-build-a-robust-lights-out-checklist This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-356

Ever wondered what happens to your online accounts when you're gone?

Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defenses, and what orgs can do to prepare for an influx of holiday-infused ransomware targeting. Segment resources https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/ https://www.darkreading.com/endpoint-security/pro-russian-hackers-linux-vms-hide-windows https://www.threatlocker.com/blog/how-to-build-a-robust-lights-out-checklist This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/asw-356

Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defenses, and what orgs can do to prepare for an influx of holiday-infused ransomware targeting. Segment resources https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/ https://www.darkreading.com/endpoint-security/pro-russian-hackers-linux-vms-hide-windows https://www.threatlocker.com/blog/how-to-build-a-robust-lights-out-checklist This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-356

Community Advocates from NetApp join the podcast to discuss the new features that look data manipulation in realtime to stop Ransomware attacks years before it happens. Chane Bingen and Mike Foley discuss NetApp's feature and how they support VCF 9 as a key partner.

Presented by Material Security: We protect your company's most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices. Three Buddy Problem - Episode 71: The buddies travel to Canada for a live recording at the Countermeasure conference, discussing the Google v FFmpeg open-source patching brouhana, ransomware negotiators charged and linked to ransomware attacks, the looming TP-Link ban in the U.S., and the discovery of LANDFALL, an APT attack caught using a Samsung mobile zero-day. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   https://www.youtube.com/shorts/RibEPALlVE4   Microsoft Edge gets scam detection https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-gets-scareware-sensor-for-faster-scam-detection/  https://torontosun.com/uncategorized/ontario-couple-gives-up-more-than-1m-to-online-scammers-despite-bank-warning   Cybersecurity employees worked for ransomware group https://www.bleepingcomputer.com/news/security/us-cybersecurity-experts-indicted-for-blackcat-ransomware-attacks/   L3 Harris Trenchant executive stole zero days https://x.com/jsrailton/status/1985494477033656371?s=46  https://techcrunch.com/2025/11/03/how-an-ex-l3-harris-trenchant-boss-stole-and-sold-cyber-exploits-to-russia/   Line waiting as a service https://www.taskrabbit.com/services/shopping-delivery/waiting-in-line   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Glenn - https://www.linkedin.com/in/glennmedina/

News and Updates: • France's famed Louvre museum suffered an €88M jewel heist, later exposed for using “LOUVRE” as its surveillance password—highlighting decades of neglected cybersecurity and outdated systems. • Two U.S. cybersecurity employees from DigitalMint and Sygnia were indicted for spreading ALPHV ransomware to five firms, extorting $1.2M before one confessed and both were fired. • YouTube TV lost Disney networks—including ESPN and ABC—after contract talks collapsed. Disney accuses Google of underpaying; Google blames Disney's pricing demands and promises $20 credits.

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Musical Views of the Universe04:05 - – BHIS - Talkin' Bout [infosec] News 2025-11-0304:39 - Story # 1: Ransomware profits drop as victims stop paying hackers06:22 - Chart since 201916:06 - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates33:02 - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea.41:18 - Story # 4: ‘Dangerous' YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored]47:13 - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says51:08 - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services54:33 - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure55:22 - Stordy # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity

  In this episode of Cybersecurity Today, host Jim Love dives into several shocking security lapses and emerging threats. Highlights include ransomware negotiators at Digital Mint accused of being behind attacks, a new AI vulnerability that exploits Windows' built-in stack, and a misuse of OpenAI's API for command and control in malware operations. Additionally, AMD confirms a flaw in its Zen 5 CPUs that could lead to predictable encryption keys, and the Louvre faces scrutiny after a major theft reveals poor password practices and maintenance failures. The episode underscores the importance of basic security measures like strong passwords and regular audits despite advanced technological systems in place. 00:00 Introduction and Sponsor Message 00:48 Ransomware Negotiators Turned Hackers 02:08 AI Stack Vulnerabilities in Windows 04:04 Backdoor Exploits OpenAI's API 05:24 AMD's Encryption Key Flaw 06:59 Louvre Heist and Security Lapses 08:24 Conclusion and Call to Action

The FCC plans to roll back cybersecurity mandates that followed Salt Typhoon. The alleged cybercriminal MrICQ has been extradited to the U.S. Ransomware negotiators are accused of conducting ransomware attacks. Ernst & Young accidentally exposed a 4-terabyte SQL Server backup. A hacker claims responsibility for last week's University of Pennsylvania breach. The UK chronicles cyberattacks on Britain's drinking water suppliers. Monday business brief. Our guest is Caleb Tolin, host of Rubrik's Data Security Decoded podcast. Hackers massage the truth.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Caleb Tolin, host of Rubrik's Data Security Decoded podcast, as he is introducing himself and his show joining the N2K CyberWire network. You can catch new episodes of Data Security Decoded the first and third Tuesdays of each month on your favorite podcast app. Selected Reading FCC plans vote to remove cyber regulations installed after theft of Trump info from telecoms (The Record) Alleged Jabber Zeus Coder ‘MrICQ' in U.S. Custody (Krebs on Security) Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (Chicago Sun Times) Ernst & Young cloud misconfiguration leaks 4TB SQL Server backup on Microsoft Azure (Beyond Machines) Penn hacker claims to have stolen 1.2 million donor records in data breach (Bleeping Computer) Hackers are attacking Britain's drinking water suppliers (The Record) JumpCloud acquires Breez. Chainguard secures $280 million in growth financing. Sublime Security closes $150 million Series C round. (N2K Pro) Hackers steal data, extort $350,000 from massage parlor clients (Korea JoongAng Daily) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   iCloud backups expose betting scam https://appleinsider.com/articles/25/10/24/how-icloud-backups-helped-expose-a-mob-and-nba-linked-poker-cheating-scandal  https://support.apple.com/en-gb/guide/security/sec3cac31735/web   Ransomware payments all time low https://www.bleepingcomputer.com/news/security/ransomware-profits-drop-as-victims-stop-paying-hackers/   Hyperscaler outages https://www.bleepingcomputer.com/news/technology/amazon-this-weeks-aws-outage-caused-by-major-dns-failure/  https://www.bleepingcomputer.com/news/microsoft/microsoft-dns-outage-impacts-azure-and-microsoft-365-services/   Halloween memories https://www.snopes.com/tag/halloween/   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Benjamin - https://www.linkedin.com/in/benjamin-humes-56b46626/ Ben - https://www.linkedin.com/in/benjamincorll/

When attackers are smart enough to hit your backups, recovery becomes your best defense. Rubrik's Chief Product Officer, Anneka Gupta, joins host Corey Quinn to break down what true cyber resilience looks like in today's multi-cloud world. From AI-driven recovery to surviving ransomware with your data (and reputation) intact, this episode covers what it really takes to bounce back when everything goes sideways.Show Highlights(00:00) Introduction to Ransomware and Backups(00:25) Welcome to Screaming in the Cloud(00:32) Introducing Rubrik and Annika Gupta(01:26) What Does Rubrik Do?(02:18) Evolution of Backup and Recovery(03:37) Challenges in Cyber Recovery(05:33) Rubrik's Approach to Cyber Resilience(08:44) Importance of Cyber Recovery Simulations(09:40) Security vs. Operational Recovery(11:28) Assume Breach: A New Security Paradigm(14:29) Multi-Cloud Complexities and Security(27:45) Hybrid Cloud and Cyber Resilience(29:25) AI in Cyber Resilience(33:09) Conclusion and Contact InformationAbout Anneka GuptaAnneka Gupta is a senior executive leader with a proven track record of scaling successful B2B SaaS businesses from the ground up. She's led across product, tech, go-to-market, and operations, always with a customer-first mindset. Known for turning complex challenges into big wins, Anneka brings energy, innovation, and real-world results to every team she leads.She's been recognized as one of San Francisco Business Times' Most Influential Women in Business and 40 Under 40, as well as a Rising Star by AdExchanger and Marketing EDGE. Oh, and AdAge once named her one of the Top 10 Digital Marketing Innovators.Linksrubrik.com/sitchttps://www.linkedin.com/in/annekagupta/Sponsor: Rubrik 

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

WSUS attacks escalate as emergency patch fails to fully contain exploited flaw. Schneider Electric and Emerson are listed among victims in the Oracle EBS cyberattack. Google debunks reports of a massive GMail breach. A new banking trojan mimics human behavior for stealth. Sweden's power grid operator confirms a cyberattack. Italian spyware targets Russian and Belarusian organizations. The U.S. declines to sign the new UN cyber treaty. Ransomware payments fall to record lows. U.S. Cyber Chief calls for a “clean American tech stack” to counter China's global surveillance push. On today's Threat Vector segment, David Moulton⁠ speaks with two cybersecurity leaders from Palo Alto Networks:⁠ Sarit Tager⁠ and⁠ Krithivasan Mecheri⁠. AI mistakes Doritos for a deadly weapon.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector On today's Threat Vector segment, David Moulton⁠ speaks with two cybersecurity leaders from Palo Alto Networks:⁠ Sarit Tager⁠ and⁠ Krithivasan Mecheri⁠ (Krithi). Together, they dive into the urgent challenges of securing modern development in the age of AI and "Shifting Security Left". You can listen to their full conversation here, and catch new episodes every Thursday on your favorite podcast app.  Selected Reading Microsoft WSUS attacks hit 'multiple' orgs, Google warns (The Register) Industrial Giants Schneider Electric and Emerson Named as Victims of Oracle Hack (SecurityWeek) Google says talk of Gmail breach impacting millions not true (The Register) 'Herodotus' Android Trojan Mimics Human Sluggishness (Gov Infosecurity) Hackers Target Swedish Power Grid Operator  (SecurityWeek) Italian-made spyware spotted in breaches of Russian, Belarusian systems  (The Record) US declines to join more than 70 countries in signing UN cybercrime treaty (The Record) Ransomware profits drop as victims stop paying hackers (Bleeping Computer) National cyber director says U.S. needs to counter Chinese surveillance, push American tech (CyberScoop) Armed police handcuff teen after AI mistakes crisp packet for gun in US (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices