Podcasts about security vulnerabilities

➡️ Like The Podcast? Leave A Rating: https://ratethispodcast.com/successstory  In this "Lessons" episode, Theresa Payton, former White House CIO, shares how predictable human behavior creates vulnerabilities in cybersecurity and why conventional defenses often fall short. Learn why routine security measures are exploited by sophisticated social engineering and how designing innovative, personalized protocols can disrupt attackers and strengthen digital defenses. ➡️ Show Linkshttps://successstorypodcast.com  YouTube: https://youtu.be/bH8DwhGUg0cApple: https://podcasts.apple.com/us/podcast/theresa-payton-cybersecurity-expert-author-former-white/id1484783544Spotify: https://open.spotify.com/episode/5DLZKqN89CTRVXW2Hi3Pq5➡️ Watch the Podcast on YouTubehttps://www.youtube.com/c/scottdclary 

The news of Trump officials using Signal for a group chat on military operations has raised many questions about just how secure such messaging apps are and the risks if government officials use them on their personal devices. Lisa Desjardins reports. PBS News is supported by - https://www.pbs.org/newshour/about/funders

Send us a textUnlock the secrets of voice security and communication evolution with Shon Gerber on the CISSP Cyber Training Podcast. We tackle the intriguing issue of Subaru's Starlink vulnerability, which Wired Magazine recently spotlighted. This flaw, affecting about a million vehicles, highlights the growing security challenges of IoT and connected vehicles, echoing similar vulnerabilities in other brands like Acura and Toyota. Tune in to discover how these incidents shape the landscape of cybersecurity in the automotive industry.Journey through the fascinating history of communication systems, from the hands-on days of telephone operators to the seamless digital networks we rely on today. Explore the transformation of circuit switch networks and the critical role played by SS7 systems, all while navigating the complex security risks they introduce, such as interception and eavesdropping. Gain insight into how technological progress has bridged global communication gaps and the essential awareness required to address the concomitant security implications.Our conversation takes a deep dive into the world of secure voice communications, examining the transition from traditional analog methods to modern VoIP technology. With threats like eavesdropping, man-in-the-middle attacks, and denial of service on SIP protocols, understanding the nuances of VoIP security is crucial. We also demystify social engineering tactics like vishing and phreaking, offering strategies to bolster defenses against these manipulative threats. Prepare to enhance your cybersecurity expertise and safeguard your systems with practical advice and cutting-edge information.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Nicholas Carlini from Google DeepMind offers his view of AI security, emergent LLM capabilities, and his groundbreaking model-stealing research. He reveals how LLMs can unexpectedly excel at tasks like chess and discusses the security pitfalls of LLM-generated code. SPONSOR MESSAGES: *** CentML offers competitive pricing for GenAI model deployment, with flexible options to suit a wide range of models, from small to large-scale deployments. https://centml.ai/pricing/ Tufa AI Labs is a brand new research lab in Zurich started by Benjamin Crouzier focussed on o-series style reasoning and AGI. Are you interested in working on reasoning, or getting involved in their events? Goto https://tufalabs.ai/ *** Transcript: https://www.dropbox.com/scl/fi/lat7sfyd4k3g5k9crjpbf/CARLINI.pdf?rlkey=b7kcqbvau17uw6rksbr8ccd8v&dl=0 TOC: 1. ML Security Fundamentals [00:00:00] 1.1 ML Model Reasoning and Security Fundamentals [00:03:04] 1.2 ML Security Vulnerabilities and System Design [00:08:22] 1.3 LLM Chess Capabilities and Emergent Behavior [00:13:20] 1.4 Model Training, RLHF, and Calibration Effects 2. Model Evaluation and Research Methods [00:19:40] 2.1 Model Reasoning and Evaluation Metrics [00:24:37] 2.2 Security Research Philosophy and Methodology [00:27:50] 2.3 Security Disclosure Norms and Community Differences 3. LLM Applications and Best Practices [00:44:29] 3.1 Practical LLM Applications and Productivity Gains [00:49:51] 3.2 Effective LLM Usage and Prompting Strategies [00:53:03] 3.3 Security Vulnerabilities in LLM-Generated Code 4. Advanced LLM Research and Architecture [00:59:13] 4.1 LLM Code Generation Performance and O(1) Labs Experience [01:03:31] 4.2 Adaptation Patterns and Benchmarking Challenges [01:10:10] 4.3 Model Stealing Research and Production LLM Architecture Extraction REFS: [00:01:15] Nicholas Carlini's personal website & research profile (Google DeepMind, ML security) - https://nicholas.carlini.com/ [00:01:50] CentML AI compute platform for language model workloads - https://centml.ai/ [00:04:30] Seminal paper on neural network robustness against adversarial examples (Carlini & Wagner, 2016) - https://arxiv.org/abs/1608.04644 [00:05:20] Computer Fraud and Abuse Act (CFAA) – primary U.S. federal law on computer hacking liability - https://www.justice.gov/jm/jm-9-48000-computer-fraud [00:08:30] Blog post: Emergent chess capabilities in GPT-3.5-turbo-instruct (Nicholas Carlini, Sept 2023) - https://nicholas.carlini.com/writing/2023/chess-llm.html [00:16:10] Paper: “Self-Play Preference Optimization for Language Model Alignment” (Yue Wu et al., 2024) - https://arxiv.org/abs/2405.00675 [00:18:00] GPT-4 Technical Report: development, capabilities, and calibration analysis - https://arxiv.org/abs/2303.08774 [00:22:40] Historical shift from descriptive to algebraic chess notation (FIDE) - https://en.wikipedia.org/wiki/Descriptive_notation [00:23:55] Analysis of distribution shift in ML (Hendrycks et al.) - https://arxiv.org/abs/2006.16241 [00:27:40] Nicholas Carlini's essay “Why I Attack” (June 2024) – motivations for security research - https://nicholas.carlini.com/writing/2024/why-i-attack.html [00:34:05] Google Project Zero's 90-day vulnerability disclosure policy - https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-policy.html [00:51:15] Evolution of Google search syntax & user behavior (Daniel M. Russell) - https://www.amazon.com/Joy-Search-Google-Master-Information/dp/0262042878 [01:04:05] Rust's ownership & borrowing system for memory safety - https://doc.rust-lang.org/book/ch04-00-understanding-ownership.html [01:10:05] Paper: “Stealing Part of a Production Language Model” (Carlini et al., March 2024) – extraction attacks on ChatGPT, PaLM-2 - https://arxiv.org/abs/2403.06634 [01:10:55] First model stealing paper (Tramèr et al., 2016) – attacking ML APIs via prediction - https://arxiv.org/abs/1609.02943

Python's eating the world - and AI's helping it digest. A cheeky look at why this programming language is suddenly everywhere and the bizarre tale of how AI infiltrated the last place you'd expect.

Authentication (validating who you claim to be) and Authorization (enforcing what you are allowed to do) are critical in modern software development. While authentication seems to be a solved problem, modern software development faces many challenges with secure, fast, and resilient authorization mechanisms. To learn more about those challenges, we invited Alex Olivier, Co-Founder and CPO at Cerbos, an Open Source Scalable Authorization Solution. Alex shared insights on attribute-based vs. role-based access Control, the difference between stateful and stateless authorization implementations, why Broken Access Control is in the OWASP Top 10 Security Vulnerabilities, and how to observe the authorization solution for performance, security, and auditing purposes.Links we discussed during the episode:Alex's LinkedIn: https://www.linkedin.com/in/alexolivier/Cerbos on GitHub: https://github.com/cerbos/cerbosOWASP Broken Access Control: https://owasp.org/www-community/Broken_Access_Control

We reflect on the rise of DevOps and the frustrating dynamics that led to it. Plus, tech's latest bright idea: Roombas with attitude.

Vulnerabilities in Microsoft apps such as Office 365 could put MacOS users at risk of security threats. John Biehler has the information you need to know on the App Update. Topic 1 Anova will start charging a subscription fee for its sous vide companion appTopic 2 macOS Users at Risk of Vulnerabilities in Microsoft Apps: ResearchersTopic 3 Critical Android Flaw Puts All Google Pixel Phones at Risk 

In this joint episode of the Security Break podcast and CISO Tradecraft podcast, hosts from both platforms come together to discuss a variety of current cybersecurity topics. They delve into the challenge of filtering relevant information in the cybersecurity sphere, elaborate on different interpretations of the same news based on the reader's background, and share a detailed analysis on specific cybersecurity news stories. The discussion covers topics such as the implications of data sharing without user consent by major wireless providers and the fines imposed by the FCC, the significance of increasing bug bounty payouts by tech companies like Google, and a comprehensive look at how edge devices are exploited by hackers to create botnets for various cyberattacks. The conversation addresses the complexity of the cybersecurity landscape, including how different actors with varied objectives can simultaneously compromise the same devices, making it difficult to attribute attacks and protect networks effectively. Transcripts: https://docs.google.com/document/d/1GtFIWtDf_DSIIgs_7CizcnAHGnFTTrs5 Chapters 00:00 Welcome to a Special Joint Episode: Security Break & CISO Tradecraft 01:27 The Challenge of Filtering Cybersecurity Information 04:23 Exploring the FCC's Fine on Wireless Providers for Privacy Breaches 06:41 The Complex Landscape of Data Privacy Regulations 16:00 The Economics of Data Breaches and Regulatory Fines 24:23 Bug Bounties and the Value of Security Research 33:21 Exploring the Economics of Cybersecurity 33:50 The Lucrative World of Bug Bounties 34:38 The Impact of Security Vulnerabilities on Businesses 35:50 Navigating the Complex Landscape of Cybersecurity 36:22 The Ethical Dilemma of Selling Exploit Information 37:32 Understanding the Market Dynamics of Cybersecurity 38:00 Focusing on Android Application Security 38:34 The Importance of Targeting in Cybersecurity Efforts 42:33 Exploring the Threat Landscape of Edge Devices 46:37 The Challenge of Securing Outdated Technology 49:28 The Role of Cybersecurity in Modern Warfare 53:15 Strategies for Enhancing Cybersecurity Defenses 01:05:25 Concluding Thoughts on Cybersecurity Challenges

Guest: Paul McCarty, Software Supply Chain Red Team, GitLab [@gitlab]On LinkedIn | https://www.linkedin.com/in/mccartypaul/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining Cybersecurity Podcast, host Sean Martin engages in a detailed discussion with Paul McCarty on the intricate web of software supply chain security. McCarty, formerly of SecureStack and now with GitLab, shares his panoramic view on the evolving complexity of application environments and the pivotal role they play in today's digital infrastructure. The conversation pivots around the increasingly multifaceted nature of the software supply chain, highlighted by McCarty's work on an open-source project aimed at mapping out these complexities visually.Throughout the episode, Martin and McCarty explore the notion of red teaming within the context of the software supply chain. McCarty elucidates the concept of red teaming as an essential exercise in identifying and addressing security vulnerabilities, emphasizing its transition from traditional methods to a more nuanced approach tailored to the software supply chain's intricate demands.A significant part of their discussion is dedicated to exploring the ten stages of the software supply chain, as identified by McCarty. This segment sheds light on the broad spectrum of components involved, from the developers and their tools to the deployment environments and the underpinning hardware. The dialogue also touches on critical aspects such as the role of containers across various stages and the potential security implications presented by third-party services and cloud components.The episode wraps up with insights into the shared responsibility model in cloud services, debunking misconceptions about security in the cloud. McCarty stresses the importance of recognizing the extensive attack surface introduced by widespread reliance on public cloud services and the need for a continuous red teaming approach to address these challenges effectively.Listeners are offered a comprehensive overview of the critical factors contributing to software supply chain security, emphasizing the need for a broader understanding and proactive measures to mitigate risks in this increasingly complex domain.Key Questions AddressedWhat does red teaming the software supply chain mean and why is it important?How has the complexity of software supply chains evolved, and what are the implications for cybersecurity?What role do containers play across different stages of the software supply chain, and how do they impact security?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Paul McCarty, Software Supply Chain Red Team, GitLab [@gitlab]On LinkedIn | https://www.linkedin.com/in/mccartypaul/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining Cybersecurity Podcast, host Sean Martin engages in a detailed discussion with Paul McCarty on the intricate web of software supply chain security. McCarty, formerly of SecureStack and now with GitLab, shares his panoramic view on the evolving complexity of application environments and the pivotal role they play in today's digital infrastructure. The conversation pivots around the increasingly multifaceted nature of the software supply chain, highlighted by McCarty's work on an open-source project aimed at mapping out these complexities visually.Throughout the episode, Martin and McCarty explore the notion of red teaming within the context of the software supply chain. McCarty elucidates the concept of red teaming as an essential exercise in identifying and addressing security vulnerabilities, emphasizing its transition from traditional methods to a more nuanced approach tailored to the software supply chain's intricate demands.A significant part of their discussion is dedicated to exploring the ten stages of the software supply chain, as identified by McCarty. This segment sheds light on the broad spectrum of components involved, from the developers and their tools to the deployment environments and the underpinning hardware. The dialogue also touches on critical aspects such as the role of containers across various stages and the potential security implications presented by third-party services and cloud components.The episode wraps up with insights into the shared responsibility model in cloud services, debunking misconceptions about security in the cloud. McCarty stresses the importance of recognizing the extensive attack surface introduced by widespread reliance on public cloud services and the need for a continuous red teaming approach to address these challenges effectively.Listeners are offered a comprehensive overview of the critical factors contributing to software supply chain security, emphasizing the need for a broader understanding and proactive measures to mitigate risks in this increasingly complex domain.Key Questions AddressedWhat does red teaming the software supply chain mean and why is it important?How has the complexity of software supply chains evolved, and what are the implications for cybersecurity?What role do containers play across different stages of the software supply chain, and how do they impact security?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Google settles lawsuit regarding tracking of people using Incognito mode, a breakthrough in optical fibre research could dramatically increase capacity and speed of existing fibre networks, more bad news on security issues for AI code generators and Ukraine reaches a deal with Space X to restrict Russia's use of Starlink on captured Ukrainian territory. All this on the “thank god I can keep my Starlink guilt free” edition of Hashtag Trending. I'm your host, Jim Love.  Let's get into it:

This morning, Joe and David discussed the Super Tuesday primary elections and border crisis corruption, underscoring ongoing censorship issues. They then welcomed Tim Rivers, an advocate for J6 political prisoners, who shared insights on efforts to support them and discussed his book, "The American Gulag Chronicles." Rivers urged viewers to engage and support political prisoners. After Rivers departed, Joe and David explored reactions to the free release of LMPG, highlighting the film's undeniable truth and questioning CONinc's lack of acknowledgment or censorship of voices promoting it.

Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42On YouTube | https://www.youtube.com/@phoenixsec____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, host Sean Martin is joined by Francesco Cipollone from Phoenix Security for a riveting conversation on the vulnerabilities associated with using pre-made tools for website development. The dialogue revolves around the inherent security risks these tools pose, especially when used by non-technical teams like marketing.Francesco shares a fascinating account of discovering a potential SQL injection in a well-known CRM system. This revelation underscores the importance of input validation and the necessity of secure defaults in any tool. The discussion also brings to light the fact that many systems do not consider these potential security risks as standard, often requiring additional licenses or configurations for basic security measures.The conversation takes an interesting turn as they discuss a new concept of a Workflow Bill of Materials™ (WBOM)—a term coined by the host, Sean Martin, for the first time. This idea extends beyond the typical focus on software bill of material security (which often focuses on source code, services, and APIs) to include a broader view of the tools and systems that teams use in their daily operations. The WBOM concept emphasizes the need for organizations to understand the associated risks of these tools and implement more secure practices.Sean and Francesco highlight the importance of threat modeling in identifying potential risks. They also discuss the challenges organizations face in ensuring security, especially when these tools are used by teams with zero security knowledge. The episode concludes with a call to action for the industry to move towards security by default and the ethical use of technology.This episode offers listeners an insightful look into the complexities of cybersecurity in the context of commonly used tools and systems, and the urgent need for a shift in perspective when it comes to securing these tools.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42On YouTube | https://www.youtube.com/@phoenixsec____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, host Sean Martin is joined by Francesco Cipollone from Phoenix Security for a riveting conversation on the vulnerabilities associated with using pre-made tools for website development. The dialogue revolves around the inherent security risks these tools pose, especially when used by non-technical teams like marketing.Francesco shares a fascinating account of discovering a potential SQL injection in a well-known CRM system. This revelation underscores the importance of input validation and the necessity of secure defaults in any tool. The discussion also brings to light the fact that many systems do not consider these potential security risks as standard, often requiring additional licenses or configurations for basic security measures.The conversation takes an interesting turn as they discuss a new concept of a Workflow Bill of Materials™ (WBOM)—a term coined by the host, Sean Martin, for the first time. This idea extends beyond the typical focus on software bill of material security (which often focuses on source code, services, and APIs) to include a broader view of the tools and systems that teams use in their daily operations. The WBOM concept emphasizes the need for organizations to understand the associated risks of these tools and implement more secure practices.Sean and Francesco highlight the importance of threat modeling in identifying potential risks. They also discuss the challenges organizations face in ensuring security, especially when these tools are used by teams with zero security knowledge. The episode concludes with a call to action for the industry to move towards security by default and the ethical use of technology.This episode offers listeners an insightful look into the complexities of cybersecurity in the context of commonly used tools and systems, and the urgent need for a shift in perspective when it comes to securing these tools.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Free, ungated access to all 280+ episodes of “It's 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You're welcome to

In this week's security sprint, Dave and Andy talk about the following topics: Israel War Director Wray Addresses International Association of Chiefs of Police Conference.  FBI director warns of rise in terror threats against Americans, potential copy-cat attacks on US soil. Faith Based Updates: FB-ISAO Newsletter, v5, Issue 10 The White House Office of Faith-Based and Neighborhood Partnerships releases Allied Against Hate: A Toolkit for Faith Communities - Tools and Resources to Protect Places of Worship DHS: Resources and Information for Faith and Community Leaders Regarding the Situation in Israel   Hostile Events State Fair of Texas evacuated after shooting, one suspect in custody Suspect charged in State Fair of Texas shooting that injured 3 School plot: https://www.news4jax.com/news/local/2023/10/06/3-creekside-high-students-facing-charges-for-school-threat-hit-lists-deputies-say/   Nation State. 12 October 2023 NCSC / FBI Safeguarding Our Future bulletin – Russian Intelligence Poses a Persistent Threat to the United States.  IBM Security Intelligence: 10 years in review: Cost of a Data Breach   Quick Hits Signal says there is no evidence rumored zero-day bug is real. Ransomware: CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware. As part of the Ransomware Vulnerability Warning Pilot (RVWP), CISA launched two new resources for combating ransomware campaigns: Ransomware Vulnerability Warning Pilot updates: Now a One-stop Resource for Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware Colonial Pipeline was hacked. No, wait, Accenture was hacked. No, wait….. untangling claims. (2) Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group Reports of second cyberattack on Colonial Pipeline false, company says Robert M. Lee on ransomware group statement. Newest Ransomware Trend: Attackers Move Faster with Partial Encryption The Week in Ransomware - October 13th 2023 - Increasing Attacks US Secret Service: Announcing a New Series of Live Virtual Presentations on Targeted Violence Prevention.  CISA, FBI, NSA, and Treasury Release Guidance on OSS in IT/ICS Environments CISO Research Reveals 90% of Organizations Suffered At Least One Major Cyber Attack in the Last Year; 83% Report Ransomware Payments FTC Data Shows Consumers Report Losing $2.7 Billion to Social Media Scams Since 2021 UK NCSC: Mastering your supply chain: A new collection of resources from the NCSC can help take your supply chain knowledge to the next level EPA calls off cyber regulations for water sector    

Ryan joins Si and Desi to discuss his research into SS7 hacking and cell phone tracking. As someone passionate about radio technology, Ryan became interested in cell networking and eventually discovered he could intercept calls and texts by building fake cell towers. He learned that phone users have virtually no ability to opt out of their locations and identifiers being commercially available via simple API calls. Ryan hopes to put this knowledge to good use by developing a system to warn domestic abuse shelters if an offender's phone is near by tracking SS7 data. During the technical discussion, Ryan demonstrates querying an API with his own phone number to retrieve subscriber data and location. The hosts consider how individuals could possibly protect themselves from SS7 exploits, such as avoiding SMS authentication. They also discuss Ryan's other projects exploring radio hacking tools and a magazine shining light on digital counterculture topics. 

Black Hat USA 2023 in Las Vegas covered several trends, such as generative AI and cloud security issues, as well as new vulnerabilities, including the Downfall flaw in Intel chips.

CISA last week said several federal agencies suffered data breaches resulting from a MoveIt Transfer zero-day vulnerability, though it's unclear what type of data was stolen.

Barracuda Networks attempted to fix the critical ESG zero-day vulnerability, but a Chinese nation-state threat actor was able to maintain access on compromised devices.

Eric Olden, CEO and Co-Founder of Strata Identity, discusses the concept of Identity Orchestration. He covers the evolving identity landscape and how it has evolved to keep pace with modern apps, the challenges encountered during an identity modernization project, how Identity Orchestration helps those modernization projects, and best practices for implementing secure identity. Segment Resources: [Identity Orchestration Use Cases](https://www.strata.io/use-cases/)  [What is Identity Orchestration WhitePaper](https://www.strata.io/resources/whitepapers/what-is-identity-orchestration-and-why-you-need-it-to-succeed-with-multi-cloud/)   This segment is sponsored by Strata. Visit https://securityweekly.com/strata to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-244 

Eric Olden, CEO and Co-Founder of Strata Identity, discusses the concept of Identity Orchestration. He covers the evolving identity landscape and how it has evolved to keep pace with modern apps, the challenges encountered during an identity modernization project, how Identity Orchestration helps those modernization projects, and best practices for implementing secure identity. Segment Resources: [Identity Orchestration Use Cases](https://www.strata.io/use-cases/)  [What is Identity Orchestration WhitePaper](https://www.strata.io/resources/whitepapers/what-is-identity-orchestration-and-why-you-need-it-to-succeed-with-multi-cloud/)   This segment is sponsored by Strata. Visit https://securityweekly.com/strata to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-244 

Daniel Wroclawski is the Associate Multimedia Content Creator at Consumer Reports. In this episode of Cybercrime Radio, he discusses smart home devices, such as video doorbells and home security cameras, and how they're targeted by bad actors, alongside giving some tips on how the public can use these products safely and securely. This microcast is a short version of our full interview with Wroclawski, which you can listen to at https://soundcloud.com/cybercrimemagazine/smart-home-devices-more-security-vulnerabilities-daniel-wroclawski-consumer-reports

Several organizations, predominantly in the U.K., have confirmed data breaches that stemmed from exploitation of the critical Moveit Transfer zero-day vulnerability.

“A cyber risk assessment is nothing more than a diagnosis.”As a small or medium business, you may assume you're not a primary target for cyber attacks. Cybersecurity expert and CEO & Co-Founder of Trava Security Jim Goldman reveals that small and medium businesses are actually more likely targets than large enterprise customers. Whether you're a Fortune 500 company or a brand-new startup, it's time to take a proactive approach to your cyber security with cyber risk assessments. In this episode, you'll discover the essential frameworks and standards needed to prioritize vulnerabilities and maintain an acceptable level of risk exposure. Don't wait until it's too late–learn how to safeguard your business today.What you'll learn in this episode:Cyber risk assessments like going to the doctor for a diagnosis or annual physical.The type of cyber risk assessment you need is dependent on the type of framework you want a certificate in.Prioritize the vulnerabilities exposed in a cyber risk assessment by potential impact.Things to listen for:[02:00] Why it's crucial for companies of all sizes to conduct cyber risk assessments[10:45] What information a cyber risk assessment uncovers[13:25] How frameworks and risk assessments work together[14:30] How to prioritize the vulnerabilities uncovered in a cyber risk assessmentConnect with the Guest:Jim Goldman's LinkedInConnect with the Host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

Upstream Security's Vice President of Marketing evaluates automakers' commitment to fighting cybersecurity threats and the double-edged sword of connectivity. White-hat hackers, she says, are playing an important role in rooting out threats.

This Risk & Repeat podcast episode discusses the recent developments involving ESXiArgs, the ransomware variant that has been infecting vulnerable VMware ESXi servers this month.

Earn additional income by sharing your opinion on userinterviews.com!Episode Resources:Executive Order on Improving the Nation's CybersecurityAlpha-Omega ProjectsCybersecurity & Infrastructure Security Agency (Cisa)Tools to create SBOM  About Barak BrudoBarak Brudo helps organizations secure their software supply chain. He works as a Developer Relations Advocate at Scribe Security.Other episodes you'll enjoyWhat developers should know about securityThe Secret To High-Quality CodeVulnerability disclosure with Katie Moussouris 

CISA adds to its Known Exploited Vulnerability Catalog. Attacks against industrial systems. DNV is recovering from ransomware. Chinese cyberespionage is reported against Iran. The persistence of nuisance-level hacktivism. Robert M. Lee from Dragos outlines pipeline security. Our guest is Yasmin Abdi from Snap on bringing her team up to speed with zero trust. And a side-effect of Russia's war: a drop in paycard fraud. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/11 Selected reading. Bolster Your Company Defenses With Zero Trust Edge (iBoss) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) GE Digital Proficy Historian (CISA) Mitsubishi Electric MELSEC iQ-F, iQ-R Series (CISA)  Siemens SINEC INS (CISA) Contec CONPROSYS HMI System (CHS) Update A (CISA) Nozomi Networks Researchers Take a Deep Look into the ICS Threat Landscape (Nozomi Networks) A look at IoT/ICS threats. (CyberWire) DNV's fleet management software recovering from ransomware attack. (CyberWire) DNV says up to 1,000 ships affected by ransomware attack (Computing) Ransomware attack on maritime software impacts 1,000 ships (The Record from Recorded Future News) Chinese Playful Taurus Activity in Iran (Unit 42) Playful Taurus: a Chinese APT active against Iran. (CyberWire) Russian hackers allegedly tried to disrupt a Ukrainian press briefing about cyberattacks (Axios) Russia's Ukraine War Drives 62% Slump in Stolen Cards (Infosecurity Magazine) Annual Payment Fraud Intelligence Report: 2022 (Recorded Future)

Microsoft January 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420 Cacti Unauthenticated Remote Code Execution https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/ On the Security Vulnerabilities of Text-to-SQL Models https://arxiv.org/pdf/2211.15363.pdf

Microsoft January 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420 Cacti Unauthenticated Remote Code Execution https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/ On the Security Vulnerabilities of Text-to-SQL Models https://arxiv.org/pdf/2211.15363.pdf

In this week's episode of CYBER24, we sit down with Dr. Danny Rittman to discuss Overlooked Security Vulnerabilities. Dr. Rittman is an R&D expert and CTO of GBT Technologies. We discuss everyIn this week's episode of CYBER24, we sit down with Dr. Danny Rittman to discuss Overlooked Security Vulnerabilities. Dr. Rittman is an R&D expert and CTO of GBT Technologies. We discuss everything from a new type of chip he's working on that will greatly increase storage capacity. We also talk about radio cybersecurity and authentication methods, inlcuidng how machine learning plays into cybersecurity. thing from a new type of chip he's working on that will greatly increase storage capacity. We also talk about radio cybersecurity and authentication methods, inlcuidng how machine learning plays into cybersecurity. 

On this episode of Embedded Insiders, we're joined by Paul Butcher, Senior Software Engineer at AdaCore, to discuss how AI can make fuzz testing even more robust through the integration of techniques like symbolic execution and input-to-state correspondence that optimize test data sets against scenarios a system might encounter in the real world.Next, Brandon heads back into the Industrial Metaverse with part 2 of a Blueprints series – created in partnership with Bosch, Cloud Blue, the MathWorks, NVIDIA, and Siemens – which reveals how the combination of cyber-physical systems, model-based systems engineering, and digital twins can provide a path to solving some of the world's most complex problems.But first, Brandon and Rich express their hesitations about the European Commission's proposed Cyber Resilience Act, which requires manufacturers to protect their IoT and IIoT device from unauthorized access at all stages of the product lifecycle.

Podcast: Government Information Security Podcast (LS 27 · TOP 10% what is this?)Episode: Most Concerning Security Vulnerabilities in Medical DevicesPub date: 2022-10-14Security flaws in a vital signs monitoring device from a China-based manufacturer could allow hackers to launch an attack that spreads to all other devices connected to the same network. This is among the most serious security issues involving medical devices, says Jason Sinchak of Level Nine.The podcast and artwork embedded on this page are from GovInfoSecurity.com, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The Java Virtual Machine is an abstract machine that makes it possible for you to write Java code once and run it across multiple devices and operating system types. While you can use the OpenJDK it comes with various issues like Security Vulnerabilities and compliance. Azul is a company that specializes in Java for the The post Azul with John Ceccarelli appeared first on Software Engineering Daily.

The Java Virtual Machine is an abstract machine that makes it possible for you to write Java code once and run it across multiple devices and operating system types. While you can use the OpenJDK it comes with various issues like Security Vulnerabilities and compliance. Azul is a company that specializes in Java for the The post Azul with John Ceccarelli appeared first on Software Engineering Daily.

Syxsense has been working on endpoint security for over 10 years. They are talking about all endpoints – even the ones you do not know about. Once more, they will perform a scan of the endpoint and evaluate it for vulnerabilities which would include the verification on the latest release and patches. Ashley Leonard Ashley Leonard, CEO at Syxsense speaks to Don Witt of The Channel Daily News, a TR publication about their current technology and their newly released Syxsense Enterprise which provides MSPs, MSSPs and customers the ability to remediate security configuration vulnerabilities. Listen in as Ashley provides great insight into the major endpoint issues resulting from the shift to the remote access worker.  Since this configuration is now here to stay, he covers the measures necessary to keep the corporate network secure. Lastly, Ashley is a channel person.  He has been part of the channel for a long time and has structured the sales opportunities to go through the channel making it a win – win solution for the resellers and for Syxsense. Syxsense has created innovative and intuitive technology that sees and knows everything. Secure every endpoint, in every location, everywhere inside and outside the network, as well as in the cloud. Artificial intelligence (AI) helps security teams predict and root out threats before they happen—and swiftly make them disappear when they do. Headquartered in Aliso Viejo, California, Syxsense is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Over the past 10 years, Syxsense has worked with more than 500 companies ranging from 100 to 100,000 endpoints delivering a variety of solutions for organizations of all sizes as well as managed service providers (MSPs). For more information, go to: https://www.syxsense.com

0:00 Bestie intros! 1:25 Twitter's former head of security makes allegations against the company 22:08 Foreign countries placing government agents in US tech companies, cloud security vulnerabilities 33:54 Student loan forgiveness 1:03:25 Red wave or red ripple? 1:07:57 Science corner: Gut microbiome, fecal transplants Follow the besties: https://twitter.com/chamath https://linktr.ee/calacanis https://twitter.com/DavidSacks https://twitter.com/friedberg Follow the pod: https://twitter.com/theallinpod https://linktr.ee/allinpodcast Intro Music Credit: https://rb.gy/tppkzl https://twitter.com/yung_spielburg Intro Video Credit: https://twitter.com/TheZachEffect Referenced in the show: https://www.washingtonpost.com/technology/interactive/2022/twitter-whistleblower-sec-spam https://www.npr.org/2022/08/23/1119071586/twitter-whistleblower-complaint-elon-musk-security-bots-fake-users https://www.cnn.com/2022/08/23/tech/twitter-whistleblower-peiter-zatko-security/index.html https://time.com/6207996/twitter-whistleblower-allegations/ https://twitter.com/DavidSacks/status/1562179576800763904 https://twitter.com/DavidSacks/status/1562179705322684416 https://www.reuters.com/world/india/india-forced-twitter-put-agent-payroll-whistleblower-says-2022-08-23 https://twitter.com/elonmusk/status/1562105413977493504 https://www.dailymaverick.co.za/article/2022-08-24-musk-gets-a-potential-boost-with-twitter-whistle-blowers-claims-2 https://www.cnn.com/2022/08/23/tech/twitter-whistleblower-peiter-zatko-security/index.html https://www.zuckermanlaw.com/sp_faq/largest-sec-whistleblower-awards https://blogs.microsoft.com/on-the-issues/2021/06/30/the-need-for-legislative-reform-on-secrecy-orders https://theliberalpatriot.substack.com/p/the-democrats-shifting-coalition https://fortune.com/2022/08/24/biden-changing-income-driven-repayment-plan-student-debt-borrowers https://twitter.com/LHSummers/status/1562040653432999936 https://www.socialcapital.com/ideas/2021-annual-letter https://www.cookpolitical.com/analysis/house/2022-primaries/red-wave-looks-more-ripple https://www.cell.com/cell/pdf/S0092-8674(22)00919-9.pdf https://grow.google

Want to give your ears a break and read this as an article? You're looking for this link.https://www.lastweekinaws.com/blog/azures_vulnerabilities_are_quackWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/5iTxtBnCPysNever miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your AWS bill

In this episode, we talk about Elon Musk's Twitter takeover and the Twitter storm it created, especially amongst Twitter employees. Then we speak with Dipanjan Das, system security researcher at UC Santa Barbara, about various large scale hacks in the blockchain space, and how companies and individuals can better protect themselves in the growing Web3 space. Finally, we speak with senior software engineer and popular Tiktoker feleciaforthewin, about how she experimented with the TikTok algorithm and ended up gaining over 300-thousand followers. Show Notes DevDiscuss (sponsor) CodeNewbie (sponsor) Avalanche (sponsor) DevNews S8E1: Coding Under Bombing Elon Musk and Twitter Reach Deal for Sale Understanding Security Issues in the NFT Ecosystem Ethereum-based stablecoin protocol Beanstalk loses about $182 million to exploit US officials link North Korean Lazarus hackers to $625M Axie Infinity crypto theft North Korean hackers who stole $600M from Axie Infinity are still laundering their haul, recently moving $4.5M of ETH, after the US tried to freeze those assets Bored Ape Instagram account hacked: NFTs worth $2.8 million stolen A former software developer gained 245,000 TikTok followers by testing her theories about the app's algorithm feleciaforthewin

This is the audio-only version of our twice weekly cyber security talk show, teissTalk.  Join us twice a week for free by visiting www.teiss.co.uk/teisstalk On this episode, we focus on the following news story; Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations https://www.infosecurity-magazine.com/news/thousands-mobile-apps-expose-data/ The panel discussion is titled “Prioritising your security vulnerabilities and misconfigurations” https://www.teiss.co.uk/teisstalk/prioritising-your-security-vulnerabilities This episode is hosted by Jenny Radcliffe  https://www.linkedin.com/in/jenny-radcliffe-the-people-hacker-%F0%9F%8E%A4%F0%9F%8E%A7%F0%9F%A7%A0-85ba1611/  Our Guests are Leandros Maglaras, Professor of Cyber Security, De Montfort University https://www.linkedin.com/in/leandrosmaglaras Andrea Manning, CEO and Co-founder, CyberPie https://www.linkedin.com/in/andreamanning1/ Maor Bin, CEO & Co-Founder, Adaptive-shield https://www.linkedin.com/in/maorbin 

Karen Worstell, Senior Cybersecurity Strategist at VMware, talks how best to mitigate and respond to burnout in security careers. Drawing from her own experience as Chief Information Security Officer (CISO) at Microsoft and AT&T, Worstell discusses her career accomplishments as a security executive and how cyber leaders can manage burnout in their organizations.