Podcasts about ssl vpn

Merium Khalid, director of SOC offensive security at Barracuda Every year, security vendors publish threat reports. Most say variations of the same thing. But Barracuda’s Managed XDR Global Threat Report stands out for a reason that matters to MSPs: it’s built on operational data from a managed SOC that protects the kinds of organizations MSPs actually serve. More than two trillion IT events. Nearly 600,000 security alerts. Over 300,000 protected endpoints, firewalls, servers, and cloud assets. This isn’t a survey of sentiment. It’s a record of what actually happened. Merium Khalid, director of SOC offensive security at Barracuda, joins the podcast to walk through the findings. The headline stat — that 90 per cent of ransomware incidents exploited firewalls through unpatched vulnerabilities or compromised accounts — sets the tone, but the conversation goes deeper, including why the most commonly detected vulnerability dates back to 2013. Merium explains how attackers are abusing the same tools MSPs rely on every day — ScreenConnect, RDP, PowerShell, and in one case, Datto RMM — to move laterally while mimicking normal IT operations. As Help Net Security noted, attackers keep finding the same gaps, and Merium makes a compelling case that the 100 per cent rogue endpoint finding is fundamentally an asset management problem that doesn’t get the attention it deserves. We also cover the growing role of supply chain risk, with 66 per cent of incidents now involving a third party (up from 45 per cent the year before), and what that means for MSPs who are themselves the trusted third party for their clients. We close with Merium’s practical advice for resource-constrained security teams. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT solution provider community for the last 16 years now. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always, your host for the show. Last month, Barracuda released its Managed XDR Global Threat Report, drawing on more than 2 trillion IT events from 2025 to map how attackers are actually getting into networks and what’s making it easier for them. Some of the numbers were striking. 90% of ransomware incidents exploited firewalls. The fastest case went from breach to encryption in three hours. And every single incident the team responded to involved at least one unprotected or rogue device on the network. Today I’m sitting down with Merium Khalid, director of SOC Offensive Security at Barracuda, to dig into what the data actually means for MSPs and the customers they protect. We’re talking about why firewalls keep failing despite years of the same advice, what it looks like when attackers hide inside the legitimate tools MSPs use every day, and where the blind spots are that most organizations don’t even know they have. So let’s get right into it. My chat with Barracuda’s Merium Khalid. Robert Dutt: Merium, thanks for joining us. Merium Khalid: Thanks, Rob. Thanks for having me. Robert Dutt: The report’s been out there for about a month or so, I guess. From your vantage point, running offensive security and in the SOC at Barracuda, what conversations has it sparked with MSPs and with their customers? What’s resonating and what are people still not taking seriously enough? Merium Khalid: Yeah, great question, Rob. So in terms of the key findings, I think that’s really what the report is focusing on, and that is really what is resonating to our MSPs and our customers and our core customers, is that there is at least one rogue device involved in any of the security incidents that we’ve worked on. And what I mean by a rogue device, it’s basically a device that’s unprotected, unmonitored within your environment. So that kind of becomes like a home or a ground for the threat actor to kind of stay and go under the radar. And I think a lot of our MSPs are finding that interesting. And I think it was one of the most shocking findings as well for us too. It’s the asset management. I don’t think asset management and making sure you are aware of all the assets in your environment, I don’t think that is emphasized enough. And I think that this report kind of makes that in the forefront. Robert Dutt: A couple of things that can certainly shape customer conversations. Merium Khalid: Yeah, for sure. Robert Dutt: One of the headline stats is that 90% of ransomware incidents exploited firewalls, often through old vulnerabilities. The most common detected vulnerability in the report dates back more than a decade, 2013. So this isn’t new advice, but why does this keep happening? Is it a tooling problem? Is it a process problem? Is it a human prioritization problem? Why do we keep running up against these old flaws as current foes? Merium Khalid: I think it’s both. I think it is a human problem, resource problem, resource gap. It’s also not having proper policies in place. It’s also just the advancements with AI as well. Being able to, threat actors are using it, being able to exploit firewalls at a faster level. And essentially what’s happening here is firewall exploitation is very, very common because it is kind of the low hanging fruit in terms of it’s usually the first public-facing asset in a customer’s environment. So you have people working remotely, so they’re VPNing into their organization’s environment. They’re using some sort of SSL VPN. And SSL VPN, I found, is to be one of the biggest root causes for ransomware attacks because we don’t have the proper tools in place. So there’s no MFA in place, or maybe there is a leaked password out there on the dark web where the account is still active, so no, there isn’t proper account management. So I think it’s not one thing that you can point at like, hey, this is a root cause and this is causing all the problems. I think it’s a combination of people, process, and technology. Robert Dutt: So if I’m an MSP and I can’t patch everything overnight, especially in multiple customers and complex environments, where should I be triaging firewall risk more intelligently? Merium Khalid: Well, prioritizing. Prioritizing what are your critical vulnerabilities? If you have a FortiGate firewall, if you have a SonicWall firewall, and there is a zero-day out there, there’s a new vulnerability out there, that is something you want to prioritize right away. But again, you need visibility for that. You need to know that there is a vulnerability out there. So with XDR, what we do is we actually release advisories. So if there is something critical out there, we try to inform our customers as soon as possible. And we have also released a managed vulnerability service as well. So we will scan your environment for any critical or low-medium vulnerabilities and prioritize it in order and give you a report of what you need to patch and how you need to patch it. So having some sort of vulnerability scanning, quarterly, monthly, yearly is very, very important, but also having some sort of visibility as well. Robert Dutt: In the report, the fastest ransomware case went from breach to encryption in about three hours, if I recall correctly, and 96% of incidents involved lateral movement that ended up in ransomware deployment. What does that timeline say about how realistic it is for an MSP security team to detect, contain, mitigate an attack manually? Merium Khalid: Even the three hours, I would say, is sufficient time because you don’t want to detect a ransomware attack after the three hours. You want to detect a ransomware attack in the beginning of the attack life cycle. So in the initial act, if they’re trying to brute force your firewall or you’re seeing some sort of suspicious login within your SSL VPN, before they even start moving laterally, you want to detect that before it happens. But again, with XDR, what I think what stands out the most for us is that we have detections across each of the attack phases. So if there is lateral movement, we want to be able to detect that. If they are using some sort of remote code execution or some sort of PsExec tool or some sort of tool to move laterally across the network, we want to be able to detect that with our endpoint detection or our server monitoring. So the three hours may seem like a short time, but it’s actually not. I think most important is detecting early on. So prior to the three hours, detecting at the first phase of the attack rather than the threat actor being there and encrypting. Robert Dutt: And those things you talked about were the earliest reliable signals that something’s going wrong, but we aren’t to the encryption point yet. Or is there another, this is the thing you should watch for first? Merium Khalid: Yeah. I mean, again, you want to watch for early signs, right? You want to watch for any sort of privilege escalation that’s happening, any sort of logins from suspicious locations, any sort of spike in your baseline behavior, any sort of brute force activity. I think those are the early signs you want to watch for. But I think the main thing I would say is monitoring. Make sure all your assets, you have server monitoring, EDR monitoring in place. Because a lot of the times, this is actually very important to the data in the report, is these customers that did get hit with Akira or RansomHub or Cactus, they had some sort of gap in the monitoring. So they did not have the full XDR suite deployed. It’s just like protecting a house. You don’t want to just protect the front door. You want to protect the back door and the windows as well. So there was some sort of gap in the monitoring, which then led to the threat actor going undetected. So the first thing you want to do is actually make sure you are monitoring everything, that you have comprehensive monitoring across your environment. And that’ll make it a lot easier to detect the threat actor in the early phases. Robert Dutt: One of the themes that stood out to me and something that I feel like I’m hearing a lot more recently is the theme of attackers abusing legitimate tools. ScreenConnect, RDP, PowerShell, even to your monitoring point, RMM tools in some cases. And these are tools that MSPs are invested in and living in every day. How should MSPs be thinking about what normal IT behavior looks like in their own network and on their clients’ networks? Merium Khalid: Yeah, I think that’s a really, really good point. So when it comes to using legitimate tools, you always want to look at who is initiating the usage of a tool. Is it an admin account or is it a service account that’s dedicated to this sort of activity for their regular operations? Usually when it’s associated with some sort of admin account, that can be indicative of malicious activity, but also you want to look at activity before and after, right? So if you have brute force activity, you have privilege escalation, any sort of activity that’s not in the norm, and then you’re seeing the use of like PsExec, RMM tools, RDP, then that could indicate some sort of attack. So I think, yes, it is a kind of tricky area or a blurry area, but that’s where your intelligence and different tactics and techniques come into play, right? So threat actors are known for using these tools so they could go under the radar. But because of that, we’ve learned from all the incident response that we’ve done the different tactics and techniques that they use. So we know what to look for and we know what is suspicious and what is maybe normal business operations. Robert Dutt: And those are the kinds of things that they should see and kind of immediately see, okay, that’s a red flag. We should drop everything and deal with this urgently. Merium Khalid: Yeah. Yeah. And I think that’s where you want to make sure you have the right skillset and the right people in place looking at your environment, right? Maybe someone from IT might not have the knowledge or the skillset to identify something that’s malicious or normal. So it’s important to have like a 24/7 SOC in place. It’s important to have your security tools in place so you have people with the right knowledge or the right experience looking at your environment. Robert Dutt: We touched earlier on the number about basically every incident involving at least one unprotected rogue endpoint. And also this report talked a lot about the number of attacks that had third party involvement, that was two thirds or so, up from less than half a year ago. Along the same note as the tools, MSPs themselves are a trusted third party to their clients. How should they be thinking about the risk that they themselves are introducing into the equation and the risk their clients’ other vendors are introducing, especially in situations where it’s a complex network? Merium Khalid: Yeah. I think when you are using a vendor, or I mean, everyone is bound to use some sort of vendor or third party tool, right? I think when you are incorporating that in your environment, it’s very, very necessary to make sure you have the right legal and compliance process to make sure that they have, they are doing the best security practices. So making sure they’re SOC 2 audited, making sure they have the right policies in place. So when you’re picking a vendor, I would say, have your legal team involved, have your compliance team involved and do a very comprehensive security review before you kind of incorporate them in your environment. Because yes, like the risk is not just for your organization, the risk carries over to how well is your third party vendor actually practicing the best security practices. Robert Dutt: For the MSP listening to this and feeling like, okay, my tools are potentially compromised, I could be introducing risks, third parties could be introducing risks. What are two or three changes that an MSP can make in what they do or how they do what they do, that would meaningfully reduce risk without blowing up their own mode of operation basically? Merium Khalid: Yeah. Yeah. So I think when it comes to key recommendations from the report, of course, there’s a long list of things you could do, but I think what’s going to have the most impact on your environment is having an audit. So auditing all your active accounts, disabling those that are no longer in use, because as I said, that could become a home for threat actors to kind of make their ground and to move laterally. Also audit devices, right? Having a strong asset management policy is very, very important. This will reduce the number of rogue devices that you have. Also having a patch management policy. So as I mentioned before, 96% of incidents that happened with ransomware, it had some sort of vulnerability or exploitation. I think if you have a patch management policy in place, you can reduce that. And I’m not saying to wait for a vulnerability or a zero-day to then implement it. I think having some sort of patch management policy on a weekly or quarterly basis is really important. And someone who’s dedicated to that in your environment. And then also, I think one of the most important things is having a robust security program to prevent these complex threats. Essentially what that means is having that full coverage across your environment. So across endpoints, servers, cloud, network appliances, email appliances, all your Microsoft 365 environments. So the top three things is auditing accounts and devices, patch management, and having visibility and a security program in place to prevent this. Robert Dutt: The report covers a lot of territory. I think we’ve walked through a lot of the areas that I was kind of most taken by. Any other major takeaways especially for this audience that you’d like to surface in terms of what you found and what it means for the solution provider or MSP? Merium Khalid: Yeah, sure. So I think one of the things I want to talk about is the report is derived from real life data. So we actually, XDR in 2025 logged more than 2 trillion IT events. And this report is derived from real life data from our customers. So 600,000 security alerts issued to our customers. And then from the 600,000, we had 53,000 high severity alerts that led to an automated threat response. So what that means is we had 53,000 high alerts that led to either blocking a firewall, disabling an account, isolating a network. So we blocked 53,000 high severity incidents that could have led to a very high scale attack in their environment. I think that’s a really important thing to emphasize. And we also protected 230,000 endpoints in 2025. So I think just one of the main things here is the data, the report is derived from real life data and real life findings and from real life engineers and analysts that are right in the forefront of these attacks. Robert Dutt: It always blows me away when we talk about security metrics and you have these sample sizes of trillions of alerts, of occurrences. It certainly adds to my awareness of that sense of potential for alert fatigue and just the overwhelm of there is so much going on. One last question for me. If MSPs remember three things from this report, from this conversation, what should they be? Merium Khalid: So three main takeaways is understanding the severity of ransomware. How devastating it can be in your environment. It could literally take your business out if it is a severe enough ransomware. Second, the importance of patch management, making sure all your assets are patched, making sure if you do have public-facing assets in your environment, prioritize that, make that your number one priority. And third, have a security monitoring solution in place. I think that really makes or breaks having the right practices. Robert Dutt: All right. I appreciate that. Thanks again for taking the time to talk through this and go through some of these results as it relates to the channel community. Greatly appreciate it. Merium Khalid: Thanks, Rob. Thanks for having me. Robert Dutt: There you have it, my chat with Merium Khalid from Barracuda. I’d like to thank Merium for sharing the findings of the report and her insights from life in the SOC. If there’s a thread running through this conversation, it’s that the threats aren’t getting more exotic, they’re getting faster. Three hours from breach to encryption, 96% of lateral movement ending in ransomware, and every single incident the team responded to involved at least one device that nobody was watching. The basics still matter. And this report makes a pretty compelling case that audit, patch, and monitor is still where it all starts. Tomorrow on In The Channel, I’m talking to Jeff Collins, CEO of WanAware, about a related problem. The blind spots that form in modern networks as AI workloads and hybrid architectures quietly reshape how traffic moves. If you’ve ever felt that you can’t quite see everything that’s happening inside a customer’s environment, that’s probably a conversation for you. Thanks for listening. I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

AI is reshaping both sides of the cybersecurity battlefield — and fast. In this episode, we break down five stories that prove it: the first Chrome zero-day of 2026 (CVE-2026-2441), a near-perfect CVSS 9.9 in Microsoft's Semantic Kernel SDK (CVE-2026-26030), a supply chain attack on AI coding assistant Cline that silently installed autonomous agents on thousands of developer machines, the first-ever Android malware using Google's Gemini AI at runtime (PromptSpy), and a Russian-speaking threat actor who used commercial AI tools to breach over 600 FortiGate firewalls across 55 countries in just five weeks. Whether you're a developer, security professional, or just someone who uses a browser — this one's worth your time.

  Huge thanks to our sponsor, Vanta What's your 2 AM security worry?   Is it “Do I have the right controls in place?”   Or “Are my vendors secure?”   ....or the really scary one: "how do I get out from under these old tools and manual processes?   Enter Vanta.   Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires.   Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale.   Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit-ready—ALL…THE…TIME.   With Vanta, you get everything you need to move faster, scale confidently—and get back to sleep.   Get started at vanta.com/headlines   Find the stories behind the headlines at CISOseries.com.  

This week, we are joined by Jamie Levy, Director of Adversary Tactics at Huntress, who is discussing their work on "Active Exploitation of SonicWall VPNs." Huntress has released an urgent threat advisory on active exploitation of SonicWall VPNs, with attackers bypassing MFA, pivoting to domain controllers, and ultimately deploying Akira ransomware. The campaigns involve techniques such as disabling defenses, clearing logs, credential theft, and Bring Your Own Vulnerable Driver (BYOVD) attacks with legitimate Windows drivers. Organizations using SonicWall devices are strongly advised to disable SSL VPN access or restrict it via IP allow-listing, rotate credentials, and hunt for indicators of compromise as this remains an ongoing and evolving threat. Complete our annual ⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠ before August 31. The research can be found here: Huntress Threat Advisory: Active Exploitation of SonicWall VPNs Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Jamie Levy, Director of Adversary Tactics at Huntress, who is discussing their work on "Active Exploitation of SonicWall VPNs." Huntress has released an urgent threat advisory on active exploitation of SonicWall VPNs, with attackers bypassing MFA, pivoting to domain controllers, and ultimately deploying Akira ransomware. The campaigns involve techniques such as disabling defenses, clearing logs, credential theft, and Bring Your Own Vulnerable Driver (BYOVD) attacks with legitimate Windows drivers. Organizations using SonicWall devices are strongly advised to disable SSL VPN access or restrict it via IP allow-listing, rotate credentials, and hunt for indicators of compromise as this remains an ongoing and evolving threat. Complete our annual ⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠ before August 31. The research can be found here: Huntress Threat Advisory: Active Exploitation of SonicWall VPNs Learn more about your ad choices. Visit megaphone.fm/adchoices

Scans for pop3user with guessable password A particular IP assigned to a network that calls itself Unmanaged has been scanning telnet/ssh for a user called pop3user with passwords pop3user or 123456 . I assume they are looking for legacy systems that either currently run pop3 or ran pop3 in the past, and left the user enabled. https://isc.sans.edu/diary/Legacy%20May%20Kill/32166 Possible Sonicwall SSL VPN 0-Day Arcticwolf observed compromised Sonicwall SSL VPN devices used by the Akira group to install ransomware. These devices were fully patched, and credentials were recently rotated. https://arcticwolf.com/resources/blog/arctic-wolf-observes-july-2025-uptick-in-akira-ransomware-activity-targeting-sonicwall-ssl-vpn/ PAM Based Linux Backdoor For over a year, attackers have used a PAM-based Linux backdoor that so far has gotten little attention from anti-malware vendors. PAM-based backdoors can be stealthy, and this one in particular includes various anti-forensics tricks. https://www.nextron-systems.com/2025/08/01/plague-a-newly-discovered-pam-based-backdoor-for-linux/

Enjoying the content? Let us know your feedback!This final episode of 2024, we recap the best the most listened to episodes of the year. And this year we have a great four back to back of the greatest of them all. Lets start with the first eisode 191 - Is The Browser The New Operating System? released on the 28th of September. Next is episode 172 - SSL VPN versus IPsec VPN - Part 1 and part 2 released 18th of May and 25 of May respectively.And finally Episode 191 - APIs and Webhooks released on the the 5th October.Enjoy and see you in the new year!Be sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

In this episode we continue with part 2 on comparing SSL VPN and IPsec VPN, two popular technologies used for secure remote access. As I said last week, understanding the nuances of these technologies is therefore crucial. We'll explore how each VPN works, their security features, performance differences, and the scenarios where each excels. Please listen to episode 172 before you listen to this episode.With that said, lets turn to a top trending news this week:- Microsoft's "Recall" feature raises privacy concern.- https://www.wired.com: Microsoft Recall AI May Be A Privacy Nightmare - https://en.wikipedia.org: Virtual_private_network- https://en.wikipedia.org: Transport Layer Securityhttps://www.bleepingcomputer.com: Norway Recommends Replacing SSL VPN To Prevent BreachesBe sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.comYou will find a list of all previous episodes in there too.

In this week's episode  we're diving into the world of VPNs,  Specifically we will compare SSL VPN and IPsec VPN, two popular technologies used for secure remote access. In the post pandemic area, remote work become part of the new normal post. Understanding the nuances of these technologies is therefore crucial. We'll explore how each VPN works, their security features, performance differences, and the scenarios where each excels.Having said that and before we get into VPN, lets turn to a top trending news this week and they are:Recap of RSA Conference. The biggest security conference in the US.- https://en.wikipedia.org: Virtual_private_network- https://en.wikipedia.org: Transport Layer Securityhttps://www.bleepingcomputer.com: Norway Recommends Replacing SSL VPN To Prevent BreachesBe sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.comYou will find a list of all previous episodes in there too.

　独立行政法人情報処理推進機構（IPA）および一般社団法人JPCERT コーディネーションセンター（JPCERT/CC）は2月9日、Fortinet 製 FortiOS SSL VPN の脆弱性について発表した。影響を受けるシステムは以下の通り。

In this episode, we dive into the latest news in the K-12 technology world. We discuss who hacked into Fulton County, Georgia schools' computer systems, we touch on the FCC's Affordable Connectivity Program, and we trade thoughts on a Maine school that will begin biometric scanning for student attendance. We debrief the Clever MFA roadmap and how a student-friendly MFA could work. The main topic of the episode is an interview with the CEO of Rise Vision, Brian Loosbrock, where we discuss their digital displays and how they are revolutionizing the education industry. News stories mentioned in the episode: - New Fortinet RCE flaw in SSL VPN likely exploited in attacks - Student hacks Fulton County Georgia schools' computer systems - FCC's Affordable Connectivity Program consumer FAQ - Maine school will begin biometric scanning data collection for students - FTC order will require Blackbaud to delete unnecessary data, boost safeguards, settle charges of lax security https://www.youtube.com/@k12techtalk Join the K12TechPro.com Community. Buy our merch!!! Rise Vision Extreme Networks - Email dmayer@extremenetworks.com Fortinet - Email fortinetpodcast@fortinet.com NTP Oh, and... Email us at k12techtalk@gmail.com Tweet us err X us @k12techtalkpod Visit our LinkedIn page HERE

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. $35 million has reportedly been stolen from users of Atomic Wallet.On June 9th the Microsoft Azure Portal was down on the web as a result of suspected DDOS.The US Department of Justice has indicted 6 people for their involvement in a $6 million dollar business email compromise scam.CVE-2023-27997 was reported by Fortinet on June 13th (Fortinet hardening guide).Trend Micro recently discovered the use of heavily obfuscated batch files utilizing the advanced BatCloak engine.And a really cool PDF - the Cy-Xplorer 2023 report put out by Orange Cyberdefense.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Kapitoly: 00:00 Úvod 00:47 Zranitelnost ve FortiOS SSL-VPN 03:53 Významné Narušení Bankovního Systému v Rusku 05:38 PoC pro Windows Local Privilege Escalation 06:37 Zranitelnost v Softwaru Cisco Secure Client 07:35 Update ze Světa Ransomware 08:22 Meme Of The Week Odkazy: Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now (bleepingcomputer.com) Sledujte nás na Twitteru @AlefSecurity #ITBezpecnost #IT #Novinky #Bezpecnost #Fotigate #Zranitelnost

Národní úřad pro kybernetickou a informační bezpečnost - Kybernetické incidenty pohledem NÚKIB - prosinec 2022 (nukib.cz) Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd | Fortinet Blog

On this edition of the Research podcast, we talk to Satnam Narang and Claire Tills about the Security Response Team's recent research blog around SSL VPN vulnerabilities. That blog looked back at how three particular flaws in major VPNs are frequently exploited, so we look at when these vulnerabilities were disclosed, what the impact of them are, who has been attempting to exploit them and who the targets have been.Show references:Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs Zero-Day Vulnerability in SonicWall Secure Mobile Access (SMA) Exploited in the Wild Follow along for more from Tenable Research:Subscribe to the blogFollow Tenable's Zero Day team on Medium

Today's Headlines: Big jump in RDP attacks as hackers target staff working from home Fortinet fixes critical vulnerabilities in SSL VPN and web firewall Google Chrome Zero-Day Afflicts Windows, Mac Users Microsoft Says Its Services Not Used as Entry Point by SolarWinds Hackers     The Practitioner Brief is sponsored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub  Whistic: www.whistic.com/cyberhub   Whistic Solarwinds survey: https://www.whistic.com/solarwinds **** James Azar Host of CyberHub Podcast James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast   The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Good Morning and Welcome to the ProactiveIT Cyber Security Daily number 300.  It is Monday February 8th 2021.  I am your host Scott Gombar and Morse Code Used in Phishing Attacks Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites Ransomware Attacks Hit Major Utilities Fortinet fixes critical vulnerabilities in SSL VPN and web firewall Mozilla fixes Windows 10 NTFS corruption bug in Firefox The Great Suspender Chrome extension's fall from grace Malicious extension abuses Chrome sync to steal users’ data SitePoint discloses data breach after stolen info used in attacks New phishing attack uses Morse code to hide malicious URLs Hackers post detailed patient medical records from two hospitals to the dark web Ramsey County and Crisp Regional Health Services Affected by Ransomware Attacks

Join Scott Young and Shaun Sturby from Optrics Engineering as they discuss the SSL certificate for Checkpoint VPN devices that has expired, the undocumented backdoor in Zyxel devices and a Solarwinds update from Bruce Schneier. For more IT tips go to: > www.OptricsInsider.com Timecodes: 0:00 - Intro 0:18 - Today's 3 topics 0:35 - Topic 1: Checkpoint SSL VPN Cert Expired 2:41 - Topic 2: Undocumented Zyxel Backdoor 7:38 - Topic 3: Solarwinds update from Bruce Schneier 13:41 - Closing remarks Learn more about Checkpoint's SSL Cert for their SSL VPN expiring here: > Happy New Year: Jan 1, 2021 security cert expiration causes havoc for some Check Point VPN users Learn more about the undocumented backdoor for Zyxel products here: > Undocumented user account in Zyxel products (CVE-2020-29583) Learn more about the latest Solarwinds update from Bruce Schneier here: > Schneier on Security: Latest on the SVR's SolarWinds Hack Learn more about getting a penetration test if you want to test the effectiveness of your network security, or if you think you've been hacked and need help with remediation: > www.Optrics.com/penetration-testing #OptricsInsider #ITSecurityTips #cybersecurity #technews #infosec --- Send in a voice message: https://anchor.fm/optrics-insider/message

This week we announce a subscriber giveaway. And Buu also goes through Q&A! DevCentral Content: Recent DevCentral Live Streams: April 16: Waiting Room via iRules, Security Response Hyperbole, & Q&A Post of the Week – https://www.youtube.com/watch?v=N-d7KdTGDxY April 9: Remote Access with F5 BIG-IP APM – https://www.youtube.com/watch?v=02UsdE0h-ZQ New DevCentral Videos: 3x videos on how to review your log files (tmsh, bash, config utility) – https://www.youtube.com/watch?v=t2kVEE2SjIU – https://www.youtube.com/watch?v=8wpMa4K6-gA – https://www.youtube.com/watch?v=0BQZOgS10wo VPN Split Tunneling overview – https://www.youtube.com/watch?v=25maiR0IeRw Renewing existing SSL certs and keys – https://www.youtube.com/watch?v=WU3C8W25vvE RDP using an SSL VPN – https://www.youtube.com/watch?v=NOytvWA0ZQw Tech News: K9412: The BIG-IP Release Matrix Includes builds, release dates, supported platforms, EUD & AOM versions. – https://support.f5.com/csp/article/K9412 Attack Signature Update (ASU) file for Advanced WAF and ASM versions 11.6.x, 12.1.x, 13.1.x, 14.1.x, and 15.x. – https://buzz.f5.com/kS1hT0470CO02MK5mz0RT0C APM News: Using APM for BIG-IP Management Access – https://techdocs.f5.com/en-us/bigip-14-0-0/big-ip-local-traffic-manager-implementations-14-0-0/implementing-apm-system-authentication.html K82063753: BIG-IP APM v15.1 (and later) with Modern Customization does not support DUO logon page integration. – https://support.f5.com/csp/article/K82063753 – According to F5 Support, the Duo engineering department is looking into updating their code to work with the new framework NGINX News: NGINX Controller v3.3.0 is RTW – https://docs.nginx.com/nginx-controller/releases/#nginx-controller-version-3-3-0 – Bug fixes and improvements. – Adds support for certificate chains for TLS connections. – Adds an API catalog for the Metrics API. – Adds new dimensions for filtering metrics on the Application Summary page. NGINX Service Mesh with Alan Murphy, on the Software Engineering Daily Podcast – https://softwareengineeringdaily.com/2020/04/16/nginx-service-mesh-with-alan-murphy/ Training: Free F5 Training Courses, “F5 Getting Started Series”  As we engage with customers virtually, don't forget to share free training courses we have for customers and partners. – https://f5.com/education/training/free-courses Cloud, Orchestration & Automation: F5CS Essential App Protect: Disabling Attach Signatures via API – https://clouddocs.f5.com/cloud-services/latest/f5-cloud-services-Essential.App.Protect-FAQ.html#q-how-do-i-globally-disable-an-attack-signature Security News: Four Risks to Consider with Expanded VPN Deployments From F5 Labs – https://www.f5.com/labs/articles/cisotociso/four-risks-to-consider-with-expanded-vpn-deployments San Francisco International Airport Discloses Data Breach – https://www.securityweek.com/san-francisco-international-airport-discloses-data-breach Google Sees Millions of COVID-19-Related Malicious Emails Daily – https://www.securityweek.com/google-sees-millions-covid-19-related-malicious-emails-daily   Subscribe to our YouTube channel! - https://www.youtube.com/darylandbuu?sub_confirmation=1 Daryl Montgomery and Buu Lam are the F5 Account Team covering valued clients in British Columbia, Northwest Territories, Yukon and Nunavut. Their weekly show covers recent topics in the world of F5. Please consider Subscribing and enabling Notifications. Weekly Update will be released at the beginning of each week. Buu's Hour Live Streams are released throughout the week. Instagram - https://www.instagram.com/buushour/ LinkedIn - https://www.linkedin.com/in/daryl-montgomery-8876752/ https://www.linkedin.com/in/buulam/ Buu's Hour B Roll Channel - https://www.youtube.com/channel/UCRSFdUbMRvX925MU7_knxSw Website - http://darylandbuu.com

MacOS GateKeeper Bypass https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass Fortinet FortiOS SSL VPN Vulnerabilities https://fortiguard.com/psirt Customizing NMAP Service Detection https://isc.sans.edu/forums/diary/Video+nmap+Service+Detection+Customization/24970/

MacOS GateKeeper Bypass https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass Fortinet FortiOS SSL VPN Vulnerabilities https://fortiguard.com/psirt Customizing NMAP Service Detection https://isc.sans.edu/forums/diary/Video+nmap+Service+Detection+Customization/24970/

If you enjoy listening to my podcast, please take a minute to leave a review here! As many of you know, I like to choose podcast topics that are at the forefront in the minds of my audience. I also like to interview leaders who inspire me. When I was looking for a new podcast guest for my show, I asked my CTO at RedZone, James Crifasi, if there was someone he knew in security that he really respected – that stood out for him as a leader in the industry. James recommended Dmitriy Ayrapetov, Executive Director of Product Management at SonicWall. Since RedZone has been a SonicWall partner for many years, I knew Dmitriy, and I knew that he represented most of the network security products that we work with. Luckily, he agreed to come on the show. My conversation with Dmitriy ranges from philosophical to tactical and technical especially with his positions on Machine Learning and AI with security. We discuss a variety of topics including, who are his mentors and what does a product manager do at a high-profile security company like SonicWall? One interesting discussion centered around the thought that, “Humans will always make mistakes – human mistakes are one of the main issues with security. Knowing that we will never fix 100% of the problems of security today, and that we have a massive likelihood of a security breach happening,” – I asked Dmitriy “How can you approach this problem?” Key Points of Interest in This Episode: How Dmitriy researches and keeps on the pulse of security How his mind works when he is thinking of how his customers will be impacted by security Who are his mentors? What would he focus on if he was a startup founder? How would I want to react if I was a customer? Are your security vendors as concerned about business continuity as you are? I think you will really appreciate Dmitriy’s philosophy for CIOs and CISOs – in particular, his thoughts on human mistakes. He believes that since human mistakes can’t be prevented, that you must realize the need for continuity of the business and be prepared for them. With this, I want to welcome you to my interview with Dmitriy Ayrapetov. Major Take-Aways From This Episode: In this podcast we discuss cutting edge strategies with security: sandboxing, block until verdict, remediation and roll back. What does a product manager do at a high-profile security company like SonicWall? o Find people’s problems and bring these engineered solutions to market Evolution of Security – Block first, then ask questions later. Staying current with security is imperative with a current approach centered on business continuation. New ways of thinking – Prevention vs. Continuity, continuous operations like auto-rollback functions. Supply Chain Attacks – Next Gen behavior analytics which led us into an industry education on old fashioned heuristics vs. machine learning and AI. Read Full Transcript Here About Dmitriy Ayrapetov: Dmitriy Ayrapetov has been with SonicWall for over 13 years. He is currently the Executive Director of Product Management at SonicWall, in charge of product security. Prior to this position, Dmitriy held product management and engineering roles at SonicWall and at enKoo Inc., an SSL VPN startup acquired by SonicWall in 2005. As a cybersecurity expert, he speaks at industry conferences including, RSA, Gartner Security Summit, Dell World and is a regular presence at SonicWall’s annual partner conference Peak Performance. Dmitriy holds an MBA from the Haas School of Business at U.C. Berkeley and a BA in Cognitive Science at UC Berkeley. You can see all the SonicWall products Dmitriy has had his hand on since the beginning. • Network Security • Firewalls • FTDMI – Automation and Security • SonicWall ips Series • Client Capture – rollback • Email Security How to get in touch with Dmitriy Ayrapetov LinkedIn Twitter Facebook Key Resources + Links Link to Dmitriy’s SonicWall blog page:  https://blog.sonicwall.com/authors/dmitriy-ayrapetov/ • Blog, pub. 9/12/2018: Botnets Targeting Obsolete Software • Blog, pub. 2/13/2017: Practical Defense for Cyber Attacks + Lessons from 2017 SonicWall Annual Threat Report Other SonicWall blog pages that cover suggested topics of discussion listed above: • Sonic Wall Threat Intelligence blog page: https://blog.sonicwall.com/categories/threat-intelligence/ • Annual and mid-year cyber threat reports: https://brandfolder.com/s/pix4u8-fllsa0-f5587c Other presentations and videos by Dmitriy Ayrapetov: SonicWall Roadmap and Industry Trends: https://www.youtube.com/watch?v=p0vAqko1E2s, pub. July 13, 2018 2018 SonicWall Cyber Threat Report – Webcast: https://www.sonicwallsales.com/Video.aspx?code=KJSCK7 RSA Presentation 2017: The Strategic Advantage of Adaptive Multi-Engine Advanced Threat Protection (this is a pdf file of the slide presentation) Learn How to Detect and Prevent Malicious Files with SonicWall Capture ATP: https://www.youtube.com/watch?v=55tw20crqhk, pub. Sept 1, 2017. Also, published as a webinar through BrightTALK, Sept 19, 2017 How SonicWall SuperMassive Next-Gen Firewall Series ensures that every byte of every packet coming into and going out of your network is inspected while maintaining high-performance and low latency: https://www.facebook.com/SonicWall/videos/10155323557848859/, pub. Aug 17, 2017 Other resources mentioned in the Podcast, provided by Dmitriy Ayrapetov: There are two people that Dmitriy mentioned as thought leaders in the field: one of them is well known, Bruce Schneier, an internationally renowned security technologist; while the other is less known, Dan Geer, CISO at In-Q-Tel. Bruce provides a lot of industry as well as practical advice on his website: https://www.schneier.com/. Dan’s keynote at Black Hat 2014 was, in my opinion, direction setting. It was one of the highest signal to noise ratio keynotes that I’ve ever heard and I still come back to it from time to time. It’s very dense, and is based on an essay that he authored. Black Hat Keynote: https://www.youtube.com/watch?v=nT-TGvYOBpI Essay: http://geer.tinho.net/geer.blackhat.6viii14.txt Dan has many other essays/keynotes and your listeners can find them on his website: http://geer.tinho.net/pubs The book that Dmitriy mentioned early in the podcast is Hacking Exposed –they’re on the 7th edition now. I’m not “recommending” the book, I just referenced it as something that piqued my curiosity in security early on. This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes. Credits: * Outro music provided by Ben’s Sound Other Ways To Listen to the Podcast iTunes | Libsyn | Soundcloud | RSS | LinkedIn Leave a Review If you enjoyed this episode, then please consider leaving an iTunes review here. Click here for instructions on how to leave an iTunes review if you’re doing this for the first time. About Bill Murphy Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

Topics: -One of Jerry's local clients needs assistance with updating the OS.  He ends up working on it off-site and doing his magic to bring it back to life. -The guys discuss working off-site vs in front of the client's eyes as well as keeping equipment like external monitors on hand -Sam talks about setting up Ubiquiti equipment in his office to be in his comfort zone and coming to the client with a fully configured Wi-Fi setup -Sam realizes a downside to having an office...spending money on lunch! -The topic of nutrition comes up again, when the work day gets away from you.  Sam likes the Clif Bars and Jerry is a fan of the Lara bars. -Jerry loves the podcast How I Built This and interestingly enough, they had Lara on to talk about how she started her business. https://www.npr.org/podcasts/510313/how-i-built-this -Right up to the start of the show, Sam was working on an iPhone with water damage with a good friend of the family.  An odd situation came up with relation to iCloud backups.  Jerry has a suggestion based on an old trick to resolve Time Machine backups.  Stay tuned to the next show to find out what happens! -A pet peeve of Jerry's is when he might shave off some time to be nice.  A client pays and then keeps you around to enter information in the register, delaying you even more. -Sam recalls that awkward moment when a client was opening a safe in front of you and trying to make sure you aren't able to see -As Jerry is running, he listens to podcasts.  He shares another pet peeve for playing sound effects that scares the heck out of you while running on the road. -Working with SonicWall is nothing new to Sam but he had a moment of frustration setting up the SSL VPN client on Windows 10 -While on the Windows topic, Jerry has problems with a computer that ended up being Windows Home Edition -The dreaded employee or friend that gives a client bad advice that makes them second guess you -Jerry deals with Windows 5?? (Windows NT) and trouble with UPS -Sam shares a funny story about hanging out with Adam Rice at ACEs and learning that Reachability actually does exist on the iPhone X!  Chalk that up to something he should have known. -We have probably all been there before: Jerry talks about a client that swears that a feature existed before when it actually didn't.