Podcasts about thinkst

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: The KK Park scam compound in Myanmar gets blasted with actual dynamite China sentences more scammers TO DEATH While Singapore is opting to lash them with the cane Chinese security firm KnownSec leaks a bunch of documents Necromancy continues on NSO Group, with a Trump associate in charge OWASP freshens up the Top 10, you won't believe what's number three! This week's episode is sponsored by Thinkst Canary. Big bird Haroon Meer joins and, as usual, makes a good point. If you're going to trust a vendor to do something risky like put a box on your network, they have an obligation to explain how they make that safe. Thinkst has a /security page that does exactly that. So why do we let Palo Alto and Fortinet get away with “trust me, bro”? This episode is also available on Youtube. Show notes Myanmar Junta Dynamites Scam Hub in PR Move as Global Pressure Grows China sentences 5 Myanmar scam kingpins to death | The Record from Recorded Future News Law passed for scammers, mules to be caned after victims in Singapore lose almost $4b since 2020 | The Straits Times KnownSec breach: What we know so far. - NetAskari Risky Bulletin: Another Chinese security firm has its data leaked Inside Congress Live The Government Shutdown Is a Ticking Cybersecurity Time Bomb | WIRED Former Trump official named NSO Group executive chairman | The Record from Recorded Future News Short-term renewal of cyber information sharing law appears in bill to end shutdown | The Record from Recorded Future News Jaguar Land Rover hack hurt the U.K.'s GDP, Bank of England says Monetary Policy Report - November 2025 | Bank of England SonicWall says state-linked actor behind attacks against cloud backup service | Cybersecurity Dive Japanese media giant Nikkei reports Slack breach exposing employee and partner records | The Record from Recorded Future News "Intel sues former employee for allegedly stealing confidential data" Post by @campuscodi.risky.biz — Bluesky Introduction - OWASP Top 10:2025 RC1

Reflecting on 10 years since its launch, the honeypot maker explains why the company did not take on any VC funding. Learn more about your ad choices. Visit podcastchoices.com/adchoices

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Thinkst CTO Marco Slaviero about a concept called Defending off the Land, a way to detect attacks and even deceive and frustrate attackers. Show notes Defending off the land: Agentless defenses available today Assortment of scripts and tools for our Blackhat EU 2024 talk Thinkst Citation Create a Canarytoken. Deploy it somewhere.

On this week's show, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Cleo file transfer products have a remote code exec, here we go again! Snowflake phases out password-based auth Chinese Sophos-exploit-dev company gets sanctioned Romania's election gets rolled back after Tiktok changed the outcome AMD's encrypted VM tech bamboozled by RAM with one extra address bit Some cool OpenWRT research And much, much more. This week's episode is sponsored by Thinkst, who love sneaky canary token traps. Jacob Torrey previews an upcoming Blackhat talk filled with interesting operating system tricks you can use to trigger canaries in your environment. You wont believe the third trick! Attackers hate him! This episode is also available on Youtube. Show notes Cleo Software Actively Being Exploited in the Wild CVE-2024-50623 | Huntress Blue Yonder investigating data leak claim following ransomware attack | Cybersecurity Dive Snowflake to phase out single-factor authentication by late 2025 | Cybersecurity Dive Treasury Sanctions Cybersecurity Company Involved in Compromise of Firewall Products and Attempted Ransomware Attacks | U.S. Department of the Treasury Another teenage hacker charged as feds continue Scattered Spider crackdown | The Record from Recorded Future News Germany arrests suspected admin of country's largest criminal marketplace | The Record from Recorded Future News FCC, for first time, proposes cybersecurity rules tied to wiretapping law | CyberScoop Russian state hackers abuse Cloudflare services to spy on Ukrainian targets | The Record from Recorded Future News Cloudflare's pages.dev and workers.dev Domains Increasingly Abused for Romania annuls presidential election over alleged Russian interference | The Record from Recorded Future News EU demands TikTok 'freeze and preserve data' over alleged Russian interference in Romanian elections | The Record from Recorded Future News Research Note: Meta's Role in Romania's 2024 Presidential Election - CheckFirst Key electricity distributor in Romania warns of ‘cyber attack in progress' | The Record from Recorded Future News Backdoor slipped into popular code library, drains ~$155k from digital wallets - Ars Technica AMD's trusted execution environment blown wide open by new BadRAM attack - Ars Technica New dog, old tricks: DaMAgeCard attack targets memory directly thru SD card reader – PT SWARM Telegram partners with child safety group to scan content for sexual abuse material Apple hit with $1.2B lawsuit after killing controversial CSAM-detecting tool - Ars Technica Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security Research How do I turn on the Do Not Track feature? | Firefox Help

In this Soap Box edition of the podcast Patrick Gray chats with Thinkst Canary founder Haroon Meer about his “decade of deception”, including: A history of Thinkst Canary including a recap of what they actually do A look at why they're still really the only major player in the deception game A look at what companies like Microsoft are doing with deception Why security startups should have conference booths

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Haroon Meer, Founder and CEO at Thinkst, about the company's evolution over the past 15 years, its focus on hacker-like internal culture, and the UK NCSC's new deception network. Show notes Building a nation-scale evidence base for cyber deception Hacking as a pathway to building better Products

On today's Demo Day Trey Ford and RSnake sit down with Haroon Meer, the CEO of Thinkst and discuss his Canary product, which is a super simple honeypot and honeytoken product allowing customers to get extremely high signal to noise ratio and reduce dwell time.

We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Show Notes: https://securityweekly.com/esw-366

We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Show Notes: https://securityweekly.com/esw-366

We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss: What to be aware of when deploying GenAI Key use cases and successes organizations are having with GenAI Some of the risks to be aware of How to prepare employees for GenAI Best practices to prepare for evolving threats For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any). Segment Resources: Why It's Time to Evolve from Threat-centric to Compromise-centric Security Evolve from Threat-Centric to Compromise-Centric Security How to Close the Visibility Gaps Across Your Multi-Cloud Environment Defend HPC Data Centers with Frictionless Security & Observability We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-366

We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss: What to be aware of when deploying GenAI Key use cases and successes organizations are having with GenAI Some of the risks to be aware of How to prepare employees for GenAI Best practices to prepare for evolving threats For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any). Segment Resources: Why It's Time to Evolve from Threat-centric to Compromise-centric Security Evolve from Threat-Centric to Compromise-Centric Security How to Close the Visibility Gaps Across Your Multi-Cloud Environment Defend HPC Data Centers with Frictionless Security & Observability We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-366

In this Risky Business News sponsored interview, Tom Uren talks to Marco Slaveiro, Thinkst's CTO about staying current with modern attack trends and not falling for the trap of optimising to catch red teams.

In this Risky Business News sponsor interview Tom Uren talks to Haroon Meer of Thinkst Canary. They discuss how network attackers win, how their tactics have changed over time and what this means for network defenders.

In this Risky Business News sponsor interview Tom Uren talks to Haroon Meer of Thinkst Canary. They discuss how network attackers win, how their tactics have changed over time and what this means for network defenders.

In this week's edition of the show Patrick Gray and guest co-host Dmitri Alperovitch discuss: Major telco in Ukraine taken down by Russia Apple and Facebook go all in on e2ee Why 702 reauthorisation is looking a bit sketchy The USG wants your push notifications The year in review, plus some predictions for 2024 This week's show is brought to you by Thinkst Canary. Haroon Meer, Thinkst's founder, is this week's sponsor guest. He joins us to talk about APT groups pivoting to living-off-the-land techniques.

In this week's edition of the show Patrick Gray and guest co-host Dmitri Alperovitch discuss: Major telco in Ukraine taken down by Russia Apple and Facebook go all in on e2ee Why 702 reauthorisation is looking a bit sketchy The USG wants your push notifications The year in review, plus some predictions for 2024 This week's show is brought to you by Thinkst Canary. Haroon Meer, Thinkst's founder, is this week's sponsor guest. He joins us to talk about APT groups pivoting to living-off-the-land techniques.

This week we're joined by Haroon Meer from Thinkst — the makers of Canary and Canary Tokens. Haroon walks us through a network getting compromised, what it takes to deploy a Canary on your network, how they maintain low false-positive numbers, their thoughts and principles on building their business (major wisdom shared!), and how a Canary helps surface network attacks in real time.

This week we're joined by Haroon Meer from Thinkst — the makers of Canary and Canary Tokens. Haroon walks us through a network getting compromised, what it takes to deploy a Canary on your network, how they maintain low false-positive numbers, their thoughts and principles on building their business (major wisdom shared!), and how a Canary helps surface network attacks in real time.

A hosted panel discussion with industry leaders to explore what advantages the SecOps Cloud Platform confers for ecosystem builders.The panel is moderated by LimaCharlie's Head of Product, Matt Bromiley. The panel participants are:Senior Security Researcher at Thinkst, Casey SmithSecurity Evangelist at RunZero, Huxley BarbeeHead of Tines Labs, John TucknerWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they're in enterprise, services or vendors to build appropriate solutions.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

OpenTF announces they're forking Terraform and joining the Linux Foundation, Meta gets in the LLM-for-codegen game with Code Llama, Matt Mullenweg announces WordPress.com's new 100-year plan, Paul Gichuki from Thinkst learns that default behaviors stick (and so do examples) & Marco Otte-Witte makes his case for Rust on the web.

OpenTF announces they're forking Terraform and joining the Linux Foundation, Meta gets in the LLM-for-codegen game with Code Llama, Matt Mullenweg announces WordPress.com's new 100-year plan, Paul Gichuki from Thinkst learns that default behaviors stick (and so do examples) & Marco Otte-Witte makes his case for Rust on the web.

OpenTF announces they're forking Terraform and joining the Linux Foundation, Meta gets in the LLM-for-codegen game with Code Llama, Matt Mullenweg announces WordPress.com's new 100-year plan, Paul Gichuki from Thinkst learns that default behaviors stick (and so do examples) & Marco Otte-Witte makes his case for Rust on the web.

Incredibly, the seemingly simple task of managing corporate-owned devices is still a struggle for most organizations in 2023. Maybe best MDM for Mac doesn't work with Windows, or the best MDM for Windows doesn't work with Mac. Maybe neither have Linux support. Perhaps they don't provide enough insight into the endpoint, or control over it. Whatever the case, security leaders never seem satisfied with their MDM solution and are always investigating new ones. Now, Kolide has stepped in with a unique approach to device management, combining the flexibility and industry support for OSQuery and built to integrate with IdP giant Okta. We discuss Kolide's entrance into the device management space and the current state of MDM - what's wrong with it, and how does Kolide propose to fix it? This segment is sponsored by Kolide. Visit https://securityweekly.com/kolide to learn more about them! Segment description coming soon! Record funding levels over the last two weeks top 2023 and the same time last year. We discuss Palo Alto's plans for the future, CISA's analysis of the LAPSUS$ hacking group, and the uselessness of Quantum Security pitches. Chrome adds the ability to alert users about malicious extensions. A great post from Thinkst has us talking about why vendors (and buyers) need to be careful about default behaviors and documentation. You won't want to miss the excellent squirrel story - a front end for Reddit that looks like Microsoft Outlook. During this segment, Jon will explore today's ransomware economy players from IABS to RaaS affiliates, to money launders and now C2Ps. For the discussion, Jon will leverage Halcyon's latest research, which demonstrates a new technique to uncover how C2Ps, like Cloudzy, are used to identify upcoming ransomware campaigns and other advanced attacks. The research revealed that Cloudzy, knowingly or not, provided services to attackers while assuming a legitimate business profile. Threat actors that leveraged Cloudzy include APT groups tied to the Chinese, Iranian, North Korean, Russian, Indian, Pakistani, and Vietnamese governments; a sanctioned Israeli spyware vendor whose tools are known to target civilians; several criminal syndicates and ransomware affiliates whose campaigns have spurred international headlines. This segment is sponsored by Halcyon. Visit https://securityweekly.com/halcyonbh to learn more about them! In this session, Snehal will discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You'll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world - with full domain takeover in a little more than a few hours. Learn how you can safely do the same in your own network today!  This segment is sponsored by Horizon3.ai. Visit https://securityweekly.com/horizon3aibh to learn more about them! In this Black Hat 2023 interview, CRA's Bill Brenner and Sophos' John Shier discuss the company's latest research on the Royal ransomware gang. Though Royal is a notoriously closed off group that doesn't openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities.  This segment is sponsored by Sophos.  Visit https://securityweekly.com/sophosbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-329

Incredibly, the seemingly simple task of managing corporate-owned devices is still a struggle for most organizations in 2023. Maybe best MDM for Mac doesn't work with Windows, or the best MDM for Windows doesn't work with Mac. Maybe neither have Linux support. Perhaps they don't provide enough insight into the endpoint, or control over it. Whatever the case, security leaders never seem satisfied with their MDM solution and are always investigating new ones. Now, Kolide has stepped in with a unique approach to device management, combining the flexibility and industry support for OSQuery and built to integrate with IdP giant Okta. We discuss Kolide's entrance into the device management space and the current state of MDM - what's wrong with it, and how does Kolide propose to fix it? This segment is sponsored by Kolide. Visit https://securityweekly.com/kolide to learn more about them! Segment description coming soon! Record funding levels over the last two weeks top 2023 and the same time last year. We discuss Palo Alto's plans for the future, CISA's analysis of the LAPSUS$ hacking group, and the uselessness of Quantum Security pitches. Chrome adds the ability to alert users about malicious extensions. A great post from Thinkst has us talking about why vendors (and buyers) need to be careful about default behaviors and documentation. You won't want to miss the excellent squirrel story - a front end for Reddit that looks like Microsoft Outlook. During this segment, Jon will explore today's ransomware economy players from IABS to RaaS affiliates, to money launders and now C2Ps. For the discussion, Jon will leverage Halcyon's latest research, which demonstrates a new technique to uncover how C2Ps, like Cloudzy, are used to identify upcoming ransomware campaigns and other advanced attacks. The research revealed that Cloudzy, knowingly or not, provided services to attackers while assuming a legitimate business profile. Threat actors that leveraged Cloudzy include APT groups tied to the Chinese, Iranian, North Korean, Russian, Indian, Pakistani, and Vietnamese governments; a sanctioned Israeli spyware vendor whose tools are known to target civilians; several criminal syndicates and ransomware affiliates whose campaigns have spurred international headlines. This segment is sponsored by Halcyon. Visit https://securityweekly.com/halcyonbh to learn more about them! In this session, Snehal will discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You'll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world - with full domain takeover in a little more than a few hours. Learn how you can safely do the same in your own network today!  This segment is sponsored by Horizon3.ai. Visit https://securityweekly.com/horizon3aibh to learn more about them! In this Black Hat 2023 interview, CRA's Bill Brenner and Sophos' John Shier discuss the company's latest research on the Royal ransomware gang. Though Royal is a notoriously closed off group that doesn't openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities.  This segment is sponsored by Sophos.  Visit https://securityweekly.com/sophosbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-329

Record funding levels over the last two weeks top 2023 and the same time last year. We discuss Palo Alto's plans for the future, CISA's analysis of the LAPSUS$ hacking group, and the uselessness of Quantum Security pitches. Chrome adds the ability to alert users about malicious extensions. A great post from Thinkst has us talking about why vendors (and buyers) need to be careful about default behaviors and documentation. You won't want to miss the excellent squirrel story - a front end for Reddit that looks like Microsoft Outlook.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-329 

Record funding levels over the last two weeks top 2023 and the same time last year. We discuss Palo Alto's plans for the future, CISA's analysis of the LAPSUS$ hacking group, and the uselessness of Quantum Security pitches. Chrome adds the ability to alert users about malicious extensions. A great post from Thinkst has us talking about why vendors (and buyers) need to be careful about default behaviors and documentation. You won't want to miss the excellent squirrel story - a front end for Reddit that looks like Microsoft Outlook.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-329 

In this Risky Business News sponsor interview Tom Uren talks to Jacob Torrey, Thinkst's Head of Labs. Jacob produces ThinkstScapes, a brilliant quarterly summary of the most interesting security research from around the world. In this interview Jacob talks about his favourite research of this issue, why Thinkst invests the time and effort in producing ThinkstScapes and also talks about Thinkst Citation, a companion product that contains information about nearly 70,000 security talks going all the way back to 1993.

Kartanolla vieraili kybermerimies Karo Vallittu. Keskustelimme Karon kanssa merenkulun lainsäädännöstä ja kyberturvallisuuden vaikutuksesta merenkulkuun. Karo kertoi meille merenkulkuun liittyvistä termeistä kuten konossementti käytännöstä, miehityssopimuksista sekä luokituslaitoksista. Lisäksi kävimme läpi mielenkiintoisia esimerkkejä satamiin ja laivan lastaukseen liittyvistä toiminnanohjausjärjestelmistä ja niihin liittyvistä kyberriskeistä. Merenkulkuun liittyen esille nousi myös Maerskin vuoden 2017 mittava kyberhyökkäys ja muutamia vastaavia esimerkkejä.  Äänijulkaisun lähdeluettelo: Vieras Karo Vallittu https://twitter.com/kvallittu Herrasmieshakkerit: Suomen suosituin teknologiapodcast saapuu TAMKiin https://www.tuni.fi/fi/ajankohtaista/herrasmieshakkerit-suomen-suosituin-teknologiapodcast-saapuu-tamkiin Suomen Pelimuseo https://www.vapriikki.fi/pelimuseo/ Paha Juttu https://fi.wikipedia.org/wiki/Paha_Juttu Rahankäytöstä tulossa täysin ilmaista eri puolilla euroaluetta – keskuspankki aikoo tarjota kansalaisille digieuron maksukorttien tilalle https://yle.fi/a/74-20028976 t2 infosec conference https://t2.fi t2 infosec youtube -kanava https://www.youtube.com/channel/UCCpvGjg08W0YXxdZaQc7yWg Mikon RSA-boikotti https://archive.f-secure.com/weblog/archives/00002651.html Marinetraffic https://www.marinetraffic.com TED 2023; OpenAI https://youtu.be/C_78DM8fG6E Gambler Who Beat Roulette Found Way to Win Beyond Red or Black https://www.bloomberg.com/features/2023-how-to-beat-roulette-gambler-figures-it-out/ Datakapitalismi -kirja https://www.siltalapublishing.fi/product/datakapitalismi-kriisien-maailmassa/ Thinkst canary tokens https://canarytokens.org/generate

Tap, tap - is this thing on? Why do defenders still struggle to detect attacks and attacker activities? Why do so many tools struggle to detect attacks? Today, we've got an expert on detection engineering to help us answer these questions. Thinkst's Canary and Canarytokens make in catching penetration testers and attackers stupidly simple. Thinkst Labs aims to push these tools even further. Casey will share some of the latest research coming out of labs, and we'll ponder why using deception for detection isn't yet a de facto best practice. Segment Resources:  https://canary.tools https://canarytokens.org  https://blog.thinkst.com   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw309

Tap, tap - is this thing on? Why do defenders still struggle to detect attacks and attacker activities? Why do so many tools struggle to detect attacks? Today, we've got an expert on detection engineering to help us answer these questions. Thinkst's Canary and Canarytokens make in catching penetration testers and attackers stupidly simple. Thinkst Labs aims to push these tools even further. Casey will share some of the latest research coming out of labs, and we'll ponder why using deception for detection isn't yet a de facto best practice. Segment Resources:  https://canary.tools https://canarytokens.org  https://blog.thinkst.com   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw309

The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of four key steps, as well as offer a handful of tools and tactics security leadership can use to bake risk-based vulnerability management into their CI/CD pipelines. He will explain how securing your CI/CD pipelines alone is not enough to reduce the chances of cyber attacks and the importance for organizations to not only maintain security at speed and scale, but quality at speed and scale. Finally, Tal will dive into how Vulcan Cyber helps organizations to streamline security tasks in every stage of the cyber-risk management process, integrating with their existing tools for true end-to-end risk management. Segment Resources: https://vulcan.io/ https://vulcan.io/platform/ https://vulcan.io/blog/ci-cd-security-5-best-practices/  https://www.youtube.com/watch?v=nosAxWc-4dc   Tap, tap - is this thing on? Why do defenders still struggle to detect attacks and attacker activities? Why do so many tools struggle to detect attacks? Today, we've got an expert on detection engineering to help us answer these questions. Thinkst's Canary and Canarytokens make in catching penetration testers and attackers stupidly simple. Thinkst Labs aims to push these tools even further. Casey will share some of the latest research coming out of labs, and we'll ponder why using deception for detection isn't yet a de facto best practice. Segment Resources:  https://canary.tools https://canarytokens.org https://blog.thinkst.com   Finally, in the enterprise security news, We quickly explain the SVB collapse, A few interesting fundings, Rapid7 acquires Minerva who? We'll explain. GPT-4 - what's new? Detect text written by an AI! Then, produce text that can't be detected as written by an AI! The K-Shaped recovery of the cybersecurity industry, Software Security is More than Vulnerabilities, Microsoft Outlook hacks itself, Robert Downey Jr. gets into teh cyberz, & Reversing intoxication!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw309

The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of four key steps, as well as offer a handful of tools and tactics security leadership can use to bake risk-based vulnerability management into their CI/CD pipelines. He will explain how securing your CI/CD pipelines alone is not enough to reduce the chances of cyber attacks and the importance for organizations to not only maintain security at speed and scale, but quality at speed and scale. Finally, Tal will dive into how Vulcan Cyber helps organizations to streamline security tasks in every stage of the cyber-risk management process, integrating with their existing tools for true end-to-end risk management. Segment Resources: https://vulcan.io/ https://vulcan.io/platform/ https://vulcan.io/blog/ci-cd-security-5-best-practices/  https://www.youtube.com/watch?v=nosAxWc-4dc   Tap, tap - is this thing on? Why do defenders still struggle to detect attacks and attacker activities? Why do so many tools struggle to detect attacks? Today, we've got an expert on detection engineering to help us answer these questions. Thinkst's Canary and Canarytokens make in catching penetration testers and attackers stupidly simple. Thinkst Labs aims to push these tools even further. Casey will share some of the latest research coming out of labs, and we'll ponder why using deception for detection isn't yet a de facto best practice. Segment Resources:  https://canary.tools https://canarytokens.org https://blog.thinkst.com   Finally, in the enterprise security news, We quickly explain the SVB collapse, A few interesting fundings, Rapid7 acquires Minerva who? We'll explain. GPT-4 - what's new? Detect text written by an AI! Then, produce text that can't be detected as written by an AI! The K-Shaped recovery of the cybersecurity industry, Software Security is More than Vulnerabilities, Microsoft Outlook hacks itself, Robert Downey Jr. gets into teh cyberz, & Reversing intoxication!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw309

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: North Korea is ransomwaring hospitals with homegrown and Russian strains Russia proposes law greenlighting “patriotic hacks” It's 702 renewal time… again CISA releases ESXiArgs recovery script (yay!) UK mulls crimephone ban Much, much more This week's show is brought to you by Thinkst Canary. Haroon Meer is this week's sponsor guest and joins us to talk about Thinkst's latest release: the credit card canary. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes North Korean hackers extort health care organizations to fund further cyberattacks, US and South Korea say | CNN Politics Risky Biz News: US and UK sanction seven Trickbot members United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang | U.S. Department of the Treasury Risky Biz News: Russia wants to absolve patriotic hackers from any criminal liability The FBI's Most Controversial Surveillance Tool Is Under Threat | WIRED Meet the Creator of North Korea's Favorite Crypto Privacy Service | WIRED CISA publishes recovery script for ESXiArgs ransomware as Florida courts, universities reel - The Record from Recorded Future News decrypt your crypted files in ESXi servers affected by CVE-2020-3992 / CryptoLocker attack Tonga is the latest Pacific Island nation hit with ransomware - The Record from Recorded Future News UK Proposes Making the Sale and Possession of Encrypted Phones Illegal UK High Court allows Bahraini activists to sue government over spyware - The Record from Recorded Future News Russian cybersecurity expert convicted of charges in $90M hack-to-trade case | CyberScoop Deepfake 'news anchors' appear in pro-China footage on social media, research group says - ABC News Geotargeting tools are allowing phishing campaigns to home in on potential victims - The Record from Recorded Future News This week's Reddit breach shows company's security is (still) woefully inadequate | Ars Technica Namecheap denies system breach after email service used to spread phishing scams - The Record from Recorded Future News Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica DOM XSS vulnerability in Gartner Peer Insights widget patched | The Daily Swig Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game - Avast Threat Labs OAuth ‘masterclass' crowned top web hacking technique of 2022 | The Daily Swig New XSS Hunter host Truffle Security faces privacy backlash | The Daily Swig 'No evidence of malicious access,' Toyota says about serious bug exploited by outside researcher - The Record from Recorded Future News A year after outcry, IRS still doesn't offer taxpayers alternative to ID.me | CyberScoop

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: North Korea is ransomwaring hospitals with homegrown and Russian strains Russia proposes law greenlighting “patriotic hacks” It's 702 renewal time… again CISA releases ESXiArgs recovery script (yay!) UK mulls crimephone ban Much, much more This week's show is brought to you by Thinkst Canary. Haroon Meer is this week's sponsor guest and joins us to talk about Thinkst's latest release: the credit card canary. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes North Korean hackers extort health care organizations to fund further cyberattacks, US and South Korea say | CNN Politics Risky Biz News: US and UK sanction seven Trickbot members United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang | U.S. Department of the Treasury Risky Biz News: Russia wants to absolve patriotic hackers from any criminal liability The FBI's Most Controversial Surveillance Tool Is Under Threat | WIRED Meet the Creator of North Korea's Favorite Crypto Privacy Service | WIRED CISA publishes recovery script for ESXiArgs ransomware as Florida courts, universities reel - The Record from Recorded Future News decrypt your crypted files in ESXi servers affected by CVE-2020-3992 / CryptoLocker attack Tonga is the latest Pacific Island nation hit with ransomware - The Record from Recorded Future News UK Proposes Making the Sale and Possession of Encrypted Phones Illegal UK High Court allows Bahraini activists to sue government over spyware - The Record from Recorded Future News Russian cybersecurity expert convicted of charges in $90M hack-to-trade case | CyberScoop Deepfake 'news anchors' appear in pro-China footage on social media, research group says - ABC News Geotargeting tools are allowing phishing campaigns to home in on potential victims - The Record from Recorded Future News This week's Reddit breach shows company's security is (still) woefully inadequate | Ars Technica Namecheap denies system breach after email service used to spread phishing scams - The Record from Recorded Future News Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica DOM XSS vulnerability in Gartner Peer Insights widget patched | The Daily Swig Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game - Avast Threat Labs OAuth ‘masterclass' crowned top web hacking technique of 2022 | The Daily Swig New XSS Hunter host Truffle Security faces privacy backlash | The Daily Swig 'No evidence of malicious access,' Toyota says about serious bug exploited by outside researcher - The Record from Recorded Future News A year after outcry, IRS still doesn't offer taxpayers alternative to ID.me | CyberScoop

Links: Azure messed up a regular expression GitHub's blog has a piece on passwordless deployments to the cloud LastPass has now admitted that the attackers stole customers' backups and encryption key Deploy a dashboard for AWS WAF with minimal effort  Thinkst's free service now supports credit card tokens. precloud is a suite of dynamic tests for infrastructure as code. 

Haroon Meer of Thinkst joins Dennis Fisher to talk about the state of the security industry, the value of treating customers with respect, and what the economic downturn could mean for the security community. 

Crossing tenants with AWS AppSync, more zeros in C++ to defeat vulns, HTTP/3 connection contamination, Thinkst Quarterly review of research, building a research team   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw221

Crossing tenants with AWS AppSync, more zeros in C++ to defeat vulns, HTTP/3 connection contamination, Thinkst Quarterly review of research, building a research team   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw221

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Twitter bluechecks face phishing barrage Australian government goes berserk on Medibank hack response Former WSJ journalist sues law firm over email hack and info op that got him fired OpenSSL bug lands with a whimper Apple macOS Ventura update breaks security tools Much, much more This week's show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst's head of engineering, joins us this week to talk through the company's latest release, codenamed Quokka. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Twitter's verification chaos is now a cybersecurity problem | TechCrunch Unconfirmed hack of Liz Truss' phone prompts calls for “urgent investigation” | Ars Technica Chinese hackers are scanning state political party headquarters, FBI says - The Washington Post Former WSJ reporter says law firm used Indian hackers to sabotage his career | Reuters The source - Columbia Journalism Review Upcoming ‘critical' OpenSSL update prompts feverish speculation | The Daily Swig OpenSSL vulnerability downgraded to ‘high' severity | The Daily Swig Medibank says hackers had access to ‘all personal data' belonging to all customers - The Record by Recorded Future Australia to tighten privacy laws, increase fines after series of data breaches - The Record by Recorded Future Votes in Slovakia's parliament suspended after alleged ‘cybersecurity incident' - The Record by Recorded Future NY Post confirms hack after website, Twitter feed flooded with threats toward Biden, AOC - The Record by Recorded Future Apple MacOS Ventura Bug Breaks Third-Party Security Tools | WIRED Microsoft ties Vice Society hackers to additional ransomware strains - The Record by Recorded Future How Vice Society Got Away With a Global Ransomware Spree | WIRED FTC seeks action against Drizly — and its CEO — for cybersecurity failures - The Record by Recorded Future Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig Google Play apps with >20M downloads depleted batteries and network bandwidth | Ars Technica Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious | Ars Technica Microsoft disputes report on Office 365 Message encryption issue after awarding bug bounty - The Record by Recorded Future Microsoft Office Online Server open to SSRF-to-RCE exploit | The Daily Swig Microsoft's Sociopathic Cybersecurity Pedantry Brazilian police announce arrest of alleged Lapsus$ member - The Record by Recorded Future Accused ‘Raccoon' Malware Developer Fled Ukraine After Russian Invasion – Krebs on Security European gang that sold car hacking tools to thieves arrested - The Record by Recorded Future How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica

On this week's show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week's security news, including: Twitter bluechecks face phishing barrage Australian government goes berserk on Medibank hack response Former WSJ journalist sues law firm over email hack and info op that got him fired OpenSSL bug lands with a whimper Apple macOS Ventura update breaks security tools Much, much more This week's show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst's head of engineering, joins us this week to talk through the company's latest release, codenamed Quokka. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Twitter's verification chaos is now a cybersecurity problem | TechCrunch Unconfirmed hack of Liz Truss' phone prompts calls for “urgent investigation” | Ars Technica Chinese hackers are scanning state political party headquarters, FBI says - The Washington Post Former WSJ reporter says law firm used Indian hackers to sabotage his career | Reuters The source - Columbia Journalism Review Upcoming ‘critical' OpenSSL update prompts feverish speculation | The Daily Swig OpenSSL vulnerability downgraded to ‘high' severity | The Daily Swig Medibank says hackers had access to ‘all personal data' belonging to all customers - The Record by Recorded Future Australia to tighten privacy laws, increase fines after series of data breaches - The Record by Recorded Future Votes in Slovakia's parliament suspended after alleged ‘cybersecurity incident' - The Record by Recorded Future NY Post confirms hack after website, Twitter feed flooded with threats toward Biden, AOC - The Record by Recorded Future Apple MacOS Ventura Bug Breaks Third-Party Security Tools | WIRED Microsoft ties Vice Society hackers to additional ransomware strains - The Record by Recorded Future How Vice Society Got Away With a Global Ransomware Spree | WIRED FTC seeks action against Drizly — and its CEO — for cybersecurity failures - The Record by Recorded Future Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig Google Play apps with >20M downloads depleted batteries and network bandwidth | Ars Technica Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious | Ars Technica Microsoft disputes report on Office 365 Message encryption issue after awarding bug bounty - The Record by Recorded Future Microsoft Office Online Server open to SSRF-to-RCE exploit | The Daily Swig Microsoft's Sociopathic Cybersecurity Pedantry Brazilian police announce arrest of alleged Lapsus$ member - The Record by Recorded Future Accused ‘Raccoon' Malware Developer Fled Ukraine After Russian Invasion – Krebs on Security European gang that sold car hacking tools to thieves arrested - The Record by Recorded Future How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica

Haroon Meer is the Founder of Thinkst Canary, a fast growing cybersecurity company that enables companies to put “honeypots” on their network to catch attackers in minutes. On today's episode, Jon Sakoda speaks with Haroon Meer about how growing up during the tail end of Apartheid influenced his leadership style and how he bootstrapped Thinkst Canary to success.You Need to Build a Better Mousetrap [9:09 - 12:27] - After spending 10 years in consulting, Haroon was itching to start a product company. Many cybersecurity consultants need to learn how to incorporate highly opinionated customer feedback into their product design. Listen to his philosophy of shifting away from being the “expert” in the room and his humble approach when listening to customers.Find Ideas In Unexpected Places [13:05 - 16:29] - Haroon decided he wanted to build a product and told his colleagues he was shifting away from consulting. When one colleague kept asking for his services, Haroon realized he found a huge problem to solve and founded Thinkst Canary. Listen to learn how tapping into the need of friendly customers can be the inspiration for your next startup idea.Don't Forget Who Pays the Bills [26:26 - 31:59] - When founders start raising VC funding, Haroon thinks it is easy to lose sight of the most important priorities. Some founders lose focus on making customers successful when trying to appease future investors. Listen to learn why bootstrapping your startup might be the best route in the beginning of a company's journey.

This week in the AppSec News: ExtraReplica in Azure, Chrome disfavors document.domain, appsec presentations highlighted in the latest Thinkst Quarterly, Nimbuspwn Vuln in Linux, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw195

This week in the AppSec News: ExtraReplica in Azure, Chrome disfavors document.domain, appsec presentations highlighted in the latest Thinkst Quarterly, Nimbuspwn Vuln in Linux, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw195

For the second episode in a row, we've caught a seasoned entrepreneur at that perfect moment when they've started a new company but still have time for a conversation before their new adventure kicks into high gear. Oliver Friedrichs, founder of several security companies including Immunenet and Phantom, joins us to talk product strategy as he embarks on a new journey to disrupt the security industry once again with his new venture Pangea.The most critical, first question for any young company is “what are we making”? And equally important is the follow-on question of what category does the offering fit into or how should people think about it? Is it a better version of something that exists? A new type of something that's meaningfully different? Or is it an entirely new category of product they've never seen before?Oliver and Dave discuss examples of each type of strategy from their own experience and the industry in general. The “better mousetrap” approach is covered with examples from antivirus and more recently cloud security posture management. We discuss when it is a good time to “next gen” a category to revitalize it and return it to growth. Examples here include Palo Alto Networks firewall and Vulnerability Management (from its early days as vulnerability assessment). Oliver and Dave call out the fatal mistake so many market incumbents make that result in them missing out on a refresh cycle.Creating new categories dominates our conversation and we explore Oliver's case study of Phantom in depth. We start by explaining the core principles of a new category and lay bare some indicators that a product group hasn't yet made the leap to a full blown category. Oliver then shares the spark of idea that led him to found Phantom as the first SOAR followed by how he built the boundaries for their product and ultimately the companies that followed their lead as the first mover. While most of our time is spent discussing what worked and didn't from a product perspective, Oliver also shares his go-to-market playbook, including what he will avoid this time around and what he intends to do again with Pangea.We wrap up with a quick look at the future of SOAR and Oliver shares an early peek at what he's building now at his new company. This episode is perfect for early cybersecurity companies looking for product advice, product professionals wrestling with category questions, or anyone who wants to listen in on a dialogue between 2 industry veterans geeking out on product. BioFriedrichs serves as Founder and CEO of Pangea. Prior to Pangea, Friedrichs served as Vice President, Security Products at Splunk, driving the vision and direction of Splunk's security portfolio. With a record in building four successful enterprise security companies over the past two decades, Friedrichs founded and served as CEO of Phantom (creators of the SOAR category, acquired by Splunk), founder and CEO of Immunet (early innovators in the cloud EDR category, acquired by Sourcefire/Cisco), co-founder of SecurityFocus (creators of Bugtraq and DeepSight, the world's first Internet early warning system, acquired by Symantec), and Secure Networks (one of the industry's first vulnerability management solutions, acquired by McAfee). Friedrichs also architected and developed a prototype of the first commercial penetration-testing product, SNIPER, acquired by Core Security Technologies in 2001 and further developed into CORE IMPACT. He attended the University of Manitoba and is the co-author of three security books and a recipient of 33 patents.

Thinkst founder and CEO Haroon Meer joins Ryan Naraine on the show to talk about building a successful cybersecurity company without venture capital investment, fast-moving attack surfaces and the never-ending battle to mitigate memory corruption issues.

Watch the live stream: Watch on YouTube About the show Sponsored by us: Check out the courses over at Talk Python And Brian's book too! Special guest: Kim van Wyk Michael #0: Take our survey: Should we try to shorten the episodes? Please fill out the 3 question Google Form here We'll be taking a break so see you in two weeks. Also feedback / rate us in your podcast player app Brian #1: Jupyter Games Thorsten Beier “Making their own tiny video games can be a great way for kids to learn programming in a playful matter.” For 2D physics-based games, Box2D, (written in C++), is a 2D rigid body simulation library One Python binding, pyb2d, is from Thorsten Game examples use Ipycanvas, Ipywidgets, and Ipyevents for a place to draw and input events. There are Box2D examples for physics simulations, like internal combustion and a wind tunnel. Game examples, with code, and not that much code billiards Angry Shapes (like Angry birds) World of Goo homage Rocket Color Mixing (it's oddly satisfying to play with, and it's like 73 lines of code, including blank lines and docstring) several more examples Demo games/examples in binder Being able to play with a game engine through Jupyter is kind of amazing. Cool teaching/learning tool. Michael #2: Canary Tokens First, what are canaries (from Thinkst)? These tokens might be useful for finding fallout of Log4Shell But also generally useful Kim #3: pywinauto and PyAutoGUI - libraries for programmatically controlling a GUI-based tool. These can be very handy for simplifying the use of complex GUIs with dozens of options you need to set every time you run them and also for automating GUI tooling as part of a pipeline. Brian #4: A reverse chronology of some Python features Brett Cannon Partly for people wishing for the “good old days” of some old version of Python Brett recommends going down the list and stopping at the first feature you can't live without. If you can't go very far, better not complain about language bloat. I had to stop at 3.10, since I really like the new error messages. Here's an abbreviated list of new features in different Python versions. (And I'm abbreviating it even more for the podcast) Python 3.10 Better error messages, Union operator for types, paraenthesized context managers, match statement (pattern matching) Brett notes that the match statement required a new parser for Python the new parser made better error messages possible so, you can't toss pattern matching without being willing to give up better error messages Python 3.9 dict support for | and |=, type hinting generics for built-in collections Python 3.8 f-string support for =, f``"``{val=}``", := walrus operator (assignment expressions) Python 3.7 dictionaries preserve insertion order, breakpoint() Python 3.6 f-strings, (need we say more) also underscores in numeric literals, async generators and comprehensions, preserving keyword argument order … goes back to 3.1 Michael #5: Hyperactive GCs and ORMs/ODMs Does Python do extremely too many GCs for ORMs? Hint: yes During the execution of that single query against SQLAlchemy, without adjusting Python's GC settings, we get an extreme number of GC collections (1,859 GCs for a single SQLAlchemy query of 20k records). Our fix at Talk Python has been to increase the number of surviving allocations required to force a GC from 700 to 50,000. What can be done to improve this? Maybe someday Python will have an adaptive GC where if it runs a collection and finds zero cycles it backs off and if it starts finding more cycles it ramps up or something like that. For now, test adjusting the thresholds Here are a few presentations / resources: Michael's presentation at Python Web Conf 2021 Talk Python Memory Deep Dive course allocations, gen1, gen2 = gc.get_threshold() # GC every 50K not 700 surviving container allocations. allocations = 50_000 gc.set_threshold(allocations, gen1, gen2) Kim #6: DockerSlim- A tool to reduce the size and improve the security of Docker images. I've used it a little and got some 1Gb Ubuntu-based images down to 50Mb and that was barely scratching the surface. Extras Michael: Emojis for comments Kim: python -m http.server - a small reminder to people that this is a quick way to get files off a Python-equipped system by standing up a simple web server. Mess with DNS - Julia Evans released this really impressive learning tool last week to let people explore DNS settings without breaking real sites. Magit - a slightly tongue-in-cheek addition to last week's discussion on git via both CLI and by mashing buttons in VS Code. Anyone using emacs should strongly consider magit for git - I've kept emacs open even while trying to use other editors because I find magit so indispensable. I've included these just as small items off the top of my head that may or may not be worth a mention. Joke: We use cookies candle (and I don't care about cookies extension) Little Bobby Jindi And more Log4Shell memes

This isn't the normal weekly news episode of the show, if you're looking for the regular weekly Risky Business podcast, scroll one back in your podcast feed. This is a Soap Box edition, a wholly sponsored podcast brought to you in this instance by Thinkst Canary. For those who don't know, Thinkst makes hardware and virtual honeypots you can put on your network or into your cloud environments – they'll start chirping if an attacker interacts with them. They're a low cost and extremely effective detection tool. But you might not know that Thinkst also operates canarytokens.org where you can go set up a bunch of honeytokens for free. Hundreds of thousands of people are using canarytokens.org, but Thinkst doesn't charge anything for it, it's free to use. They'll even give you a docker container of the whole thing so you can run it yourself. Our guest today is Thinkst's founder and infosec legend Haroon Meer. He spent a chunk of his career at the South African security consultancy SensePost before founding Thinkst Applied Research and eventually launching Canary.Tools. In this interview we talk about what the industry is getting wrong, supply chain security, effective detections and more. But I started off by asking him why Thinkst hasn't tried to monetise canarytokens.org given how many people use it.

What if there was someone who could take all of the best security research over recent months and distill it down into the greatest hits? Sort of like a Spotify “Release Radar”, but for the best talks at conferences. There is. It's not in Blinkist. It's (back) at ThinkstScapes after a multiyear hiatus.And it's now gloriously free.This episode of Security Voices covers the return of Thinkstscapes with Jacob Torrey who led the reboot of the now quarterly report. In the interview with Jack and Dave, Jacob explains how he and the team at Thinkst devour and summarize the very best security research from thousands of presentations and hundreds of conferences across the globe.Jacob starts with some of his favorites, which focuses on an innovative research project not from a startup or researcher, but from a multi-decade antivirus company that went all in on an industrial controls system honeypot project. From there we cover ground that ranges from speculative execution vulnerabilities to a spate of embedded vulnerabilities, including a Hollywood style attack using laser pointers to compromise voice activated devices such as Amazon's Alexa. In continuity from our last episode with Frank Pound, we also discuss a TCP timing attack that threatens to allow eavesdropping over satellite base station connections.Look for our next episodes to resume their normal, monthly cadence as we've found a means of streamlining our audio production and we now have a recording waiting in the wings. Enjoy the show!

Links: Cloud Security Basics CIOs and CTOs Should Know: https://www.informationweek.com/cloud/cloud-security-basics-cios-and-ctos-should-know/a/d-id/1341578? Spring 2021 PCI DSS report now available with nine services added in scope: https://aws.amazon.com/blogs/security/spring-2021-pci-dss-report-now-available-with-nine-services-added-in-scope/ Top 5 Benefits of Cloud Infrastructure Security: https://www.kratikal.com/blog/top-5-benefits-of-cloud-infrastructure-security/ The three most important AWS WAF rate-based rules: https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/ Researchers Call for ‘CVE' Approach for Cloud Vulnerabilities: https://www.darkreading.com/cloud/researchers-call-for-cve-approach-for-cloud-vulnerabilities Managed Private Cloud: It's all About Simplification: https://www.computerworld.com/article/3623118/managed-private-cloud-its-all-about-simplification.html 100 percent of companies experience public cloud security incidents: https://betanews.com/2021/08/04/100-percent-public-cloud-security-incidents/ Why cloud security is the key to unlocking value from hybrid working: https://www.welivesecurity.com/2021/08/05/why-cloud-security-key-unlocking-value-hybrid-working/ Organizations Still Struggle to Hire & Retain Infosec Employees: Report: https://www.darkreading.com/careers-and-people/organizations-still-struggle-to-hire-retain-infosec-employees-report NSA, CISA release Kubernetes Hardening Guidance: https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/ HTTP/2 Implementation Errors Exposing Websites to Serious Risks: https://www.darkreading.com/application-security/http-2-implementation-errors-exposing-websites-to-serious-risks Ransomware Gangs and the Name Game Distraction: https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/ Using versioning in S3 buckets: https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It's an awesome approach. I've used something similar for years. Check them out. But wait, there's more. They also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It's awesome. If you don't do something like this, you're likely to find out that you've gotten breached, the hard way. Take a look at this. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That's canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I'm a big fan of this. More from them in the coming weeks.Jesse: The general theme in security news and trends show us that perimeter defense has a whole new meaning. There is no large perimeter anymore. Nearly every device is on a public or otherwise hostile network, from servers to phones to laptops. Every device needs scanning, protecting, monitoring, and analyzing. None of these devices can be viewed in a vacuum, as separate entities without the context of behavior of systems and services accessed from across a network.This is why zero trust and cloud native applications and services go so well in these hard times. If you can't trust anything without checking on current events, then you have to authenticate and analyze in real-time to determine if something is safe to allow. In the ancient days of yore, everything was default allow and you stopped things you knew were bad. Then along came default deny, where you allowed only those things you white listed. But that was a full-time allowance of bad things to happen when an account was compromised.Ditch the white list and just implement real-time contextual security. If you do this, does it really matter if someone gets a hostile device on your network? Nope. If you treat everything, including owned and managed assets, as hostile, some new unmanaged device or service doesn't change your operations or exposure much if at all.Meanwhile in the news. Cloud Security Basics CIOs and CTOs Should Know. Some of the critical things non-cybersecurity execs ought to know: moving to the cloud isn't a security easy button, cybersecurity insurance generally sucks, and moving to the cloud takes a lot more work than people think to get operationally secure.Spring 2021 PCI DSS report now available with nine services added in scope. When you do compliance and use cloud infrastructures and SaaS services, you need to prove your services support compliance requirements. This AWS report can help. Also, review the new services added to see if you can improve your service delivery and applications supporting PCI.Top 5 Benefits of Cloud Infrastructure Security. Using the cloud doesn't make you more secure, but there are advantages that can make security more manageable in the cloud than it is in legacy data centers.The three most important AWS WAF rate-based rules. Sometimes ya just got to geek out. Also, your security person won't always be there to set up things like Web Application Firewalls with DDOS mitigation and other nifty security and compliance tools.Researchers Call for ‘CVE' Approach for Cloud Vulnerabilities. If there is a vulnerability in cloud service provider services, they should get a CVE like anyone else, right? After all, it's just software, which is what the CVE is supposed to track.I understand shining light on the problems to force cloud companies to fix them, but that is partly what the CVE system is for. If there are configurations that open gaping security holes, they need to be in CVE. Why do they want to make a new thing to replace a perfectly good thing?Announcer: If you have several PostgreSQL databases running behind NAT, check out Teleport, an open-source identity-aware access proxy. Teleport provides secure access to anything running behind NAT, such as SSH servers or Kubernetes clusters and—new in this release—PostgreSQL instances, including AWS RDS. Teleport gives users superpowers like authenticating via SSO with multi-factor, listing and seeing all database instances, getting instant access to them using popular CLI tools or web UIs. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. Download Teleport at goteleport.com. That's goteleport.com.Jesse: Managed Private Cloud: It's all About Simplification. So, let's see if I understand this. Several article sources talk about the benefits of using private cloud citing the exact same benefits as using a public cloud service, except claiming it's more secure for finance and medical verticals. Hello folks, AWS Outposts anyone? The only difference is the shared responsibility model, except that now you have an outside agency managing everything. Neither are more or less secure than the other. They are different approaches to risk acceptance and mitigation.100 percent of companies experience public cloud security incidents. Despite the sensationally alluring feel of the headline, the real news from this is that moving to cloud operations exposes the horrible lack of processes around custom development and production management that most organizations have. Don't blame being in the cloud for your poor operations, just don't be stupid.Why cloud security is the key to unlocking value from hybrid working. [sigh]. Hybrid cloud, hybrid cars, hybrid corn, and now hybrid work. I haven't understood why it's so hard to understand that there are additional security concerns and either increased or displaced risk pushing workloads and data to the cloud. The only common answer I can think of is that security in general is full of theater and drama. Of course, there's more risk. Obfuscated risk is dangerous.Organizations Still Struggle to Hire & Retain Infosec Employees: Report. The extreme lack of trained and/or experienced cybersecurity talent underscores the importance of all of us knowing security well enough to mitigate most risks. Sure, having someone dedicated to the work is far superior to having security tacked onto the duties of others, but without the ability to fill those dedicated roles, someone has to keep the script kiddies and APTs out.NSA, CISA release Kubernetes Hardening Guidance. This is pure IT security gold. The spooks often hold secrets most of us haven't figured out, partially due to the immense resources they throw at cybersecurity. This report is 52 pages of great advice. Also, now everyone knows security issues in Kubernetes environments. Don't be stupid. Go read this now.HTTP/2 Implementation Errors Exposing Websites to Serious Risks. Black hat and other security conferences are famous for gloom and doom pronouncements that are just theoretical attacks that likely won't ever be practical in real-world production systems. However, this one may have some legs.Ransomware Gangs and the Name Game Distraction. With ransomware groups regularly getting international media attention, they're retreating to the shadows when the heat turns up on them. They will vanish from headlines, but they will simply rebrand and move forward as if they were a new group. This is why following Indicators Of Compromise, or IOCs, is more important than worrying about the exact behavior profile or name of a group.And now for the tip of the week. Don't lose overwritten file data. Use S3 versioning. Enabling versioning on your S3 buckets allows disaster recovery and an audit trail for changes in your data objects. The docs are fairly straightforward, as well. Check out the AWS doc section called: Using versioning in S3 buckets. And that's it for the week, folks. Securely yours, Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.

Links: 4 Factors that Should Be Part of Your Cybersecurity Strategy: https://www.csoonline.com/article/3625254/4-factors-that-should-be-part-of-your-cybersecurity-strategy.html Software Bill of Materials'—not just good for security, good for business: https://thehill.com/opinion/cybersecurity/564787-software-bill-of-materials-not-just-good-for-security-good-for-business Third Party Security Failure Caused 1 TB Data Breach at Saudi Aramco; Hackers Play Puzzle Games With Oil Giant: https://www.cpomagazine.com/cyber-security/third-party-security-failure-caused-1-tb-data-breach-at-saudi-aramco-hackers-play-puzzle-games-with-oil-giant/amp/ Federal Tech Leaders Outline Future of FedRAMP: https://governmentciomedia.com/federal-tech-leaders-outline-future-fedramp ‘Holy moly!': Inside Texas' fight against a ransomware hack: https://apnews.com/article/technology-government-and-politics-business-texas-hacking-47e23be2d9d90d67383c1bd6cee5aef7 Firefox 90 Drops Support for FTP Protocol: https://www.securityweek.com/firefox-90-drops-support-ftp-protocol Lower-Level Employees Become Top Spear-Phishing Targets: https://www.darkreading.com/attacks-breaches/lower-level-employees-become-top-spearphishing-targets U.S. Government unlikely to ban ransomware payments: https://U.S. Government unlikely to ban ransomware payments The Power of Comedy for Cybersecurity Awareness Training: https://www.darkreading.com/careers-and-people/the-power-of-comedy-for-cybersecurity-awareness-training Inside the Famed Black Hat NOC: https://www.darkreading.com/edge-articles/inside-the-famed-black-hat-noc Cloud Security Alliance Releases Guide to Facilitate Cloud Threat Modeling: https://cloudsecurityalliance.org/press-releases/2021/07/29/cloud-security-alliance-releases-guide-to-facilitate-cloud-threat-modeling/ 5 Benefits of Disaster Recovery in the Cloud: https://securityboulevard.com/2021/08/5-benefits-of-disaster-recovery-in-the-cloud/ Black Hat USA 2021 and DEF CON 29: What to expect from the security events: https://www.techrepublic.com/article/black-hat-usa-2021-and-def-con-29-what-to-expect-from-the-security-events/ TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It's an awesome approach. I've used something similar for years. Check them out. But wait, there's more. They also have an enterprise option that you should be very much aware of canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It's awesome. If you don't do something like this, you're likely to find out that you've gotten breached, the hard way. Take a look at this. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That's canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I'm a big fan of this. More from them in the coming weeks.Jesse: As more services are delivered by cloud-native microservices with dynamic scaling, compliance management and monitoring becomes terrifyingly complex and difficult. The way around this is to implement processes and tools that can continuously monitor and manage compliance-related configurations using automated analysis and reporting of your cloud-native services. This collection of processes and tools is called Cloud Security Posture Management, or CSPM. CSPM generally involves a fair amount of automation to ensure secure practices are used and compliance requirements are continuously met. Implementing CSPM alongside DevSecOps and an organizational focus on shifting left in services development rounds out a tripod to support your cloud initiatives.Meanwhile, in the news. 4 Factors that Should Be Part of Your Cybersecurity Strategy. Our security perimeters are no longer controlled by our organizations. With so many people working remote, every device on their network has become part of the threat landscape, from connected fridges to game consoles.‘Software Bill of Materials'—not just good for security, good for business. SBOMs, as they're called, are coming. Even if there is never a law forcing SBOMs like food ingredients labels, there could be an ever-increasing requirement for vendors to supply them. It might be a good idea to start building these, even if they're only supplied when legally or contractually required.Third Party Security Failure Caused 1 TB Data Breach at Saudi Aramco; Hackers Play Puzzle Games With Oil Giant. This case study is like slowing down to see the aftermath of a crash and trying to piece together what happened. Given the breach came from a vendor, it's a sideways attack on Aramco. Are you sure your vendors are secure? Thoroughly analyze all your third-party tools and services to ensure they aren't the weaker link.Federal Tech Leaders Outline Future of FedRAMP. Changes to FedRAMP are a big deal if they open up options for US federal agencies, or if the FedRAMP process—or its replacement—speed up certification. Many FedRAMP SaaS services lag their commercial counterparts because it takes so long to jump through the FedRAMP approval process. This hurts the market and the federal agencies.‘Holy moly!': Inside Texas' fight against a ransomware hack. Learn from the plight of others before others learn from your plight. Reading case studies of disclosed incidents gives us insight into how doomed we are if we don't get our act together.Firefox 90 Drops Support for FTP Protocol. [sigh]. This is the end of an era of wide-open access and abuse. But I'm a little sad and nostalgic for my early computing days. I remember using FTP to get things to my internet-connected host account where I could then use Zmodem or Kermit to download things to my local machine. I remember when using HTML sites were new, but you could still get everything from FTP sites. Ugh, the bad old days.Announcer: If you have several PostgreSQL databases running behind NAT, check out Teleport, an open-source identity-aware access proxy. Teleport provides secure access to anything running behind NAT, such as SSH servers or Kubernetes clusters and—new in this release—PostgreSQL instances, including AWS RDS. Teleport gives users superpowers like authenticating via SSO with multi-factor, listing and seeing all database instances, getting instant access to them using popular CLI tools or web UIs. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. Download Teleport at goteleport.com. That's goteleport.com.Jesse: Lower-Level Employees Become Top Spear-Phishing Targets. We always protect the big fish but the better target for phishing are the people not being closely monitored. If you can trick a system into lateral movement or privilege escalations, you can start with any non-admin user and infiltrate silently. This is why good SIM tools and behavior analysis mechanisms are critical to modern security.U.S. Government unlikely to ban ransomware payments. Now, this is a relief. This is like making it illegal to pay a kidnapper, even when the kidnapper is not within the U.S. Please try to solve your ransomware problems without paying, but if you must, you must.The Power of Comedy for Cybersecurity Awareness Training. The Duckbill Group's own Corey Quinn is the living embodiment of teaching through humor. When we laugh, we remember. Also, there's a lot of hilarity in security if you lean back and see it all at once. Aren't we just a series of bad sitcom reruns where all the same tropes are trotted out every season, and you can't even tell a rerun from a first-run? It's the same attacks and mostly the same old tired defenses, day in and day out.Inside the Famed Black Hat NOC. I was inside the DEFCON SOC once and the concentration of security skill and experience in the room was amazing. They were friendly and collegial and great to work with. If a couple dozen people can build a world-class SOC or NOC for an event that lasts only a few days, we can all make some great improvements with the limited resources at home.Cloud Security Alliance Releases Guide to Facilitate Cloud Threat Modeling. When shifting left and doing DevSecOps, there has to be methods for assessing security issues faced by the systems you build. If you don't have at least a flashlight, you won't notably improve security.5 Benefits of Disaster Recovery in the Cloud. When I first worked with disaster recovery and business continuity, we would ship tapes to a vendor who sets up hardware we were using for recovery from backups exercise on bare-metal systems. Whoo. Wow, have times changed. DR in the cloud could be more about distributed active sites split across regions, and other such fun things instead of slow hardware solutions.Black Hat USA 2021 and DEF CON 29: What to expect from the security events. The last week of July and/or the first week of August each year is ‘Security Summer Camp' in Las Vegas, Nevada, in the United States of America. We've called this week that for years because in the same week in the same city, there is Black Hat, one of the largest security conferences in the world, DEF CON the largest hacker conference in the world, and besides—although this year it's virtual again—as well as a variety of other events.And now for the tip of the week. Use Kubernetes. If you want to decouple your services delivery from the underlying systems and infrastructure, look to Kubernetes. If you are building a multi-cloud hybrid strategy, using Kubernetes is likely a great option to reduce your complexity and overhead. And that's it for the week. Securely yours, Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.