POPULARITY
Categories
Identity theft affects millions of people every year — but do you really know how it works, or how to protect yourself? This week, we're joined by Eva Velasquez, CEO of the Identity Theft Resource Center, who shares the latest trends in identity crime and what steps you can take if it ever happens to you.
NPR journalist and host Mary Louise Kelly recently launched a national security podcast, Sources & Methods, where she discusses the biggest national security news of the week with NPR correspondents.In this bonus podcast, KOSU's Michael Cross visits with her about the new podcast and previews her upcoming visit to Oklahoma City on Nov. 4.
Hacktivists don't need zero-days to hurt you—they weaponize people. Host Lieuwe Jan Koning sits down with Yuri Wit (SOC analyst) and Rob Maas (Field CTO) to dissect APT Handala: how they hunt targets, deliver wipers, and brag about leaks. We map their moves to the Lockheed Martin Kill Chain and turn it into a Zero Trust defense playbook you can actually use—today.(00:00) - - 01:40 - Introduction (01:40) - - 02:27 - What is APT Handala? (02:27) - - 05:27 - Kill Chain Step 1: Reconnaissance (05:27) - - 06:43 - Kill Chain Step 2: Weaponization (06:43) - - 10:39 - Kill Chain Step 3: Delivery (10:39) - - 14:37 - Kill Chain Step 4: Exploitation (14:37) - - 17:34 - Kill Chain Step 5: Installation (17:34) - - 23:39 - Kill Chain Step 6: Command and control (23:39) - - 26:40 - Kill Chain Step 7: Act on objectives (26:40) - - 29:35 - How to respond to being hacked (29:25) - - 30:22 - Closing notes Key Topics Covered• Handala's playbook: people-centric recon, phishing kits, wipers, boast-and-leak ops.• Zero Trust counters: deny-by-default egress, newly-registered-domain blocks, hard EDR, passkeys.• SOC tells: DNS DGA spikes, encrypted C2 on common apps, “human error” as the biggest CVE.• Comms reality: when openness helps—and when strategic silence limits amplification.Additional Resources• ON2IT Zero Trust: https://on2it.net/zero-trust/• Lockheed Martin Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html• Tor Project (onion services): https://www.torproject.org/• Threat Talks hub: https://threat-talks.com/Click here to view the episode transcript.
In this episode of the Cents of Security Podcast, host Mary MacNamara and Interactive Brokers Senior Economist Jose Torres unpack the Federal Reserve's September rate cut, its implications for labor markets, inflation, and investor sentiment. They also explore geopolitical developments, tariff dynamics, and the outlook for future monetary policy decisions.
What does cyberwarfare really look like behind the headlines? This week, Roo sits down with Hayley Benedict, a cyber intelligence analyst at RANE, to explore the evolving world of digital conflict. From hacktivists to disinformation specialists, Hayley shares how nation states, criminals, and ideologically driven groups are blurring lines — and why data theft, disruption, and doubt remain the weapons of choice.
First documented case: AI inside the breach.Promptlock marks the first time malware has used AI during execution, not just in preparation. In this Threat Talks deep dive, Rob Maas (Field CTO, ON2IT) sits down with Yuri Wit (SOC Analyst, ON2IT) to break down how it works: a Go loader calling an attacker's LLM in real time, generating fresh payloads that adapt on the fly.This episode strips away sci-fi hype. You'll see the psychology of an adversary that thinks mid-attack—and the Zero Trust defenses that box it in. When AI runs inside the kill chain, malware doesn't just evolve. It crosses into super-malware.(00:00) - — Cold open: “What if malware could think?” (00:18) - — Welcome: Rob Maas & Yuri Wit (00:41) - — First reaction to PromptLock (01:02) - — How attackers already use AI (phishing, coding, negotiations) (03:02) - — Why PromptLock is different: AI during execution (03:35) - — How it works: Go → Ollama → LLM → Lua (06:36) - — Proof-of-concept tells (the Satoshi wallet) (07:55) - — Defense shift: hashes die, behavior wins (10:40) - — Detecting LLM calls: SSL inspection realities (11:26) - — Quick wins: block interpreters (Lua/Python/PowerShell) (12:23) - — Zero Trust moves: default-deny egress & segmentation (12:41) - — What's next: dynamic exploits & on-demand EDR bypass (16:21) - — Timelines & hardware: why adoption could accelerate (18:21) - — Wrap-up & CTA Key Topics Covered• The first documented case of AI inside the breach — why Promptlock changes the game• Promptlock's core loop: calling an LLM mid-attack to generate fresh payloads.• Why hash-based detection breaks against AI-powered malware detection, ever-changing scripts.• Behavioral defense over signatures: EDR/XDR, sandboxing, and SSL inspection.• Zero Trust in practice: block script interpreters, restrict egress, and shrink blast radius.Additional ResourcesON2IT Zero Trust: https://on2it.net/zero-trust/Threat Talks hub: https://threat-talks.com/Ollama (referenced in episode): https://ollama.com/The Rising Threat of Deepfakes: https://youtu.be/gmtZ_aYmQdQGuest & Host Links:Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/ Yuri Wit, SOC Specialist, ON2IT: https://www.linkedin.com/in/yuriwit/Click here to view the episode transcript.
Last week, Senator Elissa Slotkin (D-MI) unveiled a new “national security war plan,” centered on reviving the middle class, winning the global tech race, and rethinking how Americans are protected in an era of shifting threats and changing geopolitical realities. Senator Slotkin joins Just Security's editors-in-chief Ryan Goodman and Tess Bridgeman to discuss the relationship between economic security and national security, the tools Congress should use to defend against threats to our democracy, the role for congressional oversight in domestic use of the military and in the recent military attack on a suspected drug smuggling vessel in the Caribbean, how the United States should engage with China in an era of increasing competition and cooperation, and a range of other national security and foreign policy priorities.Show Notes: Senator Elissa Slotkin's launch of her new vision for American national security and foreign policy at the Council on Foreign Relations. Just Security's AI and Emerging Technology Archive Just Security's Congress Archive
NPR's Mary Louise Kelly is hosting a new national security podcast, Sources and Methods. She talked about it with KAZU.
Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: Managing Risk with Digital Twins - What Do We Do Next? [the industrial security podcast]Pub date: 2025-09-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAsset inventory, networks and router / firewall configurations, device criticality - a lot of information. How can we USE this information to make useful decisions about next steps to address cyber risk? Vivek Ponada of Frenos joins us to explore a new kind of OT / industrial digital twin - grab all that data and work it to draw useful conclusions.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Your tools say “secure.” Your headers say “leaking.”In this Threat Talks Deep Dive, ON2IT's Luca Cipriano (CTI & Red Team Lead) exposes Data Bouncing—a stealthy exfiltration trick that hides inside HTTP headers and abuses DNS lookups through trusted third parties. We show the demo, decode the psychology of the attack, and translate it into Zero Trust moves you can deploy today.(00:00) - – Why your defenses aren't enough (00:11) - – What is Data Bouncing? (01:22) - – How attackers exfiltrate data via DNS & headers (05:20) - – Live demo: DNS lookups & Burp Suite interception (10:48) - – Reassembling stolen files undetected (15:24) - – Can you defend against Data Bouncing? (19:20) - – Testing it in your own environment (21:00) - – Key takeaways & call to action Key Topics Covered• How Data Bouncing enables covert data exfiltration• Abuse of headers like X-Forwarded-For to bypass firewalls• Live demo: attacker vs. victim scenario• Defensive measures: decryption, inspection, Zero Trust, and SOC awarenessAdditional Resources• ON2IT Threat Talks Podcast: https://www.on2it.net/threat-talks• Zero Trust Resources: https://www.on2it.net/zero-trust/Guest & Host Links:• Luca Cipriano, Cyber Threat Intelligence Program Lead, ON2IT: https://www.linkedin.com/in/luca-c-914973124/• Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/ Click here to view the episode transcript.
Asset inventory, networks and router / firewall configurations, device criticality - a lot of information. How can we USE this information to make useful decisions about next steps to address cyber risk? Vivek Ponada of Frenos joins us to explore a new kind of OT / industrial digital twin - grab all that data and work it to draw useful conclusions.
Want to work in cybersecurity but don't know where to begin? Or just curious what it takes to break into the field? This week, we're joined by the internet's very own Heath Adams, better known as The Cyber Mentor. He demystifies the application process and what it takes to build a career in cybersecurity – no matter your background.
This episode is a family-friendly extravaganza as we unpack the secrets to secure digital parenting. We're joined by Alanna Powers, a research specialist from the renowned Family Online Safety Institute (FOSI).
We don't have budget to fix the problem, so we accept the risk? Tim McCreight of TaleCraft Security in his (coming soon) book "I don't sign s**t" uses story-telling to argue that front line security leaders should not be accepting multi-billion dollar risks on behalf of the business. We need to escalate those decisions - with often surprising results when we do.
We don't have budget to fix the problem, so we accept the risk? Tim McCreight of TaleCraft Security in his (coming soon) book "I don't sign s**t" uses story-telling to argue that front line security leaders should not be accepting multi-billion dollar risks on behalf of the business. We need to escalate those decisions - with often surprising results when we do.
Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: I don't sign s**t [The Industrial Security Podcast]Pub date: 2025-08-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWe don't have budget to fix the problem, so we accept the risk? Tim McCreight of TaleCraft Security in his (coming soon) book "I don't sign s**t" uses story-telling to argue that front line security leaders should not be accepting multi-billion dollar risks on behalf of the business. We need to escalate those decisions - with often surprising results when we do.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Ethical hacker Rachel Tobac joins us to answer a juicy question: How would she hack someone reasonably security savvy like Matt?
Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: NIS2 and the Cyber Resilience Act (CRA) [The Industrial Security Podcast]Pub date: 2025-07-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationNIS2 legislation is late in many EU countries, and the new CRA applies to most suppliers of industrial / OT computerized and software products to the EU. Christina Kiefer, attorney at reuschlaw, walks us through what's new and what it means for vendors, as well as for owner / operators.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
What does "secure by default" really mean—and is it enough? In this episode of CyberArk's Security Matters, host David Puner sits down with Scott Barronton, Chief Information Security Officer (CISO) at Diebold Nixdorf, to explore the often-overlooked risks of cloud default settings and how assumptions can lead to vulnerabilities.Drawing on over 25 years in cybersecurity, Scott shares how he balances product and corporate security, leads a global team, and chairs his company's AI steering committee. He discusses the importance of machine identity management, certificate automation, and building security programs that support both innovation and accountability.Plus, Scott reflects on how his passion for travel—including a group trip to Antarctica—informs his leadership style and security mindset.
NIS2 legislation is late in many EU countries, and the new CRA applies to most suppliers of industrial / OT computerized and software products to the EU. Christina Kiefer, attorney at reuschlaw, walks us through what's new and what it means for vendors, as well as for owner / operators.
NIS2 legislation is late in many EU countries, and the new CRA applies to most suppliers of industrial / OT computerized and software products to the EU. Christina Kiefer, attorney at reuschlaw, walks us through what's new and what it means for vendors, as well as for owner / operators.
We're back with a brand-new season of Random but Memorable! ✨
In this episode, ePlus' David Tumlin and F5's Chuck Herrin discuss how securing modern applications isn't just about tools—it's about people. Hear how ePlus and F5 are helping organizations break down silos and build secure, scalable systems—together.
Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: Network Duct Tape [The Industrial Security Podcast]Pub date: 2025-07-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationHundreds of subsystems with the same IP addresses? Thousands of legacy devices with no modern encryption or other security? Constant, acquisitions of facilities "all over the place" network-wise and security-wise? What most of us need is "network duct tape". Tom Sego of Blastwave shows us how their "duct tape" works.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Hundreds of subsystems with the same IP addresses? Thousands of legacy devices with no modern encryption or other security? Constant, acquisitions of facilities "all over the place" network-wise and security-wise? What most of us need is "network duct tape". Tom Sego of Blastwave shows us how their "duct tape" works.
Hundreds of subsystems with the same IP addresses? Thousands of legacy devices with no modern encryption or other security? Constant, acquisitions of facilities "all over the place" network-wise and security-wise? What most of us need is "network duct tape". Tom Sego of Blastwave shows us how their "duct tape" works.
WE NEED YOU! Our 2025 listener survey is now live, and we'd love to hear from you. Whether you've been with us from episode one or just joined the chaos, your feedback will make the show even better.
Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: Credibility, not Likelihood [The Industrial Security Podcast]Pub date: 2025-06-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSafety defines cybersecurity - Kenneth Titlestad of Omny joins us to explore safety, risk, likelihood, credibility, and deterministic / unhackable cyber defenses - a lot of it in the context of Norwegian offshore platforms.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Safety defines cybersecurity - Kenneth Titlestad of Omny joins us to explore safety, risk, likelihood, credibility, and deterministic / unhackable cyber defenses - a lot of it in the context of Norwegian offshore platforms.
Safety defines cybersecurity - Kenneth Titlestad of Omny joins us to explore safety, risk, likelihood, credibility, and deterministic / unhackable cyber defenses - a lot of it in the context of Norwegian offshore platforms.
Random but Memorable turns 150! 1️⃣5️⃣0️⃣ (It's official, we're old.)
In this episode, Mark Ledlow, Bruno Dias, and Matt Talbot discuss the importance of comprehensive threat and risk assessments in corporate and educational environments. They explore the integration of physical security with behavioral threat assessments, emphasizing the crucial role every employee plays in maintaining safety. Additionally, they touch on the psychological aspects of individuals who commit acts of violence, drawing on their own extensive field experiences. Matt shares a powerful story from his time working in a high-risk prison environment, highlighting the importance of building trust and respect with inmates. The episode wraps up with information about their ongoing projects and how listeners can reach out to them for their expert services.Learn about all this and more in this episode of The Fearless Mindset Podcast.KEY TAKEAWAYSAdversity Handling: The importance of dealing with adversity and leveraging experiences to stay fearless is emphasized. Comprehensive Security Approach: Incorporating physical security into behavioral threat assessment provides a unique value. Inclusiveness in Safety: Every employee, regardless of their role, should be viewed as part of the safety and security team. Warning Signs: Identifying and acting on warning behaviors and signs is crucial in preventing violent incidents. Human Side of Inmates: Building respectful relationships with inmates can foster mutual respect and potentially prevent violent outcomes. Impactful Storytelling: Personal stories, such as working with high-risk individuals, can convey powerful lessons in security management. Legacy and Education: The importance of leaving a positive legacy and educating the next generation of security professionals.QUOTES"We really need to think about everybody who is positioned to be able to possibly help." "Humans communicate kind of like dogs shed hair, right? It's just a necessity." "Everybody plays a role... there's something good in everybody and my job was to figure that out." "Sometimes it's about just getting to the human side of somebody." "Treating people with validation and making them feel significant can prevent them from committing violent acts." "Our goal is to leave something original, something impacting on this larger community."Get to know more about Dr. Bruno Dias through the link below.https://www.linkedin.com/in/brunodiaspci/Get to know more about Dr. Matt Talbot through the link below.https://www.linkedin.com/in/matt-talbot-phd-lcsw-ccfc-cfmhe-ctm%C2%AE-5a655044To hear more episodes of The Fearless Mindset podcast, you can go to https://the-fearless-mindset.simplecast.com/ or listen to major podcasting platforms such as Apple, Google Podcasts, Spotify, etc. You can also subscribe to the Fearless Mindset YouTube Channel to watch episodes on video.
Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: Lessons Learned From Incident Response [The Industrial Security Podcast]Pub date: 2025-05-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationHow did they get in? How did we find them when they got in? What can we do in future to clean up the mess faster? Chris Sistrunk reflects on a decades' industrial cyber incident response experience at Mandiant (Google).The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
AI has taken us into uncharted territory.
How did they get in? How did we find them when they got in? What can we do in future to clean up the mess faster? Chris Sistrunk reflects on a decades' industrial cyber incident response experience at Mandiant (Google).
How did they get in? How did we find them when they got in? What can we do in future to clean up the mess faster? Chris Sistrunk reflects on a decades' industrial cyber incident response experience at Mandiant (Google).
It's our World Password Day Special!
Podcast: The Industrial Security Podcast (LS 35 · TOP 3% what is this?)Episode: Experience & Challenges Using Asset Inventory Tools [The Industrial Security Podcast]Pub date: 2025-04-21Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAsset inventory tools have become almost ubiquitous as main offerings or add-ons to OT security solutions. In this episode, Brian Derrico of Trident Cyber Partners walks us through what it's like to use these tools - different kinds of tools in different environments.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
What's the best thing small businesses can do to improve their security posture?
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Travis Farral. Travis has been working in information security since the 90s at places such as Nokia, ExxonMobil, and XTO Energy. He is currently VP & CISO at Archaea Energy, a bp owned, renewable natural gas company based in Houston, Texas. He has spoken at events around world on topics such as Cyber Threat Intelligence, MITRE ATT&CK, and Incident Response. Notable activities during his career include everything from programming logic controllers, building and leading SOCs, driving forklifts, standing up cybersecurity teams, developing threat intelligence programs, and handling responses to incidents, among many other things over the last few decades. [April 21, 2025] 00:00 - Intro 00:18 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:08 - Travis Farral Intro 02:58 - A Different Path than Today 05:25 - Healthy Hacking 08:08 - Anything Can Be Weaponized 10:54 - Questionable Behavior 14:31 - Smash That Report Button!!! 18:58 - Improving Our Odds 21:00 - You Have to Keep It Simple 22:25 - Letters to a Young CISO 24:20 - Find Travis Farral online - LinkedIn: linkedin.com/in/travisfarral 25:01 - Mentors - Shawn Edwards - Jay Leek 27:02 - Book Recommendations - R. E. Lee: A Biography - Douglas Southall Freeman 29:34 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
Asset inventory tools have become almost ubiquitous as main offerings or add-ons to OT security solutions. In this episode, Brian Derrico of Trident Cyber Partners walks us through what it's like to use these tools - different kinds of tools in different environments.
Asset inventory tools have become almost ubiquitous as main offerings or add-ons to OT security solutions. In this episode, Brian Derrico of Trident Cyber Partners walks us through what it's like to use these tools - different kinds of tools in different environments.
This episode we meet Chris McCarty, the inspirational student and founder of Quit Clicking Kids, an organization advocating for children's rights in the digital age. Learn about the rise of “sharenting” and how Chris is fighting for legislative changes to safeguard minors from exploitation on social media platforms. We cover everything from the permanence of online content to getting Gen Z proactive about their privacy.In Watchtower Weekly, we unpack Adolescence (the Netflix show everyone can't stop talking about) and how AI agents are being used to help overwhelmed cybersecurity professionals.
Surprise! In this bonus episode, Ralph Echemendia shares more of his experiences working as a Technical Supervisor on the Snowden movie.
2025 will be a pivotal year for technology regulation in the United States and around the world. The European Union has begun regulating social media platforms with its Digital Services Act. In the United States, regulatory proposals at the federal level will likely include renewed efforts to repeal or reform Section 230 of the Communications Decency Act. Meanwhile, States such as Florida and Texas have tried to restrict content moderation by major platforms, but have been met with challenges to the laws' constitutionality. On March 19, NYU Law hosted a Forum on whether it is lawful, feasible, and desirable for government actors to regulate social media platforms to reduce harmful effects on U.S. democracy and society with expert guests Daphne Keller, Director of the Program on Platform Regulation at Stanford Law School's Cyber Policy Center, and Michael Posner, Director of the Center for Business and Human Rights at NYU Stern School of Business. Tess Bridgeman and Ryan Goodman, co-editors-in-chief of Just Security, moderated the event, which was co-hosted by Just Security, the NYU Stern Center for Business and Human Rights and Tech Policy Press. Show Notes: Tess Bridgeman Ryan GoodmanDaphne Keller Michael PosnerJust Security's coverage on Social Media PlatformsJust Security's coverage on Section 230Music: “Broken” by David Bullard from Uppbeat: https://uppbeat.io/t/david-bullard/broken (License code: OSC7K3LCPSGXISVI)
Why does Hollywood get hacking wrong in so many movies and TV series?
Industrial incidents can be cyber attacks, or equipment failures, or physical equipment leaking product because of metal fatigue or incorrect welds. OT incident responders need to know a lot. Doug Leece of Enbridge explores what is OT incident response and what you look for recruiting people into that role.
Industrial incidents can be cyber attacks, or equipment failures, or physical equipment leaking product because of metal fatigue or incorrect welds. OT incident responders need to know a lot. Doug Leece of Enbridge explores what is OT incident response and what you look for recruiting people into that role.
What's it like to work as a CISO at a security company? This week, 1Password's VP of Security and CISO, Jacob DePriest, reveals all. Jacob also shares his advice for building strong security teams with diverse perspectives, backgrounds, and skillsets.
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
In this episode of the Defense of Security Podcast, Jerry Bell and Andrew Kalat discuss the evolving landscape of cybersecurity threats, focusing on ransomware tactics that exploit insider threats, the hijacking of LLM resources, and the effectiveness of phishing simulations. They explore how adversaries are increasingly targeting employees to gain access to sensitive data and … Continue reading Defensive Security Podcast Episode 296 →