Podcasts about Stuxnet

Three Buddy Problem - Episode 51: Former Immunity/Trail of Bits researcher Hamid Kashfi joins the buddies for a fast-moving tour of cyber activities in the Israel-Iran war. The crew unpacks who 'Predatory Sparrow' is, why Sepah Bank and the Nobitex crypto exchange were hit, and what a $90 million cryptocurrency burn really means. Plus, radar-blinding cyberattacks that paved the way for Israel's air raid, the human cost of sudden ATM outages and unpaid salaries, and the puzzling “Code Breakers” data leak that preceded it all. Hamid shares on-the-ground context, the buddies debate whether cyber operations can sway a shooting war, and everyone tries to gauge Iran's true offensive muscle under sanctions. Cast: Hamid Kashfi (https://twitter.com/hkashfi), Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

(01:54) Afgelopen vrijdag vond de grootste Israëlische aanval op het Iraanse Atoomprogramma tot nu toe plaats. Al eerder waren er aanvallen, met name in 2010 was er de operatie Stuxnet, met een superworm die het Iraanse nucleaire programma destabiliseerde. Midden Oostenkenner Paul Aarts is te gast.  (11:49) Fresco Sam-Sin bespreekt twee historische boeken:    Leven op een vulkaan - Ulbe Bosma  De mango van Mao - Federico Kukso (vert. Heijo Alting)    (23:00) Donald Trump stuurde deze week in Californië militairen af op demonstranten, die protesteren tegen klopjachten van de immigratiedienst. Een opvallende wending in de strijd van Trump tegen progressievelingen. Het doet denken aan president Woodrow Wilson en de eerste ‘Red Scare' in 1919 volgens historicus Ivo van de Wijdeven, hij vertelt meer.  (34:50) Zijn boek over Alkibiades was meteen een hit. Want het ging niet alleen over een Griekse held, maar hield ook een waarschuwing in tegen het moderne populisme. Maar waar haalde de auteur, Ilja Leonard Pfeijffer, zijn kennis vandaan over de politicus die de Atheense democratie zou willen redden? Onlangs verscheen De luimen van de leeuw. De bronnen voor Alkibiades. De auteur is te gast.      Meer info: https://www.vpro.nl/programmas/ovt/luister/afleveringen/2025/15-06-2025.html#  (https://www.vpro.nl/programmas/ovt/luister/afleveringen/2025/15-06-2025.html)

Afgelopen vrijdag vond de grootste Israëlische aanval op het Iraanse Atoomprogramma tot nu toe plaats. De belangrijkste uraniumverrijkingsfabriek zou meermaals zijn getroffen en verscheidene Iraanse kerngeleerden zijn gedood. Iran als kernmacht is al lang een angstdroom van Israël en het Westen. Al eerder waren er aanvallen, in 2010 was er de operatie Stuxnet, met een superworm die het Iraanse nucleare programma destabiliseerde. Hoe kwam die aanval tot stand, en wat waren de gevolgen ervan voor de verhouding tussen Israël en Iran? We vragen het aan Midden-Oostenkenner Paul Aarts.

Three Buddy Problem - Episode 50: This week, we dissect cyber flashpoints in the Iran-Israel war, revisit the “magnet of threats” server in Iran that attracted APTs from multiple nation-states, and react to Israel's Mossad sneaking explosive drone swarms deep into Iran to support airstrikes. Plus, Stealth Falcon's new WebDAV zero-day, SentinelOne's brush with Chinese APTs, Citizen Lab's forensic takedown of Paragon's iPhone spyware, and the sneaky Meta/Yandex trick that links Android web browsing to app IDs. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Three Buddy Problem - Episode 48: We unpack a Dutch intelligence agencies report on ‘Laundry Bear' and Microsoft's parallel ‘Void Blizzard' write-up, finding major gaps and bemoaning the absence of IOCs. Plus, discussion on why threat-intel naming is so messy, how initial-access brokers are powering even nation-state break-ins, and whether customers (or vendors) are to blame for the confusion. Plus, thoughts on an academic paper on the vanishing art of Western companies exposing Western (friendly) APT operations, debate whether stealth or self-censorship is to blame, and the long-tail effects on cyber paleontology. We also dig into Sean Heelan's proof that OpenAI's new reasoning model can spot a Linux kernel 0-day and the implications for humans in the bug-hunting chain. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Podcast: Industrial Cybersecurity InsiderEpisode: Stuxnet to Colonial Pipeline What Have We Learned & What's on the Horizon?Pub date: 2025-05-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino sits down with Mike Holcomb, Fellow and Director of ICS/OT Cybersecurity at Fluor, to explore the critical, and often overlooked challenges in securing operational technology. From his early fascination with hacking culture to leading OT security for one of the world's largest engineering firms, Mike shares personal insights and lessons learned. The conversation covers the delayed cybersecurity maturity in OT environments and the lasting impact of the Colonial Pipeline breach.They address the crucial role of visibility, engineering partnerships, and cultural buy-in when building secure industrial systems. Whether you're managing pipelines, power grids, or manufacturing floors, this episode delivers actionable insights and strategic foresight for leaders protecting our most vital infrastructure.Chapters:00:00:00 - Why OT Security Still Falls Behind00:01:03 - Mike Holcomb's Unlikely Path to Cybersecurity00:01:23 - Hacking Curiosity and a Love for Breaking Things00:02:16 - From Network Admin to OT Defender00:03:08 - Stuxnet, Colonial, and the Wake-Up Calls We Ignored00:06:18 - When OT and IT Don't Speak the Same Language00:12:14 - Threats Are Getting Smarter — Are We Keeping Up?00:26:29 - Evolving the Culture of Cyber Hygiene00:32:14 - Final Takeaways for Security LeadersLinks And Resources:Mike Holcomb on LinkedInIndustrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Joshua Steinman is the co-founder and CEO of Galvanick, a cybersecurity company building tools to secure industrial infrastructure and AI systems.In this episode of World of DaaS, Joshua and Auren discuss:Foreign spies in tech companiesVulnerabilities in critical infrastructureLessons from Stuxnet and UkraineBuilding resilience against cyber threatsLooking for more tech, data and venture capital intel? Head to worldofdaas.com for our podcast, newsletter and events, and follow us on X @worldofdaas.  You can find Auren Hoffman on X at @auren and Josh Steinman on X at @JoshuaSteinman. Editing and post-production work for this episode was provided by The Podcast Consultant (https://thepodcastconsultant.com)

Hector's back from Miami, rubber ducky giveaways in tow, and diving deep into a wild week of cyber news—from Elon Musk's Starlink bug bounty to a stealthy year-long breach of U.S. bank regulators. The guys unpack major incidents including a Stuxnet-style espionage campaign in Ukraine, AI-powered spear phishing, and yet another haunting update in the LastPass hack saga. But the real fireworks come in Hector's rant, where he slams the cybersecurity industry's political silence and calls out its leaders for cowardice. Join our new Patreon! https://www.patreon.com/c/hackerandthefed

Brigadier General Jacob Nagel was at the center of Israel's most critical military and technological decisions—from the creation of the Iron Dome to the classified plans behind the Stuxnet cyberattack that weakened Iran's nuclear program. In this powerful and urgent conversation, Dr. Bob goes deep with General Nagel about how Hamas evaded Israel's high-tech surveillance on October 7th, what went wrong with deterrence, and how Israel is shifting its defense doctrine from containment to preemptive strike.Tune in for these topics:

Operation Olympic Games sounds like something to do with the Olympics but nope, it is all about Iranian nuclear facilities and a cyber attack using a virus called Stuxnet. Go down the rabbit hole with Brandon on this one!

Episode Link: https://open.spotify.com/show/3f8YJAs522S0319YvAYT8TIt didn't drop from the sky—it crept through code. In this jaw-dropping episode of Conspiracy Files, we explore the secret origins of Stuxnet, a sophisticated computer worm so advanced, many believe it was the first true cyberweapon ever unleashed. Who created it? What was the real target? And has it already opened the floodgates to digital warfare we can't see coming?This isn't just about hacking—this is about weaponized technology, covert operations, and a new kind of war the public was never meant to know about.Connect with The Conspiracy Files Podcast:

Operation Olympic games sounds like something to do with the Olympics but nope it is all about Iranian Nuclear facilities and a cyber attack using a virus called Stuxnet. Go down the rabbit hole with Brandon on this one.

Texto de Litvinenko: Erika Prado Rubio (Universidad Rey Juan Carlos) Texto de Gordievski: Manuela Fernández Rodríguez (Universidad Rey Juan Carlos) Texto de Stuxtnet: Raquel Puebla González (Innotec Security, Part of Accenture) En este podcast, exploramos la historia de Stuxnet, el virus informático 🦠 que marcó un antes y un después en la guerra cibernética ⚔️💻. Diseñado con una sofisticación sin igual, este gusano logró infiltrarse en la planta nuclear iraní de Natanz ☢️, saboteando sus centrifugadoras y retrasando el programa nuclear del país. ¿Quién estuvo detrás de este ciberataque? 🕵️‍♂️ ¿Cómo logró superar las defensas más avanzadas? 🔐💥 Y, lo más inquietante… ¿qué significa Stuxnet para el futuro de la seguridad global? 🌍⚡ Acompáñanos en este podcast para conocer en profundidad el malware que redefinió la geopolítica digital. 🚀

This week Magnum discusses Stuxnet, malware that derailed a nuclear program in Iran.

If a business has spent $100 million developing a product, it's a fair bet that they don't want it stolen in two seconds and uploaded to the web where anyone can use it for free.This problem exists in extreme form for AI companies. These days, the electricity and equipment required to train cutting-edge machine learning models that generate uncanny human text and images can cost tens or hundreds of millions of dollars. But once trained, such models may be only a few gigabytes in size and run just fine on ordinary laptops.Today's guest, the computer scientist and polymath Nova DasSarma, works on computer and information security for the AI company Anthropic with the security team. One of her jobs is to stop hackers exfiltrating Anthropic's incredibly expensive intellectual property, as recently happened to Nvidia. Rebroadcast: this episode was originally released in June 2022.Links to learn more, highlights, and full transcript.As she explains, given models' small size, the need to store such models on internet-connected servers, and the poor state of computer security in general, this is a serious challenge.The worries aren't purely commercial though. This problem looms especially large for the growing number of people who expect that in coming decades we'll develop so-called artificial ‘general' intelligence systems that can learn and apply a wide range of skills all at once, and thereby have a transformative effect on society.If aligned with the goals of their owners, such general AI models could operate like a team of super-skilled assistants, going out and doing whatever wonderful (or malicious) things are asked of them. This might represent a huge leap forward for humanity, though the transition to a very different new economy and power structure would have to be handled delicately.If unaligned with the goals of their owners or humanity as a whole, such broadly capable models would naturally ‘go rogue,' breaking their way into additional computer systems to grab more computing power — all the better to pursue their goals and make sure they can't be shut off.As Nova explains, in either case, we don't want such models disseminated all over the world before we've confirmed they are deeply safe and law-abiding, and have figured out how to integrate them peacefully into society. In the first scenario, premature mass deployment would be risky and destabilising. In the second scenario, it could be catastrophic — perhaps even leading to human extinction if such general AI systems turn out to be able to self-improve rapidly rather than slowly, something we can only speculate on at this point.If highly capable general AI systems are coming in the next 10 or 20 years, Nova may be flying below the radar with one of the most important jobs in the world.We'll soon need the ability to ‘sandbox' (i.e. contain) models with a wide range of superhuman capabilities, including the ability to learn new skills, for a period of careful testing and limited deployment — preventing the model from breaking out, and criminals from breaking in. Nova and her colleagues are trying to figure out how to do this, but as this episode reveals, even the state of the art is nowhere near good enough.Chapters:Cold open (00:00:00)Rob's intro (00:00:52)The interview begins (00:02:44)Why computer security matters for AI safety (00:07:39)State of the art in information security (00:17:21)The hack of Nvidia (00:26:50)The most secure systems that exist (00:36:27)Formal verification (00:48:03)How organisations can protect against hacks (00:54:18)Is ML making security better or worse? (00:58:11)Motivated 14-year-old hackers (01:01:08)Disincentivising actors from attacking in the first place (01:05:48)Hofvarpnir Studios (01:12:40)Capabilities vs safety (01:19:47)Interesting design choices with big ML models (01:28:44)Nova's work and how she got into it (01:45:21)Anthropic and career advice (02:05:52)$600M Ethereum hack (02:18:37)Personal computer security advice (02:23:06)LastPass (02:31:04)Stuxnet (02:38:07)Rob's outro (02:40:18)Producer: Keiran HarrisAudio mastering: Ben Cordell and Beppe RådvikTranscriptions: Katy Moore

Since TechStuff first launched in 2008, a lot of stuff has happened in the world of tech. Join Jonathan as he looks back on a big tech story for each year of his experience in hosting a technology podcast.See omnystudio.com/listener for privacy information.

This episode of the Cybersecurity Defenders podcast is a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.

In this in-depth conversation, Jason Waits, Chief Information Security Officer (CISO) at Inductive Automation, provides a comprehensive exploration of Industrial Control System (ICS) cybersecurity. With decades of experience securing critical infrastructure and navigating the complexities of Operational Technology (OT) environments, Jason offers actionable insights into the current state and future of cybersecurity in industrial sectors like manufacturing, energy, and water treatment.The discussion begins with an overview of what makes ICS cybersecurity distinct from traditional IT security. Jason explains how OT systems prioritize availability and safety, presenting unique challenges compared to the confidentiality-driven focus of IT. The conversation highlights key vulnerabilities in ICS environments, such as legacy systems that lack modern security features, poorly designed protocols without encryption, and the risks posed by IT/OT convergence.Jason dives into common attack vectors, including social engineering (phishing), lateral movement from IT to OT networks, and physical access breaches. He explores real-world case studies like the Colonial Pipeline ransomware attack, the Oldsmar water treatment plant hack, and the Stuxnet worm, illustrating how these vulnerabilities have been exploited and the lessons they offer for building stronger defenses.The video also emphasizes the critical role of compliance and standards, such as ISA/IEC 62443, the NIST Cybersecurity Framework, and CIS Controls. Jason underscores the difference between compliance and real security, advocating for a "security first, compliance second" philosophy to ensure that organizations focus on mitigating actual risks rather than merely checking regulatory boxes.As the conversation unfolds, Jason discusses the role of vendors and OEMs in securing ICS environments, detailing how Inductive Automation uses proactive measures like Pwn2Own competitions, bug bounty programs, and detailed security hardening guides to improve the security of their products. He highlights the importance of collaboration between vendors and customers to address challenges like long equipment lifecycles and the growing adoption of cloud services.Emerging technologies also take center stage, with Jason exploring how artificial intelligence (AI) is transforming threat detection and response, while also enabling more sophisticated attacks like personalized phishing and adaptive malware. He addresses the implications of IT/OT convergence, emphasizing the need for collaboration between traditionally siloed teams and the importance of building shared security frameworks.For organizations looking to strengthen their cybersecurity posture, Jason offers practical steps, starting with foundational measures like asset management and configuration baselines. He explains how leveraging free resources, such as CIS Benchmarks, and creating a roadmap for cybersecurity maturity can help organizations of all sizes navigate these challenges, even with limited budgets.Timestamps0:00 – Introduction and Overview of ICS Cybersecurity3:15 – Meet Jason Waits: Background and Journey to CISO6:45 – What Is ICS Cybersecurity? Key Differences Between IT and OT10:30 – The Importance of Availability and Safety in OT Systems13:50 – Challenges of Legacy Systems and Long Equipment Lifecycles17:20 – Attack Vectors: Social Engineering, Lateral Movement, and Physical Access20:10 – Case Studies: Colonial Pipeline, Oldsmar Water Treatment Plant, and Stuxnet25:35 – Compliance vs. Security: Jason's “Security First, Compliance Second” Philosophy30:00 – The Role of Vendors and OEMs in Cybersecurity34:45 – Inductive Automation's Approach: Pwn2Own, Bug Bounties, and Security Hardening Guides40:00 – Emerging Technologies: AI in Threat Detection and the Risks of Sophisticated Phishing45:10 – The Growing Adoption of Cloud in ICS and Its Implications50:00 – IT/OT Convergence: Opportunities and Challenges55:15 – Practical Steps for Organizations: Asset Management and Roadmaps1:00:10 – Building a Security Culture: Collaboration Between IT and OT Teams1:05:30 – Future Outlook: Increasing Regulations, Ransomware Risks, and Innovation1:10:00 – Using Cybersecurity as a Competitive Advantage1:15:00 – Closing Thoughts: The Need for Continuous Learning and Proactive ActionAbout Manufacturing Hub:Manufacturing Hub Network is an educational show hosted by two longtime industrial practitioners Dave Griffith and Vladimir Romanov. Together they try to answer big questions in the industry while having fun conversations with other interesting people. Come join us weekly! ******Connect with UsVlad RomanovDave GriffithManufacturing HubSolisPLCJoltek

Our daily lives are more and more connected online. This includes our utility grids. Jojo Maalouf, Hydro Ottawa's Director of Cybersecurity and IT Infrastructure, joins thinkenergy to discuss the role of cybersecurity in the energy sector. From cybersecurity threats, like cyber warfare and ransom-seeking hacktivists, to the measures required to defend our energy systems. Plus, how AI both helps and complicates matters. Listen in to learn what's driving change and the collaboration needed to protect the grid. Related links Ontario Cybersecurity Framework: https://www.oeb.ca/regulatory-rules-and-documents/rules-codes-and-requirements/ontario-cyber-security  Get Cyber Safe resources: https://www.getcybersafe.gc.ca/en  Jojo Maalouf on LinkedIn: https://www.linkedin.com/in/jojo-maalouf-cism-cissp-0546b03/  Trevor Freeman on LinkedIn: https://www.linkedin.com/in/trevor-freeman-p-eng-cem-leed-ap-8b612114/  Hydro Ottawa: https://hydroottawa.com/en  To subscribe using Apple Podcasts:  https://podcasts.apple.com/us/podcast/thinkenergy/id1465129405 To subscribe using Spotify: https://open.spotify.com/show/7wFz7rdR8Gq3f2WOafjxpl To subscribe on Libsyn: http://thinkenergy.libsyn.com/ Subscribe so you don't miss a video: https://www.youtube.com/user/hydroottawalimited Follow along on Instagram: https://www.instagram.com/hydroottawa Stay in the know on Facebook: https://www.facebook.com/HydroOttawa Keep up with the posts on X: https://twitter.com/thinkenergypod   Transcript:   Trevor Freeman  00:07   Welcome to think energy, a podcast that dives into the fast, changing world of energy through conversations with industry leaders, innovators and people on the front lines of the energy transition. Join me, Trevor Freeman, as I explore the traditional, unconventional and up and coming facets of the energy industry. If you have any thoughts, feedback or ideas for topics we should cover, please reach out to us at thinkenergy@hydrottawa.com Hi everyone, welcome back. It won't be a surprise to anyone listening that our energy systems, like much of the rest of our lives, are becoming more and more connected and more online than ever before. Let's just take a look at our own personal lives. We've got apps that can control multiple aspects of our homes. For example, for my phone, I can adjust temperature, set points and fan speed heating and cooling in my house, I can turn on or off lights, both inside and outside. I can look and see who just rang my doorbell, even if I'm in another city, and I can check and see where my vehicle is, whether it's charging or not. And I can even turn it on all from my phone. And I would consider myself like middle of the road in terms of how connected and online I am. There are even further examples of this in some of those ultra-connected homes. This is part of our fast paced and constant evolution towards invenience and using technology to find solutions to problems that we didn't always know existed, and maybe they didn't actually exist. We've all heard that term, the Internet of Things, referring to this ultra-connected world where it's not just people talking over the internet, but our devices and systems are talking as well. I was absolutely floored when I was doing some research on this podcast to find out that this term, the Internet of Things, was first used 25 years ago, in 1999 when I first wrote the text for this. I put a placeholder in to say, oh, it's been around for over 10 years. And then when I actually did my research, it's over 25 years. Think about how far we've come since that idea was thought of in 1999 how different life is today than 1999 our energy systems and our utility grids are undergoing a similar transition. I talked about this a little bit with Hydro Ottawa's Jenna Gillis in a previous episode about grid modernization. So go back and have a listen to that. If you haven't already, we are adding more and more data points to our grids, and that includes sensors, smart switches, fault detectors, smarter meters, etc., etc. Even for hydro Ottawa, a local distribution company with around 350,000 customers, we are talking about many times that number of smart devices in the coming years, all connected, all trading data between themselves and our central systems and the smart folks who run them now, there is a ton of upside to this transition, and that's why we're doing it. More data leads to better decision making, a better view of what's happening, whether that's during an outage or at times when the grid is heavily utilized. It lets us get more out of the equipment we have, react and adjust to the needs of our customers, and react and adjust to the needs of the grid. It will lead to faster restoration during outages, and sometimes that restoration will be automatic without having to roll a truck. It will allow us to better integrate distributed energy resources like small scale solar and storage and other things into our grid for the benefit of our customers and the grid. There is no question that this is a move in the right direction, and hydro Ottawa is leaning into this aspect of the energy transition to build a smarter grid for our customers. However, it does highlight something that has long been a priority for us, cyber security. With so many connected devices, with so much data out there, we need to be extremely vigilant and rigorous with our digital security. Cyber-attacks on utility infrastructure are not theoretical. In 2015 and 2016 attacks on the Ukrainian power grid resulted in large scale power outages in that country, as we increasingly rely on electricity for so many aspects of our lives, attacks like this, whether by nation states or bad actors seeking financial gain, can have devastating consequences. Luckily, this is something that has been a priority for us for many years, and as the threats become more sophisticated, so too do our strategies to protect our systems and our grid from those attacks. Joining me today to talk about this is Hydro Ottawa's director of cybersecurity and IT infrastructure. Jojo Maalouf, JoJo, welcome to the show.   Jojo Maalouf  04:46   Thanks for having me.   Trevor Freeman  04:47   All right, so Jojo, cyber security is a little bit of a buzzword that a lot of folks have probably heard in a bunch of different contexts. Help us unpack it a little bit. What do we actually mean when we talk about cybersecurity threats and cybersecurity prevention, I guess?   Jojo Maalouf  05:05   Very good question, right? So, I mean, let's kind of simplify things, so we obviously have these adversaries, right? And these adversaries are trying to get into organizations networks. We hear a lot of the sensitivity or the criticality of information, so they're trying to obtain that information. And, you know, can they look at potentially monetizing that? Really what we're kind of trying to do, or what cyber security is, is, if you think about it, we have these bad guys, these adversaries. They're trying to get into organizations they possess or introduce some sort of level of risk. What we are trying to do as people in cyber security is defend those organizations from those risks and those adversaries. So, in order for us to do that, we need to put together a program. We need to make sure we have the relevant controls in place, because, at the end of the day, what we're trying to do is mitigate that risk to an acceptable level where the business can run.   Trevor Freeman  06:07   Yeah, totally. And who are these threats coming from? Like, we hear a lot about state sponsored groups for profit, hackers. There's sort of that hacktivists, kind of ideologically driven group. Who are we worried about in the in the energy industry?   Jojo Maalouf  06:20   You know, it's very good question. I think, to be honest, you, I think we worry about all of them. I think from from our perspective, threats are threats. And obviously, depending on the magnitude of those threats and where they're coming from, they could potentially possess or introduce a different type of risk. But the reality is, they all introduce a level of risk. Yes, we are worried about state sponsored entities. You know, we've seen what's happened throughout the years. It started out in Stuxnet with Iran in 2010 we've seen what's happened with Ukraine in 2015 the end of day, what are we trying to protect? We're trying to ensure that a cyber-attack doesn't actually impact our ability to deliver power to our customers. What we are seeing now in the industry, obviously, is that adversaries are understanding that they can really monetize this, right? So, we're seeing the exponential growth of ransomware throughout the years. I remember back in 2016 when a major Canadian university was asked to pay a think approximately a $35,000 ransomware. Where we looked at that in comparison in 2024 where the average cost of a ransomware attack is just under $5 million. So, it's a billion dollar industry, right? And it's only growing. You know, I'd say the threats are coming everywhere, but you're definitely seeing the monetization aspect of it growing exponentially.   Trevor Freeman  07:51   Yeah. So, I guess from our perspective, it really doesn't matter what the motivation is. If someone's getting into our systems and sort of impacting our ability to do what we do doesn't matter what the motivation is. It's a problem for us, and we try and guard against it.   Jojo Maalouf  08:05   Correct. I think, I think people are very highly motivated now, whether it's for it's ransomware, whether it's state sponsored, I think entities, or I would say adversary, sorry, are definitely highly motivated. And it doesn't really change our approach. So, you know, the energy sector needs to make sure that they do what they can to protect the systems.   Trevor Freeman  08:23   Yeah, fair enough. So, we've talked in the past on the show, and in my intro, I talked about grid modernization, and this sort of evolution of our grid, and the technology on our grid to have more and more connected devices out in the field, and the amount of data that's flowing on our grid is increasing. Obviously, there are many benefits to this, but inherently that brings a degree of risk as well. Can you talk to us about the risk that their grid modernization brings, and sort of how we're thinking about that?   Jojo Maalouf  08:58   So, Trevor, I think you said it well when you said more and more devices are connected now. So really, what ends up happening every time we add a device that's connected, it increases the organization's risk profile. So ideally, what we want to be able to do is we want to manage exactly what that those entry points into potential organizations are. So, every time I add a device, I have to think that it increases that attack surface to a degree. So, I mean, you've talked about what grid modernization can do. There are many capabilities I think that's going to benefit organizations. But I think as this happens, we need to ensure that cybersecurity risks are managed to ensure that that risk profile is managed to an appropriate level.   Trevor Freeman  09:48   How prepared is the energy industry to respond to and to recover from a major cyber-attack, if one were to happen on the power grid?   Jojo Maalouf  09:57   Honestly, I think that the energy sector as well. Prepared as a critical infrastructure entity, the energy sector has the benefit of dealing a lot with government partners. So, I think what you want to do as an organization is you want to build that trust, that ecosystem of partners, whether it is through public and private relationships. But I'd say from a critical infrastructure perspective, there are very good relationships with the industry, very good relationships with government partners. I think testing organizations resiliency has been in play now for many, many years. But I think from a cyber perspective, I think it's something where organizations continue to be prepared, continue to do some of the appropriate testing, you know? And I'll be honest, I say it's, it's, you never want to be complacent, right? And I think what we've learned over the years is threats are evolving. Threats are changing. The industry is always going to be susceptible to attacks.   Trevor Freeman  11:00   Are we collaborating and working with other stakeholders? I mean, both at the sort of other utility level, you mentioned, governments and regulatory bodies, are we collaborating with those other entities? And sort of in line when it comes to cybersecurity?   Jojo Maalouf  11:15   There is a lot of collaboration that occurs within the industry, whether it's in Ontario, you'll see now that the regulator, the Ontario Energy Board, you know, there is the Ontario cybersecurity framework that has been in play now since around 2018 even at the national level there. Here are many different bodies where, you know cybersecurity, like critical infrastructure protection is paramount, as discussed regularly, and then obviously there's the government agency. So, there's a lot of collaboration that goes whether it's from the provincial, the National, and then the government side as well. And I mean, I think you need those relationships, right? You need those partnerships to help.   Trevor Freeman  12:02   Yeah, we're not we're not a lone utility kind of figuring out on our own. We're working with our partners and our peers to figure that out. The other kind of area of emerging technology that I want to talk about is, AI, artificial intelligence and sort of machine learning. Are we using those technologies? Or do you see us using those technologies in the future to sort of enhance the cyber security of our grid and our assets?   Jojo Maalouf  12:29   Yeah, I mean, I think obviously artificial intelligence, machine learning, seems to be the 2024 theme. The reality is, is a lot of technologies have already adopted, whether it's AI or machine learning, into their into their solutions. You know, I think the whole Gen AI aspect is growing, and it's something that I think is going to benefit everybody in the industry as well. The unfortunate thing is, is that I think adversaries are going to be able to use these technologies as well. You know, whether it's to paint a better picture of an organization, maybe to customize some attack patterns, but I think it's something where we have to embrace the technology. We have to use it in our, I would say, in our toolkit, but we're very much cognizant of the fact is that adversaries are going to be using these, these tool sets as well to potentially target organizations within the energy sector.   Trevor Freeman  13:33   And are there specific things that you know, speaking as the local distribution company, specific things that our customers can do or should be aware of? What's the role of our customer when it comes to cybersecurity?   Jojo Maalouf  13:46   It's a very good question. I mean, from a from a customer's perspective, I think customers need to realize the importance of their information. So, I mean, the reality now is a lot of adversaries are targeting people directly because they want their information. Their information. Their information is valuable. So, I think as a customer, what they want to make sure they do is that they do what they can to protect their information. So, some very simple steps that they can do make sure you have a complex password that only you know, that's not easily guessable. The other thing is, you don't want to use that password across multiple systems. So, what's the best way for you to be able to manage all your passwords? Invest in a password manager. There are free solutions out there. There are other really good solutions that are at a fraction of a cost as well as that password. What you want to make sure you do is you have multi factor authentication attached to it. What that really means is it's a second level of authentication that's going to challenge you to make sure you are who you say you are. It could just be an application that's installed on your phone. Think those are really some really good ways that you know a customer can use to protect themselves. I think even investing in credit monitoring is really good because. Is the last thing you want to do is an adversary to target you, steal your information, then all of a sudden, are starting to open up accounts in your name, right? So credit monitoring is another really important one. So, I mean, I think those are some really basic ones, but I think that they can go a long way to protecting a customer from threats. There are some really good online resources that they can use. Public Safety Canada has their get cyber safe website that provides a lot of information for, you know, everyday residential people or customers, sorry, steps that they can take to protect themselves.   Trevor Freeman  15:33   And for our listeners that kind of are thinking like, Oh, I feel like I've heard that before. I think you're right. You have it is those basic steps that really can protect us. And just so that everybody knows this is a focus of us internally as well, all employees of Hydro Ottawa also have a focus on what can we as employees do in order to make sure we're protecting our systems, we're protecting our data, and all the things that JoJo mentioned when it comes to password integrity, conscious of protecting our data. We're focused on that on a day-to-day basis as well. Jojo, thanks very much for taking the time to talk us through this. It's something that is maybe a bit adjacent to the energy transition, but so important as we increasingly digitize our grid, digitize our systems, as I mentioned, add more data points. We can't sort of leave cybersecurity behind. So, I really appreciate you taking the time to join us today, as our listeners know, and as you know, we always end our interviews with a series of questions to our guests. So I will jump right into those. Jojo, what's a book that you've read that you think everybody should read?   Jojo Maalouf 16:39   Yeah, good question. I'll give you two books, especially within the context of cybersecurity. You know, we did briefly mention Stuxnet. A really good book is by Kim Zetter. It's called Zero Day, and it basically depicts what happened with Stuxnet. Really informative. It's actually really good read. It's not necessarily technical, but just goes to show kind of how cyber warfare was actually built. Another really good one is from Andy Greenberg. It's called sandworm, a new era of cyber war in the hunt for the Kremlin's most dangerous hackers. Another really good read as well. So, I think those are two books, I would say, in the cybersecurity context, that I think are really good reads.   Trevor Freeman  17:29   Nice. Same question. But for a movie or a show, is there a movie or show that you think everyone should have a look at?   Jojo Maalouf  17:36   I'm actually really into Yellowstone these days, right? So, I'm gonna give that props.   Trevor Freeman  17:41   Nice. That's a good one. If someone offered you a free round-trip flight anywhere in the world, where would you go?   Jojo Maalouf  17:48   Good question, I think right now where I am, I'd probably go anywhere, either in the Alps or in the Dolomites, to ski.   Trevor Freeman  17:56   That's awesome. And our last question, what is something about the energy sector or its future that you are particularly excited about?   Jojo Maalouf  18:04   To be honest with you, I What really interests me and what I'm really excited about is, think the evolution in change into we are now a technology company, And I think what we're where the energy sector is grow is, is moving towards, is really exciting. You know, I think over the years, it's been a very siloed approach to the way services are driven or given where I find now, its very technology focused, right? And I think that's very exciting times.   Trevor Freeman  18:39   Very cool. Well, JoJo, I really appreciate your time today, and you sharing your insight with us, and thanks for coming on the show.   Jojo Maalouf  18:46   Thank you, Trevor, it's great being here.   Trevor Freeman  18:50   Thanks for tuning in to another episode of The think energy podcast. Don't forget to subscribe wherever you listen to podcasts, and it would be great if you could leave us a review. It really helps to spread the word. As always, we would love to hear from you, whether it's feedback comments or an idea for a show or a guest. You can always reach us at think energy@Hydroottawa.com.  

Happy Halloween from the team at N2K Networks! We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here. Lyrics I was coding in the lab late one night when my eyes beheld an eerie sight  for my malware threat score began to rise  and suddenly to my surprise... It did the Mash  It did the Malware Mash  The Malware Mash  It was a botnet smash  It did the Mash  It caught on 'cause of Flash  The Malware Mash  It did the Malware Mash From the Stuxnet worm squirming toward the near east  to the dark web souqs where the script kiddies feast  the APTs left their humble abodes  to get installed from rootkit payloads.  They did the Mash  They did the Malware Mash  The Malware Mash  It was an adware smash  They did the Mash  It caught on 'cause of Flash  The Malware Mash  They did the Malware Mash The botnets were having fun  The DDoS had just begun  The viruses hit the darknet,  with ransomware yet to come.  The keys were logging, phishing emails abound,  Snowden on chains, backed by his Russian hounds.  The Shadow Brokers were about to arrive  with their vocal group, "The NotPetya Five." They did the Mash  They played the Malware Mash The Malware Mash  It was a botnet smash  They did the Mash  It caught on 'cause of Flash  The Malware Mash  They played the Malware Mash Somewhere in Moscow Vlad's voice did ring  Seems he was troubled by just one thing.  He opened a shell then shook his fist  and said, "Whatever happened to my Turla Trojan twist."  It's now the Mash  It's now the Malware Mash  The Malware Mash  And it's a botnet smash  It's now the Mash  It caught on 'cause of Flash  The Malware Mash  It's now the Malware Mash Now everything's cool, Vlad's a part of the band  And the Malware Mash is the hit of the land.  For you, defenders, this mash was meant to  when you get to my door, tell them Creeper sent you. Then you can Mash  Then you can Malware Mash  The Malware Mash  And be a botnet smash  It is the Mash  Don't you dare download Flash  The Malware Mash  Just do the Malware Mash Learn more about your ad choices. Visit megaphone.fm/adchoices

Happy Halloween from the team at N2K Networks! We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here. Lyrics I was coding in the lab late one night when my eyes beheld an eerie sight  for my malware threat score began to rise  and suddenly to my surprise... It did the Mash  It did the Malware Mash  The Malware Mash  It was a botnet smash  It did the Mash  It caught on 'cause of Flash  The Malware Mash  It did the Malware Mash From the Stuxnet worm squirming toward the near east  to the dark web souqs where the script kiddies feast  the APTs left their humble abodes  to get installed from rootkit payloads.  They did the Mash  They did the Malware Mash  The Malware Mash  It was an adware smash  They did the Mash  It caught on 'cause of Flash  The Malware Mash  They did the Malware Mash The botnets were having fun  The DDoS had just begun  The viruses hit the darknet,  with ransomware yet to come.  The keys were logging, phishing emails abound,  Snowden on chains, backed by his Russian hounds.  The Shadow Brokers were about to arrive  with their vocal group, "The NotPetya Five." They did the Mash  They played the Malware Mash The Malware Mash  It was a botnet smash  They did the Mash  It caught on 'cause of Flash  The Malware Mash  They played the Malware Mash Somewhere in Moscow Vlad's voice did ring  Seems he was troubled by just one thing.  He opened a shell then shook his fist  and said, "Whatever happened to my Turla Trojan twist."  It's now the Mash  It's now the Malware Mash  The Malware Mash  And it's a botnet smash  It's now the Mash  It caught on 'cause of Flash  The Malware Mash  It's now the Malware Mash Now everything's cool, Vlad's a part of the band  And the Malware Mash is the hit of the land.  For you, defenders, this mash was meant to  when you get to my door, tell them Creeper sent you. Then you can Mash  Then you can Malware Mash  The Malware Mash  And be a botnet smash  It is the Mash  Don't you dare download Flash  The Malware Mash  Just do the Malware Mash

This week's attacks on Hezbollah pagers and radios have spread anxiety among Lebanese people, and a sense that no electronic device is safe. Amid some confusion over how the explosions were triggered, you might be wondering whether you can trust the phone in your pocket, or the headphones on your ears. On this week's Tech 24, we break down how the attacks were done, how they compare to other massive hardware hacks like Stuxnet and An0m, and whether you should be worried about your own device. 

Podcast: PrOTect It AllEpisode: Cybersecurity in Critical Industries: Lessons from Medical Devices to AutomotivePub date: 2024-08-12In Episode 21 of "Protect It All," titled "Cybersecurity in Critical Industries: Lessons from Medical Devices to Automotive," host Aaron Crow is joined by experts David Leichner and Shlomi Ashkenazy to explore the multifaceted world of cybersecurity across various critical industries. The conversation starts with Shlomi sharing a transformative personal experience in London, emphasizing the importance of pursuing one's passions. David follows with a moment of realization about the critical nature of cybersecurity during an eye surgery, underscoring the necessity of protecting people through robust cyber measures. The episode delves deep into how cybersecurity practices are implemented in medical devices, automotive, and industrial manufacturing sectors. David, Shlomi, and Aaron discuss generative AI and its dual potential to enable and defend against cyber threats, drawing parallels to cyber weapons like Stuxnet. The importance of secure design, continuous monitoring, and compliance with ever-evolving regulations are highlighted, particularly in upgrading legacy systems in critical infrastructure. With comprehensive insights into integrating IT and OT cybersecurity measures, the episode provides a compelling call to action for increased awareness and collaborative efforts to bolster defenses. Aaron also extends an invitation for engagement through conferences like Black Hat and Defcon, where practical solutions and innovative strategies are showcased. Tune in to gain a deeper understanding of the critical intersection of cybersecurity in various industries and learn valuable lessons from the experts on safeguarding our digital and physical world. Key Moments: 00:10 Security threats have expanded to 15-year-olds. 08:35 Privacy breaches occur through overlooked device vulnerabilities. 12:14 Power utility leading in cybersecurity due to regulation. 17:06 Smaller companies need to prioritize cybersecurity measures. 26:42 Security strategy requires adapting to different environments. 28:30 FDA emphasizes cybersecurity importance at the H-ISAC conference. 37:43 MIT study simulates cyber attack, uses AI. 40:24 AI can eliminate manual product development processes. 46:16 Cybersecurity brings unknown threats: deterrence or powerful AI. 50:26 Black start plants generate and transmit power. 59:00 Soft skills are crucial for effective communication and trust. 01:00:09 Sent demos to heroes, got a minimal response. 01:06:47 Promoting face-to-face meetings and events globally. 01:10:19 Agreement on conclusion of project. About the Guests : David Leichner David has over 25 years of marketing and sales executive management experience garnered from leading tech companies including Cynet, Information Builders, Magic Software, Gilat Satellite Networks, BluePhoenix Solutions, and SQream. At Cybellum, a provider of integrated cybersecurity solutions for leading device manufacturers, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s market penetration. Shlomi Ashkenazy Shlomi is the Head of Brand and Strategy at Cybellum, overseeing product security thought leadership, positioning, and brand activities. A physicist-turned-cybersecurity brand builder, Shlomi spent the years before joining Cybellum as a consultant, working with dozens of founders in the cybersecurity, AI, DevOps, Quantum, and Health Tech industries on building their brand, product marketing, positioning, and messaging. Shlomi also produces and co-hosts "Left to Our Own Devices: The Product Security Podcast" and spearheads multiple business strategy and GTM initiatives at Cybellum. Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.coThe podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Three Buddy Problem - Episode 7: In this episode, we try to close the book on the CrowdStrike Windows BSOD story, Microsoft VP David Weston's technical documentation and issues around kernel access and OS resilience. We also discuss Binarly's PKFail research, secure boot bypasses, Dan Geer and tech monoculture, software vendor liability issues and the need for inspectability in security mechanisms. The conversation explores cyber angles to train service disruptions in Paris, the history of cyber operations targeting the Olympics, the lack of public acknowledgment and attribution of cyber operations by Western intelligence agencies, and the importance of transparency and case studies in understanding and discussing cyber operations. Hosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)

Was the Stuxnet, "cyberworm," the first iteration of a new era of combat? Strider is scared! When scared, seek to understand.  striderwilson.com patreon.com/striderwilson Sources: spymuseum.org, smithsonianmag.com ‘Richard Clarke on Who Was Behind the Stuxnet Attack' by Ron Rosenbaum 2012, wired.com ‘An Unprecedented Look at Stuxnet, the World's First Digital Weapon' by Kim Zetter 2014, csoonline.com ‘Stuxnet explained: the first known cyberweapon' by Josh Fruhlinger 2022, britannica.com

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

Join us for a riveting discussion with Jay Hunter Anson, as he delves into his fascinating cybersecurity journey—from his early encounters with the Stuxnet malware incident during his military tenure to his pivotal roles in major cybersecurity operations at the NSA and US Southern Command. In this insightful conversation, we explore the evolution of cybersecurity practices, the critical role of policy and resource allocation in fortifying security, and the complex challenges and invaluable lessons learned from deploying security measures in intricate environments. And that's just the beginning! Tune in now for an unforgettable exploration into the world of cybersecurity with a true expert in the field. Don't miss out!

The changing face of war makes it difficult for investors to identify exactly when war begins, when it ends, and when the right time is to implement a war-time investment strategy. Associate Market Strategist Daniel Ortwerth joins Phil Adler to offer some guidance.

Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: What convincing warning shot could help prevent extinction from AI?, published by Charbel-Raphaël on April 13, 2024 on LessWrong. Tell me father, when is the line where ends everything good and fine? I keep searching, but I don't find. The line my son, is just behind. Camille Berger There is hope that some "warning shot" would help humanity get its act together and change its trajectory to avoid extinction from AI. However, I don't think that's necessarily true. There may be a threshold beyond which the development and deployment of advanced AI becomes essentially irreversible and inevitably leads to existential catastrophe. Humans might be happy, not even realizing that they are already doomed. There is a difference between the "point of no return" and "extinction." We may cross the point of no return without realizing it. Any useful warning shot should happen before this point of no return. We will need a very convincing warning shot to change civilization's trajectory. Let's define a "convincing warning shot" as "more than 50% of policy-makers want to stop AI development." What could be examples of convincing warning shots? For example, a researcher I've been talking to, when asked what they would need to update, answered, "An AI takes control of a data center." This would be probably too late. "That's only one researcher," you might say? This study from Tetlock brought together participants who disagreed about AI risks. The strongest crux exhibited in this study was whether an evaluation group would find an AI with the ability to autonomously replicate and avoid shutdown. The skeptics would get from P(doom) 0.1% to 1.0%. But 1% is still not much… Would this be enough for researchers to trigger the fire alarm in a single voice? More generally, I think studying more "warning shot theory" may be crucial for AI safety: How can we best prepare the terrain before convincing warning shots happen? e.g. How can we ensure that credit assignments are done well? For example, when Chernobyl happened, the credit assignments were mostly misguided: people lowered their trust in nuclear plants in general but didn't realize the role of the USSR in mishandling the plant. What lessons can we learn from past events? (Stuxnet, Covid, Chernobyl, Fukushima, the Ozone Layer).[1] Could a scary demo achieve the same effect as a real-world warning shot without causing harm to people? What is the time needed to react to a warning shot? One month, year, day? More generally, what actions would become possible after a specific warning shot but weren't before? What will be the first large-scale accidents or small warning shots? What warning shots are after the point of no return and which ones are before? Additionally, thinking more about the points of no return and the shape of the event horizon seems valuable: Is Autonomous Replication and Adaptation in the wild the point of no return? In the case of an uncontrolled AGI, as described in this scenario, would it be possible to shut down the Internet if necessary? What is a good practical definition of the point of no return? Could we open a Metaculus for timelines to the point of no return? There is already some literature on warning shots, but not much, and this seems neglected, important, and tractable. We'll probably get between 0 and 10 shots, let's not waste them. (I wrote this post, but don't have the availability to work on this topic. I just want to raise awareness about it. If you want to make warning shot theory your agenda, do it.) ^ An inspiration might be this post-mortem on Three Mile Island. Thanks for listening. To help us out with The Nonlinear Library or to learn more, please visit nonlinear.org

Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) XZ.fail backdoor detector (https://xz.fail) Malware paleontologist Costin Raiu returns for an emergency episode on the XZ Utils software supply chain backdoor. We dig into the timeline of the attack, the characteristics of the backdoor, affected Linux distributions, and the reasons why 'Tia Jan' is the handiwork of a cunning nation-state. Based on all the clues available, Costin pinpoints three main suspects -- North Korea's Lazarus, China's APT41 or Russia's APT29 -- and warns that there are more of these backdoors lurking in modern software supply chains.

Imagine a digital virus that could destroy your computer. Not crash its system, but actually wreck the physical hardware – say, melt the motherboard or burn up the hard drive. It might sound dystopian, but in fact, this kind of virus was discovered in Iran in 2010. And it wasn't just wrecking a humble laptop – it was sabotaging Iranian nuclear infrastructure. The virus (or worm) became known as Stuxnet, and investigative journalist Kim Zetter has been following it ever since. This week on Whale Hunting, host Bradley Hope speaks to Kim about the uncovering of Stuxnet and what its groundbreaking technology meant for digital warfare – as well as the early death of the intelligence mole who deposited Stuxnet on Iranian systems. To read more of Kim's work, make sure to follow her on Twitter at @kimzetter or find her regular posts at zetter-zeroday.com. For more fromWhale Hunting, make sure to follow the podcast – and you can subscribe to our newsletter at whalehunting.projectbrazen.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

A former Google software engineer is charged with stealing AI tech for China. State attorneys general from forty-one states call out Meta over account takeover issues. Researchers demonstrate a Stuxnet-like attack using PLCs. Buyer beware - A miniPC comes equipped with pre installed malware. A Microsoft engineer wants the FTC to take a closer look at Copilot Designer. There's a snake in Facebook's walled garden. Bruce Schneier wonders if AI can strengthen democracy. On our Industry Voices segment, guest Jason Lamar, Senior Vice President of Product at Cobalt, joins us to discuss offensive security strategy. And NIST works hard to keep their innovations above water. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Jason Lamar, Senior Vice President of Product at Cobalt, joins us to discuss offensive security strategy. You can find out more from Cobalt's OffSec Shift report here.  Selected Reading Former Google Engineer Charged With Stealing AI Secrets (Infosecurity Magazine) Several States Attorneys General have written to Meta demanding better account recovery (NY gov) Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers  (SecurityWeek) Whoops! ACEMAGIC ships mini PCs with free bonus pre-installed malware  (Graham Cluley) Microsoft AI engineer warns FTC about Copilot Designer safety concerns  (The Verge) Snake, a new Info Stealer spreads through Facebook messages (Security Affairs) NSA Details Seven Pillars Of Zero Trust (gbhackers) How Public AI Can Strengthen Democracy  (Schneier on Security) This agency is tasked with keeping AI safe. Its offices are crumbling. (WashingtonPost) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

ToddleShark, Zeek, Stuxnet revisited, ICS, AMEX, Apple, Change, Josh Marpet, and More on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-366

ToddleShark, Zeek, Stuxnet revisited, ICS, AMEX, Apple, Change, Josh Marpet, and More on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-366

Here's a Valentine's gift for everyone. One of the bonus shows is now available for all. This is all about Stuxnet, the most amazing computer virus you may not have heard about. You need to be wearing fingerless gloves to get the most out of this show.

What should we be doing to maintain a healthy digital hygiene? In Episode #431 of 'Musings', Juan & I discuss: why this topic felt like work to Juan, how companies think about cyber security, the Stuxnet virus plus a Dutchman receiving American military emails, Butters the abused dog, our argument over what consists an 'attack', the coming era of more awareness of private data and why the social considerations are more important than the technical. Huge thanks to Amorphous Continuum for the boostagram. Your support means the world to us!Timeline:(0:00) - Intro(0:52) - Today's topic: getting our nerd on(3:08) - Risk vs Reward(9:06) - No actual harm is possible(13:38) - It's easier to just kill a dude(16:18) - Protecting against bad actors vs unwitting Kyrin's(22:19) - Boostagram Lounge(29:21) - Boost or the puppy gets it(30:20) - Protecting your data & identity(40:08) - Are AI Deepfakes an attack?(46:16) - Don't be an asshole online(52:02) - Geoguesser, Popsmoke & flashing cash(56:35) - Summary(1:05:50) - V4V: Create a clipValue 4 Value Support:Boostagram: https://www.meremortalspodcast.com/supportPaypal: https://www.paypal.com/paypalme/meremortalspodcastConnect with Mere Mortals:Website: https://www.meremortalspodcast.com/Discord: https://discord.gg/jjfq9eGReUTwitter/X: https://twitter.com/meremortalspodInstagram: https://www.instagram.com/meremortalspodcast/TikTok: https://www.tiktok.com/@meremortalspodcastSupport the show

Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Costin Raiu has spent a lifetime in anti-malware research, working on some of the biggest nation-state APT cases in history, including Stuxnet, Duqu, Equation Group, Red October, Turla and Lazarus. In this exit interview, Costin digs into why he left the GReAT team after 13 years at the helm, ethical questions on exposing certain APT operations, changes in the nation-state malware attribution game, technically impressive APT attacks, and the 'dark spots' where future-thinking APTs are living.

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”   Attackers develop fake Lockdown Mode https://appleinsider.com/articles/23/12/05/jamf-shares-exploit-that-fools-users-into-believing-their-hacked-iphone-is-safe https://thehackernews.com/2023/12/warning-for-iphone-users-experts-warn.html   Barracuda hacked again https://www.securityweek.com/chinese-hackers-deliver-malware-to-barracuda-email-security-appliances-via-new-zero-day/    Apple thwarts iPhone thieves with passcode change delay https://appleinsider.com/articles/23/12/12/stolen-device-protection-to-thwart-iphone-thieves-with-passcodes-with-time-delay   Dutch Engineer named as accomplice who smuggled Stuxnet into Iran https://www.yahoo.com/news/colorado-mans-getting-400-000-062233925.html https://www.securityweek.com/dutch-engineer-used-water-pump-to-get-billion-dollar-stuxnet-malware-into-iranian-nuclear-facility-report/      Dad Joke of the Week (DJOW)   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Glenn - https://www.linkedin.com/in/glennmedina/ Kush - https://www.linkedin.com/in/kushaagra/

The World Economic Forum names AI a top global threat. The SEC suffers social media breach. The FTC settles with a data broker over location data sales. A massive data leak hits Brazil. Chinese researchers claim and AirDrop hack. A major real estate firm suffers data theft. Pikabot loader is seeing use by spammers. Ukraine's Blackhit hits Russia's M9 Telecom. Stuxnet methods are revealed. A Patch Tuesday rundown. Our guest is ​​Tim Eades from the Cyber Mentor Fund to discuss the growing prevalence of restoration as a part of incident response. And Hackers could screw up a wrench. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest ​​Tim Eades from Cyber Mentor Fund joins us to discuss the growing prevalence of restoration as a part of incident response.  Selected Reading AI-powered misinformation is the world's biggest short-term threat, Davos report says (AP News) NSA: Benefits of generative AI in cyber security will outweigh the bad (IT Pro) SEC account on X ‘compromised' and regulator has not approved bitcoin ETFs (MarketWatch) SEC did not have 2FA enabled: X safety team on fake Bitcoin ETF post (Cointelegraph) FTC Order Prohibits Data Broker X-Mode Social and Outlogic from Selling Sensitive Location Data (Federal Trade Commission) Entire population of Brazil possibly exposed in massive data leak (Security Affairs) China says state-backed experts crack Apple's AirDrop (Digital Journal) Fidelity National Financial says hackers stole data on 1.3 million customers (TechCrunch) Water Curupira Hackers Launch Pikabot Malware Attack on Windows Machine (GBHackers On Security) Ukrainian “Blackjack” Hackers Take Out Russian ISP (Infosecurity Magazine) Ukraine is on the front lines of global cyber security (Atlantic Council)  Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report (SecurityWeek) New research paper explores post-quantum cryptography for critical infrastructure cybersecurity (Industrial Cyber) AI Helps U.S. Intelligence Track Hackers Targeting Critical Infrastructure (Wall Street Journal) Hewlett Packard Enterprise nears $13 billion deal to buy Juniper Networks (Reuters) January Patch Tuesday: New year, more Windows bugs (The Register) Cybersecurity Advisory: Apache Struts Vulnerability CVE-2023-50164 (Uptycs) Hackers can infect network-connected wrenches to install ransomware (Ars Technica)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Jobs and Money, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood, and more on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-352

Studio Sponsor: Cardio Miracle - "The finest heart and health supplement in the world!": https://www.briannicholsshow.com/heart Could critical infrastructure already be held hostage by silent cyberwars secretly unfolding behind the scenes? On today's episode of The Brian Nichols Show, Brian interviews cybersecurity expert Cyrus Nooriala on escalating cyber threats. Together they unpack and examine the precarious lack of security pervading both personal technology and business networks, leaving users and companies dangerously exposed. Delving into ominous examples like the Stuxnet virus and recent Iranian utility hacks, Nooriala outlines the constant probing of systems by state actors seeking leverage in global conflicts. With references ranging from Soviet tyranny to the suspicious Israeli border breach preceding recent violence, he constructs a disturbing narrative of cyber warfare rapidly intensifying across the Middle East and beyond. Exploring defensive fundamentals like network monitoring, penetration testing, and employee education, Nooriala stresses the multifaceted nature of business cybersecurity. He details how seemingly innocuous activities like pirated downloads can open companies to crippling lawsuits and security disasters. The conversation then begins its conclusion with a disturbing analysis of how cyber-attacks could lead to infrastructure sabotage and kinetic warfare. While cautioning that absolute privacy remains impossible given legal backdoors in commercial encryption, Nooriala argues knowledge itself creates crucial protection against exploitation. He urges individuals to scrutinize the true reach of household technology, warning device cameras and microphones enable mass warrantless surveillance by Big Tech and government alike. In this riveting edition of The Brian Nichols Show, Nooriala pierces the veil shrouding the silent cyber battles unfolding across the globe. Tune in as he distills actionable methods for securing both personal and business digital worlds against the rising tide of cyber warfare threatening us all! ❤️ Order Cardio Miracle (https://www.briannicholsshow.com/heart) with code TBNS at checkout for 15% off and take a step towards better heart health and overall well-being!

The clever way one developer hacked an online game, why we're not buying the latest round of cyber war fear, and we finally have our Babylon 5 vs Star Trek debate.

Hackers Can Easily Extract ChatGPT Training Data Cheebert's prediction about VDI just came true Big Tech jobs are not as immune to layoffs as we thought Siemens PLCs are Still Vulnerable to Stuxnet-like Cyberattacks Josh Kuo, DNS Expert and Ross Gibson, Principal Solutions Architect of Infoblox join Brian Chee and Curt Franklin for part 1 of a 3 part in-depth primer on enterprise DNS, from the basics of DNS lookup, key considerations like security and encryption, and why run your own DNS versus other free alternatives? Hosts: Brian Chee and Curtis Franklin Guests: Josh Kuo and Ross Gibson Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: kolide.com/twiet bitwarden.com/twit GO.ACILEARNING.COM/TWIT

The predicted deep state avenues of attack are all coming into play. Their desperation shows they have everything to lose. Threats to SCOTUS based on one sided ethics charges. Alito now in the sites. Fantasy Dim court remake. Let's review those African flash points. All have been mentioned before. 17 coups you say. The Ohio constitutional rabbit hole. Are citizens catching on to all the out of state $$$? On the MSM, Peter Strzok is a propriety expert. The whodunnit question won't go away. Pundits are giddy over charges. The have never, and will never, stop attacking Trump. Brazen witness tampering right on TV. No subpoena means they were spying. Safe and reliable Nuclear debate re-appears. The time from concepts to functioning critical reactors. Limbo projects and climbing costs. Did someone say power bill price stability? A new Georgia facility comes online. Alphas and Israel write some code. The cyber attacks that caused nuke destruction. Stuxnet worm was spread worldwide. Iran is warming up to BRICS. Preparing for the future means maintaining an educated global view. But we must always think local too, and stay close to friends and family.  Learn more about your ad choices. Visit podcastchoices.com/adchoices