Podcasts about runzero

During his keynote at SecTor 2025, HD Moore, founder and CEO of runZero and widely recognized for creating Metasploit, invites the cybersecurity community to rethink the foundational “rules” we continue to follow—often without question. In conversation with Sean Martin and Marco Ciappelli for ITSPmagazine's on-location event coverage, Moore breaks down where our security doctrines came from, why some became obsolete, and which ones still hold water.One standout example? The rule to “change your passwords every 30 days.” Moore explains how this outdated guidance—rooted in assumptions from the early 2000s when password sharing was rampant—led to predictable patterns and frustrated users. Today, the advice has flipped: focus on strong, unique passwords per service, stored securely via password managers.But this keynote isn't just about passwords. Moore uses this lens to explore how many security “truths” were formed in response to technical limitations or outdated behaviors—things like shared network trust, brittle segmentation, and fragile authentication models. As technology matures, so too should the rules. Enter passkeys, hardware tokens, and enclave-based authentication. These aren't just new tools—they're a fundamental shift in where and how we anchor trust.Moore also calls out an uncomfortable truth: the very products we rely on to protect our systems—firewalls, endpoint managers, and security appliances—are now among the top vectors for breach, per Mandiant's latest report. That revelation struck a chord with conference attendees, who appreciated Moore's willingness to speak plainly about systemic security debt.He also discusses the inescapable vulnerabilities in AI agent flows, likening prompt injection attacks to the early days of cross-site scripting. The tech itself invites risk, he warns, and we'll need new frameworks—not just tweaks to old ones—to manage what comes next.This conversation is a must-listen for anyone questioning whether our security playbooks are still fit for purpose—or simply carried forward by habit.___________GUEST:HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comRESOURCES:Keynote: The Once and Future Rules of Cybersecurity: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-the-once-and-future-rules-of-cybersecurity-49596Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025Mandiant M-Trends Breach Report: https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/OPM Data Breach Summary: https://oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-425

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-425

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-425

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-425

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero's major push into vulnerability management. With its new Nuclei integration, runZero is now able to get a very accurate picture of what's vulnerable in your environment, without spraying highly privileged credentials at attackers on your network. It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud. This episode is also available on Youtube. Show notes

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity's most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue's global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis' recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today's most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at https://securityweekly.com/runzerobh Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware's new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-423

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity's most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue's global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis' recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today's most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at https://securityweekly.com/runzerobh Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware's new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-423

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity's most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue's global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis' recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today's most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at https://securityweekly.com/runzerobh Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware's new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh. Show Notes: https://securityweekly.com/esw-423

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity's most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue's global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis' recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today's most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at https://securityweekly.com/runzerobh Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware's new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh. Show Notes: https://securityweekly.com/esw-423

The often-overlooked truth in cybersecurity: Seeing the Unseen in Vulnerability ManagementIn this episode, Sean Martin speaks with HD Moore, Founder and CEO of RunZero, about the often-overlooked truth in cybersecurity: the greatest risks are usually the things you don't know exist in your environment.Moore's career has spanned decades of penetration testing, tool creation, and product development, including leading the creation of Metasploit. That background shapes his approach at RunZero—applying attacker-grade discovery techniques to uncover devices, networks, and vulnerabilities that traditional tools miss. Why Discovery Matters MostThrough repeated penetration tests for high-security organizations, Moore observed a consistent pattern: breaches rarely occurred because defenders ignored known issues, but rather because attackers exploited unknown assets. These unknowns often bypassed mitigation strategies simply because they weren't on the organization's radar. Beyond CVEsMoore emphasizes that an overreliance on CVE lists leaves organizations blind to real-world risks. Many breaches stem from misconfigurations, weak credentials, or overlooked systems—problems that can be exploited within days of a vulnerability being announced. The answer, he says, is to focus on exposure and attack paths in real time, not just lists of patchable flaws. Revealing the GapsRunZero's approach often doubles the asset count organizations believe they have, uncovering systems outside existing scanning or endpoint management coverage. By leveraging unauthenticated discovery techniques, they detect exploitable conditions from an attacker's perspective—identifying forgotten hardware, outdated firmware, and network segmentation issues that open dangerous pathways. Changing the GameThis depth of discovery enables security teams to prioritize the small subset of issues that pose the highest business risk, rather than drowning in thousands of low-impact findings. It also helps organizations rebuild their security programs from the ground up—ensuring that every device is accounted for, properly segmented, and monitored. Collaboration and CommunityMoore also shares his ongoing contributions to open source through Project Discovery, integrating and enhancing tools like the nuclei scanner to accelerate vulnerability detection for everyone—not just paying customers. The message is clear: if you want to close the gaps, you first need to know exactly where they are—and that requires a new level of visibility most teams have never had.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Cyber threat intelligence (CTI) is no longer just a technical stream of indicators or a feed for security operations center teams. In this episode, Ryan Patrick, Vice President at HITRUST; John Salomon, Board Member at the Cybersecurity Advisors Network (CyAN); Tod Beardsley, Vice President of Security Research at runZero; Wayne Lloyd, Federal Chief Technology Officer at RedSeal; Chip Witt, Principal Security Analyst at Radware; and Jason Kaplan, Chief Executive Officer at SixMap, each bring their perspective on why threat intelligence must become a leadership signal that shapes decisions far beyond the security team.From Risk Reduction to OpportunityRyan Patrick explains how organizations are shifting from compliance checkboxes to meaningful, risk-informed decisions that influence structure, operations, and investments. This point is reinforced by John Salomon, who describes CTI as a clear, relatable area of security that motivates chief information security officers to exchange threat information with peers — cooperation that multiplies each organization's resources and builds a stronger industry front against emerging threats.Real Business ContextTod Beardsley outlines how CTI can directly support business and investment moves, especially when organizations evaluate mergers and acquisitions. Wayne Lloyd highlights the importance of network context, showing how enriched intelligence helps teams move from reactive cleanups to proactive management that ties directly to operational resilience and insurance negotiations.Chip Witt pushes the conversation further by describing CTI as a business signal that aligns threat trends with organizational priorities. Jason Kaplan brings home the reality that for Fortune 500 security teams, threat intelligence is a race — whoever finds the gap first, the defender or the attacker, determines who stays ahead.More Than DefenseThe discussion makes clear that the real value of CTI is not the data alone but the way it helps organizations make decisions that protect, adapt, and grow. This episode challenges listeners to see CTI as more than a defensive feed — it is a strategic advantage when used to strengthen deals, influence product direction, and build trust where it matters most.Tune in to hear how these leaders see the role of threat intelligence changing and why treating it as a leadership signal can shape competitive edge.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Cyber threat intelligence (CTI) is no longer just a technical stream of indicators or a feed for security operations center teams. In this episode, Ryan Patrick, Vice President at HITRUST; John Salomon, Board Member at the Cybersecurity Advisors Network (CyAN); Tod Beardsley, Vice President of Security Research at runZero; Wayne Lloyd, Federal Chief Technology Officer at RedSeal; Chip Witt, Principal Security Analyst at Radware; and Jason Kaplan, Chief Executive Officer at SixMap, each bring their perspective on why threat intelligence must become a leadership signal that shapes decisions far beyond the security team.From Risk Reduction to OpportunityRyan Patrick explains how organizations are shifting from compliance checkboxes to meaningful, risk-informed decisions that influence structure, operations, and investments. This point is reinforced by John Salomon, who describes CTI as a clear, relatable area of security that motivates chief information security officers to exchange threat information with peers — cooperation that multiplies each organization's resources and builds a stronger industry front against emerging threats.Real Business ContextTod Beardsley outlines how CTI can directly support business and investment moves, especially when organizations evaluate mergers and acquisitions. Wayne Lloyd highlights the importance of network context, showing how enriched intelligence helps teams move from reactive cleanups to proactive management that ties directly to operational resilience and insurance negotiations.Chip Witt pushes the conversation further by describing CTI as a business signal that aligns threat trends with organizational priorities. Jason Kaplan brings home the reality that for Fortune 500 security teams, threat intelligence is a race — whoever finds the gap first, the defender or the attacker, determines who stays ahead.More Than DefenseThe discussion makes clear that the real value of CTI is not the data alone but the way it helps organizations make decisions that protect, adapt, and grow. This episode challenges listeners to see CTI as more than a defensive feed — it is a strategic advantage when used to strengthen deals, influence product direction, and build trust where it matters most.Tune in to hear how these leaders see the role of threat intelligence changing and why treating it as a leadership signal can shape competitive edge.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security measures. The speakers discuss the challenges posed by default credentials and the shared responsibility model in cloud infrastructure. They also explore the limitations of AI in cybersecurity and the potential for future advancements, particularly in localized LLMs. The conversation delves into the intersection of technology, cybersecurity, and privacy, exploring the implications of AI on energy demands, vulnerabilities in telecom infrastructure, the complexities of network maintenance, and the challenges of ransomware negotiations. The discussion also touches on privacy concerns related to data tracking by major tech companies like Meta and Apple, as well as the evolving landscape of legal implications in the face of cyber threats. This segment is sponsored by runZero. Get complete visibility across your total attack surface in literally minutes - no agents, no authentication required. Start a free trial or access the free Community Edition at https://securityweekly.com/runzero. HD Moore joins us to discuss finding all the things and how vulnerability management has changed. In the security news: Hacking from a light bulb Reverse engineering, the easy ways Detecting Jitter FCC probes into Cyber Trust Mark Bluetooth Jamming New Wifi Apple features: What could go wrong? Just turn off the Internet for the entire country Meta's Localhost tracking Hacking printers, for realz this time Are we not patching 2023 CVEs? Cleaning up legacy drivers One of the Best Hackers in the Country is an AI Bot Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-880

This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security measures. The speakers discuss the challenges posed by default credentials and the shared responsibility model in cloud infrastructure. They also explore the limitations of AI in cybersecurity and the potential for future advancements, particularly in localized LLMs. The conversation delves into the intersection of technology, cybersecurity, and privacy, exploring the implications of AI on energy demands, vulnerabilities in telecom infrastructure, the complexities of network maintenance, and the challenges of ransomware negotiations. The discussion also touches on privacy concerns related to data tracking by major tech companies like Meta and Apple, as well as the evolving landscape of legal implications in the face of cyber threats. This segment is sponsored by runZero. Get complete visibility across your total attack surface in literally minutes - no agents, no authentication required. Start a free trial or access the free Community Edition at https://securityweekly.com/runzero. HD Moore joins us to discuss finding all the things and how vulnerability management has changed. In the security news: Hacking from a light bulb Reverse engineering, the easy ways Detecting Jitter FCC probes into Cyber Trust Mark Bluetooth Jamming New Wifi Apple features: What could go wrong? Just turn off the Internet for the entire country Meta's Localhost tracking Hacking printers, for realz this time Are we not patching 2023 CVEs? Cleaning up legacy drivers One of the Best Hackers in the Country is an AI Bot Show Notes: https://securityweekly.com/psw-880

This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security measures. The speakers discuss the challenges posed by default credentials and the shared responsibility model in cloud infrastructure. They also explore the limitations of AI in cybersecurity and the potential for future advancements, particularly in localized LLMs. The conversation delves into the intersection of technology, cybersecurity, and privacy, exploring the implications of AI on energy demands, vulnerabilities in telecom infrastructure, the complexities of network maintenance, and the challenges of ransomware negotiations. The discussion also touches on privacy concerns related to data tracking by major tech companies like Meta and Apple, as well as the evolving landscape of legal implications in the face of cyber threats. This segment is sponsored by runZero. Get complete visibility across your total attack surface in literally minutes - no agents, no authentication required. Start a free trial or access the free Community Edition at https://securityweekly.com/runzero. HD Moore joins us to discuss finding all the things and how vulnerability management has changed. In the security news: Hacking from a light bulb Reverse engineering, the easy ways Detecting Jitter FCC probes into Cyber Trust Mark Bluetooth Jamming New Wifi Apple features: What could go wrong? Just turn off the Internet for the entire country Meta's Localhost tracking Hacking printers, for realz this time Are we not patching 2023 CVEs? Cleaning up legacy drivers One of the Best Hackers in the Country is an AI Bot Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-880

This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security measures. The speakers discuss the challenges posed by default credentials and the shared responsibility model in cloud infrastructure. They also explore the limitations of AI in cybersecurity and the potential for future advancements, particularly in localized LLMs. The conversation delves into the intersection of technology, cybersecurity, and privacy, exploring the implications of AI on energy demands, vulnerabilities in telecom infrastructure, the complexities of network maintenance, and the challenges of ransomware negotiations. The discussion also touches on privacy concerns related to data tracking by major tech companies like Meta and Apple, as well as the evolving landscape of legal implications in the face of cyber threats. This segment is sponsored by runZero. Get complete visibility across your total attack surface in literally minutes - no agents, no authentication required. Start a free trial or access the free Community Edition at https://securityweekly.com/runzero. HD Moore joins us to discuss finding all the things and how vulnerability management has changed. In the security news: Hacking from a light bulb Reverse engineering, the easy ways Detecting Jitter FCC probes into Cyber Trust Mark Bluetooth Jamming New Wifi Apple features: What could go wrong? Just turn off the Internet for the entire country Meta's Localhost tracking Hacking printers, for realz this time Are we not patching 2023 CVEs? Cleaning up legacy drivers One of the Best Hackers in the Country is an AI Bot Show Notes: https://securityweekly.com/psw-880

Security teams often rely on scoring systems like Common Vulnerability Scoring System (CVSS), Exploit Prediction Scoring System (EPSS), and Stakeholder-Specific Vulnerability Categorization (SSVC) to make sense of vulnerability data—but these frameworks don't always deliver the clarity needed to act. In this episode, Tod Beardsley, Vice President of Security Research at runZero, joins host Sean Martin at InfoSec Europe 2025 to challenge how organizations use these scoring systems and to explain why context is everything when it comes to exposure management.Beardsley shares his experience navigating the limitations of vulnerability scoring. He explains why common outputs—like a CVSS score of 7.8—often leave teams with too many “priorities,” forcing them into ineffective, binary patch-or-don't-patch decisions. By contrast, he highlights the real value in understanding factors like access vectors and environmental fit, which help security teams focus on what's relevant to their specific networks and business-critical systems.The conversation also explores SSVC's ability to drive action through decision-tree logic rather than abstract scores, enabling defenders to justify priorities to leadership based on mission impact. This context-centric approach requires a deep understanding of both the asset and its role in the business—something Beardsley notes can be hard to achieve without support.That's where runZero steps in. Beardsley outlines how the platform identifies unmanaged or forgotten devices—including IoT, legacy systems, and third-party gear—without needing credentials or agents. From uncovering multi-homed light bulbs that straddle segmented networks to scanning for default passwords and misconfigurations, RunZero shines a light into the forgotten corners of corporate infrastructure.The episode closes with a look at merger and acquisition use cases, where runZero helps acquiring companies understand the actual tech debt and exposure risk in the environments they're buying. As Beardsley puts it, the goal is simple: give defenders the visibility and context they need to act now—not after something breaks.Whether you're tracking vulnerabilities, uncovering shadow assets, or preparing for your next acquisition, this episode invites you to rethink what visibility really means—and how you can stop chasing scores and start reducing risk.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: Tod Beardsley, Vice President of Security Research at runZero | On Linkedin: https://www.linkedin.com/in/todb/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, tod beardsley, runzero, exposure, vulnerability, asset, risk, ssdc, cvss, iot, brand story, brand marketing, marketing podcast, brand story podcast

Forecast = Stormy with a chance of TikTok malware showers—exploit scoring systems hot, but patch management outlook remains partly cloudy. Welcome to Storm⚡️Watch! In this episode, we're diving into the current state of cyber weather with a mix of news, analysis, and practical insights. This week, we tackle a fundamental question: are all exploit scoring systems bad, or are some actually useful? We break down the major frameworks: **CVSS (Common Vulnerability Scoring System):** The industry standard for assessing vulnerability severity, CVSS uses base, temporal, and environmental metrics to give a comprehensive score. It's widely used but has limitations—especially since it doesn't always reflect real-world exploitability. **Coalition Exploit Scoring System (ESS):** This system uses AI and large language models to predict the likelihood that a CVE will be exploited in the wild. ESS goes beyond technical severity, focusing on exploit availability and usage probabilities, helping organizations prioritize patching with better accuracy than CVSS alone. **EPSS (Exploit Prediction Scoring System):** EPSS is a data-driven approach that estimates the probability of a vulnerability being exploited, using real-world data from honeypots, IDS/IPS, and more. It updates daily and helps teams focus on the most urgent risks. **VEDAS (Vulnerability & Exploit Data Aggregation System):** VEDAS aggregates data from over 50 sources and clusters vulnerabilities, providing a score based on exploit prevalence and maturity. It's designed to help teams understand which vulnerabilities are most likely to be actively exploited. **LEV/LEV2 (Likely Exploited Vulnerabilities):** Proposed by NIST, this metric uses historical EPSS data to probabilistically assess exploitation, helping organizations identify high-risk vulnerabilities that might otherwise be missed. **CVSS BT:** This project enriches CVSS scores with real-world threat intelligence, including data from CISA KEV, ExploitDB, and more. It's designed to help organizations make better patching decisions by adding context about exploitability. Next, we turn our attention to a troubling trend: malware distribution via TikTok. Attackers are using AI-generated videos, disguised as helpful software activation tutorials, to trick users into running malicious PowerShell commands. This “ClickFix” technique has already reached nearly half a million views. The malware, including Vidar and StealC, runs entirely in memory, bypassing traditional security tools and targeting credentials, wallets, and financial data. State-sponsored groups from Iran, North Korea, and Russia have adopted these tactics, making it a global concern. For employees, the takeaway is clear: never run PowerShell commands from video tutorials, and always report suspicious requests to IT. For IT teams, consider disabling the Windows+R shortcut for standard users, restrict PowerShell execution, and update security awareness training to include social media threats. We also highlight the latest from Censys, VulnCheck, runZero, and GreyNoise—industry leaders providing cutting-edge research and tools for vulnerability management and threat intelligence. Don't miss GreyNoise's upcoming webinar on resurgent vulnerabilities and their impact on organizational security. And that's a wrap for this episode! We will be taking a short break from Storm Watch for the summer. We look forward to bringing more episodes to you in the fall! Storm Watch Homepage >> Learn more about GreyNoise >>  

In this sponsored interview, Risky Business Media's brand new interviewer Casey Ellis chats with runZero founder and CEO HD Moore about why vuln scanning tech is awful and broken. He also talks about how they're trying to do something better by glueing their own discovery product to the nuclei open source vulnerability scanner. Show notes

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-408

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-408

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Show Notes: https://securityweekly.com/esw-408

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Show Notes: https://securityweekly.com/esw-408

Forecast = Expect scattered AI layoffs, a flurry of bogus bug bounties, and a persistent workforce drought-so keep your firewalls up and your résumés handy! ‍ On this episode of GreyNoise Storm⚡️Watch, we kick things off with our usual round of introductions before diving into the latest cyber weather and threat landscape. If you're new here, Storm⚡️Watch is where we break down what's moving the needle in cybersecurity, spotlighting the people, tools, and trends shaping the field. For today's poll, we're feeling nostalgic and asking: What do you miss most from the Slow Internet days? Whether it's the wild west of Myspace, the quirky chaos of Fark, the creative playground of Wattpad, or the endless flash animations on Albino Blacksheep, we want to know what old-school internet experience you'd revive if you could. We're also talking about the pitfalls of AI in bug bounty programs. The open-source project curl has had enough of users flooding them with AI-generated “slop” vulnerabilities that waste maintainers' time and don't actually move security forward. It's a reminder that, despite the hype, AI isn't a silver bullet for finding real bugs and can actually create more noise than signal. Speaking of AI, the conversation shifts to how major companies are reshaping their workforce in the name of artificial intelligence. CrowdStrike just announced it's cutting 5% of its jobs, citing AI-driven restructuring and the need for efficiency. It's not just CrowdStrike-Duolingo is pushing AI into every corner of its product and workflow, with leadership urging engineers to “start with AI for every task,” even as they admit the tech is still error-prone and often less effective than human effort. The end result? Workers are being asked to manage and troubleshoot clumsy AI tools instead of using their expertise, and users are left with content that's sometimes flat-out wrong or just less engaging than before. But while AI is shaking up tech jobs, the cybersecurity workforce shortage isn't going away. The PIVOTT Act has been revived in Congress to address the growing gap, offering full scholarships for two-year degrees in cyber fields in exchange for government service. It's aimed at making it easier for people to pivot into cyber careers, especially as professionals in other sectors worry about AI-driven job cuts. The Act is being administered by CISA and is designed to streamline the path into government cyber roles, including those requiring security clearances. As always, we spotlight some of the latest developments from Censys, VulnCheck, runZero, and GreyNoise; then wrap up with some quick goodbyes and reminders to check out the latest from all our partners and contributors. Thanks for tuning in to Storm⚡️Watch-where the only thing moving faster than the threats is the conversation. Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Cloudy with a chance of zero-days-watch for Spellbinder storms and scattered Git leaks! ‍ On this episode of Storm⚡️Watch, the crew dives into the fast-moving world of vulnerability tracking and threat intelligence, spotlighting how defenders are moving beyond the traditional CVE system to keep pace with real-world attacks. The show kicks off with a look at the latest listener poll, always a source of lively debate, before jumping into some of the most pressing cybersecurity stories of the week. A major focus of this episode is the recent revelation that a China-aligned APT group, dubbed TheWizards, is using a tool called Spellbinder to abuse IPv6 SLAAC for adversary-in-the-middle attacks. This technique lets attackers move laterally through networks by hijacking software update mechanisms-specifically targeting popular Chinese applications like Sogou Pinyin and Tencent QQ-to deliver malicious payloads such as the modular WizardNet backdoor. The crew unpacks how this approach leverages IPv6's stateless address autoconfiguration to intercept and redirect legitimate traffic, underscoring the evolving sophistication of lateral movement techniques in targeted campaigns. The episode then turns to Google's 2024 zero-day exploitation analysis, which reports a drop in the total number of zero-days exploited compared to last year but highlights a worrying shift: attackers are increasingly targeting enterprise products and infrastructure. Microsoft, Ivanti, Palo Alto Networks, and Cisco are among the most targeted vendors, with nearly half of all zero-day exploits now aimed at enterprise systems and network appliances. The discussion covers how attackers are chaining vulnerabilities for more impactful breaches and why defenders need to be vigilant as threat actors pivot to harder-to-monitor enterprise environments. Censys is in the spotlight for its recent research and tooling, including a new Ports & Protocols Dashboard that gives organizations granular visibility into their attack surface across all ports and protocols. This helps teams quickly spot risky exposures and misconfigurations, making it easier to prioritize remediation efforts and automate alerting for high-risk assets. The crew also highlights Censys's collaborative work on botnet hunting and their ongoing push to retire stale threat indicators, all of which are reshaping proactive defense strategies. runZero's latest insights emphasize the importance of prioritizing risks at the asset stack level, not just by CVE. The crew explains how misconfigurations, outdated software, and weak network segmentation can create stacked risks that traditional scanners might miss, urging listeners to adopt a more holistic approach to asset management and vulnerability prioritization. Rounding out the episode, GreyNoise shares new research on a dramatic spike in scanning for Ivanti Connect Secure VPNs and a surge in crawling activity targeting Git configuration files. These trends highlight the persistent risk of codebase exposure and the critical need to secure developer infrastructure, as exposed Git configs can lead to the leak of sensitive credentials and even entire codebases. As always, the show wraps up with some final thoughts and goodbyes, leaving listeners with actionable insights and a reminder to stay vigilant in the face of rapidly evolving cyber threats. If you have questions or want to hear more about any of these topics, let us know-what's on your mind this week? Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Scattered phishing attempts with a 90% chance of encrypted clouds. ‍ In this episode of Storm⚡️Watch, the crew dissects the evolving vulnerability tracking landscape and the challenges facing defenders as they move beyond the aging CVE system. The show also highlights the rise of sophisticated bot traffic, the expansion of GreyNoise's Global Observation Grid, and fresh tools from VulnCheck and Censys that are helping security teams stay ahead of real-time threats. In our listener poll this week, we ask: what would you do if you found a USB stick? It's a classic scenario that always sparks debate about curiosity versus caution in cybersecurity. It's officially cyber report season, and we're breaking down the latest findings from some of the industry's most influential threat intelligence teams. GreyNoise's new research spotlights the growing risk from resurgent vulnerabilities-those old flaws that go quiet for years before suddenly making a comeback, often targeting edge devices like routers and VPNs. The FBI's 2024 IC3 report is out, revealing a record $16.6 billion in reported losses last year, with phishing, extortion, and business email compromise topping the charts. Mandiant's M-Trends 2025, VulnCheck's Q1 exploitation trends, and other reports all point to a relentless pace of vulnerability weaponization, with nearly a third of new CVEs being exploited within 24 hours of disclosure. We also dig into a series of ace blog posts and research from Censys, including their push to end stale indicators and their deep dives into the sharp rise in attacks targeting edge security devices. Their recent work with GreyNoise and CursorAI on botnet hunting, as well as their new threat hunting module, are changing the game for proactive defense. VulnCheck's quarterly report is raising eyebrows with the revelation that 159 vulnerabilities were exploited in Q1 2025 alone, and 28% of those were weaponized within a single day of disclosure. This underscores how quickly attackers are operationalizing new exploits and why defenders need to move faster than ever. We round out the show with the latest from runZero and a look at GreyNoise's recent findings, including a ninefold surge in Ivanti Connect Secure scanning and a spike in Git configuration crawling-both of which highlight the ongoing risk of codebase exposure and the need for continuous vigilance. Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast: Patchy with a 32% backlog surge, CVE squalls causing auth bypass showers, and Lazarus fronts looming—keep your threat umbrellas handy!"

When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything, as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and how we're perceived by our peers and community. It doesn't matter how brilliant you might be - without soft skills, your potential could be severely limited. Did you know that soft skills issues contributed to the Equifax breach? We'll also discuss how fear is related to some of the same limitations and challenges as soft skills. Segment Resources: https://www.softskillstech.ca/ Order the Book You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs This week, in the enterprise security news, we check the vibes we check the funding we check runZero's latest release notes tons of free tools! the latest TTPs supply chain threats certs won't save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-401

When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything, as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and how we're perceived by our peers and community. It doesn't matter how brilliant you might be - without soft skills, your potential could be severely limited. Did you know that soft skills issues contributed to the Equifax breach? We'll also discuss how fear is related to some of the same limitations and challenges as soft skills. Segment Resources: https://www.softskillstech.ca/ Order the Book You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs This week, in the enterprise security news, we check the vibes we check the funding we check runZero's latest release notes tons of free tools! the latest TTPs supply chain threats certs won't save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-401

This week, in the enterprise security news, we check the vibes we check the funding we check runZero's latest release notes tons of free tools! the latest TTPs supply chain threats certs won't save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-401

This week, in the enterprise security news, we check the vibes we check the funding we check runZero's latest release notes tons of free tools! the latest TTPs supply chain threats certs won't save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-401

Forecast = Cloudy with a chance of cyber meatballs. ‍ We're not fooling around in this episode of Storm⚡️Watch! The show kicks off with some positive news about the Journal Times returning to full operations following a cyberattack. This is followed by important information for VMware users regarding Broadcom's significant licensing changes effective April 10, including an increase in minimum core requirements from 16 to 72 cores per command line and a new 20% penalty for late subscription renewals that will be applied retroactively. The crew then reviews results from their recent poll asking listeners which feature of encrypted messaging apps concerns them most, with options including data storage, unencrypted backups, metadata, and accidental adds. In our first segment, we discuss security concerns with the Unitree Go1 consumer-grade robot dog, specifically focusing on the recently disclosed Zhexi Oray Tunnel backdoor that has raised alarm in the security community. Next up, the team explores FamousSparrow and their SparrowDoor malware, examining the techniques and implications of this threat actor's operations. In light of recent event, the hosts provide comprehensive guidance on secure messaging practices, drawing from recent Washington Post and Wired articles. They emphasize that secure communication depends not just on the app but also on how you use it. Key recommendations include choosing contacts wisely, securing your devices by using personal rather than work equipment, setting messages to automatically delete, and selecting the right messaging apps with Signal being the top recommendation for its verifiable end-to-end encryption. They also warn about potential vulnerabilities in cross-platform messaging and advise caution with apps like Telegram. We quickly review Europol's 2025 report on the evolving landscape of organized crime, which now heavily intersects with cybercrime. Traditional criminal networks have transformed into technology-driven enterprises using AI, blockchain, and cryptocurrency to enhance their operations. The internet has become the primary theater for organized crime with data as the new currency of power. The report identifies seven key threat areas and calls for improved global financial security measures, noting that criminal asset confiscation remains stagnant at around 2%. Finally, we conclude with updates from our benevolent overlords, including Censys' reports on JunOS vulnerabilities and Kubernetes issues, VulnCheck's partnership with Filigran, runZero's approach to exposure management, and GreyNoise's observations on DrayTek router activity and Palo Alto Networks scanner activity that may indicate upcoming threats. Storm Watch Homepage >> Learn more about GreyNoise >>  

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group The Github actions hack is smaller than we thought, but was targeting crypto Remote code exec in Kubernetes, ouch Oracle denies its cloud got owned, but that sure does look like customer keymat Taiwanese hardware maker Clevo packs its private keys into bios update zip US Treasury un-sanctions Tornado Cash, party time in Pyongyang? This week's episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he's doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he's got you fam. This episode is also available on Youtube. Show notes The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT | WIRED Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21) Critical vulnerabilities put Kubernetes environments in jeopardy | Cybersecurity Dive Researchers back claim of Oracle Cloud breach despite company's denials | Cybersecurity Dive The Biggest Supply Chain Hack Of 2025: 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants | CloudSEK Capital One hacker Paige Thompson got too light a sentence, appeals court rules | CyberScoop US scraps sanctions on Tornado Cash, crypto ‘mixer' accused of laundering North Korea money | Reuters Tornado Cash Delisting | U.S. Department of the Treasury Major web services go dark in Russia amid reported Cloudflare block | The Record from Recorded Future News Clevo Boot Guard Keys Leaked in Update Package Six additional countries identified as suspected Paragon spyware customers | CyberScoop The Citizen Lab's director dissects spyware and the ‘proliferating' market for it | The Record from Recorded Future News Malaysia PM says country rejected $10 million ransom demand after airport outages | The Record from Recorded Future News Hacker defaces NYU website, exposing admissions data on 1 million students | The Record from Recorded Future News Notre Dame uni students say outage creating enrolment, graduation, assignment mayhem - ABC News DNA of 15 Million People for Sale in 23andMe Bankruptcy

Forecast = Router-geddon: Ballista storms brewing with a chance of unforgivable vulnerabilities. Patch umbrella required. ‍ In this episode of Storm ⚡ ️Watch, the crew laments the sorry state of modern edge computing through the lens of Steve Coley's 2007 paper on "Unforgivable Vulnerabilities". The discussion examines security flaws that should never appear in properly developed software yet continue to plague systems today. These vulnerabilities demonstrate a systematic disregard for secure development practices and would be immediately obvious to anyone with basic security awareness. The team breaks down "The Lucky 13" vulnerabilities, including buffer overflows, cross-site scripting, SQL injection, and hard-coded credentials, while also exploring how modern AI tools might inadvertently introduce these same issues into today's codebase, and how one might go about properly and safely use them in coding and security engineering. The episode also features an in-depth analysis of the newly discovered Ballista botnet that's actively targeting TP-Link Archer routers through a vulnerability discovered two years ago. First detected on January 10, 2025, this botnet has already infected over 6,000 devices worldwide, with the most recent activity observed in mid-February. The threat actors behind Ballista, believed to be based in Italy, have targeted organizations across multiple sectors including manufacturing, healthcare, services, and technology in the US, Australia, China, and Mexico. The botnet exploits CVE-2023-1389 to spread malware that establishes encrypted command and control channels, enabling attackers to launch DDoS attacks and further compromise vulnerable systems. The team rounds out the episode with updates from their partner organizations. Censys shares insights on JunOS vulnerabilities and the RedPenguin threat actor, along with an investigation into server misidentification issues. RunZero discusses the importance of cybersecurity labeling for end-of-life and end-of-support consumer IoT devices. GreyNoise alerts listeners to a new surge in SSRF exploitation attempts reminiscent of the 2019 Capital One breach and promotes their upcoming webinar on March 24th. As always, the Storm⚡️Watch crew delivers actionable intelligence and expert analysis to help security professionals stay ahead of emerging threats in the ever-evolving cybersecurity landscape. Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast: Cloudy with a chance of compromised credentials and scattered vulnerabilities—stay alert out there! ‍ In this episode of Storm⚡️Watch, we're unpacking some of the most pressing developments in cybersecurity and what they mean for the industry. First, we tackle the state of CISA and its mounting challenges. From allegations that the Trump administration ordered U.S. Cyber Command and CISA to stand down on addressing Russian cyber threats, to financial groups pushing back against CISA's proposed incident reporting rule, there's no shortage of turbulence. Adding fuel to the fire, Homeland Security Secretary Kristi Noem has disbanded eight federal advisory committees, including key cybersecurity groups, citing compliance with a Trump-era executive order. Critics argue these cuts could weaken public-private collaboration and hinder CISA's ability to protect critical infrastructure. We'll break down what all this means for the future of cybersecurity leadership in the U.S. Next, we revisit a shocking case involving a U.S. soldier who plans to plead guilty to hacking 15 telecom carriers. This story highlights the ongoing risks posed by insider threats and the vulnerabilities within telecom networks, which are often targeted for their treasure troves of sensitive data. We'll explore how this case unfolded, what it reveals about vetting processes for individuals with access to critical systems, and the broader implications for cybersecurity in government-affiliated organizations. We also spotlight some fascinating research from Censys on a phishing scam exploiting toll systems across multiple states. Attackers are leveraging cheap foreign SIM cards and Chinese-hosted infrastructure in a campaign that keeps evolving. Plus, RunZero sheds light on a critical vulnerability affecting Edimax IP cameras (CVE-2025-1316), while GreyNoise reports on mass exploitation of a PHP-CGI vulnerability (CVE-2024-4577) and active threats linked to Silk Typhoon-associated CVEs. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this Risky Business News sponsor interview, Catalin Cimpanu talks with runZero founder and CEO HD Moore about the company's latest capability, a feature called Inside-Out Attack Surface Management that takes internal fingerprints and scans the internet to discover possible exposures. Show notes Inside-Out Attack Surface Management: Identify the risk before hackers bridge the gap

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Sophos drops implants on Chinese firewall exploit devs Microsoft workshops better just-in-time Windows admin privileges Snowflake hacker arrested in Canada Okta has a fun, but not very impactful auth-bypass bug Russians bring dumb-but-smart RDP client attacks And much, much more. Special guest Sophos CISO Ross McKerchar joined us to talk about its “hacking back” campaign. The full interview is available on Youtube for those who want to really live vicariously through Sophos doing what every vendor probably wants to do. This week's episode is sponsored by attack surface mapping vendor runZero. Founder and CEO HD Moore joins to talk about marrying up the outside and inside views of your network. You can also watch this episode on Youtube Show notes Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory Does bcrypt have a maximum password length? - Information Security Stack Exchange Local Administrator Protection | Privilege Protection Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices | WIRED A Deeper Look at FortiJump (FortiManager CVE-2024-47575) | Bishop Fox Man Arrested for Snowflake Hacking Spree Faces US Extradition | WIRED Google uses large language model to discover real-world vulnerability GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI Thousands of hacked TP-Link routers used in yearslong account takeover attacks - Ars Technica CISA warns of foreign threat group launching spearphishing campaign using malicious RDP files | Cybersecurity Dive Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns India-Canada row: Canadian officials confess to leaking 'intel' against India to Washington Post - India Today Amid diplomatic row, Canada names India in ‘cyberthreat adversary' list, accuses it of ‘likely spying' | World News - The Indian Express The Untold Story of Trump's Failed Attempt to Overthrow Venezuela's President | WIRED Risky Biz News: The mystery at Mango Park North Korean hackers seen collaborating with Play ransomware group, researchers say

In this Risky Business News sponsored interview, Tom Uren talks to Rob King, Director of Security Research at runZero, about keeping up with the stream of vulnerabilities in the KEV list and OT devices and runZero's research into the SSH protocol.

Forecast = Intermittent internet-wide scanner probes with a 20% chance of DDoS. Believe it or not, it has been one year since we started Storm Watch. While we still don't understand it, we are so grateful to everyone who keeps coming back week after week to hear us discuss all things cybersecurity. In this episode, the team takes a look back at how we got here and looks forward at what's to come for our little podcast. We are also honored to talk with security expert and runZero Co-founder & CEO, HD Moore. Storm Watch Homepage >> Learn more about GreyNoise >>    

In this Risky Business News sponsored interview, Tom Uren talks to Rob King, runZero's Director of security research. The pair talk about the world of Operational Technology protocols and how Rob dissects these protocols to be sure that active discovery of OT devices is safe.

Show notes:    Today, we're joined by Huxley Barbee, a security evangelist at RunZero and organizer of Bsides NYC. In this episode, Zach and Huxley talk about the modern divergence of environments and security methodologies. Topics discussed:   Huxley's start within the security industry. Making the industry a better place for newcomers. Chasm solutions. Comprehensive security visibility. Methodologies of collecting data (on the network). How “network” terminology has evolved. “Deperimeterization”. Modern divergence of security environments and efforts of discovery. The top 3 important components that help round out a security program. Agent-based collection compared to network-based collection. Organization of Bsides NYC. Where to get in touch:  Linkedin https://www.linkedin.com/in/jhbarbee/  Twitter https://twitter.com/huxley_barbee  Mastadon https://infosec.exchange/@huxley  Bsidesnyc.org https://bsidesnyc.org/  Runzero https://www.runzero.com/    Try Fleet   Fleet makes it easy to get accurate, actionable data from all your endpoints. From full disk encryption to healthy antivirus software and any query in between. See for yourself. https://fleetdm.com/try-fleet/register.

Industrial Talk is chatting with Huxley Barbee, Security Evangelist at runZero about “OT Security vs IT Security and Passive vs Active Scanning.”  The following is a summary of our conversation: Cybersecurity and OT with Huxley from Run Zero. 0:00 Palo Alto Networks provides comprehensive security solutions for all assets, networks, and remote operations. Huxley Barbee, security evangelist at runZero, discusses cybersecurity and the importance of staying connected and safe in the digital world. Industrial Talk is a platform dedicated to amplifying voices and solving problems through various mediums, including podcasts, videos, and webcasts. Cybersecurity in IoT, OT, and ICS environments. 4:36 Security evangelist at Ron zero discusses chasm solution for cyber asset attack surface management. Huxley highlights the importance of security in IoT and OT environments, emphasizing that it's often an afterthought. Scott MacKenzie agrees, noting that security should be a priority from the beginning of a project, rather than an add-on later on. Industrial control systems security. 9:13 Scott MacKenzie and Huxley discuss the importance of aligning security and operations in an organization, with Huxley highlighting the need for more conversations to understand the importance of including security in planning and decision-making. Huxley notes that operational teams may prioritize mechanical problems over security updates, but this can lead to negative consequences, such as security breaches or outages, which can affect the way devices operate. Huxley emphasizes the importance of knowing what assets are present in an OT or ICS environment for proper security controls. Cybersecurity risks in industrial control systems. 14:04 Huxley emphasizes the importance of selecting security controls commensurate with the value of assets. Huxley highlights the irony of introducing security measures to avoid outages, only to inadvertently cause them. Vendors and devices create variety and complexity in IoT security. Active scanning techniques for IoT devices. 20:02 Huxley explains how active scanning techniques can cause real-world problems, such as network outages, due to the way they are implemented. The speaker highlights the bias against active scanning that has developed as a result of poor deployments in the past. Huxley argues that active scanning can be safe for OT and ICS environments with proper development. Active vs passive device discovery in cybersecurity. 24:19 Active scanning involves customizing security measures based on specific devices, while passive discovery tends to be more costly and effortful. Huxley discusses the challenges of passive discovery in network traffic analysis, including the need for multiple collectors and the difficulty of deploying collectors in the right locations. Huxley also highlights the advantages of active scanning over passive discovery, including the ability to be targeted and thorough in...

In this episode, host Ron Eddings is joined by Metasploit creator, co-founder and CEO of runZero, HD Moore. HD changed the world with Metasploit and he's doing it again with runZero. Attack Surface Management can't happen unless you have visibility into your home or company network and HD shares how he's able to deliver that and so much more in his journey of creating runZero. Impactful Moments 00:00 - Welcome 00:50 - Introducing guest, HD Moore 01:30 - Fixing the Root Cause 05:00 - runZero 10:54 - A New Kind of CAASM 12:00 - Uncover the Unknown 14:08 - runZero Raving 17:45 - “Trust me, you can scan OT” 20:10 - You Can Scan if You Want To 22:30 - Red to Blue Judo Skills Links: Connect with our guest HD Moore: https://www.linkedin.com/in/hdmoore/ Check out runZero: https://www.runzero.com/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

A hosted panel discussion with industry leaders to explore what advantages the SecOps Cloud Platform confers for ecosystem builders.The panel is moderated by LimaCharlie's Head of Product, Matt Bromiley. The panel participants are:Senior Security Researcher at Thinkst, Casey SmithSecurity Evangelist at RunZero, Huxley BarbeeHead of Tines Labs, John TucknerWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they're in enterprise, services or vendors to build appropriate solutions.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: More victims identified in Chinese breach of Microsoft email accounts Cyber Safety Review Board to investigate Microsoft We got some stuff wrong last week More details on Viasat hack revealed Special guest Heather Adkins talks about the CSRB's Lapsus$ report Much, much more This week's show is brought to you by RunZero. Its co-founder HD Moore is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska - The Washington Post US cyber board to investigate Microsoft hack of government emails | TechCrunch Richard: "@briankrebs @metlstorm @riskyb…" - Mastodon.Radio Mastodon.Radio An SSRF, privileged AWS keys and the Capital One breach | by Riyaz Walikar | Appsecco Chamber of Commerce urges SEC to delay cyber rule implementation | Cybersecurity Dive Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop Microsoft to freeze license extensions for Russian companies Takedown of Lolek bulletproof hosting service includes arrests, NetWalker indictment Ransomware Diaries V. 3: LockBit's Secrets How the FBI goes after DDoS cyberattackers | TechCrunch Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT' – Krebs on Security Multiple zero days found affecting crypto platforms Lawmakers press FCC for action on Chinese-made cellular modules Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED Rapid7 to cut 18% of workforce, shutter certain offices | Cybersecurity Dive SecureWorks layoffs affect 15% staff | TechCrunch Researcher says they were behind iPhone popups at Def Con | TechCrunch Review of the Attacks Associated with LAPSUS$ and Related Threat Groups US should crack down on SIM swapping following Lapsus$ attacks: DHS review Kevin Collier: "Def Con is over and nobody hac…" - Infosec Exchange

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: More victims identified in Chinese breach of Microsoft email accounts Cyber Safety Review Board to investigate Microsoft We got some stuff wrong last week More details on Viasat hack revealed Special guest Heather Adkins talks about the CSRB's Lapsus$ report Much, much more This week's show is brought to you by RunZero. Its co-founder HD Moore is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska - The Washington Post US cyber board to investigate Microsoft hack of government emails | TechCrunch Richard: "@briankrebs @metlstorm @riskyb…" - Mastodon.Radio Mastodon.Radio An SSRF, privileged AWS keys and the Capital One breach | by Riyaz Walikar | Appsecco Chamber of Commerce urges SEC to delay cyber rule implementation | Cybersecurity Dive Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop Microsoft to freeze license extensions for Russian companies Takedown of Lolek bulletproof hosting service includes arrests, NetWalker indictment Ransomware Diaries V. 3: LockBit's Secrets How the FBI goes after DDoS cyberattackers | TechCrunch Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT' – Krebs on Security Multiple zero days found affecting crypto platforms Lawmakers press FCC for action on Chinese-made cellular modules Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED Rapid7 to cut 18% of workforce, shutter certain offices | Cybersecurity Dive SecureWorks layoffs affect 15% staff | TechCrunch Researcher says they were behind iPhone popups at Def Con | TechCrunch Review of the Attacks Associated with LAPSUS$ and Related Threat Groups US should crack down on SIM swapping following Lapsus$ attacks: DHS review Kevin Collier: "Def Con is over and nobody hac…" - Infosec Exchange

In this episode, host Bidemi Ologunde spoke with Huxley Barbee, the lead organizer for BSides NYC and a Security Evangelist at runZero, a cyber asset management solution.The discussion covered various topics related to asset-centric investigations, such as the pros and cons of the different methods of conducting cyber asset inventory; operational technology (OT) scanning; and security research-based fingerprinting and incremental fingerprinting. Huxley also delved into vulnerability prioritization technology (VPT) and the utility of Shodan, a popular search engine for identifying and cataloging internet-connected devices and systems. Additionally, he mentioned some of the tools required for network access security; the stark reality of managing threat attack surfaces, and lots more. To wrap up, he shared insights into how runZero can aid organizations in securing all their network assets and devices.==============Organize your work and life, finally.Become focused, organized, and calm with Todoist. The world's #1 task manager and to-do list app.Start for free=======Receive $25 off orders of $149+ with code SWAPSRF at Snake River Farms!Whether you're a seasoned veteran or a beginner to beef, the pioneers of American Wagyu have got you covered with $25 off your order.Shop Delicious Meats Now=======Turn your Airtable or Google Sheets into modern business tools you need.Softr lets you stop waiting for developers. Build software without devs. Blazingly fast. Trusted by 100,000+ teams worldwide.Start building now.=======Sesame Care - Doctor appointments as low as $19.Find the best price for the highest quality physicians. Book an appointment in minutes.Get Started=======Compliantly hire anyone, anywhere, in 5 minutes with Deel.Deel is your one-stop shop for hiring, paying, and managing your remote team. We stay on top of local labor laws across the world to ensure compliance and mitigate risk so that you don't have to.Get Started=======Shut The Box Game.Dating back to 12th century France, sailors cherished playing Shut The Box Game. In modern times whether you're camping with friends or relaxing with family, you'll have endless fun with this easy-to-learn game! Buy 2, Get 1 Free, plus free shipping within the United States.Get Started=======Support the show

NOTE: Patrick's audio is a bit degraded in a few parts of this episode. It's still clear enough, but if you hear some degradation in parts then yes, it's us, not you. On this week's show Patrick Gray, Adam Boileau and Tom Uren discuss the week's security news. They cover: The Biden White House's executive order on spyware Why the infosec community writ large is wrong on TikTok Clop campaign: it's time to ditch your file transfer gateways Major Android app booted from store because it was full of 0day privesc exploits lol More detail on the BreachForums admin arrest Much, much more This week's show is brought to you by runZero. HD Moore, co-founder of runZero, is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that's your thing. Show notes At least 50 U.S. government employees hit with spyware, White House says Kevin McCarthy says House 'will be moving forward' with TikTok legislation US lawmakers tell TikTok CEO the app ‘should be banned' Between Two Nerds: The Real Problem with TikTok - Risky Business New victims come forward after mass-ransomware attack | TechCrunch UK Pension Protection Fund latest victim of GoAnywhere hack Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News Fortra told breached companies their data was safe | TechCrunch When to use Dropbox vs. MFT: Best Versatile File Sharing and Security | GoAnywhere MFT City of Toronto and Virgin confirm hackers accessed data through file transfer systems Tasmania investigating attack after Clop ransomware group adds to victim list Latitude Financial faces possible class action after millions affected by data breach | Australia news | The Guardian Android app from China executed 0-day exploit on millions of devices | Ars Technica Telecom giant Lumen says it discovered two separate cyber intrusions Tennessee city hit with ransomware attack FBI, CISA investigating cyberattack on Puerto Rico's water authority British hospital investigating impact of ‘contained' cyber incident Largest telecom in Guam starts restoring services after cyberattack Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users' data How the FBI caught the BreachForums admin | TechCrunch Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop North Korean APT group ‘Kimsuky' targeting experts with new spearphishing campaign North Korea Is Now Mining Crypto to Launder Its Stolen Loot | WIRED “Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania > U.S. Cyber Command > News Bad magic: new APT found in the area of Russo-Ukrainian conflict | Securelist Beloved hacking veteran Kelly ‘Aloria' Lum passes away at 41 | TechCrunch

NOTE: Patrick's audio is a bit degraded in a few parts of this episode. It's still clear enough, but if you hear some degradation in parts then yes, it's us, not you. On this week's show Patrick Gray, Adam Boileau and Tom Uren discuss the week's security news. They cover: The Biden White House's executive order on spyware Why the infosec community writ large is wrong on TikTok Clop campaign: it's time to ditch your file transfer gateways Major Android app booted from store because it was full of 0day privesc exploits lol More detail on the BreachForums admin arrest Much, much more This week's show is brought to you by runZero. HD Moore, co-founder of runZero, is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that's your thing. Show notes At least 50 U.S. government employees hit with spyware, White House says Kevin McCarthy says House 'will be moving forward' with TikTok legislation US lawmakers tell TikTok CEO the app ‘should be banned' Between Two Nerds: The Real Problem with TikTok - Risky Business New victims come forward after mass-ransomware attack | TechCrunch UK Pension Protection Fund latest victim of GoAnywhere hack Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News Fortra told breached companies their data was safe | TechCrunch When to use Dropbox vs. MFT: Best Versatile File Sharing and Security | GoAnywhere MFT City of Toronto and Virgin confirm hackers accessed data through file transfer systems Tasmania investigating attack after Clop ransomware group adds to victim list Latitude Financial faces possible class action after millions affected by data breach | Australia news | The Guardian Android app from China executed 0-day exploit on millions of devices | Ars Technica Telecom giant Lumen says it discovered two separate cyber intrusions Tennessee city hit with ransomware attack FBI, CISA investigating cyberattack on Puerto Rico's water authority British hospital investigating impact of ‘contained' cyber incident Largest telecom in Guam starts restoring services after cyberattack Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users' data How the FBI caught the BreachForums admin | TechCrunch Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop North Korean APT group ‘Kimsuky' targeting experts with new spearphishing campaign North Korea Is Now Mining Crypto to Launder Its Stolen Loot | WIRED “Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania > U.S. Cyber Command > News Bad magic: new APT found in the area of Russo-Ukrainian conflict | Securelist Beloved hacking veteran Kelly ‘Aloria' Lum passes away at 41 | TechCrunch