Podcasts about security research

As the RSAC 2025 Conference approaches, key themes are emerging that are set to dominate the world's largest cybersecurity gathering. Industry dynamics are shifting rapidly – from AI enabling higher velocity threats, an intensified platform consolidation debate, high-profile M&A, rising interest in AI agents (with somewhat tepid adoption in cyber), and shifting security budget priorities.Our research shows that though cybersecurity remains a top priority for information technology leaders, it is not immune from macroeconomic headwinds. Moreover, geopolitical tensions have heightened perceived and actual threats, causing a large portion of customers to change their spending habits. On balance, cybersecurity remains the most challenging sector in tech, where 100% success is virtually unattainable; and failure can cripple a firm's brand.In this Breaking Analysis, we dig into Enterprise Technology Research's Annual State of Security Research (free download). We'll examine the macro picture in cybersecurity, share the shifting spending patterns and priorities exposed in the research, examine the hype and realities of platform consolidation, and share which companies chief information security officers feel are helping them innovate to fight the fight.

As China increases its ‘grey zone' pressure, can Taiwan defend its sovereignty without sparking open conflict? In this episode of Global Security Briefing, host Neil Melvin speaks with Dr. Philip Shetler-Jones, RUSI Senior Research Fellow for Indo-Pacific Security, Sze-Fung Lee an independent researcher specialising in Chinese hybrid warfare, and Dr. Jyun-yi Lee, Associate Research Fellow at Taiwan's Institute for National Defense and Security Research to examine how Taiwan is confronting the growing coercive pressure from China, a pressure which falls just below the threshold of war. Drawing on a new RUSI report, they explore what grey zone tactics are, how Taiwan is responding, and what lessons can be shared between Europe and the Indo-Pacific. With rising tensions in the Taiwan Strait, this episode asks: Can grey zone threats be deterred – and how close are we to open conflict? This episode is brought to you as part of our Indo-Pacific Security Programme, under which our research on the grey zone and lawfare receives sponsorship from the Taipei Relations Office in London.

In Folge 67 diskutieren Uli und Markus mit Linus Neumann, Head of Security Strategy bei Security Research Labs, über die Frage, ob IT-Sicherheit ein reines Managementthema ist. Linus berät als IT-Sicherheitsexperte Unternehmen und Betreiber kritischer Infrastrukturen in Fragen der IT-Sicherheit. Seit 2012 ist er zudem einer der Sprecher des Chaos Computer Clubs, Europas größter Hackervereinigung. Linus räumt mit dem verbreiteten Irrglauben auf, IT-Sicherheit sei in erster Linie ein technisches Thema. Tatsächlich, so seine Erfahrung, liegen die Ursachen für Sicherheitslücken fast immer im Organisatorischen: fehlende Verantwortlichkeiten, zu viel Komplexität und mangelnde Priorisierung. Warum reichen Backups nicht aus? Warum versagen viele Sicherheitsprodukte in der Praxis? Und was kann eine sogenannte "Human Firewall" wirklich leisten? Gemeinsam mit Linus beleuchten Uli und Markus, wie IT-Sicherheit effektiv gestaltet werden kann – jenseits von Buzzwords und technischer Kosmetik. Besonders spannend ist der Blick auf die Rolle von Management und Regulierung: Sollen Softwarehersteller für ihre Sicherheitslücken haften? Eine klarsichtige und überraschend praxisnahe Folge über Verantwortung, die richtigen Fragen in der IT-Sicherheit – und warum echte Resilienz weniger mit Firewalls als mit Psychologie und Führungswillen zu tun hat. Wer mehr wissen möchte, findet hier weitere Informationen: - Website der Security Research Labs: https://www.srlabs.de - Website von Linus Neumann: https://linus-neumann.de - Website des Podcast Logbuch:Netzpolitik: https://logbuch-netzpolitik.de Euer Feedback zur Folge und Vorschläge für Themen und Gäst:innen sind sehr willkommen! Vernetzt Euch und diskutiert mit: - Linus Neumann: https://www.linkedin.com/in/linus-neumann/ - Ulrich Irnich: https://www.linkedin.com/in/ulrichirnich/ - Markus Kuckertz: https://www.linkedin.com/in/markuskuckertz/ Mitwirkende - Hosts: Ulrich Irnich & Markus Kuckertz // Redaktion: Marcus Pawlik © Digital Pacemaker Podcast 2025

See the full podcast! https://chinauncensored.tv/programs/podcast-290 Joining us in person for the first time is GUERMANTES 'G-MAN' LAILARI. He is a retired US Air Force Foreign Area Officer specializing in the Middle East and Europe, as well as strategy, irregular warfare, and missile defense. He's also a visiting researcher at the Institute for National Defense and Security Research in Taipei. Read Lailari's article: Keeping Taiwan Safe: Best Possible Options https://www.taipeitimes.com/News/editorials/archives/2025/03/03/2003832770 And check out our other channel, China Uncensored: https://www.youtube.com/ChinaUncensored Our social media: X: https://www.x.com/ChinaUncensored Facebook: https://www.facebook.com/ChinaUncensored Instagram: https://www.instagram.com/ChinaUncensored #China

See the full podcast! https://chinauncensored.tv/programs/podcast-290 Joining us in person for the first time is GUERMANTES 'G-MAN' LAILARI. He is a retired US Air Force Foreign Area Officer specializing in the Middle East and Europe, as well as strategy, irregular warfare, and missile defense. He's also a visiting researcher at the Institute for National Defense and Security Research in Taipei. Read Lailari's article: Keeping Taiwan Safe: Best Possible Options https://www.taipeitimes.com/News/editorials/archives/2025/03/03/2003832770 And check out our other channel, China Uncensored: https://www.youtube.com/ChinaUncensored Our social media: X: https://www.x.com/ChinaUncensored Facebook: https://www.facebook.com/ChinaUncensored Instagram: https://www.instagram.com/ChinaUncensored #China

See the full podcast! https://chinauncensored.tv/programs/podcast-290 Joining us in person for the first time is GUERMANTES 'G-MAN' LAILARI. He is a retired US Air Force Foreign Area Officer specializing in the Middle East and Europe, as well as strategy, irregular warfare, and missile defense. He's also a visiting researcher at the Institute for National Defense and Security Research in Taipei. Read Lailari's article: Keeping Taiwan Safe: Best Possible Options https://www.taipeitimes.com/News/editorials/archives/2025/03/03/2003832770 And check out our other channel, China Uncensored: https://www.youtube.com/ChinaUncensored Our social media: X: https://www.x.com/ChinaUncensored Facebook: https://www.facebook.com/ChinaUncensored Instagram: https://www.instagram.com/ChinaUncensored #China

Seth and Ken are happy to announce that Clint Gibler (@clintgibler), the force behind TL;DRSec (tldrsec.com) and head of Security Research at Semgrep, will be coming on as a guest again on the Absolute AppSec podcast. The conversation starts with background on his experience with TL;DRSec and writing a newsletter. Followed up by an indepth discussion on secure defaults and how Semgrep and other tools help push security in organizations.

Are the world's most popular websites using outdated password policies?

Do you use Android at work, but don't really understand it?In this episode Hahna Kane Latonick teaches an Android cybersecurity masterclass for cyber GRC teams:Here are a few highlights from this episode:How the Android project is managedHow Android devices are compromisedThe many steps to update Android devicesMost important steps to secure Android devicesIs Apple more secure than Android?Hahna is the Director of Security Research at Dark Wolf Solutions. Some of her focuses include Android reverse engineering and exploit development. She has been featured on national media outlets including Fox Business News, ABC News, and many others!Too often companies integrate mobile devices at work without truly understanding how they work and the risks involved.Hahna explained these concepts so well! And of course, we had some back and forth on what is more secure, Android or Apple.I really enjoyed this episode and learned more about Android myself! What were your takeaways?Follow Hahna on LinkedIn: https://www.linkedin.com/in/hahnakane/Dark Wolf Solutions Website: https://darkwolfsolutions.com/Android Security Research Playbook: https://asrp.darkwolf.io/-----------Thanks to our sponsor Vanta!Want to save time filling out security questionnaires?Experience questionnaire automation here: https://vanta.com/grcacademy-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e38&utm_campaign=courses#android #cybersecurity #informationsecurity

Three Buddy Problem - Episode 20: We revisit the ‘hack-back' debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero's Clem Lecinge's Hexacon talk, Apple's new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘meatspace' Bitcoin attacks and more details on North Korean cryptocurrency theft. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs) (SentinelLabs), Costin Raiu (https://twitter.com/craiu) (Art of Noh) and Ryan Naraine (https://twitter.com/ryanaraine) (SecurityWeek).

We are thrilled to welcome Eric Woodruff to our 25th episode of “Cloud Inspires.” Eric is a Senior Security Researcher at Semperis, a Microsoft Security MVP, and a sought-after speaker at conferences worldwide. In this episode, we delve into the latest community events, the security of workload identities, and the intricacies of conducting security research within Microsoft Entra.

What does it take for organizations to stay one step ahead of cyber threats in an increasingly digital world? In this episode, I sit down with Dirk Schrader, Field CISO EMEA and VP of Security Research at Netwrix, to explore the state of cybersecurity and the findings from Netwrix's latest annual security report. The conversation reveals a stark reality: 79% of organizations experienced a cyberattack in the past year, a rise from 68% in 2023, with ransomware remaining one of the most significant threats. Dirk offers insights into what these trends mean for organizations today, especially as cloud-based infrastructure attacks are now matching on-premise incidents. He highlights how identity compromise has become the primary attack vector, particularly for privileged identities, underscoring the importance of identity and privilege management. Throughout the episode, Dirk shares the protective measures organizations can adopt, from fostering a positive security culture that encourages reporting and proactive engagement to utilizing just-in-time privilege approaches and identity threat detection systems. We also discuss the challenges and opportunities brought by remote work and the increasing reliance on cloud services, which demand a shift in traditional security practices. Dirk advocates for a flexible but resilient approach to cyber risk management, where understanding sector-specific needs and balancing regulatory compliance play crucial roles. Lastly, we touch on the role of AI in the evolving cybersecurity landscape—both as a defense mechanism and as a potential tool for adversaries, especially with threats like deepfake voice calls and scalable persuasive phishing on the horizon. Tune in to understand how Netwrix's research and Dirk's expertise can help your organization anticipate risks, fortify defenses, and foster a robust security strategy in an era where cyber resilience is paramount. What cybersecurity challenges have you faced in your organization, and what steps are you taking to address them? Let us know your thoughts.

Mastering Cybersecurity: From AI Threats to Quantum Encryption - Insights with CDW Join host Jim Love in a riveting discussion with Ivo Wiens, Field CTO for CDW Canada, as they review CDW's cyber security research and discussions with CISO's about the state of cyber security in Canada.  Delve into the sophistication of cyber attacks driven by organized crime and nation-states, and learn about the importance of cyber security frameworks like zero trust and NIST standards. The conversation also explores the role of AI in both enhancing phishing attacks and defending against cyber threats, as well as the challenges and strategies in implementing AI security within organizations. Gain insights on vendor management complexities, platformization, quantum cryptography, and the future of cyber encryption. Listen to practical advice on navigating business risks, enhancing user experiences, and adopting zero trust models in today's digital landscape.  00:00 Introduction to Cybersecurity Today 00:26 Understanding CDW and Its Role 01:08 CDW's Approach to Cybersecurity 04:16 Research and Insights from CDW 05:40 The Growing Sophistication of Cyber Attacks 08:24 Adopting Cybersecurity Frameworks 12:12 The Importance of Tabletop Exercises 17:01 Human Vulnerabilities and AI in Cybersecurity 18:12 The Sophistication of Phishing Attacks 19:03 Emotional Manipulation in Cyber Attacks 21:09 AI in Cybersecurity: Opportunities and Risks 22:30 Implementing AI in Business Operations 25:08 Balancing AI and Privacy Concerns 34:09 The Future of Cybersecurity: Quantum Computing 36:53 Final Thoughts and Advice for Organizations

Mastering Cybersecurity: From AI Threats to Quantum Encryption - Insights with CDW Join host Jim Love in a riveting discussion with Ivo Wiens, Field CTO for CDW Canada, as they review CDW's cyber security research and discussions with CISO's about the state of cyber security in Canada.  Delve into the sophistication of cyber attacks driven by organized crime and nation-states, and learn about the importance of cyber security frameworks like zero trust and NIST standards. The conversation also explores the role of AI in both enhancing phishing attacks and defending against cyber threats, as well as the challenges and strategies in implementing AI security within organizations. Gain insights on vendor management complexities, platformization, quantum cryptography, and the future of cyber encryption. Listen to practical advice on navigating business risks, enhancing user experiences, and adopting zero trust models in today's digital landscape.  00:00 Introduction to Cybersecurity Today 00:26 Understanding CDW and Its Role 01:08 CDW's Approach to Cybersecurity 04:16 Research and Insights from CDW 05:40 The Growing Sophistication of Cyber Attacks 08:24 Adopting Cybersecurity Frameworks 12:12 The Importance of Tabletop Exercises 17:01 Human Vulnerabilities and AI in Cybersecurity 18:12 The Sophistication of Phishing Attacks 19:03 Emotional Manipulation in Cyber Attacks 21:09 AI in Cybersecurity: Opportunities and Risks 22:30 Implementing AI in Business Operations 25:08 Balancing AI and Privacy Concerns 34:09 The Future of Cybersecurity: Quantum Computing 36:53 Final Thoughts and Advice for Organizations

Starlink ger teknikentreprenören Elon Musk makt att avgöra vem som får tillgång till satellit-internet. Och vem som ska stängas av. Lyssna på alla avsnitt i Sveriges Radio Play. Elon Musks bolag Starlink äger två tredjedelar av alla satelliter som cirklar runt jorden. Vissa talar om honom som en interntgud.Hans nya satellitbundna internet fungerar när annat nät slagits ut som i krigets Ukraina. Och på otillgängliga platser på jorden som regnskogens Amazonas som tidigare inte haft någon uppkoppling.Samtidigt väcker hans kontakt med personer som Trump, Putin och Xi Jingping farhågor kring hur Elon Musk använder sig av den här makten.Följ med till Amazonas i Brasilien, rebellkontrollerade områden i Myanmar och till Donetsk i Ukraina.Medverkande: Milton Mueller, professor i cybersäkerhetspolicy vid Georgia Tech university i Atlanta, USA, Jesse Rodrigues, lokal ledare i Amazonas, Pedro Ekman, ordförande för Intervoces, en organisation som verkar för att fler brasilianare ska få tillgång till internet, Joel Araújo, chef för den brasilianska miljömyndigheten Ibama, Yisou Tzeng chef för cybersäkerhetsavdelningen vid Taiwans Institute for National Defense and Security Research, Saw Tender, Karen-folkets politiske ledare i Myanmar, samt läkare, guldgrävare, lärare, spelande barn och alla andra som använder internet.Reportrar: Lubna El-Shanti, Ukrainakorrespondent, Axel Kronholm, Sydostasienkorrespondent, Lotten Collin, Latinamerikakorrespondent, Juliana Faddul, frilansare Brasilien.Programledare: Kajsa Boglindkajsa.boglind@sr.seProducent: Ulrika Bergqvistulrika.bergqvist@sr.seTekniker: Emilia Ström

Why does Cloud Security Research matter in 2024? At fwd:cloudsec EU in Brussels, we sat down with Scott Piper, a renowned cloud security researcher at Wiz, to discuss the growing importance of cloud security research and its real-world impact. Scott spoke to us about the critical differences between traditional security testing and cloud security research, explaining how his team investigates cloud providers to find out vulnerabilities, improve detection tools, and safeguard data. Guest Socials:⁠ ⁠⁠⁠⁠⁠⁠Scott's Linkedin + Scott's Twitter Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (02:07) A bit about Scott Piper (02:48) What is a Cloud Security Research Team? (04:30) Difference between traditional and Cloud Security Research (07:21) Cloud Pentesting vs Cloud Security Research (08:10) What is request collapsing? (10:26) GitHub Actions and OIDC Research (13:47) How has cloud security evolved? (17:02) Tactical things for Cloud Security Program (18:41) Impact of Kubernetes and AI on Cloud (20:37) How to become a Cloud Security Researcher (22:46) AWS Cloud Security Best Practices (26:35) Trends in AWS Cloud Security Research (28:11) Fun Questions (30:22) A bit about fwd:cloudsec Resources mentioned during the interview: Wiz.io - Cloud Security Podcast listeners can also get a free cloud security health scan PEACH framework Wiz Research Blog Avoiding security incidents due to request collapsing A security community success story of mitigating a misconfiguration Cloudmapper flaws.cloud fwd:cloudsec CTFs The Big IAM Challenge Prompt Airlines , AI Security Challenge Kubernetes LAN Party

Len Noe, a professional ethical hacker, is a technical evangelist for CyberArk. Living with 10 microchips implanted in his body, Noe calls himself a "transhuman," and is hacking his body for security research. In this episode, he joins host Charlie Osborne to discuss his experience in detail, including what implants he has experimented with, how they can be used to conduct cyberattacks, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Shachar Menashe, Senior Director of Security Research at JFrog, is talking about "When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI." A security vulnerability in the Vanna.AI tool, called CVE-2024-5565, allows hackers to exploit large language models (LLMs) by manipulating user input to execute malicious code, a method known as prompt injection. This poses a significant risk when LLMs are connected to critical functions, highlighting the need for stronger security measures. The research can be found here: When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI Learn more about your ad choices. Visit megaphone.fm/adchoices

Shachar Menashe, Senior Director of Security Research at JFrog, is talking about "When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI." A security vulnerability in the Vanna.AI tool, called CVE-2024-5565, allows hackers to exploit large language models (LLMs) by manipulating user input to execute malicious code, a method known as prompt injection. This poses a significant risk when LLMs are connected to critical functions, highlighting the need for stronger security measures. The research can be found here: When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI Learn more about your ad choices. Visit megaphone.fm/adchoices

HP released the findings of a global survey highlighting the growing concern over nation-state threat actors targeting physical supply chains and tampering with device hardware and firmware integrity. The study of 800 IT and security decision-makers (ITSDMs) responsible for device security highlights the need for businesses to focus on device hardware and firmware integrity, with attacks on hardware supply chains and device tampering expected to increase. Key findings from the HP Wolf Security Study include: Almost one in five (19%) organisations surveyed say they have been impacted by nation-state threat actors targeting physical PC, laptop or printer supply chains. In the US, this figure rises to 29%. Over a third (35%) of organisations surveyed believe that they or others they know have already been impacted by nation-state threat actors targeting supply chains to try and insert malicious hardware or firmware into devices. Overall, 91% believe nation-state threat actors will target physical PC, laptop or printer supply chains to insert malware or malicious components into hardware and/or firmware. Almost two-thirds (63%) believe the next major nation-state attack will involve poisoning hardware supply chains to sneak in malware. "System security relies on strong supply chain security, starting with the assurance that devices are built with the intended components and haven't been tampered with during transit. If an attacker compromises a device at the firmware or hardware layer, they'll gain unparalleled visibility and control over everything that happens on that machine. Just imagine what that could look like if it happens to the CEO's laptop," comments Alex Holland, Principal Threat Researcher in the HP Security Lab. Holland continues, "Such attacks are incredibly hard to detect, as most security tools sit within the operating system. Moreover, attacks that successfully establish a foothold below the OS are very difficult to remove and remediate, adding to the challenge for IT security teams." Considering the scale of the challenge, it's unsurprising that 78% of ITSDMs say their attention to software and hardware supply chain security will grow as attackers try to infect devices during transit. Organisations are concerned that they are blind and unequipped to mitigate device supply chain threats like tampering. Over half (51%) of ITSDMs are concerned that they cannot verify if PC, laptop or printer hardware and firmware have been tampered with during transit. A further 77% say they need a way to verify hardware integrity to mitigate the risk of device tampering. "In today's threat landscape, managing security across a distributed hybrid workplace environment must start with the assurance that devices haven't been tampered with at the lower level. This is why HP is focused on delivering PCs and printers with industry-leading hardware and firmware security foundations designed for resilience, to allow organisations to manage, monitor and remediate device hardware and firmware security throughout the lifetime of devices, across the fleet," comments Boris Balacheff, Chief Technologist for Security Research and Innovation, HP Inc. Security Lab. In recognition of these risks, HP Wolf Security is advising customers to take the following steps to help proactively manage device hardware and firmware security right from the factory: Adopt Platform Certificate technology, designed to enable verification of hardware and firmware integrity upon device delivery. Securely manage firmware configuration of your devices, using technology like HP Sure Admin (for PCs) or HP Security Manager (Support). These enable administrators to manage firmware remotely using public-key cryptography, eliminating the use of less secure password-based methods. Take advantage of vendor factory services to enable hardware and firmware security configurations right from the factory, such as HP Tamper Lock, Sure Admin, or Sure Recover technologies. Monitor o...

In this Risky Business News sponsored interview, Tom Uren talks to Rob King, Director of Security Research at runZero, about keeping up with the stream of vulnerabilities in the KEV list and OT devices and runZero's research into the SSH protocol.

China is building alliances all over the world. But the US is building its own alliances to fight back. GUERMANTES 'G-MAN' LAILARI. He is a retired US Air Force Foreign Area Officer specializing in the Middle East and Europe, as well as strategy, irregular warfare, and missile defense. He's also a visiting researcher at the Institute for National Defense and Security Research. Don't forget to subscribe to the channel and hit that bell icon to get notified when new videos come out: https://bit.ly/3u1eKSZ And check out our other channel China Uncensored: https://youtube.com/channel/UCgFP46yVT-GG4o1TgXn-04Q Merchandise: https://www.chinaunscripted.com/merchandise Our website: https://www.chinaunscripted.com/ YouTube demonetizes our videos, which is why we rely on support from viewers like you. Please join our 50¢ army at: https://www.patreon.com/chinaunscripted https://www.chinauncensored.locals.com https://www.chinaunscripted.com/support Our social media: Twitter: https://www.twitter.com/ChinaUncensored Facebook: https://www.facebook.com/ChinaUncensored Instagram: https://www.instagram.com/ChinaUncensored #China

The author of “White Sun War: The Campaign for Taiwan" discusses shoring up defenses against a blockade or invasion.  Guest: Mick Ryan, retired Australian Army major general, strategist, and author. Sources: “White Sun War: The Campaign for Taiwan,” by Mick Ryan, published May 2023; "Chinese Warship Activities around Taiwan," by Si-Fu Ou, director of the Division of Chinese Politics, Military and Warfighting Concepts at the Institute for National Defense and Security Research in Taiwan; “From Coercion to Capitulation, How China Can Take Taiwan Without a War,” by the Institute for the Study of War, May 2024.

In this episode of the No More Secrets Podcast, listen in as our group discusses patch Tuesday, Microsoft's "hard" line about doing security, and the dangers of extorting a company where you used to work! Also, we discuss with our Special Guest, Justin Hall, Sr. Manager of Security Research at Tenable, feeling like impostors and how we might overcome that trap!  Hosts: Ryan Hamrick & Chris DeBrunner Editor & Producer: Lance Hart Executive Producers: Gabby Scott & Jana Korfhagen Contact email: nmspod@protonmail.com

Dor Dali, Head of Security Research at Cyolo, joins Nic Fillingham on this week's episode of The BlueHat Podcast. They delve into Dor's journey into cybersecurity, from pranking friends as a teenager to his professional roles, including his involvement in the Blue Hat conference through GE, where he helped create the Capture The Flag (CTF) challenge. Dor details the vulnerabilities in the RDP protocol by closely following the protocol specifications and identifying discrepancies that led to security flaws. They detail a vulnerability related to RDP Gateway's UDP cookie authentication process, the implications of Dor's research for other security researchers and hackers and the importance of leveraging available resources, such as protocol specifications and open-source implementations, to understand closed-source systems better and potentially uncover vulnerabilities. In This Episode You Will Learn: The unique perspective Dor has with RDP security research How to approach security research when following the protocol specifications The importance of clear documentation in preventing security vulnerabilities Some Questions We Ask: How did you design and build the Capture the Flag event? Did you face any unexpected hurdles while researching the RDP protocol's security? Have you found other security vulnerabilities by closely adhering to protocol specifications? Resources: View Dor Dali on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information.

871: In the age of artificial intelligence, cybersecurity has become of utmost importance to protect private information and customer data. In this episode of Technovation, host Peter High speaks with Gafnit Amiga, leader of the security research group at Outshift by Cisco, where they delve into the evolving landscape of cloud and artificial intelligence security. Gafnit, having a substantial background in application and cloud security, shares her journey from Lightspin to Cisco, highlighting her team's focus on identifying and mitigating potential security vulnerabilities in cloud services, Kubernetes, software supply chains, and AI. She shares insights on the unique challenges AI presents to security, the importance of observability, and the continuous game of staying ahead of threats. Gafnit also discusses the diversity and approach of her research team in tackling security challenges, reflecting on the transition from a startup to being part of Cisco, and offers advice to CIOs and CISOs on safeguarding against emerging security threats.

871: In the age of artificial intelligence, cybersecurity has become of utmost importance to protect private information and customer data. In this episode of Technovation, host Peter High speaks with Gafnit Amiga, leader of the security research group at Outshift by Cisco, where they delve into the evolving landscape of cloud and artificial intelligence security. Gafnit, having a substantial background in application and cloud security, shares her journey from Lightspin to Cisco, highlighting her team's focus on identifying and mitigating potential security vulnerabilities in cloud services, Kubernetes, software supply chains, and AI. She shares insights on the unique challenges AI presents to security, the importance of observability, and the continuous game of staying ahead of threats. Gafnit also discusses the diversity and approach of her research team in tackling security challenges, reflecting on the transition from a startup to being part of Cisco, and offers advice to CIOs and CISOs on safeguarding against emerging security threats.

With the sudden surge of conflict in the Middle East, how much of a hand did China have in it? Turns out, the answer could be a lot. Read the article: China's Support of Hamas: Evidence and Actions https://www.jewishpolicycenter.org/2024/04/02/chinas-support-of-hamas-evidence-and-actions/ Joining us once again is GUERMANTES 'G-MAN' LAILARI. He is a retired US Air Force Foreign Area Officer specializing in the Middle East and Europe, as well as strategy, irregular warfare, and missile defense. He's also a member of the Jewish Policy Center Board of Fellows, and a visiting researcher at the Institute for National Defense and Security Research. Don't forget to subscribe to the channel and hit that bell icon to get notified when new videos come out: https://bit.ly/3u1eKSZ And check out our other channel China Uncensored: https://youtube.com/channel/UCgFP46yVT-GG4o1TgXn-04Q Merchandise: https://www.chinaunscripted.com/merchandise Our website: https://www.chinaunscripted.com/ YouTube demonetizes our videos, which is why we rely on support from viewers like you. Please join our 50¢ army at: https://www.patreon.com/chinaunscripted https://www.chinauncensored.locals.com https://www.chinaunscripted.com/support Our social media: Twitter: https://www.twitter.com/ChinaUncensored Facebook: https://www.facebook.com/ChinaUncensored Instagram: https://www.instagram.com/ChinaUncensored

The Interview: Ibrahim (Abe) Baggili Ph.D., discusses his research on: VR Deception Forensic analysis of the Roomba Using the Progressive App to detect hit & run

We sat down with the VP of Research at Cybellum, aka "Roman Explains" to learn from his vast experience in embedded device security research and get practical insights into how to use AI in product security, following the release of his new "Ask Roman" product feature for product security professionals.

- What are some of the most interesting developments in the world of software supply chain security (SSCS) in the last 12 months or so?- It's now been a couple of years since the major fall out of notable incidents such as SolarWinds and Log4j, do you feel like the industry is making headway in addressing software supply chain threats?- For organizations either just starting or looking to mature their software supply chain maturity, where are some key areas you recommend organizations focus their attention?- We have a complex landscape from extensive use of open source, SaaS and Cloud providers, partners and third parties, how have you seen firms successfully handle this complexity when it comes to activities such as incident response? - There's a bit of a heated debate in the industry underway on point products vs. platforms. I know Checkmarx has a comprehensive AppSec platform. How do you view this debate, and do you think we will always have and see the need for point products, best of breed and comprehensive platforms in the industry?- You spend a fair bit of time focused on SSCS research, how does your team approach these activities and sharing the insights with the community?- Checkmarx shares a tremendous amount of informative and insightful research around SSCS. Where can folks learn more and what are some of the interesting projects you all are currently working on?

Cybersecurity is rife with technological solutions, but as security researcher John Hammond knows all too well, it's people that make the difference. Hear how people make or break security intel, both as researchers and threat actors. We'll talk sock puppets, the role of OSINT for your own OPSEC and intelligence building, cybergang leaders as businessmen and more. Plus we'll dive into John's recent OSINT work on the ScreenConnect vulnerabilities and how they're being leveraged in the wild.

Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more! Show Notes: https://securityweekly.com/asw-272

Join us on an inspiring adventure through the world of cybersecurity, as we share a cup of digital coffee with our guest, Emily Austin, a seasoned professional in the tech field. Prepare to be enlightened and intrigued by her unlikely journey into the world of cybersecurity, a detour from psychology to tech that not only shows there's no single path into the industry but also demonstrates the value in diversity and unconventional paths. You'll gain insights into the world of security research, understanding the importance of different perspectives and the value of effective communication. Discover the nuances of internet mapping and security research, and get a glimpse into the day-to-day life of a team handling comprehensive internet scan data. Learn how modern conflicts shake the tech industry, as we unravel the complexities of cyber warfare and the critical role played by the Ukrainian IT army. Finally, brace yourself as we lay bare the underbelly of tech: the increased attacks on back office software. We'll take you through the potential risks and implications of assaults on file transfer tools and shed light on how these attacks are affecting enterprises and regulated industries. This episode is a thrilling exploration packed with insight and analysis - a must-listen for those curious about the ever-evolving tech field, cybersecurity, IT, and the true essence of a career in technology. Tune in to join the conversation!LinkedIn: https://www.linkedin.com/in/emilylaustin/Censys: https://censys.com/Support the showAffiliate Links:NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902 Follow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot.  The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection. The research can be found here: KmsdBot: The Attack and Mine Malware

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot.  The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection. The research can be found here: KmsdBot: The Attack and Mine Malware Learn more about your ad choices. Visit megaphone.fm/adchoices

Seth and Ken are joined last minute by Jason Haddix (@jhaddix). Conversion about DEF CON talks, use of LLMs in research, and recently released tools.

Seth and Ken are joined last minute by Jason Haddix (@jhaddix). Conversion about DEF CON talks, use of LLMs in research, and recently released tools.

Steve provides an update on ValiDrive, his new freeware utility for testing USB drives. It identifies bogus mass storage drives and performance differences between drives. There has been another sighting of Google's Topics API, this time on Android phones. It allows apps to get information about users' interests based on recent app usage. Apple has opened up their iPhones to security researchers through their Security Research Device program since 2019. Researchers get access to customize kernels, entitlements, and other low-level features without compromising security. Research reveals vulnerabilities in browser extensions that allow them to steal plaintext passwords from a website's HTML source code. Even sites like Google, Facebook, Amazon, IRS, and Capital One are affected. Feedback from listeners on topics like Apple's stance on scanning iCloud data for CSAM, Microsoft's broken TLS timestamp implementation, using VirusTotal to check downloaded files, ReadSpeed limitations, and downloading malware for VirusTotal checks. Apple publicly shares a letter from a CSAM activist demanding they implement scanning to detect child abuse images in iCloud Photos. Apple responds clearly stating they will not compromise user privacy and security to do so. Show Notes - https://www.grc.com/sn/SN-938-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit panoptica.app canary.tools/twit - use code: TWIT

Steve provides an update on ValiDrive, his new freeware utility for testing USB drives. It identifies bogus mass storage drives and performance differences between drives. There has been another sighting of Google's Topics API, this time on Android phones. It allows apps to get information about users' interests based on recent app usage. Apple has opened up their iPhones to security researchers through their Security Research Device program since 2019. Researchers get access to customize kernels, entitlements, and other low-level features without compromising security. Research reveals vulnerabilities in browser extensions that allow them to steal plaintext passwords from a website's HTML source code. Even sites like Google, Facebook, Amazon, IRS, and Capital One are affected. Feedback from listeners on topics like Apple's stance on scanning iCloud data for CSAM, Microsoft's broken TLS timestamp implementation, using VirusTotal to check downloaded files, ReadSpeed limitations, and downloading malware for VirusTotal checks. Apple publicly shares a letter from a CSAM activist demanding they implement scanning to detect child abuse images in iCloud Photos. Apple responds clearly stating they will not compromise user privacy and security to do so. Show Notes - https://www.grc.com/sn/SN-938-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit panoptica.app canary.tools/twit - use code: TWIT

Steve provides an update on ValiDrive, his new freeware utility for testing USB drives. It identifies bogus mass storage drives and performance differences between drives. There has been another sighting of Google's Topics API, this time on Android phones. It allows apps to get information about users' interests based on recent app usage. Apple has opened up their iPhones to security researchers through their Security Research Device program since 2019. Researchers get access to customize kernels, entitlements, and other low-level features without compromising security. Research reveals vulnerabilities in browser extensions that allow them to steal plaintext passwords from a website's HTML source code. Even sites like Google, Facebook, Amazon, IRS, and Capital One are affected. Feedback from listeners on topics like Apple's stance on scanning iCloud data for CSAM, Microsoft's broken TLS timestamp implementation, using VirusTotal to check downloaded files, ReadSpeed limitations, and downloading malware for VirusTotal checks. Apple publicly shares a letter from a CSAM activist demanding they implement scanning to detect child abuse images in iCloud Photos. Apple responds clearly stating they will not compromise user privacy and security to do so. Show Notes - https://www.grc.com/sn/SN-938-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit panoptica.app canary.tools/twit - use code: TWIT

Steve provides an update on ValiDrive, his new freeware utility for testing USB drives. It identifies bogus mass storage drives and performance differences between drives. There has been another sighting of Google's Topics API, this time on Android phones. It allows apps to get information about users' interests based on recent app usage. Apple has opened up their iPhones to security researchers through their Security Research Device program since 2019. Researchers get access to customize kernels, entitlements, and other low-level features without compromising security. Research reveals vulnerabilities in browser extensions that allow them to steal plaintext passwords from a website's HTML source code. Even sites like Google, Facebook, Amazon, IRS, and Capital One are affected. Feedback from listeners on topics like Apple's stance on scanning iCloud data for CSAM, Microsoft's broken TLS timestamp implementation, using VirusTotal to check downloaded files, ReadSpeed limitations, and downloading malware for VirusTotal checks. Apple publicly shares a letter from a CSAM activist demanding they implement scanning to detect child abuse images in iCloud Photos. Apple responds clearly stating they will not compromise user privacy and security to do so. Show Notes - https://www.grc.com/sn/SN-938-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit panoptica.app canary.tools/twit - use code: TWIT

On Security Now, Steve Gibson and Leo Laporte discuss Apple opening their iPhones to security researchers through a program that provides access to customize kernels and system features without compromising security. For the full episode, visit twit.tv/sn/938 #Apple #Security #Research Hosts: Leo Laporte and Steve Gibson You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT

On Security Now, Steve Gibson and Leo Laporte discuss Apple opening their iPhones to security researchers through a program that provides access to customize kernels and system features without compromising security. For the full episode, visit twit.tv/sn/938 #Apple #Security #Research Hosts: Leo Laporte and Steve Gibson You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT

On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) delve into the recently announced U.S. Cyber Trust Mark, a cybersecurity labeling program for IoT devices - a long-anticipated directive of Executive Order 14028.   Larry and Eric explore how, in contrast to static ratings like ENERGY STAR, this dynamic IoT security score will attempt to reflect the continually evolving landscape of cybersecurity threats and controls. They delve into the efficacy of this voluntary labeling program: Will consumers use it? Will manufacturers comply (and raise prices) or ignore it?   Together, Larry and Eric discuss the initial criteria for assigning these security scores and the user-friendly implementation strategies like QR codes. They also tackle the implications of this program on various connected devices, from baby monitors to solar panels, analyzing whether this voluntary program will see widespread adoption across various industries with varied potential risks (from privacy violations to deadly fires).   In the discussion, Larry turns the tables and asks Eric about the FCC's unexpected role in enforcing IoT labeling compliance and how this labeling initiative aligns with the broader trend towards transparency and accountability in device security regulation and progress.    Interview with Larry Pesce    Since joining Finite State, Larry has been providing expert product security program design and development as well as IoT pen testing services and guidance to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (among other various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University.    Join in on this insightful discussion where Eric and Larry consider: Similarities and differences between the IoT labeling and ENERGY STAR rating programs  The need to reflect the ever-changing nature of cybersecurity risk and controls within cybersecurity scores  How, and how much, consumers will actually use the score and value higher-rated devices Criteria considered when assigning the scores and where labels will appear  The varying impacts of a voluntary IoT labeling program on consumer vs. industrial connected device cybersecurity The surprising role of the FCC as the enforcing regulator for IoT labeling compliance   Find Larry on LinkedIn: Larry Pesce: https://linkedin.com/in/larrypesce   Learn more about Finite State: https://finitestate.io/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/    

With the relentless advancements in technology and a workforce more digitally-enabled than ever before, businesses today face an unprecedented challenge of protecting their sensitive information from cybercriminals. Infostealer malware, often disguised as innocuous files or hidden within legitimate-looking emails, stealthily infiltrate employee and contractor devices – managed and unmanaged – exfiltrating all manner of data for the purposes of executing follow-on attacks including ransomware. The data at risk includes customer details, financial information, intellectual property, and R&D plans stolen from compromised applications that were accessed from infostealer-exfiltrated authentication data like credentials and active session cookies/tokens. This episode digs into the proliferation of infostealers and provides actionable steps for businesses of any size or industry to mitigate the threat. In this episode of CyberWire-X, N2K's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Rick Doten to discuss the early days of incident response and the current thinking of post-infection remediation (PIR) actions. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor SpyCloud's Director of Security Research, Trevor Hilligoss. They chat about the challenges for enterprises and security leaders to identify what was stolen from malware-infected devices and how proper post-infection remediation implemented into existing incident response workflows can help prevent this data from causing ransomware. Trevor shares highlights from an industry report of over 300+ security leaders from North America and the UK on where they stand on malware identification and remediation, and what additional work can be done to minimize cybercriminals' access and impact.

What are the latest trends in the ransomware-as-a-service ecosystem? Since at least May 27, the CL0P ransomware gang has been exploiting a previously unknown vulnerability to exfiltrate data from financial services organizations, energy corporations, government agencies, and even universities. The group appears to be changing tactics—while it was previously known for its use of the “double extortion” tactic of stealing and encrypting victim data, it seems to now be relying mostly on data exfiltration instead.To discuss the latest changes in the ransomware ecosystem, Eugenia Lostri, Lawfare's Fellow in Technology Policy and Law, sat down with Charl van der Walt, Head of Security Research at Orange Cyberdefense. Charl is one of the authors of a report analyzing recent cyber extortion activity. They talked about the ransomware-as-a-service ecosystem, the impact the Russian invasion of Ukraine had on ransomware activity in the past year, and what law enforcement is doing to disrupt cybercriminal networks.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

Daniel dos Santos, Forescout's Head of Security Research is sharing insights from a recent exercise his team conducted on AI-assisted attacks for OT and unmanaged devices. Using ChatGPT, Forescout's research team converted an existing OT exploit developed in Python to run on Windows to demonstrate how easy it is to create an AI-assisted attack that converts the original exploit into alternative programming languages. The research states "our goal was to convert an existing OT exploit developed in Python to run on Windows to the Go language using ChatGPT." This would then allow it to run faster on Windows and run easily on a variety of embedded devices. The research can be found here: AI-Assisted Attacks Are Coming to OT and Unmanaged Devices – the Time to Prepare Is Now

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot.  The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection. The research can be found here: KmsdBot: The Attack and Mine Malware