Podcasts about security researcher

Send us a text SummaryIn this conversation, Joe and Aaron discuss Aaron's journey into cybersecurity, highlighting the importance of curiosity, perseverance, and continuous learning in the field. Aaron shares his early experiences with hacking, his transition into professional security roles, and the unique challenges of pen testing SaaS applications. The discussion emphasizes the need for passion and dedication in overcoming obstacles and achieving success in cybersecurity. In this conversation, Joe and Aaron discuss the importance of sharing knowledge in the field of SaaS security, highlighting how personal initiatives like blogging can lead to unexpected career opportunities. They delve into the challenges organizations face regarding SaaS application risks, the significance of inventory management, and the shared responsibility model in security. The discussion also emphasizes the need for awareness of misconfigurations and reassures listeners that coding skills are not a prerequisite for entering the SaaS security space.Chapters00:00 Introduction and Personal Background08:27 Journey into Cybersecurity17:00 Perseverance in Learning and Growth20:49 Pen Testing SaaS Applications26:51 The Power of Sharing Knowledge29:06 Discovering New Opportunities in SaaS Security32:45 Understanding SaaS Application Risks35:32 The Importance of SaaS Inventory Management38:43 Shared Responsibility in SaaS Security41:51 Misconfigurations and Security Awareness45:01 Navigating SaaS Security Without Coding Skills Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast

In this episode, we welcome cybersecurity researcher and YouTube legend John Hammond. John shares insights from his career at Huntress and his popular YouTube channel, where he creates educational content on cybersecurity. He introduces his new platform, Just Hacking Training, aimed at providing affordable, high-quality training. John also discusses current trends in cybercrime, the role […] The post Cybersecurity Insights with John Hammond: YouTube Legend and Security Researcher appeared first on Shared Security Podcast.

In this episode, we dive deep into Azure security, incident response, and the evolving cloud threat landscape with Katie Knowles, Security Researcher and former Azure Incident Responder. We spoke about common Azure incident response scenarios you need to prepare for, how identity and privilege escalation work in Azure, how Active Directory and Entra ID expose new risks and what security teams need to know about Azure networking and logging.Guest Socials: ⁠⁠⁠⁠⁠⁠⁠⁠⁠Katie's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:27) A bit about Katie(03:17) Domain Admin in Azure(07:03) Common causes of incidents in Azure(08:53) Identities in Azure(11:44) Third Party Identities in Azure(17:34) Azure Networking and Incident Response(22:35) Common Incidents in Azure(26:53) AI specific incidents in Azure(28:45) Privilege escalation in Azure(39:37) Where to start with Azure Research?(48:20) The Fun Questions

In this episode, we speak with Fabian Hoffmann, a PhD fellow at the Oslo Nuclear Project, who warns that Europe must be prepared for war against Russia within the next 1.5 to 2.5 years. Hoffmann argues that Europe is currently unprepared for a potential conflict, lacking both military striking power and a unified approach to security. He emphasizes the need for European rearmament, particularly in the area of missile production, and expresses concern about the lack of leadership and coordination within the continent.See omnystudio.com/listener for privacy information.

Stargate Project highlights rift between OpenAI and Microsoft, the UK's CMA investigates Apple and Google over DMCC, DeepSeek releases DeepSeek-R1. MP3 Please SUBSCRIBE HERE for free or get DTNS Live ad-free. A special thanks to all our supporters–without you, none of this would be possible. If you enjoy what you see you can support theContinue reading "Security Researcher Demonstrates Now-Fixed Subaru Vehicle Vulnerabilities – DTH"

On this episode of The Cybersecurity Defenders Podcast we talk about automation in MSSP operations with David Burkett, Cloud Security Researcher at Core light. David has deep expertise in cloud threat detection and automation. Over the course of his career, David has built and optimized three different Cyber Security Operations Centers for MSSP and MDR providers, demonstrating his unparalleled skill in scaling security operations through automation and efficient processes.David has consulted for over 40 Fortune 500 companies and large federal organizations, helping them design and implement SOAR platforms and playbooks that enhance detection and response capabilities. He also actively contributes to the open-source detection project Sigma, showcasing his dedication to advancing the cybersecurity community.Among his many accolades, David was part of a team that received the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award, recognizing their SOC as one of the top 1% in cybersecurity programs for cleared facilities. He also holds a robust set of GIAC certifications, reinforcing his technical expertise in threat intelligence, cloud security, and playbook design.

In this episode of Stats on Stats, we sit down with Dakshitaa Babu, Security Researcher and Product Evangelist at Square X. Based in Singapore, Dakshitaa shares her inspiring journey from sustainability to cybersecurity and her pivotal role in addressing emerging browser vulnerabilities. We explore groundbreaking research unveiled at DEF CON, why browser security is crucial in today's threat landscape, and the innovative tools Square X provides for enterprises and individual users. Guest Connect LinkedIn: https://www.linkedin.com/in/dakshitaababu/ SquareX: https://www.sqrx.com/ SquareX for Beginners: https://labs.sqrx.com/squarex-for-beginners-ae8fac17ea68 Stats on Stats Resources Merch: https://www.statsonstats.io/shop LinkTree: https://linktr.ee/statsonstatspodcast Stats on Stats Partners & Affiliates IntelliCON 2025 Website: https://www.intelliguards.com/intellic0n-speakers Register: https://www.eventbrite.com/e/intellic0n-2025-tickets-1002600072807 Use Discount Code for 20% off Tickets: STATSONSTATS Path AI Website: https://yourpath.ai Discount Code: Join our Discord community for access! Antisyphon Training Website: https://www.antisyphontraining.com MAD20 Training Website: https://mad20.io Discount Code: STATSONSTATS15 Ellington Cyber Academy: https://kenneth-ellington.mykajabi.com Discount Code: STATSONSTATS Kevtech Academy Website: https://www.kevtechitsupport.com Dream Chaser's Coffee Website: https://dreamchaserscoffee.com Discount code: STATSONSTATS Podcasts We Like DEM Tech Folks Website: https://linktr.ee/developeverymind YouTube: https://www.youtube.com/@demtechfolks IntrusionsInDepth Website: https://www.intrusionsindepth.com YouTube: https://www.youtube.com/@IntrusionsInDepth

On this episode of The Cybersecurity Defenders Podcast we speak with Jibby Saetang, Security Researcher with Microsoft GHOST, about his novel path to a career in cybersecurity.With over a decade of experience in watch and jewelry repair, Jibby developed an impressive eye for detail and a knack for solving complex problems. These skills translated seamlessly into the world of cybersecurity, where Jibby found an unexpected yet perfect fit. Driven by a passion for learning, Jibby dove into the KC7 platform, an immersive cybersecurity training resource, which ultimately led to a role at Microsoft—all without taking the traditional certification route. Jibby's story is a testament to the power of persistence, passion, and non-traditional paths in tech. Now, Jibby is focused on helping others break into cybersecurity by developing new KC7 training modules, aiming to inspire and equip the next generation of problem-solvers.

Cybersecurity Today: GitHub Attacks & Microsoft's November Patch Tuesday Updates In this episode of Cybersecurity Today, host Jim Love highlights critical cybersecurity updates. The episode covers malicious attacks on GitHub projects, including an orchestrated attempt to frame Texas-based security researcher Mike Bell, and the associated impact on open-source repositories. Additionally, Microsoft's November Patch Tuesday is discussed in detail, with over 90 security issues disclosed, including four critical zero-day vulnerabilities. The episode also addresses a new ransomware strain exploiting vulnerabilities in Veeam backup software, and the disruptions caused by Microsoft's flawed Exchange Server security update. Stay informed on the latest cybersecurity trends and threats. 00:00 Introduction and Sponsor Message 00:29 Cybersecurity Headlines 00:46 GitHub Malicious Code Attack 03:24 Microsoft November Patch Tuesday 05:17 Veeam Backup Software Vulnerability 07:02 Microsoft Exchange Server Update Issues 08:47 Conclusion and Sign-Off

Today, we're talking to Harri Hursti, Security Researcher & International Speaker. We discuss the impending technological vulnerabilities of the upcoming US election, whether or not they can be mitigated, and what Harri thinks about the future of voting technology in the US. All of this right here, right now, on the Modern CTO Podcast!  To learn more about Jothy Rosenberg, check out his WikiPedia here: https://en.wikipedia.org/wiki/Harri_Hursti Produced by ProSeries Media: https://proseriesmedia.com/ For booking inquiries, email booking@proseriesmedia.co

Video Episode: https://youtu.be/oMptm-Oi1R4 In today's episode of The Daily Decrypt, we tackle a high-profile case involving the City of Columbus and security researcher David Leroy Ross. Ross is facing a lawsuit and restraining order after revealing the true extent of a ransomware attack that the city had downplayed. Despite claims by Mayor Andrew Ginther that the stolen 6.5 terabytes of sensitive data were unusable due to encryption, Ross proved otherwise—highlighting that personal information like Social Security numbers and details from domestic violence cases were fully intact and accessible on the dark web. 00:00 - Intro 00:37 - Updates from The Daily Decrypt 01:45 - Columbus, OH vs Security Researcher 09:23 - More News We dive into the legal and ethical complexities that arise when a researcher discloses illegally obtained data in the name of public interest. What happens when the desire to protect people's privacy clashes with responsible disclosure protocols? Ross bypassed these procedures, opting instead to expose the city's misinformation by going directly to the media, leading to legal consequences that reflect a challenging gray area for security researchers. In the second half, we discuss how Columbus's reaction—suing the very person who pointed out the severity of their data breach—sends a chilling message to those working in cybersecurity. Are they discouraging future researchers from revealing vulnerabilities, even when it's for the public good? We also explore: How Columbus mishandled the attack. The city's controversial decision to sue Ross. The broader implications for security researchers who choose to challenge powerful organizations. Stick around for our lightning round of cybersecurity headlines, including a busted one-time password fraud service in the UK, a former engineer's attempt to extort Bitcoin, and new vulnerabilities in Microsoft's macOS applications. Links to the articles discussed: https://thehackernews.com/2024/09/new-flaws-in-microsoft-macos-apps-could.html https://thehackernews.com/2024/09/ex-engineer-charged-in-missouri-for.html https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/ https://arstechnica.com/security/2024/08/city-of-columbus-sues-man-after-he-discloses-severity-of-ransomware-attack/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ vulnerabilities, Microsoft, Cisco Talos, macOS, Bitcoin, extortion, insider, Missouri, OTP Agency, interception, passcodes, scammers, ransomware, Columbus, dark web, restraining order What are today's top cybersecurity news stories, how can macOS users safeguard their devices from vulnerabilities, what tactics did the ex-employee use for Bitcoin extortion, what precautions can individuals take against OTP interception scams, what legal implications arise from disclosing ransomware attack details, what are the latest threats in cybersecurity, how does insider knowledge contribute to cyber crimes, what are the impacts of ransomware on local governments, how can companies protect themselves from extortion, what measures can be taken to enhance online security against scams

There's plenty of content out there detailing how vendors fall short: scummy, aggressive sales tactics overuse of jargon and buzzwords sneaky sales tactics dumping on competitors products that fall far short of claims ambulance chasing So what should they doing? In this episode, we chat with Dani Wolff, about how marketers can adopt the skills and mindsets of security researchers to improve GTM strategies, without resorting to awful tactics. Drawing from extensive experience in qualitative interviews and collaborations with enterprise security executives and researchers, Dani will uncover how the innate curiosity and analytical prowess of researchers can dismantle unhealthy habits within vendor organizations. We'll also discuss Dani's various projects, including the WTF Did I Just Read podcast, CyberNest, and CyberSynapse. Dani will explain how these are all designed to address the gap between vendors and buyers in the cybersecurity industry. Show Notes: https://securityweekly.com/esw-370

There's plenty of content out there detailing how vendors fall short: scummy, aggressive sales tactics overuse of jargon and buzzwords sneaky sales tactics dumping on competitors products that fall far short of claims ambulance chasing So what should they doing? In this episode, we chat with Dani Wolff, about how marketers can adopt the skills and mindsets of security researchers to improve GTM strategies, without resorting to awful tactics. Drawing from extensive experience in qualitative interviews and collaborations with enterprise security executives and researchers, Dani will uncover how the innate curiosity and analytical prowess of researchers can dismantle unhealthy habits within vendor organizations. We'll also discuss Dani's various projects, including the WTF Did I Just Read podcast, CyberNest, and CyberSynapse. Dani will explain how these are all designed to address the gap between vendors and buyers in the cybersecurity industry. Show Notes: https://securityweekly.com/esw-370

Leave feedback!Today I am speaking with Goncalo Sa, Co-founder & Security Researcher at ConsenSys Diligence, a comprehensive smart contract audit service that helps everyone from startups to enterprises launch and maintain their Ethereum blockchain applications. Goncalo is also a Co-founder at Creed, a collective of security professionals that work together to improve the security of the web3 ecosystem, and Technical Partner at Ethereal Ventures, a team of global investors who invest in crypto platforms and protocols.Goncalo was a lot of fun to interview. As you will hear, he's got a lot of positive energy and that unmistakable entrepreneurial drive. During our conversation, he talks about his upbringing in Portugal and Lisbon's emergence as a prominent web3 hub. We also talk about his entry into tech, the valuable lessons he's learned over the years, the amazing backstory for how he got started with ConsenSys, his passion for music, and a lot more!Show Notes and TranscriptsThe GRTiQ Podcast takes listeners inside web3 and The Graph (GRT) by interviewing members of the ecosystem.  Please help support this project and build the community by subscribing and leaving a review.Twitter: GRT_iQwww.GRTiQ.com 

Dmitrijs Trizna, Security Researcher at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Dmitrijs explains his role at Microsoft, focusing on AI-based cyber threat detection for Kubernetes and Linux platforms. Dmitrijs explores the complex landscape of securing AI systems, focusing on the emerging challenges of Trustworthy AI. He delves into how threat actors exploit vulnerabilities through techniques like backdoor poisoning, using gradual benign inputs to deceive AI models. Dmitrijs highlights the multidisciplinary approach required for effective AI security, combining AI expertise with rigorous security practices. He also discusses the resilience of gradient-boosted decision trees against such attacks and shares insights from his recent presentation at Blue Hat India, where he noted a strong interest in AI security. In This Episode You Will Learn: The concept of Trustworthy AI and its importance in today's technology landscape How threat actors exploit AI vulnerabilities using backdoor poisoning techniques The role of frequency and unusual inputs in compromising AI model integrity Some Questions We Ask: Could you elaborate on the resilience of gradient-boosted decision trees in AI security? What interdisciplinary approaches are necessary for effective AI security? How do we determine acceptable thresholds for AI model degradation in security contexts? Resources: View Dmitrijs Trizna on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information.

Dmitrijs Trizna, Security Researcher at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Dmitrijs explains his role at Microsoft, focusing on AI-based cyber threat detection for Kubernetes and Linux platforms. Dmitrijs explores the complex landscape of securing AI systems, focusing on the emerging challenges of Trustworthy AI. He delves into how threat actors exploit vulnerabilities through techniques like backdoor poisoning, using gradual benign inputs to deceive AI models. Dmitrijs highlights the multidisciplinary approach required for effective AI security, combining AI expertise with rigorous security practices. He also discusses the resilience of gradient-boosted decision trees against such attacks and shares insights from his recent presentation at Blue Hat India, where he noted a strong interest in AI security.       In This Episode You Will Learn:       The concept of Trustworthy AI and its importance in today's technology landscape  How threat actors exploit AI vulnerabilities using backdoor poisoning techniques  The role of frequency and unusual inputs in compromising AI model integrity      Some Questions We Ask:        Could you elaborate on the resilience of gradient-boosted decision trees in AI security?  What interdisciplinary approaches are necessary for effective AI security?  How do we determine acceptable thresholds for AI model degradation in security contexts?       Resources:   View Dmitrijs Trizna on LinkedIn   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  

Kim Zatter, investigative journalist for WIRED, POLITICO, The New York Times, The Washington Post, and Motherboard/VICE Media, and author of the popular book "COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon" tops FeedSpot's list of the Top 100 Cybersecurity Influencers in 2024. Coming in at No. 2 on the list is Maddie Stone, Security Researcher on Google Project Zero, followed by Steve Morgan, founder of Cybersecurity Ventures and Editor-in-Chief at Cybercrime Magazine, at No. 3. In this episode, host Paul John Spaulding is joined by Steve Morgan, Founder of Cybersecurity Ventures and Editor-in-Chief at Cybercrime Magazine, to discuss. The Cybercrime Magazine Update airs weekly and covers the latest news, interviews, podcasts, reports, videos, and special productions from Cybercrime Magazine, published by Cybersecurity Ventures. For more on cybersecurity, visit us at https://cybersecurityventures.com

Guest: Soheil Khodayari, Security Researcher, CISPA - Helmholtz Center for Information Security [@CISPA]On LinkedIn | https://www.linkedin.com/in/soheilkhodayari/On Twitter | https://x.com/Soheil__K____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, co-host Sean Martin embarks on a solo journey to cover the OWASP AppSec Global event in Lisbon. Sean welcomes Soheil Khodayari, a security researcher at the CISPA Helmholtz Center for Information Security in Saarland, Germany, to discuss the intricacies of web security, particularly focusing on request forgery attacks.They dive into Soheil's background, noting his extensive research in web security and privacy, with interests spanning vulnerability detection, internet measurements, browser security, and new testing techniques. Soheil aims to share valuable insights on request forgery attacks, a prevalent issue in web security that continues to challenge developers and security professionals alike.The conversation transitions to an in-depth exploration of client-side request forgery and how these attacks differ from traditional cross-site request forgery (CSRF). Soheil elaborates on the evolution of web applications and how shifting functionalities to client-side code has introduced new, complex vulnerabilities. He identifies the critical role of input validation and the resurgence of issues related to improper handling of user inputs, which attackers can exploit to cause unintended actions on authenticated sessions.As they prepare for the upcoming OWASP Global AppSec event, Soheil highlights his session, titled "In the Same Site We Trust: Navigating the Landscape of Client-Side Request Hijacking on the Web," scheduled for Thursday, June 27th. He emphasizes the relevance of the session for developers and security professionals who are eager to learn about modern request hijacking techniques, defense mechanisms, and how to detect these vulnerabilities using automated tools.The discussion touches on the landscape of modern browsers, the effectiveness of same-site cookies as a defense-in-depth strategy, and the limitations of these measures in preventing client-side CSRF attacks. Soheil mentions the development of a vulnerability detection tool designed to mitigate these sophisticated threats and invites attendees to integrate such tools into their CI/CD pipelines for enhanced security.Sean and Soheil ultimately reflect on the importance of understanding the nuances of web application security. They encourage listeners to attend the session, engage with the community, and explore advanced security practices to safeguard their applications against evolving threats. This engaging episode sets the stage for a deep dive into the technical aspects of web security at the OWASP Global AppSec event.Top Questions AddressedWhat are request forgery attacks and how have they evolved over time?How do modern browsers and applications handle security against these attacks?What will Soheil Khodayari's session at OWASP Global AppSec cover and who should attend?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

Guest: Soheil Khodayari, Security Researcher, CISPA - Helmholtz Center for Information Security [@CISPA]On LinkedIn | https://www.linkedin.com/in/soheilkhodayari/On Twitter | https://x.com/Soheil__K____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, co-host Sean Martin embarks on a solo journey to cover the OWASP AppSec Global event in Lisbon. Sean welcomes Soheil Khodayari, a security researcher at the CISPA Helmholtz Center for Information Security in Saarland, Germany, to discuss the intricacies of web security, particularly focusing on request forgery attacks.They dive into Soheil's background, noting his extensive research in web security and privacy, with interests spanning vulnerability detection, internet measurements, browser security, and new testing techniques. Soheil aims to share valuable insights on request forgery attacks, a prevalent issue in web security that continues to challenge developers and security professionals alike.The conversation transitions to an in-depth exploration of client-side request forgery and how these attacks differ from traditional cross-site request forgery (CSRF). Soheil elaborates on the evolution of web applications and how shifting functionalities to client-side code has introduced new, complex vulnerabilities. He identifies the critical role of input validation and the resurgence of issues related to improper handling of user inputs, which attackers can exploit to cause unintended actions on authenticated sessions.As they prepare for the upcoming OWASP Global AppSec event, Soheil highlights his session, titled "In the Same Site We Trust: Navigating the Landscape of Client-Side Request Hijacking on the Web," scheduled for Thursday, June 27th. He emphasizes the relevance of the session for developers and security professionals who are eager to learn about modern request hijacking techniques, defense mechanisms, and how to detect these vulnerabilities using automated tools.The discussion touches on the landscape of modern browsers, the effectiveness of same-site cookies as a defense-in-depth strategy, and the limitations of these measures in preventing client-side CSRF attacks. Soheil mentions the development of a vulnerability detection tool designed to mitigate these sophisticated threats and invites attendees to integrate such tools into their CI/CD pipelines for enhanced security.Sean and Soheil ultimately reflect on the importance of understanding the nuances of web application security. They encourage listeners to attend the session, engage with the community, and explore advanced security practices to safeguard their applications against evolving threats. This engaging episode sets the stage for a deep dive into the technical aspects of web security at the OWASP Global AppSec event.Top Questions AddressedWhat are request forgery attacks and how have they evolved over time?How do modern browsers and applications handle security against these attacks?What will Soheil Khodayari's session at OWASP Global AppSec cover and who should attend?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

This week, we are joined by a Security Researcher from SpyCloud Labs, James, who is discussing their work on "Unpacking Infostealer Malware: What we've learned from reverse engineering LummaC2 and Atomic macOS Stealer." Infostealer malware has become highly prevalent, with SpyCloud tracking over 50 families and finding that 1 in 5 digital identities are at risk. This research analyzes the workings and intentions behind infostealers like LummaC2 and Atomic macOS Stealer, focusing on the types of data extracted and the broader security implications. The research can be found here: Reversing LummaC2 4.0: Updates, Bug Fixes Reversing Atomic macOS Stealer: Binaries, Backdoors & Browser Theft How the Threat Actors at SpaxMedia Distribute Malware Globally Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by a Security Researcher from SpyCloud Labs, James, who is discussing their work on "Unpacking Infostealer Malware: What we've learned from reverse engineering LummaC2 and Atomic macOS Stealer." Infostealer malware has become highly prevalent, with SpyCloud tracking over 50 families and finding that 1 in 5 digital identities are at risk. This research analyzes the workings and intentions behind infostealers like LummaC2 and Atomic macOS Stealer, focusing on the types of data extracted and the broader security implications. The research can be found here: Reversing LummaC2 4.0: Updates, Bug Fixes Reversing Atomic macOS Stealer: Binaries, Backdoors & Browser Theft How the Threat Actors at SpaxMedia Distribute Malware Globally Learn more about your ad choices. Visit megaphone.fm/adchoices

Innovation Unveiled: SquareX's Vision at RSA Conference 2024During RSA Conference 2024, SquareX emerged as a source of fresh innovation, revolutionizing the cybersecurity landscape with their cutting-edge solutions. Hosted by Sean Martin, this episode of "On Location" takes you on a journey through the insights and revelations brought to light by key figures at SquareX.Introducing SquareX: Meet the VisionariesThe episode turn on the microphones at the Square X booth, where Sean Martin introduces the audience to Dakshitaa Babu and Shourya Pratap Singh, pivotal figures driving innovation at SquareX. Dakshitaa, the product evangelist, and Shourya, the principal software engineer, shed light on their roles and the impact of SquareX's work on the industry.The Passion Behind the InnovationDakshitaa shares her perspective on the privilege of contributing to a company that drives meaningful change in the industry, emphasizing SquareX's commitment to innovation. Shourya echoes this sentiment, highlighting the satisfaction of solving complex problems and witnessing their solutions making a tangible impact on customers.Pushing the Boundaries: A Glimpse Into SquareX's TechnologySean Martin delves into the intricacies of SquareX's technology, discussing AI-generated images and reverse engineering techniques employed to uncover hidden threats within images. Shourya elaborates on the challenges posed by malicious files and the innovative approaches adopted by SquareX to enhance cybersecurity.Addressing Customer Concerns: SquareX's Value PropositionSean Martin probes Dakshitaa and Shourya on the key concerns voiced by prospects and customers at the conference. They shed light on how SquareX addresses the gap in endpoint security solutions, providing customers with insightful data and a comprehensive understanding of cyber threats.Empowering Organizations: The SquareX DifferenceThe episode concludes with Sean Martin underscoring the significance of visibility at the web browser level and commending SquareX for empowering organizations to proactively tackle cybersecurity challenges. Dakshitaa extends her gratitude to visitors at the booth, emphasizing the value of SquareX's solutions for a secure digital environment.Learn more about SquareX: https://itspm.ag/sqrx-l91Note: This story contains promotional content. Learn more.Guests: Dakshitaa Babu, Security Researcher, SquareXOn LinkedIn | https://www.linkedin.com/in/dakshitaababu/Shourya Pratap Singh, Principal Software Engineer, SquareXOn LinkedIn | https://www.linkedin.com/in/shouryaps/ResourcesLearn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarexView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Innovation Unveiled: SquareX's Vision at RSA Conference 2024During RSA Conference 2024, SquareX emerged as a source of fresh innovation, revolutionizing the cybersecurity landscape with their cutting-edge solutions. Hosted by Sean Martin, this episode of "On Location" takes you on a journey through the insights and revelations brought to light by key figures at SquareX.Introducing SquareX: Meet the VisionariesThe episode turn on the microphones at the Square X booth, where Sean Martin introduces the audience to Dakshitaa Babu and Shourya Pratap Singh, pivotal figures driving innovation at SquareX. Dakshitaa, the product evangelist, and Shourya, the principal software engineer, shed light on their roles and the impact of SquareX's work on the industry.The Passion Behind the InnovationDakshitaa shares her perspective on the privilege of contributing to a company that drives meaningful change in the industry, emphasizing SquareX's commitment to innovation. Shourya echoes this sentiment, highlighting the satisfaction of solving complex problems and witnessing their solutions making a tangible impact on customers.Pushing the Boundaries: A Glimpse Into SquareX's TechnologySean Martin delves into the intricacies of SquareX's technology, discussing AI-generated images and reverse engineering techniques employed to uncover hidden threats within images. Shourya elaborates on the challenges posed by malicious files and the innovative approaches adopted by SquareX to enhance cybersecurity.Addressing Customer Concerns: SquareX's Value PropositionSean Martin probes Dakshitaa and Shourya on the key concerns voiced by prospects and customers at the conference. They shed light on how SquareX addresses the gap in endpoint security solutions, providing customers with insightful data and a comprehensive understanding of cyber threats.Empowering Organizations: The SquareX DifferenceThe episode concludes with Sean Martin underscoring the significance of visibility at the web browser level and commending SquareX for empowering organizations to proactively tackle cybersecurity challenges. Dakshitaa extends her gratitude to visitors at the booth, emphasizing the value of SquareX's solutions for a secure digital environment.Learn more about SquareX: https://itspm.ag/sqrx-l91Note: This story contains promotional content. Learn more.Guests: Dakshitaa Babu, Security Researcher, SquareXOn LinkedIn | https://www.linkedin.com/in/dakshitaababu/Shourya Pratap Singh, Principal Software Engineer, SquareXOn LinkedIn | https://www.linkedin.com/in/shouryaps/ResourcesLearn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarexView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Kyle Kelly joins Seth Law and Ken Johnson as a special guest on the Absolute AppSec podcast. Kyle is an Executive Cybersecurity Consultant at Bancsec, Inc, and Security Researcher at Semgrep, and founder of the wonderful Cramhacks newsletter. As a consultant and researcher, Kyle specializes in supply chain security, a speciality that informs the thoughts he publicizes, but even more so cramhacks reflects his desire to help his readers become contributors to improving the cybersecurity landscape and analysis of software security supply chains. Subscribe to Kyle's newsletter at cramhacks.com.

Dr. Anmol Agarwal is the Security Researcher Security researcher Dr. Anmol Agarwal stops by to discuss her journey in security and the way in which public speaking figures into it. Find out more about Dr. Agarwal by visiting https://www.linkedin.com/in/anmolsagarwal __ TEACH THE GEEK http://teachthegeek.com Get public speaking tips at http://teachthegeek.com/tips

Guest: Kat Traxler, Security Researcher, TrustOnCloud Topics: What is your reaction to “in the cloud you are one IAM mistake away from a breach”? Do you like it or do you hate it? A lot of people say “in the cloud, you must do IAM ‘right'”. What do you think that means? What is the first or the main idea that comes to your mind when you hear it? How have you seen the CSPs take different approaches to IAM? What does it mean for the cloud users? Why do people still screw up IAM in the cloud so badly after years of trying? Deeper, why do people still screw up resource hierarchy and resource management?  Are the identity sins of cloud IAM users truly the sins of the creators? How did the "big 3" get it wrong and how does that continue to manifest today? Your best cloud IAM advice is “assign roles at the lowest resource-level possible”, please explain this one? Where is the magic? Resources: Video (Linkedin, YouTube) Kat blog “Diving Deeply into IAM Policy Evaluation” blog “Complexity: a Guided Tour” book EP141 Cloud Security Coast to Coast: From 2015 to 2023, What's Changed and What's the Same? EP129 How CISO Cloud Dreams and Realities Collide  

Contact your host with questions, suggestions, or requests about sponsoring the AppleInsider Daily:charles_martin@appleinsider.com(00:00) - 01 - Outro (00:12) - 02 - Fake "LassPass" app (00:40) - 03 - Hail to the thief (01:37) - 04 - You ... shall not ... pass! (02:44) - 05 - The .1 means "oopsie (03:01) - 06 - OTN: Bard becomes Gemini (03:47) - 07 - OTN: Big Tech AI consortium (04:30) - 08 - iPhone 16 rumors (05:06) - 09 - MOAR BUTTUNZ (05:31) - 10 - AVP: visionOS 1.1 MDM (06:12) - 11 - AVP: Dev accessory rip-off (06:49) - 12 - AVP: not yet a-custom'd (07:54) - 13 - Outro Links from the showFake LastPass password manager app unearthed on Apple's App StoreHow a respected security researcher stole millions from AppleWhy drivers in Scotland are crashing because of bad Apple Maps dataApple patches pesky text bug with updates to Mac and mobile devicesGoogle's new AI assistant tech is now available for iPhoneApple joins Meta, Google, Facebook on new US government AI safety initiativeiPhone 16 camera bump design rumored to have shifted closer to iPhone XiPhone 16 Pro rumored to get Capture Button with DSLR-style featureApple Vision Pro is getting mobile device management features in visionOS 1.1$300 Vision Pro developer strap is just an expensive USB2 deviceTravelers get Apple Vision Pro confiscated by Berlin authoritiesSubscribe to the AppleInsider podcast on:Apple PodcastsOvercastPocket CastsSpotifySubscribe to the HomeKit Insider podcast on:•  Apple Podcasts•  Overcast•  Pocket Casts•  Spotify

Cybersecurity is crucial for journalists and newsrooms to safeguard sensitive information, protect sources, and ensure the integrity of their reporting in an increasingly digital and interconnected media landscape. Episode 3 of The Security Detail features an interview with Runa Sandvik, a security researcher and founder of Granitt, a consulting firm that focuses on digital security for journalists and other at-risk people.   Resources:  Granitt Website Runa's Website Follow Runa on X Runa's blog posts Tor Project Google Summer of Code Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware Columbia Journalism Review profile on Runa Citizen Lab Amnesty International

On this episode of The Cybersecurity Defenders Podcast we speak with Adnan Khan, Lead Security Engineer at Praetorian, about a supply chain attack that was successful in poisoning Gihub's runner images.Adnan is an Offensive Security Engineer and Security Researcher with a strong development background and passion for CI/CD and supply chain security. Adnan's research can be found here.The Github Attack TOolkit can be found here.And Adnan can be found on LinkedIn here.

Bonus Episode - November 17, 2023 Dive into the world of cybersecurity with Sam Paredes on our latest podcast episode. As the Founder and Security Researcher at BugNode, Samuel shares his personal odyssey within the tech industry, from a burgeoning passion to the helm of a trailblazing security enterprise. BugNode isn't just another web application testing service. Under Samuel's leadership, the company champions a meticulous, hands-on approach to safeguarding applications. By tackling security challenges with human ingenuity, BugNode's expert team crafts a tailored defense strategy for each client, ensuring robust protection that empowers businesses to thrive without the overhead of digital threats. Throughout the episode, Samuel provides an insider's look at the hurdles faced by security professionals and how BugNode strategically overcomes them. Tune in to gain valuable insights into the intersection of personal growth and professional excellence in the fast-evolving landscape of application security. *Learn more about BugNode - https://www.bugnode.io/ *Connect with Sam - https://www.linkedin.com/in/sam-par/ ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc

Ever wonder how a young girl with an intense fascination for programming and computers catapults into the world of IT, becoming a crucial part of Microsoft's security research team? Let's navigate this riveting journey with Miriam, who shares her personal experiences of making her way into the IT realm via an unanticipated apprenticeship that turned her life around. From her childhood passion to her current role in the industry, we delve into her remarkable story.Miriam's tale is one of determination and grit, with her unwavering perseverance finally landing her a position at Microsoft - an opportunity she initially turned down. Learn how a chance conversation swayed her to embrace this offer and how she finally achieved her ambition of joining Microsoft's red team. Here's a glimpse into her daily life, the challenges she tackled while relocating, and the company's evolution amidst the pandemic.Apart from her inspiring journey, this episode brings into focus the significance of professional networking, with Miriam sharing how it can impact both the company and the customers positively. She also takes us through her experience of writing a book on PowerShell automation and scripting for cybersecurity, shedding light on the challenges she faced in the process. As a bonus, find out how you can benefit from her ongoing efforts to promote Cybersecurity Awareness Month, and grab a chance to get a 20% discount on her book! So, sit back, tune in, and get ready to be inspired.LinkedIn: https://www.linkedin.com/in/miriamwiesner/Website: https://miriamxyra.com/Twitter: https://twitter.com/MiriamXyraMastodon: @mw@infosec.exchangeBook: https://www.amazon.com/gp/product/1800566379/ref=sw_img_1?smid=ATVPDKIKX0DER&psc=1Packt Link: https://www.packtpub.com/product/powershell-automation-and-scripting-for-cybersecurity/9781800566378Book Discount Code: 20cyberbooksSupport the showAffiliate Links:NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902 Follow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today

In our latest PowerShell Podcast, we had an insightful discussion with Miriam Wiesner, a renowned Senior Security Researcher at Microsoft and the author of "PowerShell Automation and Scripting for Cybersecurity." Miriam, who is juggling her roles as a security expert, an author, and a mom, shed light on her journey at Microsoft, talking about the ups and downs she faced. She extended the conversation to her book-writing experience, wherein she balanced work-life pressures to deliver this authoritative guide on PowerShell Automation and Scripting. The discourse was particularly intriguing when it delved into PowerShell security - an area Miriam is so passionate and knowledgeable about. There was certainly so much to learn from our discussion with her! Bio:  Miriam C. Wiesner is a Sr. Security Researcher at Microsoft with over 15 years of experience in IT and IT Security. She has held various positions, including Administrator/System Engineer, Software Developer, Premier Field Engineer, Program Manager, and Security Consultant and Pentester. She is also a renowned creator of open-source tools based in PowerShell, including EventList and JEAnalyzer. She was invited multiple times to present her research behind her tools at many international conferences like Black Hat (USA, Europe & Asia), PSConf EU, MITRE ATT&CK workshop, and more. Miriam is the author of the book "PowerShell Automation and Scripting for CyberSecurity: Hacking and Defense for Red and Blue Teamers." Outside of work, Miriam is a dedicated wife and mother, residing with her family near Nuremberg, Germany. See The PowerShell Podcast on YouTube: https://www.youtube.com/watch?v=0Csw8YYGyCg https://github.com/HCRitter/PSMermaid https://github.com/HCRitter/PSCommandShortener https://devblogs.microsoft.com/powershell/psresourceget-release-candidate-is-now-available/ https://github.com/DevClate/365AutomatedLab https://www.joshooaj.com/blog/2023/09/06/debugging-convertto-json/ https://twitter.com/miriamxyra/status/1697195685068575222?s=46&t=AofiiK_18fgZEoSxIrqhAA https://twitter.com/miriamxyra https://github.com/PSSecTools/JEAnalyzer https://packt.link/MiriamCW https://github.com/PSSecTools/JEAnalyzer https://github.com/miriamxyra/myDeckWishlist https://github.com/miriamxyra/EventList

In the age of Oppenheimer, nuclear weapons didn't have much to do with computers. And, for a long time, most nukes were running on 1970s-era floppy disk systems. But as technology has advanced the US — and all the other nuclear weapons states — have started putting military communications, early warning systems, and even control of nuclear missiles themselves online. So, in this episode, we ask, “Could our nuclear weapons systems… be hacked?” We talk to researchers, policy experts, a top UN official, and a hacker about how a nuclear cyber attack might go down. And what we can do to stop it. GUESTS: Matt Korda, Senior Research Fellow, Nuclear Information Project; Allison Pytlak, Program Lead of the Cyber Program at the Stimson Center; Page Stoutland, Consultant at the Nuclear Threat Initiative, Maddie Stone, Security Researcher at Google Project Zero; Izumi Nakamitsu, Under-Secretary-General for Disarmament Affairs at the UN Office for Disarmament Affairs ADDITIONAL RESOURCES: Flying Under The Radar: A Missile Accident In South Asia, Federation of American Scientists Addressing Cyber-Nuclear Security Threats, Nuclear Threat Initiative Glitch disrupts Air Force nuke communications, NBC News A 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds Hack, NPR Treaty on the Non-Proliferation of Nuclear Weapons - Preparatory Committee for the Eleventh Review Conference, UNODA The Failsafe Review, Nuclear Threat Initiative

How do you make the jump from ER nurse to SOC analyst? Alex Gatz did it, and he's sharing his insights and tips with the eXecutive Security podcast audience. Don't miss this fascinating discussion about making a bold career change, the power of LinkedIn, what a security researcher does, the benefits of working for a startup, and more.Alex Gatz is a senior security researcher at ThreatX. Previously, he worked as a data analyst and ER nurse at MidMichigan Health. Alex Gatz on LinkedIn: https://www.linkedin.com/in/alexgatz/ Stephen Semmelroth: https://www.linkedin.com/in/semmelroth/ We Hack Purple: https://www.linkedin.com/company/wehackpurple/ 

Sam Curry is a security researcher, bug bounty hunter, and ethical hacker who, with his team, hacked Apple and discovered 55 vulnerabilities with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. This microcast is a short version of our full interview with Curry, which you can listen to at https://soundcloud.com/cybercrimemagazine/bug-bounty-hunting-hacking-apple-getting-paid-sam-curry

Guest: Nick Hughes, CEO of EITR Technologies [@eitr_tech]On LinkedIn | https://www.linkedin.com/in/nicholasmhughes/________________________________Hosts:Ben SchmerlerOn ITSPmagazine  

Guest: Andrew Lemon, CEO / Principal Security Engineer at Red ThreatOn LinkedIn | https://www.linkedin.com/in/lemonitup/On Twitter | https://twitter.com/LemonitupOn YouTube | https://www.youtube.com/@redthreatsec________________________________Host: Ben SchmerlerOn ITSPmagazine  

Guest: Debasish Biswas, Chief Technology Officer at Aware [@Aware_HQ]On LinkedIn | https://www.linkedin.com/in/debasish-biswas/________________________________Host: Ben SchmerlerOn ITSPmagazine  

Today's episode is hosted by James. He is joined by Jason Youzwak, Security Researcher at Peraton Labs. Join us as Jason discusses how an overly-successful pen test earned him the affectionate nickname “tick mark”. Jason also tells us about one of his favorite hobbies: plunging into the frigid waters of Coney Island. Don't get cold feet now, let's dive in!

Guest: Matt Brown, Senior Security Analyst at ISE [@ISEsecurity]On LinkedIn | https://www.linkedin.com/in/mattbrwn/________________________________Hosts:Ben SchmerlerOn ITSPmagazine  

Welcome to Talking Cyber, a Cybercrime Magazine podcast series that covers the latest news and breaking stories on the cybereconomy, hackers, intrusions, privacy, security and much more. In this episode, host Hillarie McClure is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss another hack that occurred at Toyota, which was carried out by a security researcher with no ill intent. This episode of Talking Cyber is sponsored by Cimcor, the developer of CimTrak, a Real-time, File Integrity Monitoring, Network Configuration, and Compliance solution. Learn more at https://cimcor.com • For more on cybersecurity, visit us at https://cybersecurityventures.com

In episode 69 of the We Hack Purple Podcast Host Tanya Janca speaks to the only person on earth who is more excited about security headers than she is: Scott Helme of Report URI! Scott talked about all the different security headers, how some are ‘new', when and why we would use them. We spoke about why some security headers stopped being used, rogue certificate authorities, and so much more. In fact, at the end, we felt that didn't get to finish all the things we wanted to say. There was so much more to dive into, meaning this is part 1 of a 2 part episode! Scott's Bio:Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption. Scott's Links:https://scotthelme.co.ukhttps://report-uri.com/https://scotthelme.co.uk/tag/crawler-report/https://crawler.ninja/ https://crawler.ninja/files/csp-sites.txt Very special thanks to our sponsor: The Diana Initiative! A conference committed to helping all those underrepresented in Information Security: Monday August 7, 2023 In-Person at The Westin Las Vegas Hotel & SpaJoin We Hack Purple!Check out our brand new courses in We Hack Purple Academy. Join us in the We Hack Purple Community:  A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!

Guest: Cody MacDonald, CTO at IPT GlobalOn LinkedIn | https://www.linkedin.com/in/cody-macdonald-5ba20a26/________________________________Host: Ben SchmerlerOn ITSPmagazine  

Guest: Sabela García Cuesta, Artist and TEDx [@TEDx] Franfurt [@TEDxFrankfurt] SpeakerOn LinkedIn | https://www.linkedin.com/in/sabela-garcia-cuesta/On Twitter | https://twitter.com/HHSabelaOn YouTube | https://www.youtube.com/channel/UC2ZDUWKjCPuQC4z14xXIp0w________________________________Host: Ted HarringtonOn ITSPmagazine  

In this episode I talk with Amit Serper who became famous for finding a way to stop the NotPetya ransomware from spreading and causing more damage than it already inflicted. We had a fascinating conversation and if you enjoy the podcast please leave a review and share the podcast. Amit's Links:LinkedIn: https://www.linkedin.com/in/aserper/Twitter: https://twitter.com/0xAmitInfosec.Exchange: @0xamit@infosec.exchangeWebsite: https://www.sternumiot.com/Dev InterruptedWhat the smartest minds in engineering are thinking about, working on and investing in.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastTikTok: Not today China! Not today

Guest: Jako Bär, Performer, Songwriter, and TEDxFrankfurt [@TEDxFrankfurt] PerformerOn LinkedIn | https://www.linkedin.com/in/jako-b%C3%A4r-097675247/On Facebook | https://www.facebook.com/BAER.artpopOn YouTube | https://www.youtube.com/c/BAER_artpop________________________________Host: Ted HarringtonOn ITSPmagazine  

Guest: Michael Goetzman, CISO at Solano Security and Founder of CypherCon [@cyphercon]On Twitter | https://twitter.com/GoetzmanOn LinkedIn | https://www.linkedin.com/in/goetzman/________________________________Host: Ben SchmerlerOn ITSPmagazine  

GuestBarry PhetteplaceCTO at Censis Technologies, Inc. [@CensisTech]On LinkedIn | https://www.linkedin.com/in/barry-phetteplace-083841________________________________HostsTed HarringtonOn ITSPmagazine  

GuestBen SchmerlerSenior Solutions Consultant at Independent Security Evaluators [@ISEsecurity]On LinkedIn | https://www.linkedin.com/in/ben-schmerler-9530304/________________________________HostTed HarringtonOn ITSPmagazine  

Liz Truss' mobile was hacked allegedly by Kremlin agents. It was so heavily compromised that it had to be locked away in a safe inside a secure Government location. How do you protect people with high-risk profiles? What is the no. one factor to combat fake news and disinformation? In this episode, Monica Verma, CISO, Hacker, CEO, talk with Runa Sandvik, Security Researcher, about fake news, disinformation, security for high-risk profiles, and journalism.Support the show