Podcast appearances and mentions of Troy Hunt

Tällä kertaa kartanon vieraaksi saapui Tietoturvatyökaluvelho Joona Hoikkala. Jaksossa keskustelemme mm. skaalautuvien tietoturvatyökalujen kehittämisestä sekä siitä, mitä ovat bittivirheet verkkoliikenteessä. Jakso on tuotettu yhteystyössä Advanian kanssa. Yrityksen kyberresilienssillä on iso vaikutus koko liiketoiminnan jatkuvuuden turvaamisessa. Miten hyvin sinun yrityksesi on varautunut kyberuhkiin? Advanialta saat yrityksellesi parhaiten sopivat ja työntekijöiden tuottavuutta parantavat ratkaisut ja palvelut tietoturvan hallintaan, seurantaan ja reagointiin sekä mahdollisista häiriöistä palautumiseen. Tutustu Advanian palveluihin: Tietoturvapalvelut - Advania Finland Äänijulkaisun lähdeluettelo: Vieraana Joona Hoikkala https://github.com/joohoi Troy Hunt joutui kalastelun uhriksi https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/ How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed https://platformsecurity.com/blog/CVE-2025-32433-poc Where Warlocks Stay Up Late https://www.youtube.com/@wwsul Keliapuoti https://keliapuoti.fi Raha-suomi https://areena.yle.fi/1-64877950 Retrocon https://retrocon.fi

"Zumindest wird es nicht langweilig", könnte das April-Fazit aus IT-Security-Sicht lauten. Und den beiden "Passwort"-Hosts fällt es erneut leicht, spannende Sicherheitsgeschichten zu erzählen. Unter anderem geht es um eine neue Form der Supply-Chain-Attacke, die KI-Halluzinationen von Softwarebibliotheken ausnutzt. Aber auch eine trickreiche Umgehung der USB-Sperre von Mobilgeräten stellt Co-Host Christopher vor - und Sylvester ärgert sich über unvollständige Sicherheitsflicken beim Security-Appliance-Hersteller Fortinet. Einig sind sich beide allerdings wieder bei ihrem Dauerbrenner: Eine nun beschlossene Änderung in der WebPKI findet beider Beifall. - ChoiceJacking-Vortrag auf der BlackHat: https://i.blackhat.com/Asia-25/Asia-25-Draschbacher-Watch-Your-Phone.pdf - Offener Brief der EFF in der Causa Krebs: https://www.eff.org/press/releases/eff-leads-prominent-security-experts-urging-trump-administration-leave-chris-krebs - ckus (In-)Security Appliance Bingo: cku.gt/appbingo25 - Slopsquatting-Paper „We Have a Package for You“: https://arxiv.org/abs/2406.10279 - OpenCVE-Installationsanleitung: https://docs.opencve.io/deployment/ - Folgt uns im Fediverse: @christopherkunz@chaos.social @syt@social.heise.de Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

Ataque de phishing usa la infraestructura de Google y engaña a millones con un correo falso que parece legítimoPor Félix Riaño @LocutorCoUn ataque de phishing altamente sofisticado está poniendo en riesgo la información personal de 3.000 millones de usuarios de Gmail.Google ha confirmado un ataque de phishing tan convincente que logró pasar todas sus verificaciones de seguridad, engañando incluso a usuarios expertos. El correo fraudulento simula una alerta oficial sobre una citación judicial y dirige a los usuarios a un portal falso alojado en sites.google.com. La trampa: capturar credenciales y robar el acceso a las cuentas. ¿Cómo es posible que incluso los expertos estén cayendo en este engaño?El mensaje parece legítimo… hasta en los detalles más técnicosNick Johnson, desarrollador y experto en Ethereum, recibió un correo que parecía oficial. Decía que Google había recibido una citación judicial para acceder a su cuenta. El remitente: no-reply@accounts.google.com. Todo parecía normal, incluso el dominio tenía sello de verificación DKIM, una firma digital que certifica la autenticidad del correo. Hasta aquí, todo encajaba. Pero al hacer clic, lo llevó a un sitio clonado, una copia perfecta de la página de inicio de sesión de Google. Todo alojado en sites.google.com, parte de la infraestructura legítima de Google. Así, los delincuentes cibernéticos lograron sortear todas las defensas automáticas del sistema.Este ataque no fue obra de aficionados. Usaron un kit de phishing comprado en foros clandestinos, por menos de 25 dólares. Estos kits permiten crear páginas falsas, copiar sitios web reales y enviar correos con apariencia creíble. Lo más grave: pasaron los filtros de autenticación de Google, incluyendo DKIM, SPF y DMARC. Además, el mensaje se ubicó en la misma conversación de otras alertas reales de seguridad. Por eso, incluso usuarios expertos como Johnson y otros desarrolladores fueron engañados. Si no tienes activada la autenticación en dos pasos o no usas passkeys, tus datos pueden quedar expuestos.Google reconoció la falla y aseguró que ya está desplegando protecciones para cerrar esta puerta de entrada. Además, recomendó a todos los usuarios activar la autenticación multifactor o, mejor aún, usar passkeys. Estas llaves de acceso están vinculadas a un dispositivo físico, por lo que no pueden ser robadas con solo un correo falso. En caso de que un hacker cambie tu contraseña y los métodos de recuperación, Google da un plazo de siete días para intentar recuperar la cuenta con el número o correo de recuperación antiguos, siempre que ya estuvieran registrados.Las técnicas de suplantación avanzaron tanto que incluso Troy Hunt, creador del sitio Have I Been Pwned, fue víctima de un correo similar. Este ataque demuestra cómo los ciberdelincuentes aprovechan subdominios legítimos como sites.google.com y vulnerabilidades antiguas que permiten ejecutar scripts y embebidos en páginas aparentemente confiables. Según NordVPN, más de 85.000 URLs falsas imitaron a Google en 2024. El negocio detrás del phishing también creció: los atacantes compran kits completos que incluyen plantillas de correos, páginas falsas y bases de datos de contactos, todo listo para ejecutar.Evita hacer clic en enlaces de correos sospechosos. Abre siempre las páginas desde el navegador y revisa bien el dominio.Flash Diario en Spotify

It sure seems like hacks and breaches are intensifying. This week, the man behind Have I Been Pwned was phished, if it can happen to him, it can happen to anyone. Be skeptical of any message you're getting that asks you to log in or do anything else that could compromise you. We've got some other tech news to cover, tips to tech better, and picks to get. Enjoy! Watch on YouTube! - Notnerd.com and Notpicks.com INTRO (00:00) Tax Day (04:15) Importance of video at SMMW (09:05) Minecraft Movie (09:50) MAIN TOPIC: You will be pwned (12:25) Have I Been Pwned owner Troy Hunt's mailing list compromised in phishing attack https://haveibeenpwned.com/ DAVE'S PRO-TIP OF THE WEEK:  Learn for FREE at online universities (19:50) JUST THE HEADLINES: (24:54) Blue Origin mission with all-female crew, including Katy Perry, completes space trip Hacked crosswalks in Bay Area play deepfake-style messages from tech billionaires 33-year-old AmigaOS for Commodore computers gets an unexpected update Microsoft warns that anyone who deleted mysterious folder that appeared after latest Windows 11 update must take action to put it back Hugging Face has acquired the open source robot startup Pollen Robotics to help “democratize” robotics Fintech founder charged with fraud after ‘AI' shopping app found to be powered by humans in the Philippines Instagram is working on an iPad app TAKES: ChatGPT was the world's most downloaded app last month (29:15) Microsoft Patch Tuesday, April 2025 Edition (34:40) Temu pulls its U.S. Google Shopping ads (37:05) BONUS ODD TAKE:  368 Chickens game (40:10) PICKS OF THE WEEK: Dave: Shark HV371 Rocket Pro DLX Corded Stick, Removable Hand Vacuum, Advanced Swivel Steering, XL Cup, Crevice Tool, Upholstery Tool & Anti-Allergen Dust Brush, Fuchsia, Capacity (44:25) Nate: Diymore USB C Power Meter Testers,USB C Tester Power Tester Color Screen,Multimeter Tester,Three Screens Switch to Display Current,Voltage,CPU Temperature,Voltage Meter,DC4-30V/0-12A (49:25) RAMAZON PURCHASE - Giveaway! (53:25)

Sponsor by ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠SEC Playground⁠⁠

Dans son billet, Catherine Dupont-Gagnon revient sur une mésaventure vécue par Troy Hunt, figure reconnue de la cybersécurité et créateur du site Have I Been Pwned. Victime d'hameçonnage alors qu'il était fatigué.

Achtung, die Blutdruckpillen werden ausgepackt! Christopher und Sylvester ärgern sich über laxe Sicherheitspraktiken bei Konzernen und deren undurchsichtige Krisen-PR. Sie freuen sich hingegen über reichlich Hörer-Feedback zu vergangenen Folgen und diskutieren über Neuerungen im Zertifikats-Ökosystem. Und auch eine sehr prominente, aber vorbildlich gemeisterte Phishing-Attacke wird zum Thema - die Hosts erklären, warum sich wirklich niemand schämen sollte, Opfer geworden zu sein. - https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN - https://github.com/wesaphzt/privatelock - https://eylenburg.github.io/android_comparison.htm - https://samwho.dev/bloom-filters/ - https://github.com/mozilla/clubcard Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

Il nuovo capitolo della (in)sicurezza del governo USA che vede sempre come protagonista Michael Waltz, la possibile “semplificazione” del GDPR, il sequestro del sito pedopornografico Kidflix da parte dell'Europol e la brutta avventura dell'esperto di cyber security Troy Hunt. A cura di Marco Schiaffino.

Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard. A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site. Cloudflare completely pulls the plug on port 80 (HTTP) API access. Malware is switching to obscure languages to avoid detection. FORTH, anyone? Password reuse doesn't appear to be dropping. Cloudflare has numbers. A listener shares his log of malicious Microsoft login attempts. Why no geofencing? 23andMe down for the count (reminder). A sobering Ransomware attack & victim listing website. Gulp! "InControl" keeps VR planes aloft. And the European Union gets serious about a switch to Linux Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: drata.com/securitynow outsystems.com/twit bitwarden.com/twit threatlocker.com for Security Now legatosecurity.com

Renowned cybersecurity expert Troy Hunt falls victim to a phishing attack, resulting in the exposure of thousands of subscriber details, and don't lose your life savings in a whisky scam...All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Plus! Don't miss our featured interview with Alastair Paterson, CEO and co-founder of Harmonic Security, discussing how companies can adopt Generative AI without putting their sensitive data at risk.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:A Sneaky Phish Just Grabbed my Mailchimp Mailing List - Troy Hunt.Thunderbird breach notice.Opération Cactus - Le Groupement d'Intérêt Public Action contre la Cybermalveillance.Cancer patient lost life savings to whisky barrel scammers - BBC. How to spot an investment scam - Saga Money.More than £612 million was lost to investment fraud in the UK last year - City of London Police. Thames Water: Inside the Crisis - BBC iPlayer.Who let the BBC inside Thames Water? - The New Statesman.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Harmonic - Let your teams adopt AI tools safely by protecting sensitive data in real time with minimal effort. Harmonic Security gives you full control and stops leaks so your teams can innovate confidently.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Acronis Threat Research Unit - Your secret weapon against cyber attacks. Access the reports now.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple...

Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard. A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site. Cloudflare completely pulls the plug on port 80 (HTTP) API access. Malware is switching to obscure languages to avoid detection. FORTH, anyone? Password reuse doesn't appear to be dropping. Cloudflare has numbers. A listener shares his log of malicious Microsoft login attempts. Why no geofencing? 23andMe down for the count (reminder). A sobering Ransomware attack & victim listing website. Gulp! "InControl" keeps VR planes aloft. And the European Union gets serious about a switch to Linux Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: drata.com/securitynow outsystems.com/twit bitwarden.com/twit threatlocker.com for Security Now legatosecurity.com

Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard. A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site. Cloudflare completely pulls the plug on port 80 (HTTP) API access. Malware is switching to obscure languages to avoid detection. FORTH, anyone? Password reuse doesn't appear to be dropping. Cloudflare has numbers. A listener shares his log of malicious Microsoft login attempts. Why no geofencing? 23andMe down for the count (reminder). A sobering Ransomware attack & victim listing website. Gulp! "InControl" keeps VR planes aloft. And the European Union gets serious about a switch to Linux Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: drata.com/securitynow outsystems.com/twit bitwarden.com/twit threatlocker.com for Security Now legatosecurity.com

Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard. A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site. Cloudflare completely pulls the plug on port 80 (HTTP) API access. Malware is switching to obscure languages to avoid detection. FORTH, anyone? Password reuse doesn't appear to be dropping. Cloudflare has numbers. A listener shares his log of malicious Microsoft login attempts. Why no geofencing? 23andMe down for the count (reminder). A sobering Ransomware attack & victim listing website. Gulp! "InControl" keeps VR planes aloft. And the European Union gets serious about a switch to Linux Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: drata.com/securitynow outsystems.com/twit bitwarden.com/twit threatlocker.com for Security Now legatosecurity.com

Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard. A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site. Cloudflare completely pulls the plug on port 80 (HTTP) API access. Malware is switching to obscure languages to avoid detection. FORTH, anyone? Password reuse doesn't appear to be dropping. Cloudflare has numbers. A listener shares his log of malicious Microsoft login attempts. Why no geofencing? 23andMe down for the count (reminder). A sobering Ransomware attack & victim listing website. Gulp! "InControl" keeps VR planes aloft. And the European Union gets serious about a switch to Linux Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: drata.com/securitynow outsystems.com/twit bitwarden.com/twit threatlocker.com for Security Now legatosecurity.com

Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard. A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site. Cloudflare completely pulls the plug on port 80 (HTTP) API access. Malware is switching to obscure languages to avoid detection. FORTH, anyone? Password reuse doesn't appear to be dropping. Cloudflare has numbers. A listener shares his log of malicious Microsoft login attempts. Why no geofencing? 23andMe down for the count (reminder). A sobering Ransomware attack & victim listing website. Gulp! "InControl" keeps VR planes aloft. And the European Union gets serious about a switch to Linux Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: drata.com/securitynow outsystems.com/twit bitwarden.com/twit threatlocker.com for Security Now legatosecurity.com

Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard. A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site. Cloudflare completely pulls the plug on port 80 (HTTP) API access. Malware is switching to obscure languages to avoid detection. FORTH, anyone? Password reuse doesn't appear to be dropping. Cloudflare has numbers. A listener shares his log of malicious Microsoft login attempts. Why no geofencing? 23andMe down for the count (reminder). A sobering Ransomware attack & victim listing website. Gulp! "InControl" keeps VR planes aloft. And the European Union gets serious about a switch to Linux Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: drata.com/securitynow outsystems.com/twit bitwarden.com/twit threatlocker.com for Security Now legatosecurity.com

In this episode of the Other Side of the Firewall podcast, hosts Ryan Williams Sr., Chris Abacon, and Daniel Acevedo discuss the latest cybersecurity news, focusing on a phishing attack that targeted security expert Troy Hunt. They explore the implications of such attacks, the human vulnerabilities that can lead to breaches, and the importance of being vigilant in protecting personal data. The conversation emphasizes that even experienced professionals can fall victim to phishing, highlighting the need for continuous awareness and education in cybersecurity. Article: Security Expert Troy Hunt Lured in by Mailchimp Phish https://www.darkreading.com/cyberattacks-data-breaches/security-expert-troy-hunt-lured-mailchimp-phish?fbclid=IwY2xjawJaO81leHRuA2FlbQIxMAABHaUwJweGJkfQKxSkmcN4jlJjgvIJCgLXzeKIBGVSUlJLWOE5J5TfRr-3CQ_aem_TuHx9VCqKtKUgGj08435TQ Please LISTEN

Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard. A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site. Cloudflare completely pulls the plug on port 80 (HTTP) API access. Malware is switching to obscure languages to avoid detection. FORTH, anyone? Password reuse doesn't appear to be dropping. Cloudflare has numbers. A listener shares his log of malicious Microsoft login attempts. Why no geofencing? 23andMe down for the count (reminder). A sobering Ransomware attack & victim listing website. Gulp! "InControl" keeps VR planes aloft. And the European Union gets serious about a switch to Linux Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: drata.com/securitynow outsystems.com/twit bitwarden.com/twit threatlocker.com for Security Now legatosecurity.com

Enjoying the content? Let us know your feedback!This week's episode is continuation of Troy Hunt's cautionary tale , the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll continue to break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end where we bust our myth of the week!We will also look at this week's cyber security news which isUbuntu Linux security bypasses- https://blog.qualys.com: Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions- https://www.troyhunt.com: A sneaky phish just grabbed my Mailchimp mailing listBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

❤️ Visite nossa campanha de financiamento coletivo e nos apoie!

March is very nearly at an end and it's been quite a month for diverging views in the industry.Satya Nadella, CEO at Microsoft, has spoken out against the tech sector's apparent fixation on achieving AGI while comparing the potential for AI to the rise of Excel spreadsheets in business. The Microsoft chief has turned his attention to the material benefits of AI, as we enter a crunch year for AI developers.Elsewhere this month, UK tech firms are being offered support with adopting a four-day week, which could have major benefits for staff and a major security blogger has fallen victim to a classic cyber attack.In this episode, Jane and Rory welcome back Ross Kelly, ITPro's news and analysis editor, to discuss some of the most noteworthy news from across the month.Read more:‘The entire forecasting business process changed': Microsoft CEO Satya Nadella says Excel changed the game for enterprises in 1985 – he's confident AI tools will do the sameOpenAI says it's charting a "path to AGI" with its next frontier AI model'Digital hide-and-seek': Workers are wasting hundreds of hours a year sourcing the information they need to carry out their roleAgentic AI investment is putting the cart before the horse200 UK firms have now adopted a four-day working week – and Brits are convinced it will become the norm within five yearsUK tech firms have a chance to trial a four-day week this year – here's how other pilot schemes faredHave I Been Pwned owner Troy Hunt's mailing list compromised in phishing attackWhat is phishing?

Rise är ett oberoende, statligt forskningsinstitut som beskriver sig själva som Sveriges innovationspartner. Med drygt 3 300 medarbetare verkar Rise inom en mängd områden, däribland cybersäkerhet. Rise har bland annat byggt testanläggningen Cyber range där svenska organisationer kan testa sina produkter och utvärdera den egna försvarsförmågan. I veckans poddavsnitt gästas Nikka av Karl Resare från Rise. Karl berättar om hur Rises kunder och partners hyr in sig på Cyber range för att utföra tester och simuleringar. Poddavsnittet är dock inte inspelat på Cyber range. Där är det nämligen inte tillåtet att filma. Av säkerhetsskäl får inte ens sändande elektronisk utrustning tas med in på anläggningen. Veckans poddavsnitt bjuder också på flera nyheter. Efter Uppdrag gransknings serie ”Bedragarnas imperium” har polisen anmält Meta för medhjälp till försök till grovt bedrägeri. FBI har gått ut med en varning för skadeprogramsspridande dokumentomvandlare. Troy Hunt har blivit ett levande exempel på att vem som helst kan nätfiskas, och Trump-administrationen har bevisat att inte ens Signal kan skydda hemlig information ifall en journalist bjuds in till samtalet. Se fullständiga shownotes på https://go.nikkasystems.com/podd293.

Oracle Denies Cloud Hack & Top Secret Military Leaks: Cybersecurity Today In today's episode of 'Cybersecurity Today,' host Jim Love delves into Oracle's denial of a claimed breach of its cloud systems, detailing the hacker's allegations and Oracle's firm response. Additionally, the episode explores an accidental leak of top-secret US military information to an editor at the Atlantic, revealing the astonishing lapses in secure communication. The show also covers renowned security expert Troy Hunt's phishing attack incident on his MailChimp account, highlighting vulnerabilities and lessons learned in cybersecurity. Stay tuned for comprehensive insights and expert analysis on these significant security events. 00:00 Introduction and Oracle Cloud Breach Allegations 00:52 Oracle's Response and Hacker Demands 02:07 Classified Military Details Leaked to Journalist 04:34 Troy Hunt's MailChimp Phishing Attack 06:17 Lessons Learned and Final Thoughts 07:38 Conclusion

Critical Remote Code Execution vulnerabilities affect Kubernetes controllers. Senior Trump administration officials allegedly use unsecured platforms for national security discussions. Even experts like Troy Hunt get phished. Google acknowledges user data loss but doesn't explain it. Chinese hackers spent four years inside an Asian telecom firm. SnakeKeylogger is a stealthy, multi-stage credential-stealing malware. A cybercrime crackdown results in over 300 arrests across seven African countries. Ben Yelin, Caveat co-host and Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, joins to discuss the Signal national security leak. Pew Research Center figures out how its online polling got slightly forked. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Ben Yelin, Caveat co-host and Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, on the Signal national security leak. Selected Reading IngressNightmare: critical Kubernetes vulnerabilities in ingress NGINX controller (Beyond Machines) Remote Code Execution Vulnerabilities in Ingress NGINX (Wiz)  Ingress-nginx CVE-2025-1974: What You Need to Know (Kubernetes)  Trump administration is reviewing how its national security team sent military plans to a magazine editor (NBC News) The Trump Administration Accidentally Texted Me Its War Plans (The Atlantic) How Russian Hackers Are Exploiting Signal 'Linked Devices' Feature for Real-Time Spying (SecurityWeek) Troy Hunt: A Sneaky Phish Just Grabbed my Mailchimp Mailing List (Troy Hunt) 'Technical issue' at Google deletes some customer data (The Register) Chinese hackers spent four years inside Asian telco's networks (The Record) Multistage Info Stealer SnakeKeylogger Attacking Individuals and Businesses to Steal Logins (Cyber Security News) Over 300 arrested in international crackdown on cyber scams (The Record) How a glitch in an online survey replaced the word ‘yes' with ‘forks' (Pew Research) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoying the content? Let us know your feedback!In this week's episode we have a fascinating and cautionary tale about none other than Troy Hunt, the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end for tips on how to stay vigilant against phishing attacks and our myth of the week!we will also look at the cyber security news. Here is what caught my attention this week.- PSTools dll injection vulnerability- https://www.foto-video-it.de: Disclosure Sysinternals (You will need to translate to English if you are not a German speaker)- https://learn.microsoft.com: PSTool- https://www.troyhunt.com: A sneaky phish just grabbed my Mailchimp mailing listBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Are the frequent stories about data breaches in the news making us desensitized?

Forecast = Expect partly cloudy skies with a high chance of old vulnerabilities resurfacing - don't forget your patch umbrella (or lamp shade)! What's old is new, again, in this episode of Storm⚡️Watch, as we explore the "0.0.0.0 Day" vulnerability, a critical flaw affecting major web browsers like Chrome, Firefox, and Safari. This vulnerability allows malicious websites to bypass browser security mechanisms and potentially gain unauthorized access to local services. We break down the technical details, real-world implications, and the responses from browser developers to this threat. Next, we shed light on a 2017 vulnerability still affecting over 20,000 Ubiquiti devices, including cameras and routers. This issue exposes these devices to amplification attacks and privacy risks due to custom privileged processes on specific network ports. We discuss the discovery protocol, the types of information exposed, and provide practical mitigation strategies for users and administrators of Ubiquiti equipment. In our Cyber Spotlight segment, we cover the National Public Data (NPD) breach, a massive cybersecurity incident that has exposed sensitive personal information of millions of individuals. We take a look at the scope of the breach, the data that was leaked and put up for sale, and the analysis provided by cybersecurity expert Troy Hunt. The implications of this breach are far-reaching, highlighting ongoing concerns in the data broker industry and the potential for long-term impacts on affected individuals. We wrap up the episode with our regular segments, including a look at recent tags from the GreyNoise visualization tool and a roundup of the latest additions to CISA's Known Exploited Vulnerabilities catalog. As always, we encourage our listeners to stay informed and implement necessary security measures to protect themselves in this ever-evolving cyber landscape.   Storm Watch Homepage >> Learn more about GreyNoise >>  

Hackers leak 2.7 billion data records with Social Security numbers Troy Hunt: Inside the "3 Billion People" National Public Data Breach The English Premier League Will Ditch Its Hated VAR Offside Tech for a Fleet of iPhones Pixel 9 Pro and Pro XL: Satellite SOS, Android 14, $999 start price Google Team Pixel "reviews" controversy DOJ Considers Seeking Google (GOOG) Breakup After Major Antitrust Win - Bloomberg Dell announces second massive set of layoffs to employees The first post-quantum cryptography standards are here News outlets were leaked insider material from the Trump campaign. They chose not to print it Your Air Conditioner Is Lying to You Apple (AAPL) Pushes Ahead with Tabletop Home Device in Shift to Robotics Pelosi Statement in Opposition to California Senate Bill 1047 NVIDIA, OpenAI face YouTube creator lawsuits for using online videos xAI's new Grok image generator floods X with controversial AI fakes AT&T and Verizon ask FCC to throw a wrench into Starlink's mobile plan Consumers spent $3.8B on mobile entertainment apps in Q1 Fox-Disney Sports Service Blocked by Judge in Win for Fubo Microsoft removes FAT32 partition size limit in Windows 11 Host: Leo Laporte Guests: Nicholas Deleon, Dan Patterson, and Brian McCullough Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: mintmobile.com/twit canary.tools/twit - use code: TWIT 1password.com/twit e-e.com/twit

Chris Stjernlöf got nerd-sniped and ended up writing down his practices of reliable software design, Ben Visness has had enough with the npm community's propensity to pull in micro-libraries to suit every need, "Stay SaaSy" makes three metaphors for problem solving categories, Troy Hunt takes us inside the "3 billion people" National Public Data breach & Dasel is one data tool to rule them all.

Hackers leak 2.7 billion data records with Social Security numbers Troy Hunt: Inside the "3 Billion People" National Public Data Breach The English Premier League Will Ditch Its Hated VAR Offside Tech for a Fleet of iPhones Pixel 9 Pro and Pro XL: Satellite SOS, Android 14, $999 start price Google Team Pixel "reviews" controversy DOJ Considers Seeking Google (GOOG) Breakup After Major Antitrust Win - Bloomberg Dell announces second massive set of layoffs to employees The first post-quantum cryptography standards are here News outlets were leaked insider material from the Trump campaign. They chose not to print it Your Air Conditioner Is Lying to You Apple (AAPL) Pushes Ahead with Tabletop Home Device in Shift to Robotics Pelosi Statement in Opposition to California Senate Bill 1047 NVIDIA, OpenAI face YouTube creator lawsuits for using online videos xAI's new Grok image generator floods X with controversial AI fakes AT&T and Verizon ask FCC to throw a wrench into Starlink's mobile plan Consumers spent $3.8B on mobile entertainment apps in Q1 Fox-Disney Sports Service Blocked by Judge in Win for Fubo Microsoft removes FAT32 partition size limit in Windows 11 Host: Leo Laporte Guests: Nicholas Deleon, Dan Patterson, and Brian McCullough Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: mintmobile.com/twit canary.tools/twit - use code: TWIT 1password.com/twit e-e.com/twit

Hackers leak 2.7 billion data records with Social Security numbers Troy Hunt: Inside the "3 Billion People" National Public Data Breach The English Premier League Will Ditch Its Hated VAR Offside Tech for a Fleet of iPhones Pixel 9 Pro and Pro XL: Satellite SOS, Android 14, $999 start price Google Team Pixel "reviews" controversy DOJ Considers Seeking Google (GOOG) Breakup After Major Antitrust Win - Bloomberg Dell announces second massive set of layoffs to employees The first post-quantum cryptography standards are here News outlets were leaked insider material from the Trump campaign. They chose not to print it Your Air Conditioner Is Lying to You Apple (AAPL) Pushes Ahead with Tabletop Home Device in Shift to Robotics Pelosi Statement in Opposition to California Senate Bill 1047 NVIDIA, OpenAI face YouTube creator lawsuits for using online videos xAI's new Grok image generator floods X with controversial AI fakes AT&T and Verizon ask FCC to throw a wrench into Starlink's mobile plan Consumers spent $3.8B on mobile entertainment apps in Q1 Fox-Disney Sports Service Blocked by Judge in Win for Fubo Microsoft removes FAT32 partition size limit in Windows 11 Host: Leo Laporte Guests: Nicholas Deleon, Dan Patterson, and Brian McCullough Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: mintmobile.com/twit canary.tools/twit - use code: TWIT 1password.com/twit e-e.com/twit

Hackers leak 2.7 billion data records with Social Security numbers Troy Hunt: Inside the "3 Billion People" National Public Data Breach The English Premier League Will Ditch Its Hated VAR Offside Tech for a Fleet of iPhones Pixel 9 Pro and Pro XL: Satellite SOS, Android 14, $999 start price Google Team Pixel "reviews" controversy DOJ Considers Seeking Google (GOOG) Breakup After Major Antitrust Win - Bloomberg Dell announces second massive set of layoffs to employees The first post-quantum cryptography standards are here News outlets were leaked insider material from the Trump campaign. They chose not to print it Your Air Conditioner Is Lying to You Apple (AAPL) Pushes Ahead with Tabletop Home Device in Shift to Robotics Pelosi Statement in Opposition to California Senate Bill 1047 NVIDIA, OpenAI face YouTube creator lawsuits for using online videos xAI's new Grok image generator floods X with controversial AI fakes AT&T and Verizon ask FCC to throw a wrench into Starlink's mobile plan Consumers spent $3.8B on mobile entertainment apps in Q1 Fox-Disney Sports Service Blocked by Judge in Win for Fubo Microsoft removes FAT32 partition size limit in Windows 11 Host: Leo Laporte Guests: Nicholas Deleon, Dan Patterson, and Brian McCullough Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: mintmobile.com/twit canary.tools/twit - use code: TWIT 1password.com/twit e-e.com/twit

Chris Stjernlöf got nerd-sniped and ended up writing down his practices of reliable software design, Ben Visness has had enough with the npm community's propensity to pull in micro-libraries to suit every need, "Stay SaaSy" makes three metaphors for problem solving categories, Troy Hunt takes us inside the "3 billion people" National Public Data breach & Dasel is one data tool to rule them all.

Hackers leak 2.7 billion data records with Social Security numbers Troy Hunt: Inside the "3 Billion People" National Public Data Breach The English Premier League Will Ditch Its Hated VAR Offside Tech for a Fleet of iPhones Pixel 9 Pro and Pro XL: Satellite SOS, Android 14, $999 start price Google Team Pixel "reviews" controversy DOJ Considers Seeking Google (GOOG) Breakup After Major Antitrust Win - Bloomberg Dell announces second massive set of layoffs to employees The first post-quantum cryptography standards are here News outlets were leaked insider material from the Trump campaign. They chose not to print it Your Air Conditioner Is Lying to You Apple (AAPL) Pushes Ahead with Tabletop Home Device in Shift to Robotics Pelosi Statement in Opposition to California Senate Bill 1047 NVIDIA, OpenAI face YouTube creator lawsuits for using online videos xAI's new Grok image generator floods X with controversial AI fakes AT&T and Verizon ask FCC to throw a wrench into Starlink's mobile plan Consumers spent $3.8B on mobile entertainment apps in Q1 Fox-Disney Sports Service Blocked by Judge in Win for Fubo Microsoft removes FAT32 partition size limit in Windows 11 Host: Leo Laporte Guests: Nicholas Deleon, Dan Patterson, and Brian McCullough Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: mintmobile.com/twit canary.tools/twit - use code: TWIT 1password.com/twit e-e.com/twit

Chris Stjernlöf got nerd-sniped and ended up writing down his practices of reliable software design, Ben Visness has had enough with the npm community's propensity to pull in micro-libraries to suit every need, "Stay SaaSy" makes three metaphors for problem solving categories, Troy Hunt takes us inside the "3 billion people" National Public Data breach & Dasel is one data tool to rule them all.

Hackers leak 2.7 billion data records with Social Security numbers Troy Hunt: Inside the "3 Billion People" National Public Data Breach The English Premier League Will Ditch Its Hated VAR Offside Tech for a Fleet of iPhones Pixel 9 Pro and Pro XL: Satellite SOS, Android 14, $999 start price Google Team Pixel "reviews" controversy DOJ Considers Seeking Google (GOOG) Breakup After Major Antitrust Win - Bloomberg Dell announces second massive set of layoffs to employees The first post-quantum cryptography standards are here News outlets were leaked insider material from the Trump campaign. They chose not to print it Your Air Conditioner Is Lying to You Apple (AAPL) Pushes Ahead with Tabletop Home Device in Shift to Robotics Pelosi Statement in Opposition to California Senate Bill 1047 NVIDIA, OpenAI face YouTube creator lawsuits for using online videos xAI's new Grok image generator floods X with controversial AI fakes AT&T and Verizon ask FCC to throw a wrench into Starlink's mobile plan Consumers spent $3.8B on mobile entertainment apps in Q1 Fox-Disney Sports Service Blocked by Judge in Win for Fubo Microsoft removes FAT32 partition size limit in Windows 11 Host: Leo Laporte Guests: Nicholas Deleon, Dan Patterson, and Brian McCullough Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: mintmobile.com/twit canary.tools/twit - use code: TWIT 1password.com/twit e-e.com/twit

In this weeks Security Sprint, Dave and Andy discussed: Warm Start WaterISAC: Cybersecurity Fundamentals for Water and Wastewater Utilities DHS Faith-Based Security Advsory Council. Latest Recommendations: o   June 24, 2024 | FBSAC Countering Transnational Repression (TNR) Subcommittee Final Report. With contributions from FB-ISAO's Mayya Saab. AMWA comments on DHS' proposed cyber reporting rule          ·       ABA, associations: Proposed cyber reporting rule misses the mark  ·       CISA Misses Mark on Proposed Cyber Incident Reporting Rule   Main Topics   Beryl! Sea Level Rise!! ·       Why Hurricane Beryl is a warning of what is to come this season ·       Beryl rapidly intensifies to become unprecedented Category 4 hurricane in June ·       Rising sea levels will disrupt millions of Americans' lives by 2050, study finds   Cyber threats, frustrations and celebrating orgs taking a proactive approach to security and resilience! ·       Join the GRIP! New! The GRIP Interviews: Part Three. Sharing Intel, Building Resilience! ·       Troy Hunt, HIBP: The State of Data Breaches. “I don't see anything changing any time soon, and anecdotally, it's worse now than it was 5 or 10 years ago.”  ·       ‘I don't see it happening': CISA chief dismisses ban on ransomware payments ·       Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk ·       Progress Software Releases Security Bulletin for MOVEit Transfer ·       TeamViewer Trust Center: Security Update – June 28, 2024, 12:10pm CEST ·       Teamviewer accuses Russia-linked hackers of cyberattack   Hate, Extremism, Terrorism ·       'They see Tennessee as a battleground.' New data points to dramatic rise of hate in Tennessee ·       DHS identifies over 400 migrants brought to the U.S. by an ISIS-affiliated human smuggling network ·       Last of Five Defendants with Ties to White Supremacy and Who Were Charged with Targeting Energy Facility Enters Guilty Plea…  ·       Evidence mounts Islamic State is looking to the US southern border ·       First Responders Toolbox: Terrorism Prevention Spectrum   Social Media & Private Public Coordination  ·       The Supreme Court rules for Biden administration in a social media dispute with conservative states ·       Chairman Jordan Statement on Murthy v. Missouri Supreme Court Ruling. ·       Ranking Member Thompson Statement on Supreme Court Decision Murthy v. Missouri.   International ·       US military bases in Europe raise security threat levels ·       Several US military bases in Europe on heightened alert amid possible terrorist threat ·       China's envoy to France labels Taiwanese government ‘rebel regime' to be expelled ‘at any time.'   Quick Hits   USSS: NEW: National Threat Assessment Center (NTAC) Releases Guidance for State & Local Law Enforcement to Prevent Targeted Violence.   o   Google disrupted over 10,000 instances of DRAGONBRIDGE activity in Q1 2024 o   A Russian Propaganda Network Is Promoting an AI-Manipulated Biden Video o   Recorded Future: Russia-Linked CopyCop Expands to Cover US Elections, Target Political Leaders o   Russia-linked group criticizes Biden, praises Trump in latest influence campaign o   Navigating the Misinformation Minefield. Elections in 2024 o   Reality Check Commentary: ‘Information Voids' Cause AI Models to Spread Russian Disinformation ·       Polyfill Supply Chain Attack Hits Over 100k Websites ·       Canadian Centre for Cyber Security: Cyber security gudance for democratic institutions: artificial intelligence (ITSAP.00.135) ·       Canadian Centre for Cyber Security - Tips for backing up your information (ITSAP.40.002) ·       CISA: Looking Ahead to Better Prepare Today ·       Key Emerging Risks: Cascading Effects of Natural Disasters, Supply Chain Resilience ·       The 10 Major Risks Shaping Insurance Today ·       AI, Economy, Geopolitical Conflicts Lead to Highest Level of Corporate Risk in 12 Years: Report  

In this episode, Zoe is back with a one-on-one with Troy Hunt. He is the founder of the pivotal cybersecurity resource “Have I Been Pwned”, the Microsoft regional director, MVP, Pluralsight instructor, and an active member of the security community.Troy shares his unexpected journey from aspiring pilot to tech influencer, revealing how a simple blog post evolved into a career-defining move. He discusses the power of public contributions to Stack Overflow, user group attendance, and open-source code repositories in establishing credibility in the tech world.We delve into the importance of communication skills, not just in tech but in life, and how blogging tests one's knowledge. We also touch on the challenges of self-employment, the balance between work and personal life, and the lessons learned from mistakes.Don't miss this candid conversation that explores the intersections of tech, career growth, and the personal journeys that shape us.-Just go out there and do stuff.Put yourself out there.-Links: LinkedInTwitterBloghttps://bigmachine.io/pwned/ --Thanks for being an imposter - a part of the Imposter Syndrome Network (ISN)! We'd love it if you connected with us on LinkedIn: https://www.linkedin.com/company/the-imposter-syndrome-network-podcast Make it a great day.

The personal information of around one million registered clubs users may have been compromised. Catalina Florez speaks with online security expert Troy Hunt for more, plus Rhayna Bosch discusses the day's market action with Ben Clark from TMS Capital.

Rich talked about his experience using high-speed Starlink internet on Hawaiian Airlines.Perry in Glendale needs help with his Outlook. Rich says to check the Spectrum settings here.Ryan Ozawa, Native Hawaiian tech journalist and publisher of the Hawaii Bulletin, will talk about the startup scene in Hawaii.Some Apple users were unexpectedly logged out of their accounts, forcing them to reset their passwords to get back in.Rosemary in Fontana has an issue with her Fire TV stick remote.President Biden signed a law that forces TikTok to be sold to a U.S. company or face a ban.Jose in Santa Clara wants to know if he should update his router firmware.The rumor mill says Samsung's next Unpacked event will be held in Paris on July 10, 2024.JR Raphael, tech writer and author of the Android Intelligence newsletter. JR recommended the BuzzKill app for managing Android notifications.Apple's next event is set for May 7. The invitation says Let Loose, and it's expected to focus on new iPads.Verizon is hiking the price of smartwatch plans by $5 a month starting June 3, 2024.Rick in San Diego is curious about the security of the permissions apps ask for on your phone.Diana in Covina asks about password manager recommendations. Rich mentioned iCloud Keychain, Google Password Manager, Bitwarden, Dashlane and 1Password.The YouTube App is taking over Apple's TV's default slideshow; here's how to fix that.Have you seen the keyboard memes going around on Twitter?Troy Hunt, creator of haveibeenpwned.com, will discuss what to do when your personal information is exposed in a data breach.Rabbit R1 reviews are in and they're slightly better than the Humane AI Pin.BBB says to be aware of a new text message scam that asks you to pay for a toll road.The FTC is sending Ring settlement payments to people via PayPal.LocalSend is an easy way to exchange files over your network and supports various platforms. SnapDrop is a web-based alternative.Noel in Escondido mentioned some of his favorite flight apps, including FlightRadar24, RadarBox, FlightAware, globe.adsbexchange.com and Flighty. Get full access to Rich on Tech at richontech.tv/subscribe

This week on Dark Rhiino Security's Security Confidential podcast, Host Manoj Tandon talks to Troy Hunt. Troy is an Australian Microsoft Regional Director and MVP for Developer Security. He's known for his expertise in web security, as well as his creation of 'Have I Been Pwned?' He's a prolific author for Pluralsight, a sought-after speaker at global conferences, and has been featured in a number of articles with publications including Forbes, TIME magazine, Mashable, PCWorld, ZDNet and Yahoo! Tech. Aside from technology and security, Troy is an avid snowboarder, windsurfer and tennis player 00:00 Introduction 01:17 We're going to outsource you 05:20 Have I Been Pwned? 10:10 Does the value length matter? 15:13 Convenience vs Security 20:20 Recovering an account 34:08 What is the effectivity of 2FA? 37:45 Artificial Intelligence and NLP 443:27 If you're going to do nothing, at least do this 52:25 More about Troy -------------------------------------------- To learn more about Troy visit https://www.troyhunt.com/ https://haveibeenpwned.com/ https://ndcoslo.com/ To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com ---------------------------------------------------------------------- SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @Darkrhiinosecurity Facebook: @Dark-Rhiino-Security-Inc Twitter: @darkrhiinosec LinkedIn: @dark-rhiino-security Youtube: @DarkRhiinoSecurity ​

In our previous episode of Programming By Stealth, Bart Busschots taught us how to create lookup tables with jq from JSON data using the `from_entries` command. Just when we have that conquered, this time he teaches us how to do the exact opposite – disassemble lookup tables. I think this was a really fun lesson because taking data apart, reassembling it the way you want and then putting it back together again is a great way to really understand what we're doing with jq. I got much more comfortable as I started to recognize the patterns in what Bart was doing. We also get to play with a new data set, the Have I Been Pwned data gathered by Troy Hunt. If you're a data nerd, and really who amongst us isn't, you'll love this episode too. You can find Bart's fabulous tutorial shownotes at pbs.bartificer.net.

In our previous episode of Programming By Stealth, Bart Busschots taught us how to create lookup tables with jq from JSON data using the `from_entries` command. Just when we have that conquered, this time he teaches us how to do the exact opposite – disassemble lookup tables. I think this was a really fun lesson because taking data apart, reassembling it the way you want and then putting it back together again is a great way to really understand what we're doing with jq. I got much more comfortable as I started to recognize the patterns in what Bart was doing. We also get to play with a new data set, the Have I Been Pwned data gathered by Troy Hunt. If you're a data nerd, and really who amongst us isn't, you'll love this episode too. You can find Bart's fabulous tutorial shownotes at pbs.bartificer.net.

A SIM-swapper faces prison and fines. Here come the class action suits against UnitedHealth Group. Aviation and Aerospace find themselves in the cyber crosshairs. A major mortgage lender suffers a major data breach. A look at election misinformation. The UK shares guidance on migrating SCADA systems to the cloud. Collaborative efforts to contain Smoke Loader. Trend Micro uncovers Earth Krahang. Troy Hunt weighs in on the alleged AT&T data breach. Ben Yelin unpacks the case between OpenAI and the New York Times. And fool me once, shame on you… Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin, Program Director at University of Maryland's Center for Health and Homeland Security and cohost of our Caveat podcast, discusses the article on how “OpenAI says New York Times ‘hacked' ChatGPT to build copyright lawsuit.”   Selected Reading District of New Jersey | Former Telecommunications Company Manager Admits Role in SIM Swapping Scheme (United States Department of Justice) Cash-Strapped Women's Clinic Sues UnitedHealth Over Attack (Gov Info Security) Nations Direct Mortgage Data Breach Impacts 83,000 Individuals (SecurityWeek) Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle (SecurityWeek) NCSC Publishes Security Guidance for Cloud-Hosted SCADA (Infosecurity Magazine) Unit 42 Collaborative Research With Ukraine's Cyber Agency To Uncover the Smoke Loader Backdoor (Palo Alto Networks Unit 42) Prolific Chinese Threat Campaign Targets 100+ Victims (Infosecurity Magazine) Troy Hunt: Inside the Massive Alleged AT&T Data Breach (Troy Hunt) Kids' Cartoons Get a Free Pass From YouTube's Deepfake Disclosure Rules (WIRED) Ransomware Groups: Trust Us. Uh, Don't. (BankInfoSecurity) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Mai menü:First look: Windows 11 is getting native macOS or Linux-like Sudo commandCISA Warns of Active Exploitation Apple iOS and macOS Vulnerabilityglibc CVE csomag, LPE és egyéb jóságÍrt Troy Hunt: van új databreach, jó nagy és egész komoly. Sokan benne vagyunk.  Elérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show

Seth and Ken return to the podcast to talk about fraud scammers based on a recent article from Cory Doctorow and what AppSec can do to protect their apps and themselves. Crocs and Socks. The use of deep fakes to scam corporations to transfer money. Finally, a discussion on sensitive data and why it happens in APIs due to the recent news that Spoutible exposed all sorts of tokens as reported by Troy Hunt.

We caught up with Troy Hunt and Scott Helme at NDC Security Oslo 2024 to talk about best practices when it come to decoding TLS, password security and data breaches in cloud and AI. Troy Hunt, known for his work with haveibeenpwned.com, spoke to us about the complexities of cloud deployment and paradox of data input versus privacy risk in Large Language Models (LLMs), Cloud. Scott Helme, a security researcher and founder of securityheaders.com, spoke about the importance of early security training in the development lifecycle for applications built in 2024. We dissected the critical yet often overlooked aspects of cybersecurity in cloud and ai. Guest Socials: ⁠Troy Hunt + Scott Helme Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠ Questions asked: (00:00) Introduction (01:37) Evolving Landscape of Password Management (04:17) Analyzing Data Breach Trends: (05:48) Latest Security Protocols with TLS and Encryption (08:24) Debating Encryption Key Management (10:59) AI's Role in Data Breaches: (13:59) Best Practices for Enterprise Password Management (16:01) Best Practices for Password Management in Small to Medium Sized Businesses (18:04) Top 5 security best practices (19:58) Understanding Security Headers (27:14) The Fun Section

In the ever-evolving landscape of digital media, the illusion of ownership can be shattered with a single tactical move. Recently, the PlayStation community experienced a rude awakening when paid content was abruptly removed - and no refunds were given. This underscores a widespread issue: do you own the digital shows and movies you 'bought'? Topics Explored in the Article: Tactical Octopus Unveiled: Delve into the intricate tactics used in the digital realm that challenge the perception of ownership. IRS Alert: Explore the unexpected connection between the IRS and your digital movie purchases, revealing potential vulnerabilities. Cybersecurity Insights: Understand the broader landscape of cybersecurity and its impact on safeguarding your digital trove. Email Threats: Uncover the silent menace posed by email threats and how they can compromise your perceived ownership of digital content. Phishing Schemes Exposed: Navigate through the perilous waters of phishing schemes, shedding light on how they put your digital movies at risk. HaveIBeenPawned: Explore the eye-opening revelations from HaveIBeenPawned.com and how they relate to the security of your digital media. Troy Hunt's Take: Gain insights from Troy Hunt, a renowned expert, as he unveils the reality behind digital content ownership. Password Managers as Shields: Discover how password managers act as shields, protecting your digital movie collection from potential loss. Online Meetings Vulnerability: Zoom in on the vulnerability of digital media during online meetings, revealing potential risks. Antivirus and Antimalware: Explore the role of antivirus and antimalware tools in fortifying your digital ownership. Windows Defender: Assess the effectiveness of Windows Defender in securing your digital content within the Windows ecosystem. The digital world is full of surprises, and ensuring true ownership of your digital shows and movies requires a strategic approach. From cybersecurity insights to email threats and the role of password managers, this article unravels the layers of complexity surrounding digital ownership. Are you ready to secure what's rightfully yours? Read more on Lifehacker to stay informed and empowered in the digital age. You can also catch Craig at the following stations and channels: With Jim Polito at 0836 on Tuesdays WTAG AM 580 - FM 94.9  Talk 1200 News Radio 920 & 104.7 FM WHJJ NewsRadio 560 WHYN WXTK Craigs Show Airs 0600 Saturday and Sunday With  Jeff Katz 1630 - Tuesdays WRVA 96.1 FM, 1140 AM   WGAN  Matt Gagnon 0730 Wednesdays Craigs Show Airs 1700 Saturday  WGIR 610 & News Radio 96.7 Chris Ryan 0730 Mondays  Craigs Show Airs 1130 Saturday  On the Internet: Tune-In (WGAN) Radio.com (WRVA) iHeartRadio (WGIR, WTAG, and other stations)

Everyone who's on the internet is exposed to risk. Every time you set up a new account or app, you create another place where your data can be hacked or breached. This makes your differing passwords crucial. Today's guest is Troy Hunt. Troy is a Pluralsight author and instructor, Microsoft Regional Director, and Most Valued Professional specializing in online security and cloud development. He is a conference speaker and runs workshops on how to build more secure software with organizations. He is also the creator of the popular data breach aggregation service known as Have I Been Pwned. Show Notes: [1:26] - Troy shares what he currently does and the work he is known for. [2:57] - You can put your data in one place and it can traverse the internet and end up in places you don't expect. [6:54] - There's a challenge in running a site that has millions of queries at any time. [9:25] - Troy shares some of the accomplishments of Have I Been Pwned. [13:32] - Does he experience a lot of malicious traffic? He used to. Troy explains how he has managed this. [18:14] - Have I Been Pwned has been around for a while and began as a lot of manual labor for Troy. [23:10] - It is crucial for organizations to be receptive to security reports. [25:09] - In a lot of ransoms, data of specific groups of people are used as threats. [27:56] - Troy lists some of the things that happen on the back end of running a site like Have I Been Pwned. [30:36] - Cloud services have been an amazing advancement in technology, but they open up more points of entry. [33:35] - There is a hierarchy of multi-factor authentication. Troy discusses the current strategies that are best practice. [35:45] - For users, what is the second-factor authentication you can manage to use? [37:27] - There are different risk levels to different things. What do you actually need to carefully protect and what level of inconvenience are you willing to bear? [39:59] - Troy shares how his parents have been impacted by confusing technology. What is the right technology for a demographic? [43:15] - Some data is more important than other pieces of information. [45:33] - Some data is also more or less important to different individuals. [46:54] - For those managing and discussing data breaches, we also need to be aware that there are pieces of data that could be important to someone but isn't important to others. [48:24] - Unfortunately, data breaches haven't gotten less common and aren't really getting better. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Have I Been Pwned? Troy Hunt's Website