Podcasts about Spyware

This week, Lois Houston and Nikita Abraham are joined by Principal OCI Instructor Orlando Gentil to explore what truly keeps data safe, and what puts it at risk.   They discuss the CIA triad, dive into hashing and encryption, and shed light on how cyber threats like malware, phishing, and ransomware try to sneak past defenses.   Cloud Tech Jumpstart: https://mylearn.oracle.com/ou/course/cloud-tech-jumpstart/152992 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. ------------------------------------------ Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services. Nikita: Hey everyone! Last week, we discussed how you can keep your data safe with authentication and authorization. Today, we'll talk about various security risks that could threaten your systems. 00:48 Lois: And to help us understand this better, we have Orlando Gentil, Principal OCI Instructor, back with us. Orlando, welcome back! Let's start with the big picture—why is security such a crucial part of our digital world today? Orlando: Whether you are dealing with files stored on a server or data flying across the internet, one thing is always true—security matters. In today's digital world, it's critical to ensure that data stays private, accurate, and accessible only to the right people.  01:20 Nikita: And how do we keep data private, secure, and unaltered? Is there a security framework that we can use to make sense of different security practices? Orlando: The CIA triad defines three core goals of information security.  CIA stands for confidentiality. It's about keeping data private. Only authorized users should be able to access sensitive information. This is where encryption plays a huge role. Integrity means ensuring that the data hasn't been altered, whether accidentally or maliciously. That's where hashing helps. You can compare a stored hash of data to a new hash to make sure nothing's changed. Availability ensures that data is accessible when it's needed. This includes protections like system redundancy, backups, and anti-DDoS mechanisms. Encryption and hashing directly support confidentiality and integrity. And they indirectly support availability by helping keep systems secure and resilient. 02:31 Lois: Let's rewind a bit. You spoke about something called hashing. What does that mean? Orlando: Hashing is a one-way transformation. You feed in data and it produces a unique fixed length string called a hash. The important part is the same input always gives the same output, but you cannot go backward and recover the original data from the hash. It's commonly used for verifying integrity. For example, to check if a file has changed or a message was altered in transit. Hashing is also used in password storage. Systems don't store actual passwords, just their hashes. When you log in, the system hashes what you type it and compare the stored hash. If they match, you're in. But your actual password was never stored or revealed. So hashing isn't about hiding data, it's about providing it hasn't changed. So, while hashing is all about protecting integrity, encryption is the tool we use to ensure confidentiality. 03:42 Nikita: Right, the C in CIA. And how does it do that? Orlando: Encryption takes readable data, also known as plaintext, and turns it into something unreadable called ciphertext using a key. To get the original data back, you need to decrypt it using the right key. This is especially useful when you are storing sensitive files or sending data across networks. If someone intercepts the data, all they will see is gibberish, unless they have the correct key to decrypt it. Unlike hashing, encryption is reversible as long as you have the right key. 04:23 Lois: And are there different types of encryption that serve different purposes? Orlando: Symmetric and asymmetric encryption. With symmetric encryption, the same key is used to both encrypt and decrypt the data. It's fast and great for securing large volumes of data, but the challenge lies in safely sharing the key. Asymmetric encryption solves that problem. It uses a pair of keys: public key that anyone can use to encrypt data, and a private key that only the recipient holds to decrypt it. This method is more secure for communications, but also slower and more resource-intensive. In practice, systems often use both asymmetric encryption to exchange a secure symmetric key and then symmetric encryption for the actual data transfer. 05:21 Nikita: Orlando, where is encryption typically used in day-to-day activities? Orlando: Data can exist in two primary states: at rest and in transit. Data at rest refers to data stored on disk, in databases, backups, or object storage. It needs protection from unauthorized access, especially if a device is stolen or compromised. This is where things like full disk encryption or encrypted storage volumes come in. Data in transit is data being sent from one place to another, like a user logging into a website or an API sending information between services. To protect it from interception, we use protocols like TLS, SSL, VPNs, and encrypted communication channels. Both forms data need encryption, but the strategies and threats can differ. 06:19 Lois: Can you do a quick comparison between hashing and encryption? Orlando: Hashing is one way. It's used to confirm that data hasn't changed. Once data is hashed, it cannot be reversed. It's perfect for use cases like password storage or checking the integrity of files. Encryption, on the other hand, it's two-way. It's designed to protect data from unauthorized access. You encrypt the data so only someone with the right key can decrypt and read it. That's what makes it ideal for keeping files, messages, or network traffic confidential. Both are essential for different reasons. Hashing for trust and encryption for privacy. 07:11 Adopting a multicloud strategy is a big step towards future-proofing your business and we're here to help you navigate this complex landscape. With our suite of courses, you'll gain insights into network connectivity, security protocols, and the considerations of working across different cloud platforms. Start your journey to multicloud today by visiting mylearn.oracle.com.  07:39 Nikita: Welcome back! When we talk about cybersecurity, we hear a lot about threats and vulnerabilities. But what do those terms really mean? Orlando: In cybersecurity, a threat is a potential danger and a vulnerability is a weakness an asset possess that a threat can exploit. When a threat and a vulnerability align, it creates a risk of harm. A threat actor then performs an exploit to leverage that vulnerability, leading to undesirable impact, such as data loss or downtime. After an impact, the focus shifts to response and recovery to mitigate damage and restore operations.  08:23 Lois: Ok, let's zero in on vulnerabilities. What counts as a vulnerability, and what categories do attackers usually target first?  Orlando: Software and hardware bugs are simply unintended flaws in a system's core programming or design. Misconfigurations arise when systems aren't set up securely, leaving gaps. Weak passwords and authentication provide easy entry points for attackers. A lack of encryption means sensitive data is openly exposed. Human error involves mistakes made by people that unintentionally create security risks. Understanding these common vulnerability types is the first step in building more resilient and secure systems as they represent the critical entry points attackers leverage to compromise systems and data. By addressing these, we can significantly reduce our attack surface and enhance overall security.  09:28 Nikita: Can we get more specific here? What are the most common cybersecurity threats that go after vulnerabilities in our systems and data? Orlando: Malware is a broad category, including viruses, worms, Trojans, and spyware. Its goal is to disrupt or damage systems. Ransomware has been on the rise, targeting everything from hospitals to government agencies. It lock your files and demands a ransom, usually in cryptocurrency. Phishing relies on deception. Attackers impersonate legitimate contacts to trick users into clicking malicious links or giving up credentials. Insider threats are particularly dangerous because they come within employees, contractors, or even former staff with lingering access. Lastly, DDoS attacks aim to make online services unavailable by overwhelming them with traffic, often using a botnet—a network of compromised devices. 10:34 Lois: Orlando, can you walk us through how each of these common cybersecurity threats work? Orlando: Malware, short for malicious software, is one of the oldest and most pervasive types of threats. It comes in many forms, each with unique methods and objectives. A virus typically attaches itself to executable files and documents and spreads when those are shared or opened. Worms are even more dangerous in networked environments as they self-replicate and spread without any user action. Trojans deceive users by posing as harmless or helpful applications. Once inside, they can steal data or open backdoors for remote access. Spyware runs silently in the background, collecting sensitive information like keystrokes or login credentials. Adware might seem like just an annoyance, but it can also track your activity and compromise privacy. Finally, rootkits are among the most dangerous because they operate at a low system level, often evading detection tools and allowing attackers long-term access. In practice, malware can be a combination of these types. Attackers often bundle different techniques to maximize damage.  12:03 Nikita: And what about ransomware? Why it is such a serious threat? Orlando: Ransomware has become one of the most disruptive and costly types of cyber attacks in recent years. Its goal is simple but devastating, to encrypt your data and demand payment in exchange for access. It usually enters through phishing emails, insecure remote desktop protocol ports or known vulnerabilities. Once inside, it often spreads laterally across the network before activating, ensuring maximum impact. There are two common main forms. Crypto ransomware encrypts user files, making them inaccessible. Locker ransomware goes a step further, locking the entire system interface, preventing any use at all. Victims are then presented with a ransom note, typically requesting cryptocurrency payments in exchange for the decryption key. What makes ransomware so dangerous is not just the encryption itself, but the pressure it creates. Healthcare institutions, for instance, can't afford the downtime, making them prime targets.  13:18 Lois: Wow. Thanks, Orlando, for joining us today.  Nikita: Yeah, thanks Orlando. We'll be back next week with more on how you use security models to tackle these threats head-on. And if you want to learn about the topics we covered today, go to mylearn.oracle.com and search for the Cloud Tech Jumpstart  course. Until next time, this is Nikita Abraham… Lois: And Lois Houston, signing off! 13:42 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

Hacking, Ransomware Attack, Phishing, Spyware, Network Intrusion, Data Theft-Breach. Jeff Kiple, owner/founder of Kelpie Security, LLC discusses with Lincoln and Mark what businesses and organizations face in a connected world and how to help protect vital business records and more.

Government surveillance vendors want us to believe their spyware products are only used in limited and targeted operations against terrorists and serious criminals. That claim is increasingly difficult to justify, given the broad range of victims — journalists, activists, and now political consultants — that have come forward. AI isn't all or nothing, and even good bets can turn sour if you aren't careful about how you make them. Learn more about your ad choices. Visit podcastchoices.com/adchoices

runC flaws could allow hackers to escape Docker containers Lost iPhone scam warning Landfall Android spyware targets Samsung Galaxy phones Huge thanks to our sponsor, Vanta What's your 2 AM security worry?   Is it "Do I have the right controls in place?"   Or "Are my vendors secure?"   ....or the really scary one: "how do I get out from under these old tools and manual processes?   Enter Vanta.   Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit-ready—ALL…THE…TIME. With Vanta, you get everything you need to move faster, scale confidently—and get back to sleep.   Get started at vanta.com/headlines   Find the stories behind the headlines at CISOseries.com.

Season 09 Episode 02: Spyware - Yah, baby! It's all the rageThe team debate a question in workplace dismissals: “Was the sacking harsh, unjust, or unreasonable?”Alan presents the new way of working as an inspector – using body-worn cameras in investigations. He argues, “If you are capturing someone's personal information, a video of them, a voice recording, and their interactions, the person should receive a copy of what has been captured.” Trajce and Sara weigh in on the debate, with workplace trends rampant in the use of spyware software, tracking keystrokes, and meeting attendance. Sara reminds the team of provisions to constrain ‘unnecessary surveillance' in psychosocial risk management mandates. Alan explains, “it's so much easier if you have stated the scope of surveillance in a policy.”In another story, Trajce is humoured by the idea that spending up to an hour a day to online shop for personal items at work is permissible in some jurisdictions, yet workers yearn for a right to disconnect from work on their home time.For more on Psychosocial Risk Management, check out: PRAiSE (Psychosocial Risk Assessment and Integrated Solutions for Employers) – Certified Assessor and Manager programs - and PRA, the new task-based Psychosocial Risk Analyser feature within the ErgoAnalyst software platform. These tools are helping teams visualise, quantify, qualify, and respond to both contextualised physical and psychosocial workplace risks, merging technical rigour with empathy-driven co-design.

00:00: ☀️ Bom dia Tech!01:12: ⚡ OpenAI pede apoio do governo dos EUA para acelerar construção de data centers de IA02:35:

Referências do EpisódioLANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung DevicesWhisper Leak: A novel side-channel attack on remote language modelsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

A newly identified Android spyware targeted Galaxy devices for close to a year, including users in the Middle East, researchers exclusively tell TechCrunch. In addition, the congressional research office confirmed a breach, but did not comment on the cause. A security researcher suggested the hack may have originated because CBO failed to patch a firewall for more than a year. Learn more about your ad choices. Visit podcastchoices.com/adchoices

We don't do holiday themed episodes in this house, so no tricks, but we have some treats for you. First we discuss the problem of shadow AI (1:00) and how it seems like we're just repeating the mistakes of previous tech waves in ignoring security until it's too late. Then we dig into a new report from Kaspersky about a crazy exploit they discovered for a Chrome sandbox escape that led them to identify the new version of Hacking Team's spyware called Dante (23:00). Finally, we provide some important updates on our respective wildlife encounters (33:00).Kaspersky report: https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/ Support the show

Rachel Maddow explains that while much of Donald Trump's abuse of power is typical of authoritarians, Trump has a new tool that no authoritarian before him has had: extremely advanced spyware. Trump is already deploying this new weapon through ICE, which intends to use this surveillance technology against immigrants but also against Americans who protest against ICE, and anyone they might snare with an extremely loose definition of "anti-fascist."Rachel Maddow considers reasons why protesting against authoritarians is important, from feeling empowered to ensuring that important rights don't atrophy or get taken away when they're not in use. But another important use for protest is to send a message to the people and entities that would capitulate and become accomplices in the authoritarian's abuses.Marc Elias, attorney and founder of Democracy Docket, talks with Rachel Maddow about the fight he expects Donald Trump to put up as Trump's unpopularity makes a clean election victory less likely. Even as Trump will abuse the power and credibility of the Justice Department to serve his ends, his past bad faith in making bogus election fraud accusations gives his legal opponents an advantage. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Atlas browser hijacked Bye, bye Twitter birdie Dante spyware surfaces Huge thanks to our sponsor, Conveyor Security reviews don't have to feel like a hurricane. Most teams are buried in back-and-forth emails and never-ending customer requests for documentation or answers. But Conveyor takes all that chaos and turns it into calm. AI fills in the questionnaires, your trust center is always ready, and sales cycles move without stalls. Breathe easier—check out Conveyor at www.conveyor.com.

Three Buddy Problem - Episode 69: We dig into news that Apple's iOS 26 has quietly killed the shutdown.log forensic artifact used to spot signs of infections and what it means for threat hunters. Plus, whispers of a million-dollar WhatsApp zero-click exploit that never materialized at Pwn2Own, a surreal court case linking a Trenchant exploit developer to Russian buyers, and Chinese threat intel reports pointing fingers at the NSA. We also discuss calls for the US government to build a structured, lawful ecosystem for private-sector offensive operations to address existing chaos and market gaps. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

A change in iOS is deleting-clues of old spyware infections, Starlink disables 2,500 terminals at scam compounds, a Caribbean hospital is still down 5 months after a ransomware attack, and officials are charged in Poland's Pegasus spyware scandal. Show notes Risky Bulletin: iOS 26 change deletes clues of old spyware infections

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

A foreign threat actor breached a key U.S. nuclear weapons manufacturing site. The cyberattack on Jaguar Land Rover is the most financially damaging cyber incident in UK history. A new report from Microsoft' warns that AI is reshaping cybersecurity at an unprecedented pace. The ToolShell vulnerability fuels Chinese cyber operations across four continents. Fake browser updates are spreading RansomHub, LockBit, and data-stealing malware. Hackers deface LA Metro bus stop displays. A Spyware developer is warned by Apple of a mercenary spyware attack. Pwn2Own payouts proceed. Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on a Federal Whistle Blower from the SSA. When the cloud goes down, beds heat up.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on a Federal Whistle Blower from the SSA. If you enjoyed Ben's conversation, be sure to check out more from him over on the Caveat Podcast. 2025 Microsoft Digital Defense Report To learn more about the 2025 Microsoft Digital Defense Report, join our partners on The Microsoft Threat Intelligence Podcast. On today's episode, host Sherrod DeGrippo is joined by Chloé Messdaghi and Crane Hassold to unpack the key findings of the 2025 Microsoft Digital Defense Report; a comprehensive look at how the cyber threat landscape is accelerating through AI, automation, and industrialized criminal networks. You can listen to new episodes of The Microsoft Threat Intelligence Podcast every other Wednesday on your favorite podcast app. Selected Reading Foreign hackers breached a US nuclear weapons plant via SharePoint flaws (CSO Online) JLR hack is costliest cyber attack in UK history, say analysts (BBC) Microsoft 2025 digital defense report flags rising AI-driven threats, forces rethink of traditional defenses (Industrial Cyber) The New Frontlines of Cybersecurity: Lessons from the 2025 Digital Defense Report (The Microsoft Threat Intelligence Podcast)   Sharepoint ToolShell attacks targeted orgs across four continents (Bleeping Computer) SocGholish Malware Using Compromised Sites to gDeliver Ransomware (Hackread) LA Metro digital signs taken over by hackers (KTLA) Apple alerts exploit developer that his iPhone was targeted with government spyware (TechCrunch) Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025 (SecurityWeek) AWS crash causes $2,000 Smart Beds to overheat and get stuck upright (Dexerto) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Three Buddy Problem - Episode 67: We discuss the rise of automated red-teaming, Apple's $2 million exploit chain bounties aimed at outbidding spyware brokers and the iPhone maker's focus on wireless proximity attacks and “tactical suitcase” Wi-Fi exploits. We also hit the news of Paragon spyware targeting European executives and the bizarre story of NSO Group's supposed US investor buyout. Plus, an update on Oracle's zero-day ransomware fiasco, Ivanti's endless patch delays, the ethics of journalists enabling ransomware operations on leak sites, Europe's latest failed push for Chat Control, and VirusTotal's new pricing tiers. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Jen Roberts, Associate Director of the Atlantic Council's Cyber Statecraft Initiative, and Sarah Graham, Research Consultant with the Atlantic Council's Cyber Statecraft Initiative, who are coauthors along with Nitansha Bansal of the recent paper, “Mythical Beasts: Diving Into the Depths of the Global Spyware Market,” join Lawfare's Justin Sherman to discuss the global spyware industry, how it has evolved in recent years, and what its future holds. They also discuss the geographic concentration of key spyware entities in several countries; a rise in U.S. investors in the spyware industry; how “strategic jurisdiction hopping,” name changes, and corporate structure shifts impact spyware firms' evolution and transparency into their activities; and how U.S. policymakers should approach the global spyware market going forward.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/lawfare-institute.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

Nachdem die Bundesregierung der Chatkontrolle – also der europaweiten Durchsuchung privater Nachrichten – eine Absage erteilt hat, wird die EU-Abstimmung darüber auf Dezember verschoben. Gleichzeitig ignoriert die EU-Kommission seit Jahren massive Überwachungsskandale in den Mitgliedsstaaten. In Spanien, Polen, Ungarn und Griechenland haben Regierungen mit Spyware wie Pegasus und Predator Journalistinnen, Oppositionelle sowie Anwälte ausspioniert. Ein EU-Untersuchungsausschuss bestätigte diesen systematischen Missbrauch – doch statt Konsequenzen folgte Schweigen. Auch Deutschland kaufte intransparent und unter Ausschluss der Öffentlichkeit eine modifizierte Pegasus-Version für das BKA. Das Problem: Außerhalb der Sicherheitsbehörden hat niemand diese Software je zu Gesicht bekommen. Selbst Bundestagsabgeordnete erhalten oft nur geschwärzte Unterlagen. Diese Intransparenz macht eine Kontrolle nahezu unmöglich, ob die mächtigste Spionagesoftware der Welt missbraucht wird. Das Fazit ist ernüchternd: Die EU kann sich selbst nicht kontrollieren, wenn Überwachung im Spiel ist. Mitgliedsstaaten berufen sich auf "nationale Sicherheit" und blockieren jede Reform. Gleichzeitig drängen dieselben Regierungen auf neue Überwachungsbefugnisse wie die Chatkontrolle. Wie konnte es so weit kommen? Was würde das Ende der Verschlüsselung für unsere Demokratie bedeuten? Und wer schützt uns vor dem Staat, wenn Kontrolle zur Macht wird? Über all das sprechen Dilan Gropengiesser und Holger Stark, stellvertretender Chefredakteur und Ressortleiter Investigative Recherche und Daten bei DIE ZEIT, in Folge 112 von Was jetzt? – Die Woche.

A federal workers' union is suing the Education Department after agency employees on furlough or administrative leave discovered that their automatic email replies had been changed to a message blaming Democratic lawmakers for the ongoing government shutdown. The complaint, filed by the American Federation of Government Employees, asks a court to prohibit the Education Department's alleged efforts to “put political speech in federal employees' mouths.” “Forcing civil servants to speak on behalf of the political leadership's partisan agenda is a blatant violation of federal employees' First Amendment rights,” the suit stated, adding that “employees are now forced to involuntarily parrot the Trump Administration's talking points with emails sent out in their names.” The suit came one day after some furloughed workers discovered that their automatic out-of-office email replies were changed without their knowledge, from neutral language to partisan messaging that blamed Democrats for the shutdown, which began last Wednesday. Three House Democrats questioned the Department of Homeland Security on Monday over a reported Immigration and Customs Enforcement contract with a spyware provider that they warn potentially “threatens Americans' freedom of movement and freedom of speech.” Their letter follows publication of a notice that ICE had lifted a stop-work order on a $2 million deal with Israeli spyware company Paragon Solutions, a contract that the Biden administration had frozen one year ago pending a review of its compliance with a spyware executive order. Paragon is the maker of Graphite, and advertises it as having more safeguards than competitors that have received more public and legal scrutiny, such as NSO Group's Pegasus, a claim researchers have challenged. A report earlier this year found suspected deployments of Graphite in countries across the globe, with targets including journalists and activists. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

This week, we are joined by Martin Zugec, Technical Solutions Director from Bitdefender, sharing their work and findings on "EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company. A newly identified Chinese APT group has been observed deploying a sophisticated, fileless malware framework called EggStreme against a Philippine military company. The multi-stage toolkit uses DLL sideloading and in-memory execution to evade detection, with its core backdoor, EggStremeAgent, enabling reconnaissance, lateral movement, keylogging, and data theft. Researchers note the campaign's persistence and stealth highlight professional, geopolitically motivated espionage activity linked to Chinese national interests. The research can be found here: EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Martin Zugec, Technical Solutions Director from Bitdefender, sharing their work and findings on "EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company. A newly identified Chinese APT group has been observed deploying a sophisticated, fileless malware framework called EggStreme against a Philippine military company. The multi-stage toolkit uses DLL sideloading and in-memory execution to evade detection, with its core backdoor, EggStremeAgent, enabling reconnaissance, lateral movement, keylogging, and data theft. Researchers note the campaign's persistence and stealth highlight professional, geopolitically motivated espionage activity linked to Chinese national interests. The research can be found here: EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode we look at how Immigration and Customs Enforcement is believed to have access to Graphite—powerful spyware capable of silently hacking smartphones and reading encrypted apps like WhatsApp and Signal. At issue is what Graphite can do, the legal red lines it risks crossing, and what it means for civil liberties inside the U.S. if you carry a phone. Joining us are Eric O'Neill, a former FBI counterintelligence operative, author, and current national security strategist with Nexasure, and Theresa Payton, CEO of Fortalice Solutions and former White House Chief Information Officer.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Tom Uren and Amberleigh Jack talk about why it is good news that US investment in spyware vendors has skyrocketed. They also discuss the in-principle agreement for TikTok to remain in the US. It's a win-win: a win for China and a win for TikTok, but not so much a win for US national security. This episode is also available on YouTube. Show notes

Longterm and short-term security work from Apple on this week's Checklist. First, the company's warning individuals in France of potential spyware attacks. We'll look at what they're looking for and advice for staying safe. Plus - the iPhones Apple announced this week are bringing a new memory safety feature. We'll familiarize ourselves with Memory Integrity Enforcement on this edition of The Checklist, brought to you by SecureMac. Check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com

SonicWall SSL VPN flaws now being actively exploited Acting federal cyber chief outlines his priorities U.S. based investors in spyware firms nearly tripled in 2024 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.    

The feature is called Memory Integrity Enforcement (MIE) and is designed to help stop memory corruption bugs, which are some of the most common vulnerabilities exploited by spyware developers and makers of phone forensic devices used by law enforcement.  Learn more about your ad choices. Visit podcastchoices.com/adchoices

Apple notifies French users of spyware attacks, China will increase fines for data breaches Google pays $1.6mil for cloud bugs at a hackathon event, and no more hacked free laundry for Dutch students Show notes Risky Bulletin: Most UK school hacks are caused by their own students

Three Buddy Problem - Episode 61: We cover a pair of software supply chain breaches (Salesforce Salesloft Drift and NPM/GitHub) that raises big questions about SaaS integrations and the ripple effects across major security vendors. Plus, Apple's new Memory Integrity Enforcement in iPhone 17 and discussion on commercial spyware infections and the value of Apple notifications; concerns around Chinese hardware and surveillance equipment in US infrastructure; Silicon Valley profiting from China's surveillance ecosystem; and controversy around a Huntress disclosure of an attacker's operations after an EDR agent was mistakenly installed. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

China holds a military parade with Vladimir Putin and Kim Jong Un, the U.S. military strikes an alleged Tren de Aragua drug boat, killing 11, the Thai government seeks House dissolution as the opposition backs a rival's Prime Minister bid, U.K. Deputy Prime Minister Rayner admits to stamp duty underpayment, the Trump administration lifts a hold on a $2M ICE spyware contract, U.S. deportees to Eswatini are allegedly held without charge, Jeffrey Epstein survivors hold a news conference with Congressional representatives, a judge orders Google to share search data but rejects breaking up the tech giant, an AI surveillance startup says it can end crime in America, and a new study calculates sea level rise at only 1.5 mm per year. Sources: www.verity.news

How to Protect Yourself Against Government's Latest Spyware by Nick Espinosa, Chief Security Fanatic

Most infected computers run malware for months before owners notice, while criminals harvest passwords and banking details. Safe Mode deletion, browser resets, and recognizing fake security warnings can reclaim your machine—but the real shock is discovering what's been stolen.Learn more: https://www.iolo.com/ Iolo Technologies City: Pasadena Address: 150 South Los Robles Avenue Website: https://www.iolo.com/

Jon looks at crimes across the country, including comments from Gov. Walz regarding capitol security in light of a recent arrest. Jon has thoughts on a impending State law for social media usage.

Sharepoint Server vulnerability looks a lot like Hafnium to us. Microsoft has stopped using China based engineers to work on DoD cloud systems. Older CD-ROM not working on new PC, Spyware developer used Google Servers as repository but never secured it. Took Google a month to remove it. Cognizant just gave away passwords and now is getting sued! My USB ports are flaky, Google email summary bothers me, MS Office 2021 having issues Launching Outlook should I replace my backup media?

Confusion persists over the Microsoft Sharepoint zero-days. CrushFTP confirms a zero-day under active exploitation. The UK government proposes a public sector ban on ransomware payments. A new ransomware group is using an AI chatbot to handle victim negotiations. Australia's financial regulator accuses a wealth management firm of failing to manage cybersecurity risks. Researchers uncover a WordPress attack that abuses Google Tag Manager. Arizona election officials question CISA following a state portal cyberattack.  Hungarian police arrest a man accused of launching DDoS attacks on independent media outlets. On our Threat Vector segment guest host ⁠Michael Sikorski⁠ ⁠and Michael Daniel⁠ of the Cyber Threat Alliance (CTA) explore cybersecurity collaboration. A Spyware kingpin wants back in. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector segment, host David Moulton turns the mic over to guest host ⁠Michael Sikorski⁠ and his guest ⁠Michael Daniel⁠ of the Cyber Threat Alliance (CTA) for a deep dive into cybersecurity collaboration. You can hear Michael and Michael's full discussion on Threat Vector ⁠⁠⁠here⁠⁠⁠ and catch new episodes every Thursday on your favorite podcast app. Selected Reading ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets (SecurityWeek) Microsoft: Windows Server KB5062557 causes cluster, VM issues (Bleeping Computer)  File transfer company CrushFTP warns of zero-day exploit seen in the wild (The Record) UK to lead crackdown on cyber criminals with ransomware measures (GOV.UK) Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims (Infosecurity Magazine) Australian Regulator Alleges Financial Firm Exposed Clients to Unacceptable Cyber Risks (Infosecurity Magazine) WordPress spam campaign abuses Google Tag Manager scripts (SC Media) After website hack, Arizona election officials unload on Trump's CISA (CyberScoop) Hungarian police arrest suspect in cyberattacks on independent media (The Record) Serial spyware founder Scott Zuckerman wants the FTC to unban him from the surveillance industry (TechCrunch) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Edition No197 | 22-07-2025 - Putin is tightening the digital noose in Russia, as the crackdown on the internet intensifies. We explore What It Signals in this episode. The Kremlin isn't just at war with Ukraine — it's at war with its own population, and the internet itself. Connectivity blackouts are plaguing regions of Russia, and now spyware is being installed on every internet capable device. The Victory Day disconnections of internet coverage were just a foretaste of the censorship and control that is rapidly approaching. The edges are emerging of what promises to be a terrifying blueprint for new a “digital gulag.” But this isn't just about censorship. It's about what Russia might be preparing for next — why the regime has such a sense of urgency to gain control of the Russian internet, and what that means for Ukraine and for the rest of us.----------DESCRIPTION:Putin's Digital Gulag: Why Russia is Shutting Down its InternetIn this episode of Silicon Bites, we delve into Vladimir Putin's aggressive efforts to control and restrict internet access in Russia. We explore the Kremlin's increasing crackdown on digital freedom and what it means for Russia's population, the ongoing conflict with Ukraine, and potential geopolitical ramifications. Key points include the intensification of censorship, the spread of spyware on consumer devices, and the Kremlin's urgency to isolate the Russian internet by autumn 2025. We also discuss possible reasons behind this rapid digital suppression including further mobilization, preparing for war with NATO, economic collapse, or autocratic whims. Discover how these unprecedented moves might signify a strategy to escalate the war or manage looming internal and external crises.----------SUPPORT THE CHANNEL:https://www.buymeacoffee.com/siliconcurtainhttps://www.patreon.com/siliconcurtain----------CHAPTERS:00:00 Introduction: Putin's Attempt to Break the Internet00:30 The Digital Noose Tightens01:26 The Big Digital Squeeze03:00 Technical Details of the Crackdown04:24 Spyware and the Digital Gulag05:52 Hypotheses Behind the Crackdown10:10 The Autumn Trap: Why Now?11:39 Conclusion: The Global Implications----------SOURCES: https://www.youtube.com/watch?v=Cx3hF3Yk2rYhttps://jamestown.org/program/russia-ramps-up-internet-censorship/https://www.businessinsider.com/russia-cut-internet-access-victory-day-ukraine-drone-strikes-putin-2025-5https://www.thetimes.com/world/russia-ukraine-war/article/putin-moscow-whatsapp-ban-plan-max-app-launch-b789tt6tshttps://united24media.com/latest-news/putins-new-orders-could-reshape-russian-internet-heres-whats-next-10019https://www.independent.co.uk/news/world/europe/russia-kremlin-instagram-atms-ukraine-b2791385.htmlhttps://meduza.io/en/feature/2025/07/07/mapping-russia-s-internet-blackoutshttps://www.themoscowtimes.com/2025/07/01/russia-to-disconnect-foreigners-who-have-not-submitted-biometric-data-from-mobile-internet-a89635https://www.washingtonpost.com/world/2025/07/17/russia-internet-censorship/https://www.kyivpost.com/post/56473https://www.bloomberg.com/news/articles/2025-07-03/russian-internet-outages-soar-as-kremlin-boosts-wartime-controls----------TRUSTED CHARITIES ON THE GROUND:Save Ukrainehttps://www.saveukraineua.org/Superhumans - Hospital for war traumashttps://superhumans.com/en/UNBROKEN - Treatment. Prosthesis. Rehabilitation for Ukrainians in Ukrainehttps://unbroken.org.ua/Come Back Alivehttps://savelife.in.ua/en/Chefs For Ukraine - World Central Kitchenhttps://wck.org/relief/activation-chefs-for-ukraineUNITED24 - An initiative of President Zelenskyyhttps://u24.gov.ua/Serhiy Prytula Charity Foundationhttps://prytulafoundation.orgNGO “Herojam Slava”https://heroiamslava.org/kharpp - Reconstruction project supporting communities in Kharkiv and Przemyślhttps://kharpp.com/NOR DOG Animal Rescuehttps://www.nor-dog.org/home/----------

Foldable Frenzy: Samsung's Slim, Stacked, and Snazzy Smartphones Spill.  Inked Innovation: AI's Artistic Advance in Tattooing.  Sirens on Smartphones: September's Safety Signal.  Solar Sabotage: Smart Inverter Infiltration Threatens Power Stability.  Radiation Rebellion: Rethinking Renewable Rules.  Grok's Growing Gaffes: Musk's Politically Incorrect AI Push.  Methane Mishap: Missing Satellite Sparks Space Setback.  Spyware, Spiders, and Simulators: A Security Shake-Up.  Sentiment Streets: Smart Cities Map Moods with Machine Learning. 

In this episode, I address listener feedback and corrections regarding use of public Wi-Fi, MAC addresses, and aliases. I dive deep into the nuances of MAC address randomization on GrapheneOS versus Apple's private Wi-Fi addresses, explaining why GrapheneOS offers superior privacy protection. I discuss the real threats of public Wi-Fi in 2025 (hint: it's not hackers with Wireshark), and share my approach with aliases.I also cover the rising threat of infostealers like Atomic Info Stealer for macOS, the dangerous intersection of gaming cheats and malware, and why I avoid third-party antivirus software. Most importantly, I address the GrapheneOS controversy: the loss of a senior developer to military conscription, Google's strategic pivot that threatens custom ROMs, and why claims of GrapheneOS “dying” are misinformation spread by those with competing agendas.In this week's episode:Clarifications and Corrections: Public Wi-Fi, MAC addresses, and alias managementMAC address randomization: GrapheneOS vs Apple's implementationThe real threats of public Wi-Fi in 2025Info stealers and video games can be a privacy nightmareGrapheneOS controversy: Developer conscription, Google's lockdown, and the future of custom ROMsWhy antivirus software might be the malware you're trying to avoidMatrix Community RoomsMatrix Community Space - https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links:https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links:MAC Address Lookup - https://maclookup.app/OUI Lookup - https://oui.is/33mail - https://www.33mail.com/OpenSnitch - https://github.com/evilsocket/opensnitchPrivacy.com - https://privacy.comLithic - https://lithic.comKaspersky and Russian Government - https://en.wikipedia.org/wiki/Kaspersky_and_the_Russian_governmentGoogle Not Killing AOSP - https://www.androidauthority.com/google-not-killing-aosp-3566882/GrapheneOS on Developer Conscription - https://grapheneos.social/@GrapheneOS/114359660453627718GrapheneOS on OEM Partnerships (June 19) - https://grapheneos.social/@GrapheneOS/114671100848024807GrapheneOS Response to Misinformation - https://grapheneos.social/@GrapheneOS/114825492698412916GrapheneOS on iPhone Security - https://grapheneos.social/@GrapheneOS/114824816120139544“Social engineering bypasses all technologies, including firewalls.”- Kevin Mitnick ★ Support this podcast on Patreon ★

Four members of President Trump's cabinet impersonated Is this some kind of a game? Batavia attacks Russian industrial companies Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines  

Undetectable Android spyware leaks user logins Hunters ransomware group shuts doors Medical device company Surmodics reports cyberattack Huge thanks to our sponsor, Palo Alto Networks You're moving fast in the cloud and so are attackers. But while SecOps and cloud security teams are working in silos, attackers are exploiting the gaps between them. Cortex Cloud by Palo Alto Networks bridges this divide, unifying teams and stopping attacks with real-time cloud security that includes AI-powered protection, detection and automated response capabilities. Threats are stopped in minutes instead of days, and teams can finally protect cloud environments at the speed and scale of modern attacks. To learn more about how Cortex Cloud stops cloud attacks before they become breaches, visit: paloaltonetworks.com/cortex/cloud-detection-and-response Find the stories behind the headlines at CISOseries.com.

A Mexican drug cartel spies on the FBI using traffic cameras and spyware — because "ubiquitous technical surveillance” is no longer just for dystopian thrillers. Graham digs into a chilling new US Justice Department report that shows how surveillance tech was weaponised to deadly effect.Meanwhile, Carole checks the rear-view mirror on the driverless car industry. Whatever happened to those million Tesla robotaxis Elon Musk promised by 2020? Spoiler: they're here — sort of — but they sometimes drive into oncoming traffic.Plus: Leighton House, heatwave survival gadgets, and an unflushable toilet situation (not what you think).All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Mexican drug cartel hacker spied on FBI official's phone to track and kill informants, report says - TechCrunch.Audit of the Federal Bureau of Investigation's Efforts to Mitigate the Effects of Ubiquitous Technical Surveillance - US Department of Justice Office of the Inspector General.Tesla driver tells police he was using 'self-drive' system when his car hit a parked police vehicle - AP News.‘Lidar is lame': why Elon Musk's vision for a self-driving Tesla taxi faltered - The Guardian.Tesla invited influencers to test its robotaxi. Here's what they had to say - USA Today Europe.Elon Musk Hails 'Successful' Tesla Robotaxis Launch in Austin Amid Reported Glitches - eWEEK.A Fatal Tesla Crash Shows the Limits of Full Self-Driving - Bloomberg.The Arab Hall at Leighton House.Spandau Ballet's “Gold” - shot at Leighton House!Shark FlexBreeze Fan With InstaCool Mist Attachment - Shark.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta– Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Trelica by 1Password- Access Governance for every SaaS app.

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: New York Times gets a little stolen Russian FSB data as a treat iVerify spots possible evidence of iOS exploitation against the Harris-Walz campaign Researcher figures out a trick to get Google account holders' full names and phone numbers Major US food distributor gets ransomwared The Com's social engineering of Salesforce app authorisations is a harbinger of our future problems Australian Navy forgets New Zealand has computers, zaps Kiwis with their giant radar. This week's episode is sponsored by identity provider Okta. Long-time friend of the show Alex Tilley is Okta's Global Threat Research Coordinator, and he joins to discuss how organisations can use both human and technical signals to spot North Koreans in their midst. This episode is also available on Youtube. Show notes How The Times Obtained Secret Russian Intelligence Documents - The New York Times Ukraine's military intelligence claims cyberattack on Russian strategic bomber maker | The Record from Recorded Future News Harris-Walz campaign may have been targeted by iPhone hackers, cybersecurity firm says iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S. Spyware maker cuts ties with Italy after government refused audit into hack of journalist's phone | The Record from Recorded Future News Italian lawmakers say Italy used spyware to target phones of immigration activists, but not against journalist | TechCrunch Android chipmaker Qualcomm fixes three zero-days exploited by hackers | TechCrunch Cellebrite to acquire mobile testing firm Corellium in $200 million deal | CyberScoop Apple Gave Governments Data on Thousands of Push Notifications A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account Bruteforcing the phone number of any Google user Acreed infostealer poised to replace Lumma after global crackdown | The Record from Recorded Future News BidenCash darknet forum taken down by US, Dutch law enforcement | The Record from Recorded Future News NHS calls for 1 million blood donors as UK stocks remain low following cyberattack | The Record from Recorded Future News Major food wholesaler says cyberattack impacting distribution systems | The Record from Recorded Future News Kettering Health confirms attack by Interlock ransomware group as health record system is restored | The Record from Recorded Future News Hackers abuse malicious version of Salesforce tool for data theft, extortion | Cybersecurity Dive shubs on X: "IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: https://t.co/X3dkMz9gwK" / X Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect | WIRED Australian navy ship causes radio and internet outages to parts of New Zealand

A jury orders NSO Group to pay $167 millions dollars to Meta over spyware allegations. CISA warns of hacktivists targeting U.S. ICS and SCADA systems. Researcher Micah Lee documents serious privacy risks in the TM SGNL app used by high level Trump officials. The NSA plans significant workforce cuts. Nations look for alternatives to U.S. cloud providers. A medical device provider discloses a cyberattack disrupting its ability to ship customer orders. The Panda Shop smishing kit impersonates trusted brands. Accenture's CFO thwarts a deepfake attempt. Our temporary intern Kevin Magee from Microsoft wraps up his reporting from the RSAC show floor.  Server room shenanigans, with romance, retaliation, and root access. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Wrapping up RSAC 2025, we're joined by our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Kevin brings the energy with a high-octane medley of interviews directly from the show floor, featuring sharp insights and bold ideas from some of cybersecurity's most influential voices. It's the perfect, fast-paced finale to our RSAC coverage—check out the show notes for links to all the guests featured! In this segment, you'll hear from Eoin Wickens, Director of Threat Intelligence of HiddenLayer, Jordan Shaw-Young, Chief of Staff for Security Services at BlueVoyant, Gil Barak, co-founder and CEO of Blink Ops, and Paul St Vil, VP of Field Engineering at Zenity. You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, listen and learn more here. Selected Reading Spyware-maker NSO ordered to pay $167 million for hacking WhatsApp (The Washington Post) CISA Warns of Hackers Attacking ICS/SCADA Systems in Oil and Natural Gas Companies (Cyber Security News) Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs (Micha Flee) NSA to cut up to 2,000 civilian roles as part of intel community downsizing' (The Record) NIST loses key cyber experts in standards and research (Cybersecurity Dive) A coherent European/non-US cloud strategy: building railroads for the cloud economy (Bert Hubert) Medical device giant Masimo says cyberattack is limiting ability to fill customer orders (The Record) New Chinese Smishing Kit Dubbed 'Panda Shop' Steal Google, Apple Pay & Credit Card Details (Cyber Security News) Accenture: What we learned when our CEO got deepfaked (Computing) IT Worker from Computacenter Let Girlfriend Into Deutsche Bank's Restricted Areas (GB Hackers) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

No Agenda Episode 1760 - "Mercenary Spyware" "Mercenary Spyware" Executive Producers: Anonymous Black Sheep Scott Horton Abby Paulsons Commadore of the Human Resources Producers Sir Marcus Sir Milkman Zadoc Brown III SDG Brock Reinhold Jon Tucker Laurens De Ceuster Sir Dibs on Living Angel Dechter Wirt Fuller Rick W Cable Brandon Foster Associate Executive Producers: Rich Geisler Chad Finkbeiner Eli the coffee guy Linda Lu Duchess of jobs & writer of resumes Erin Parr Commodores: Commodore Anonymous Black Sheep Commodore Scott Horton Commodore of the Human Resources Producers Commodore Mark of Crow Wing County"? Commodore Sir Milkman of Evington Commodore Zadoc Brown III Commodore SDG Commodore Brock Reinhold Commodore Jon Tucker Become a member of the 1761 Club, support the show here Boost us with with Podcasting 2.0 Certified apps: Podverse - Podfriend - Breez - Sphinx - Podstation - Curiocaster - Fountain Knights & Dames Sir Tom > Baron Tom, Warden of the Frozen Tundra. Art By: Dennis Roebecker End of Show Mixes: Nautilis K - David Keckta Engineering, Stream Management & Wizardry Mark van Dijk - Systems Master Ryan Bemrose - Program Director Back Office Jae Dvorak Chapters: Dreb Scott Clip Custodian: Neal Jones Clip Collectors: Steve Jones & Dave Ackerman NEW: and soon on Netflix: Animated No Agenda Sign Up for the newsletter No Agenda Peerage ShowNotes Archive of links and Assets (clips etc) 1760.noagendanotes.com Directory Archive of Shownotes (includes all audio and video assets used) archive.noagendanotes.com RSS Podcast Feed Full Summaries in PDF No Agenda Lite in opus format Last Modified 05/01/2025 16:55:14This page created with the FreedomController Last Modified 05/01/2025 16:55:14 by Freedom Controller