Podcasts about varonis

Microsoft 365 Copilot has been identified as having a significant security vulnerability known as Echo Leak, which allows hackers to access sensitive information without user interaction. This zero-click exploit was discovered by AIM Security after three months of reverse engineering the software. Although Microsoft claims the issue has been addressed and no customers were affected, experts warn that this flaw reflects deeper security concerns in AI systems, reminiscent of vulnerabilities seen in software two decades ago. The incident raises critical questions about the security of AI agents that have ambient access to data and the need for rethinking endpoint protection and trust boundaries.OpenAI's latest threat report reveals that state-level actors, including those linked to North Korea and Russia, are exploiting ChatGPT for cyber operations. The report outlines ten operations that were shut down, including the generation of fake job applications and social media content aimed at spreading disinformation. Notably, some campaigns were traced back to China, showcasing the use of AI in creating deceptive online personas. This highlights the strategic use of AI by malicious actors, emphasizing the need for heightened awareness and security measures.ConnectWise is facing scrutiny over its recent digital certificate updates, urging customers to update their ScreenConnect, Automate, and ConnectWise RMM solutions. The company is attempting to distance itself from a previously disclosed nation-state breach while addressing concerns raised by a third-party researcher regarding configuration data handling. The rushed certificate rotation has led to reduced confidence among customers, especially given the recent history of exploitation of ScreenConnect. This situation underscores the importance of transparency and trust in vendor relationships, as well as the need for managed service providers to audit their update processes.New tools from Huntress, Netgear, and Varonis signal a shift towards more automated and resilient security solutions. Huntress has launched a Threat Simulator to enhance user engagement in security training, while Netgear's acquisition of Exium aims to simplify networking and security for managed service providers. Varonis has introduced a Model Context Protocol Server to integrate AI tools into its data security platform. These developments reflect a growing trend in cybersecurity towards realism, automation, and simplification, emphasizing the need for IT service providers to adapt and align with these evolving security landscapes. Three things to know today 00:00 From Copilot to Cybercrime: How AI Agents Are Creating New Frontlines in Espionage and Misinformation05:54 ConnectWise Urges Immediate Updates Amid Certificate Rotation, Rekindling Security Concerns After Prior Breach08:45 Automation, Engagement, and Recovery: Security Vendors Roll Out Tools That Align with MSP Priorities Supported by: https://www.huntress.com/mspradio/https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Patch Tuesday. Mozilla  patches two critical FireFox security flaws. A critical flaw in Salesforce OmniStudio exposes sensitive customer data stored in plain text. The Badbox botnet continues to evolve. AI-powered “ghost students” enrolling in online college courses to steal government funds. Hackers steal nearly 300,000 vehicle crash reports from the Texas Department of Transportation. ConnectWise rotates its digital code signing certificates. The chair of the House Homeland Security Committee announces his upcoming retirement. Our guest is Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, wondering if AI may be the Cerberus of our time. Friendly skies…or friendly spies?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we have Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, sharing insights on AI: The Cerberus of our time. You can hear Matt's full interview here. The State of Data Security: Quantifying AI's Impact on Data Risk report from Varonis reveals how much sensitive data is exposed and at risk in the AI era. Learn more and get State of Data Security Report. Selected Reading Microsoft warns of 66 flaws to fix for this Patch Tuesday, and two are under active attack (The Register) Microsoft slows Windows 11 24H2 Patch Tuesday due to a 'compatibility issue'  (The Register) ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA (SecurityWeek) Firefox Patches Multiple Vulnerabilities That Could Lead to Browser Crash (Cyber Security News) Salesforce OmniStudio Vulnerabilities Exposes Sensitive Customer Data in Plain Text (Cyber Security News) CISO who helped unmask Badbox warns: Version 3 is coming (The Register) How Scammers Are Using AI to Steal College Financial Aid  (SecurityWeek) 300K Crash Reports Stolen in Texas DOT Hack (BankInfoSecurity) ConnectWise rotating code signing certificates over security concerns (Bleeping Computer) House Homeland Chairman Mark Green's departure could leave congressional cyber agenda in limbo (CyberScoop) Airlines Don't Want You to Know They Sold Your Flight Data to DHS (404 Media) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this RSA Conference 2025 special episode, we explore two critical frontiers shaping the future of cybersecurity. First, Jon DiMaggio (Author of The Ransomware Diaries, Analyst1) breaks down the hidden supply chains behind ransomware gangs, including the economics of affiliate betrayal and the challenge of accurate attribution. He walks us through his methodology for identifying ransomware rebrands like BlackCat and RansomHub using evidence-based frameworks designed to eliminate human bias. Then we're joined by Matt Radolec (VP of Incident Response at Varonis), who brings a fresh perspective on talent development in cybersecurity. Drawing from his keynote "From Gamer to Leader", Matt argues that gamers possess untapped potential as cybersecurity professionals and it's time to design leadership pipelines like quest lines. From ransomware negotiations on underground forums to using AI-enhanced playbooks and transforming threat response teams into RPG-style guilds, this episode blends technical insight with cultural reflection.

Mike Thompson is the Director, Cloud and Security Architecture at Varonis. In this episode, he joins host Paul John Spaulding to discuss Varonis' 2025 State of Data Security report, including the latest threats, how companies can stay protected, and more. This episode is brought to you by Varonis, whose AI-powered data security platform secures your data at scale – across IaaS, SaaS, and hybrid cloud environments. To learn more about our sponsor, visit https://www.Varonis.com.

AI is reshaping cybersecurity as we know it. From sophisticated AI-driven phishing attacks to the amplified risk of insider threats using tools like Copilot, the landscape is shifting at an unprecedented pace. How can security leaders and practitioners adapt?Join Ashish Rajan and Matthew Radolec (Varonis) as they explore the critical challenges and opportunities AI presents. Learn why 86% of attacks involve credential misuse and how AI agents are making it easier than ever for non-technical insiders to exfiltrate data.In this episode, you'll learn about:The "Blast Radius": How AI tools can dramatically increase data exposure.From "Breaking In" to "Logging In": The dominance of credential-based attacks.AI-Powered Social Engineering: The rise of "conversational bait".Copilot Use Cases & "Aha!" MomentsData Integrity in AI: The critical, overlooked pillar of AI security.The Enduring Importance of Access Management in an AI World.Transforming Security Operations: AI for incident response, playbooks, and forensics.Guest Socials - ⁠Matt's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(01:57) New Threat Landscape in Cloud & AI(08:08) Use cases for regulated industries(10:03) Impact of Agentic AI in the cybersecurity space(12:22) Blind spots of going into AI(18:06) Shared responsibility for LLM providers(20:56) Lifting up security programs for AI(27:82) How is incident response changing with AI?(29:30) Cybersecurity areas that will be most impacted by AI(34:43) The Fun SectionThank you to our episode sponsor Varonis

Rebecca Tubman is a seasoned cybersecurity executive and veteran with over 25 years of combined experience across national defense, intelligence, and emerging technology sectors. As a Federal Account Executive at Varonis, she leads the company's intelligence community initiatives, building the practice from the ground up and delivering automated, data-centric security solutions to U.S. Government and international clients. Her work ensures agencies are equipped to safeguard their most sensitive data from both internal and external threats.Before transitioning to the private sector, Rebecca served for over two decades in the United States Air Force, where she held diverse leadership roles across missile warning, space operations, intelligence, special operations, partner nation engagements, and cyberspace operations. Her distinguished career included multiple overseas deployments and combat tours, with assignments spanning strategic, tactical, and operational levels.A mission-driven leader with deep operational insight, Rebecca continues to bridge the gap between advanced technology and national security priorities.

In an era where data breaches cost organizations millions and threaten business continuity daily, the intersection of data storage and security has never been more critical. Hear from two industry experts: Nolan Necoechea, Product Marketing leader from Varonis, and returning guest Jason Walker from Pure Storage. Together, we unpack how intelligent data classification, threat detection, and automated remediation are changing the cybersecurity landscape – and why the foundation of effective security starts with how your data is stored and classified. This episode takes listeners from Varonis's fascinating origin story (involving disappearing high-resolution ocean floor images) to the cutting-edge of modern cybersecurity practices. Nolan breaks down Varonis's comprehensive platform that creates visibility and control over data access, while Jason explains why Pure Storage provides the ideal foundation for these security solutions. Learn how real-time threat detection, user behavior analytics, and automated remediation aren't just buzzwords but essential components of modern data protection strategy. As AI-powered threats continue to evolve, this conversation offers practical insights into how organizations can stay ahead of bad actors through strategic partnerships and integrated solutions. Discover why streamlined SecOps and robust data classification are becoming table stakes for business continuity, and get a preview of what's next in the Varonis-Pure partnership. Whether you're a CISO, IT administrator, or business leader concerned about data protection, this episode delivers actionable intelligence on safeguarding your organization's most valuable asset: its data.

Yaki Faitelson is the co-founder and CEO at Varonis. In this episode, he joins host Amanda Glassner to discuss Varonis' AI-powered data security platform, including what CISOs across the industry are saying and whether their goalposts have shifted, as well as how cybersecurity teams of all sizes can address new threats, and more. This episode is brought to you by Varonis, whose AI-powered data security platform secures your data at scale – across IaaS, SaaS, and hybrid cloud environments. To learn more about our sponsor, visit https://Varonis.com.

Is DOGE using AI to monitor federal employees? Google's latest Android update addresses two zero-days. Scattered Spider continues its phishing and malware campaigns. Ransomware's grip is slipping. ToddyCat exploits a critical flaw in ESET products. Oracle privately confirms a legacy system breach. Over 5,000 Ivanti Connect Secure appliances remain exposed online to a critical remote code execution vulnerability. CISA confirms active exploitation of a critical vulnerability in CrushFTP. In our Industry Voices segment, we are joined by Matt Radolec, VP of Incident Response at Varonis, on turning to gamers to to Build Resilient Cyber Teams. AI outphishes human red teams.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In our Industry Voices segment, we are joined by Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, as he is discussing research on “From Gamer to Leader: How to Build Resilient Cyber Teams.” Catch Matt's keynote at RSAC 2025 on April 30th.  Selected Reading Exclusive: Musk's DOGE using AI to snoop on U.S. federal workers, sources say (Reuters) Tariff Wars: The Technology Impact (BankInfo Security) Google Patched Android 0-Day Vulnerability Exploited in the Wild (Cyber Security News)  Scattered Spider adds new phishing kit, malware to its web (The Register) Ransomware Underground Faces Declining Relevance (BankInfo Security) ESET Vulnerability Exploited for Stealthy Malware Execution (SecurityWeek) Oracle Confirms that Hackers Broke Systems & Stole Client Login Credentials (Cyber Security News)  Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk (SecurityWeek) CISA Warns of CrushFTP Vulnerability Exploitation in the Wild (Infosecurity Magazine) AI Outsmarts Human Red Teams in Phishing Tests (GovInfo Security) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this holiday episode special, we're joined by Hamza Fodderwala, Executive Director at Morgan Stanley, where he leads cybersecurity equity coverage. He joined Morgan Stanley's software research team in early 2016 and leads coverage for public cybersecurity companies like Palo Alto Networks, CrowdStrike, Fortinet, SentinelOne, Okta, Zscaler, Cloudflare, Rapid7, Check Point, Qualys, Varonis and Tenable. Before Morgan Stanley, Hamza was an equity research associate at Susquehanna International Group covering the financial technology sector. Hamza graduated from New York University, with a Bachelor of Arts in Economics.We dive into Hamza's insights on the major customer buying patterns in cybersecurity throughout 2024 and what might shift in 2025. Hamza shares his observations on how the Generative AI boom is influencing product adoption in the industry, and whether enterprises are currently adopting AI security solutions. Additionally, we explore key trends from cybersecurity resellers, discuss what might unlock public equity markets for new IPOs, and which private cyber companies could go public next.Our discussion covers the cybersecurity M&A landscape, highlighting over $50B in deal volume this year with companies like Juniper, Darktrace, Recorded Future, Synopsys, Venafi, and more all getting acquired. Finally, Hamza shares lessons for founders, offering advice on identifying areas ripe for disruption, navigating the venture funding landscape, and building resilience in a competitive industry.

Are you struggling to expand your cybersecurity company's market reach? Finding it challenging to get potential customers to notice your brand? Wondering if rebranding could be the silver bullet to boost your company's awareness? In this episode, Robert Sobers, CMO at Varonis, shares his expert advice on go-to-market strategies specifically designed for B2B cybersecurity companies.In this conversation we discuss: 

Guy Melamed, CFO & COO of Varonis, joins CJ to discuss the company's two major transitions. In 2019, Varonis shifted from a perpetual model to an on-prem subscription model, completing the transformation in record time. They are currently in the process of transitioning from an on-prem subscription company to a SaaS company. Guy and CJ delve into the challenges of these transitions, the pressure of doing them in the public eye, and how to communicate these processes to your customers, investors, and sales reps. He highlights the key KPIs that Varonis tracks, the ones that are overrated, and the importance of clearly defined metrics. Guy also touches on the challenge of keeping your eye on short, medium, and long-term strategy, before reflecting on his career, the risks he has taken, and lessons learned from his time in sports and business.If you're looking for an ERP head to NetSuite: https://netsuite.com/metrics and get a customized KPI checklist.—SPONSORS:Maxio is the only billing and financial operations platform that was purpose built for B2B SaaS. They're helping SaaS finance teams automate billing and revenue recognition, manage collections and payments, and put together investor grade reporting packages.

Ce mardi 3 décembre, Frédéric Simottel a reçu Olivier Girard, président d'Académie en France ; Alain Roumilhac, président Europe du Sud de ManpowerGroup, Nicolas Delpérier, directeur digital chez Pfizer ; Benjamin Barrier, cofondateur de Datadome ; Pierre-Antoine Failly-Crawford, responsable de l'équipe de réponse à l'incident chez Varonis ; Michel Juvin, ecosystem advisor chez Alliancy, dans l'émission Tech&Co Business sur BFM Business. Retrouvez l'émission le samedi et réécoutez la en podcast.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com  Federal technology leaders operate in a confusing world. On the one hand, they must grant access to data that is needed by users; on the other hand, they must comply with security requirements that severely restrict that access. Craig Mueller from Varonis offers a solution: efficient data management will ensure that all information will be carefully categorized to allow this razor's edge of operation. The approach will allow for a concept called “complete coverage.” “Complete coverage extends to everything in the hybrid cloud as well as legacy systems. During the interview, Craig Mueller describes a concept called Data Security Posture Management. Essentially, this process allows for complete coverage, governance, and user analytics. Many do not realize that AI tools crawl a network and assemble as much as they can.  In a federal application, there may be information that is not categorized correctly and should not be allowed to be scanned.  This is a classic example of data that gives the ability to share too easily. Proper organization of data, both structured and unstructured, will all the balancing game of access and security to be deployed and scaled.  

Latviešu valodas aģentūras skolēnu radošo darbu konkursa „Kas ir tavs varonis šodien?” uzvarētāju labāko darbu fragmenti. 2. raidījums. Konkursā piedalījās skolēni no dažādiem Latvijas novadiem, kā arī no Latviešu skolām pasaulē un Latviešu valodas aģentūras tālmācību nodarbību audzēkņi. Otrajā raidījumā skan fragmenti no domrakstiem, kuru autori ir:   Elīza Kurcalte, Pļaviņu vidusskolas 8.b klase Juris Zeiza, Cēsu 1. pamatskolas 9. klase Ance Siliņa, Ventspils 1. pamatskolas 9. klase Eduards Gasūns, Codes pamatskolas 6. klase Elza Kristsone, Āgenskalna Valsts ģimnāzijas 8. klase Alans Ļaudups, Briseles 1. Eiropas skola Uklē, 15 gadi Agnete Esmeralda Lauce, Ojāra Vācieša Gaujienas pamatskolas 8. klase Oskars Kasendra, Rīgas 45. vidusskolas 6.a klase Marta Bruzgule, Viļānu vidusskolas 9.a klase Tomass Gustavs Celenbergs, Dāvja Ozoliņa Apes pamatskolas 7. klase Agate Kolna, Barkavas pamatskolas 6. klase Skolēnu darbus lasa Katrīna Griga un Jānis Āmanis. Skan Raimonda Tiguļa mūzika. Raidījumu ierakstīja un muzikāli noformēja Valdis Zilveris. Režisors Valdis Lūriņš, redaktore Dzintra Matuzāle, producentes Māra Eglīte un Velga Līcīte-Meldere. 2024. gada ieraksts. Elīza Kurcalte, Pļaviņu vidusskolas  8.b klase: „Varonis katra izpratnē un sabiedrībā kopumā dažādos laikos ir nozīmējis ko citu. Kādam tas ir radinieks, draugs, slavenība vai, mūslaiku ģeopolitiskās situācijas kontekstā, neatkarības un demokrātijas aizstāvis. Šis jēdziens var būt ļoti plašs un laika gaitā kā kolektīvajā, tā individuālajā uztverē mainīties. Par saviem varoņiem nolēmu izvirzīt savus vecvecākus no tēva puses – Vizmu un Kārli Kurcaltus. Savas dzimtas kamoliņu esmu atritinājusi līdz 19. gadsimta vidum, un ir daudz cilvēku, kuri varētu pretendēt uz šo titulu, bet vecmamma un vectēvs ir pirmie, par kuriem iedomājos, dzirdot šādu jautājumu.”  

Chris Rock is known for being a security researcher. But he's also a black hat incident responder. He tells us about a job he did in the middle east.https://x.com/chrisrockhackerSponsorsSupport for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.Support for this show comes from Flare. Flare automates monitoring across the dark & clear web to detect high-risk exposure, before threat actors have a chance to leverage it. Their unified solution makes it easy to rapidly identify risks across thousands of sources, including developers leaking secrets on public GitHub Repositories, threat actors selling infected devices on dark web markets, and targeted attacks being planned on illicit Telegram Channels. Visit https://flare.io to learn more.

Latviešu valodas aģentūras skolēnu radošo darbu konkursa „Kas ir tavs varonis šodien?” uzvarētāju labāko darbu fragmenti. 1. raidījums. Konkursā piedalījās skolēni no dažādiem Latvijas novadiem, kā arī no Latviešu skolām pasaulē un Latviešu valodas aģentūras tālmācību nodarbību audzēkņi. Pirmajā raidījumā skan fragmenti no domrakstiem, kuru autori ir: Kristers Jaunzems, Gulbīša pamatskolas 3.klase Annika Leonoviča, Aglonas Katoļu ģimnāzijas 4. klase Aleksandrs Drande, Liepājas Draudzīgā aicinājuma vidusskolas 4. c klase Sāra Paegle, Liezēres pamatskolas 4. klase Valters Grīnfelds, Liepājas Draudzīgā aicinājuma vidusskolas 4. klase Marija Rimicāne, Ozolnieku vidusskolas 4. klase Aleksandrs Ščerbatjuks, Daugavpils Valsts pilsētas vidusskolas 9. a klase Marta Ozoliņa, Limbažu Valsts ģimnāzijas 4.klase Renārs Rainers Biezbārdis, Taurupes pamatskolas 9. klase Lelde Sondore, Varaļānu vidusskolas 2. klase Mārcis Grišuļs, Mārupes pamatskolas 4. klase Megana Jurkeviča, Jaunpiebalgas vidusskolas 4. klase Dominiks Aglonietis, Aglonas Katoļu ģimnāzijas 4. klase Sofija Eglīte, Valmieras Pārgaujas sākumskolas  6.klase Oskars Blūzmanis, Briseles 2. Eiropas skola, 10 gadi Skolēnu darbus lasa Katrīna Griga un Jānis Āmanis. Skan Raimonda Tiguļa mūzika. Raidījumu ierakstīja un muzikāli noformēja Valdis Zilveris. Režisors Valdis Lūriņš, redaktore Dzintra Matuzāle, producentes Māra Eglīte un Velga Līcīte-Meldere. 2024. gada ieraksts. Latviešu Valodas aģentūras projektu vadītāja Velga Līcīte-Meldere: „Konkursā sagaidījām ļoti lielu pieteikumu skaitu – 1202 radošos darbus: esejas, dzejoļus, domrakstus un zīmējumus no visas Latvijas un latviešu skolām pasaulē (762 literāros darbus un 440 zīmējumus). Izrādās, ka vislielākais varonis bērniem ir MAMMA, tad seko tētis, vecmāmiņa, vectētiņš, ģimene, māsa, brālis, ugunsdzēsēji, zemessargi un ārsti. Varonis ir latvietis – tas, kurš nekaunas tāds būt, nekaunas no savām saknēm, no savas valodas, kā savulaik Krišjānis Valdemārs. Varonis ir arī labs cilvēks, tāds cilvēks, kas liek smaidīt, kas dod spēku noticēt sev pašam; draugi, kas tic tev tad, kad tu pats sev vairs netici. Labi un mīloši cilvēki ir daudzu jauniešu autoritātes. Dakteris Klauns ir varonis, cilvēcība ir varonība. Ne vienmēr mēs varam  būt varoņi, bet vienmēr mums ir iespēja palikt cilvēkiem, saglabāt cilvēcību un nepazemot otru – tā arī ir varonība. Paldies par stiprajiem varoņstāstiem! Jūsos katrā ir varonības gēns, ja jūsu acis un sirds spēj ieraudzīt labo!” Kristers Jaunzems, Gulbīša pamatskolas 3.klase: „Novembris – tas ir varoņu laiks. Stundā iepazīstam R Blaumaņa „Tālavas taurētāju”. Grāmatās dzīvo grāmatu varoņi, filmās – filmu varoņi, datoros un telefonos  - datorspēļu varoņi. Tik daudz un dažādi tie ir. Mamma stāstīja, ka viņas bērnībā vēl nebija datorspēļu. Bērnu sapņu varoņi bijuši pasaku tēli. Kad aizstāvu savus telefona varoņus, mamma saka: „Kas gan tie par varoņiem,  tādi datorķēmi vien ir, kas tur lēkā…” No pieaugušajiem dzirdu par labā un ļaunā cīņu šodien. Diemžēl, tā vairs nav pasaka, nav arī animācijas filma vai datorspēle. Īsta spēle. Spēle, kurā neievēro noteikumus. Man bail par to, kas notiek. Es gribu, lai labais uzvar... Es negribu sapņot par varoni formas tērpā un ar šaujamo. Domāju, ka varonis var būt arī   kaut kas labs, mīļš, laipns, žēlīgs. Iespējams, tie ir cilvēki, kas no sirds dod citiem. Dot citiem, pat svešiem cilvēkiem, neprasot neko pretim taču arī ir varonība!”

Latviešu valodas aģentūras skolēnu radošo darbu konkursa „Kas ir tavs varonis šodien?” uzvarētāju labāko darbu fragmenti. 1. raidījums. Konkursā piedalījās skolēni no dažādiem Latvijas novadiem, kā arī no Latviešu skolām pasaulē un Latviešu valodas aģentūras tālmācību nodarbību audzēkņi. Pirmajā raidījumā skan  fragmenti no domrakstiem, kuru autori ir: Kristers Jaunzems, Gulbīša pamatskolas 3.klase Annika Leonoviča, Aglonas Katoļu ģimnāzijas 4. klase Aleksandrs Drande, Liepājas Draudzīgā aicinājuma vidusskolas 4. c klase Sāra Paegle, Liezēres pamatskolas 4. klase Valters Grīnfelds, Liepājas Draudzīgā aicinājuma vidusskolas 4. klase Marija Rimicāne, Ozolnieku vidusskolas 4. klase Aleksandrs Ščerbatjuks, Daugavpils Valsts pilsētas vidusskolas 9. a klase Marta Ozoliņa, Limbažu Valsts ģimnāzijas 4.klase Renārs Rainers Biezbārdis, Taurupes pamatskolas 9. klase Lelde Sondore, Varaļānu vidusskolas 2. klase Mārcis Grišuļs, Mārupes pamatskolas 4. klase Megana Jurkeviča, Jaunpiebalgas vidusskolas 4. klase Dominiks Aglonietis, Aglonas Katoļu ģimnāzijas 4. klase Sofija Eglīte, Valmieras Pārgaujas sākumskolas  6.klase Oskars Blūzmanis, Briseles 2. Eiropas skola, 10 gadi Skolēnu darbus lasa Katrīna Griga un Jānis Āmanis. Skan Raimonda Tiguļa mūzika. Raidījumu ierakstīja un muzikāli noformēja Valdis Zilveris. Režisors Valdis Lūriņš, redaktore Dzintra Matuzāle, producentes Māra Eglīte un Velga Līcīte-Meldere. 2024. gada ieraksts. Latviešu Valodas aģentūras projektu vadītāja Velga Līcīte-Meldere: „Konkursā sagaidījām ļoti lielu pieteikumu skaitu – 1202 radošos darbus: esejas, dzejoļus, domrakstus un zīmējumus no visas Latvijas un latviešu skolām pasaulē (762 literāros darbus un 440 zīmējumus). Izrādās, ka vislielākais varonis bērniem ir MAMMA, tad seko tētis, vecmāmiņa, vectētiņš, ģimene, māsa, brālis, ugunsdzēsēji, zemessargi un ārsti. Varonis ir latvietis – tas, kurš nekaunas tāds būt, nekaunas no savām saknēm, no savas valodas, kā savulaik Krišjānis Valdemārs. Varonis ir arī labs cilvēks, tāds cilvēks, kas liek smaidīt, kas dod spēku noticēt sev pašam; draugi, kas tic tev tad, kad tu pats sev vairs netici. Labi un mīloši cilvēki ir daudzu jauniešu autoritātes. Dakteris Klauns ir varonis, cilvēcība ir varonība. Ne vienmēr mēs varam  būt varoņi, bet vienmēr mums ir iespēja palikt cilvēkiem, saglabāt cilvēcību un nepazemot otru – tā arī ir varonība. Paldies par stiprajiem varoņstāstiem! Jūsos katrā ir varonības gēns, ja jūsu acis un sirds spēj ieraudzīt labo!” Kristers Jaunzems, Gulbīša pamatskolas 3.klase: „Novembris – tas ir varoņu laiks. Stundā iepazīstam R Blaumaņa „Tālavas taurētāju”. Grāmatās dzīvo grāmatu varoņi, filmās – filmu varoņi, datoros un telefonos  - datorspēļu varoņi. Tik daudz un dažādi tie ir. Mamma stāstīja, ka viņas bērnībā vēl nebija datorspēļu. Bērnu sapņu varoņi bijuši pasaku tēli. Kad aizstāvu savus telefona varoņus, mamma saka: „Kas gan tie par varoņiem,  tādi datorķēmi vien ir, kas tur lēkā…” No pieaugušajiem dzirdu par labā un ļaunā cīņu šodien. Diemžēl, tā vairs nav pasaka, nav arī animācijas filma vai datorspēle. Īsta spēle. Spēle, kurā neievēro noteikumus. Man bail par to, kas notiek. Es gribu, lai labais uzvar... Es negribu sapņot par varoni formas tērpā un ar šaujamo. Domāju, ka varonis var būt arī   kaut kas labs, mīļš, laipns, žēlīgs. Iespējams, tie ir cilvēki, kas no sirds dod citiem. Dot citiem, pat svešiem cilvēkiem, neprasot neko pretim taču arī ir varonība!”

CISA adds a Fortinet flaw to its “must patch” list. Splunk releases fixes for 11 vulnerabilities in Splunk Enterprise. ErrorFather is a new malicious Android banking trojan. New evidence backs secure-by-design practices. CISA warns that threat actors are exploiting unencrypted persistent cookies. The FIDO Alliance standardizes passkey portability. Cybercriminals linger on Telegram. On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. We mark the passing of the co creator of the BBS. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. Selected Reading Tens of thousands of IPs vulnerable to Fortinet flaw dubbed 'must patch' by feds (CyberScoop) Fortinet FortiGuard Labs Observes Darknet Activity Targeting the 2024 United States Presidential Election (Fortinet) Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities (SecurityWeek) Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign (Infosecurity Magazine) Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds (CyberScoop) Eight Million Users Download 200+ Malicious Apps from Google Play (Infosecurity Magazine) TrickMo malware steals Android PINs using fake lock screen (Bleeping Computer) CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (Bleeping Computer) FIDO Alliance is Standardizing Passkey Portability (Thurrott) So far, cybercriminals appear to be just shopping around for a Telegram alternative (The Record) Ward Christensen, BBS inventor and architect of our online age, dies at age 78 (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Mardi 24 septembre, Frédéric Simottel a reçu Reda Mahfoud, directeur général de Malt France ; Benaouda Abdeddaïm, éditorialiste international chez BFM Business ; Nicolas Marchais, fondateur de Phacet ; Michel Juvin, ecosystem advisor chez Alliancy ; Benjamin Barrier, chief strategic officer & cofondateur de Datadome et Pierre-Antoine Failly, responsable de l'équipe de réponse à Incident chez Varonis, dans l'émission Tech&Co Business sur BFM Business. Retrouvez l'émission le samedi et réécoutez la en podcast.

In this episode we hear EvilMog (https://x.com/Evil_Mog) tell us a story about when he had to troubleshoot networks in Afghanistan. We also get Joe (http://x.com/gonzosec) to tell us a penetration test story.SponsorsSupport for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

Ever wondered how far a fan would go to get a sneak peek of their favorite artist's unreleased tracks? In this episode, we uncover the audacious story of some teens bent on getting their hands on the newest dubstep music before anyone else.SponsorsSupport for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

What is the one thing that only your brand can bring to the table? Tapping into that thing is key to better messaging, better positioning, and better engagement.And here to help us sift out that marketing gold is our special guest, Content Marketing Manager at Varonis, Lexi Croisdale. Together we're talking about the podcast New Heights with Jason and Travis Kelce. Together, we're pulling marketing lessons from it, like fighting where you can win, making your teammate the face of your content, and prioritizing social content.About our guest, Lexi CroisdaleLexi Croisdale is the Content Marketing Manager at Varonis. Prior to joining Varonis in May 2023, Lexi served as Senior Content Marketing Manager at higher education engagement platform Mongoose, where she developed and executed the company's content and social media marketing strategies. She brings with her over 7 years of experience helping marketing teams across various industries make creative content.What B2B Companies Can Learn From New Heights:Make your teammate the face of your content. Who you choose depends on a handful of factors. Lexi says, “A lot of times, especially in content where you're like, ‘I have this video I want to create, but I need someone to be on camera.' Like you always think of your CEO, or someone like that. But maybe the subject matter expert or like the specialist on your team is really good at public speaking and actually has the time and the bandwidth to also be that person. And then you kind of can create that personality internally.”Fight where you can win. What can you do that no one else can? For the Kelce brothers, they're both elite NFL players, Superbowl winners and (obviously) brothers. That's what makes the podcast special, and stand out among other football podcasts. Ian says, “As a lesson for marketers, they're doing something that only they can do. And it's like, when they talk about stuff, that's familial, it's only something that only they can talk about. Nobody else can have that sort of talk track.”Put social first. New Heights focuses strongly on social promotion. They cut the episode into clips that are distributed across social media channels which increases engagement, listenership and awareness of the podcast. Lexi says, “The editing style and the way that they go about it evolves with each episode, even though the template might be the same. They find a way to repurpose it and keep going without it just needing to tie to like, ‘Here's two brothers talking about football.” It's a way that non-listeners find out about the show, and are drawn to their banter instead of just football content.Quotes*”Not every piece of content has to fit into a box or be the way that you thought it would be to build an audience. Like you just need to focus on delivering the content in the right way, and being relatable and having that niche outlook.”*”Just because you start [your content] some way doesn't mean it always has to be that exact thing. It can evolve as long as you keep the core tenets of it.”*”A lot of times, you put a lot of work into content or a campaign and it doesn't work. Like, it doesn't give you the ROI or the kind of results that you were hoping for. But if you sit back and you take that as a lesson and you just see it more as a learning experiment, something that you did and test it out and learned from instead of a failure, you're going to see a lot of growth in your creative strategy and how you're executing and adapting your content to fit your channels that you're posting it on.”Time Stamps[0:55] Meet Lexi Croisdale, Content Marketing Manager at Varonis[3:12] Varonis and Content Marketing Strategies[7:22] The Making of New Heights Podcast[14:32] Marketing Lessons from New Heights[26:41] The Power of Social-First Content[27:09] Engaging Guests and Evolving Content[29:01] The Importance of Social Clipping[30:58] Building an Audience Through Relatable Content[36:43] Content Strategy at Varonis[38:50] The Impact of Video Content[48:53] Advice for Content MarketersLinksConnect with Lexi on LinkedInLearn more about VaronisAbout Remarkable!Remarkable! is created by the team at Caspian Studios, the premier B2B Podcast-as-a-Service company. Caspian creates both nonfiction and fiction series for B2B companies. If you want a fiction series check out our new offering - The Business Thriller - Hollywood style storytelling for B2B. Learn more at CaspianStudios.com. In today's episode, you heard from Ian Faison (CEO of Caspian Studios) and Meredith Gooderham (Senior Producer). Remarkable was produced this week by Meredith Gooderham, mixed by Scott Goodrich, and our theme song is “Solomon” by FALAK. Create something remarkable. Rise above the noise.

Accelerate your Mental Edge.Guy Melamed, CFO & COO at Varonis Systems Inc, shares his secret for getting sharper, faster, and smarter. He discovered it during his days of playing Major League Soccer, and now's he converted it the C-Suite to boost results the entire organization including......achieving a 5-year transition plan in just 5 quarters!And YES you can utilize it with your team team too!LinkedIn Profile https://www.linkedin.com/in/guy-melamed-46b7932/Company Link: https://www.varonis.com/What You'll Discover in this Episode:What he Learned Being the First Israeli Drafted into Major League Soccer.Why He Eventually Choose Accounting Over the MLS.An Unexpected Twist that Led to his Growth.HIs Go-To Resource for Mindset.How to Build Trust “Horizontally” in Your Organization.-----Connect with the Host, #1 bestselling author Ben FanningSpeaking and Training inquiresSubscribe to my Youtube channelLinkedInInstagramTwitter

Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our sponsored guest, Matt Radolec, vp, incident response and cloud operations, Varonis. In this episode: Why is retaining cyber talent so hard? How can organizations keep an employee from going elsewhere? Why do organizations often not prioritize the factors to keep key employees? Thanks to our podcast sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis' free data risk assessment. It takes minutes to set up and in 24 hours you'll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today.

Dive into the cyber-landscape where LG smart TVs, Google Workspace, and SharePoint vulnerabilities lay bare the challenges and defenses in our interconnected world. Discover how Bitdefender unearths vulnerabilities in LG's webOS, prompting an urgent patch rollout for millions. Explore Google's stride towards double-layered security with multi-party approvals in Workspace, a bold move against unauthorized changes. Unpack Varonis' latest discovery of SharePoint flaws allowing stealthy data theft, spotlighting the silent battles in cybersecurity. Engage with us on strategies and stories from the front lines of digital defense. Sources: The Hacker News: https://thehackernews.com/2024/04/researchers-discover-lg-smart-tv.html Bitdefender Labs: https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/ Help Net Security: https://www.helpnetsecurity.com/2024/04/09/google-workspace-multi-party-approvals/ Google Workspace Updates: https://workspaceupdates.googleblog.com/2024/04/multi-party-approvals-for-sensitive-admin-actions.html BleepingComputer: https://www.bleepingcomputer.com/news/security/new-sharepoint-flaws-help-hackers-evade-detection-when-stealing-files/ Varonis Blog: https://www.varonis.com/blog/sidestepping-detection-while-exfiltrating-sharepoint-data Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: LG Smart TV, Google Workspace, SharePoint, cybersecurity, vulnerabilities, webOS, multi-party approvals, data exfiltration, root access, security patches, digital defense, cloud security, Bitdefender, Varonis, Microsoft SharePoint, tech news, information security, cyber threats, administrative controls Search Phrases: Bitdefender LG smart TV vulnerabilities Google Workspace multi-party approval feature Varonis exposes SharePoint flaws How to secure LG smart TVs against hackers Implementing Google Workspace multi-party approvals Protecting SharePoint data from undetected theft Latest cybersecurity threats and defenses Root access vulnerabilities in LG TVs Enhancing cloud security with administrative approvals Stealthy data exfiltration techniques in SharePoint Cybersecurity updates for LG smart TV owners Advanced security features in Google Workspace Mitigating risks in Microsoft SharePoint Cyber threat insights from Bitdefender and Varonis Protecting digital assets against unauthorized access Transcript: Apr 10 Welcome back to the Daily Decrypt. Bitdefender reveals a series of high criticality vulnerabilities in LG Smart TV's which could potentially allow attackers to bypass security measures and gain unauthorized root access, which could affect tens of thousands of smart TVs globally. Do you have an LG smart TV? If so, keep listening to find out how you can protect yourself from these vulnerabilities. Someone recently told Google that it's important to check with a friend before making any important decisions. Google is introducing multi party approvals for security features in Google Workspace, which will require multiple admins to approve any sensitive changes. Why is this important? And what types of things can this protect against? And finally, Varonis Threat Labs has just exposed two new vulnerabilities in Microsoft SharePoint that allow hackers to download sensitive files undetected, which will put thousands of businesses at risk. In a recent cybersecurity revelation, researchers at the Romanian firm Bitdefender have brought to light a series of severe vulnerabilities in LG's webOS, the operating system powering its smart TVs. These weaknesses span across versions 4. 9. 7 to 7. 3. 1. of webOS and present a critical threat potentially allowing unauthorized users to gain root access and take control of the devices. So it sounds like Bitdefender did the honorable thing and let LG know about this months ago before disclosing it to the public. And finally LG on March 22nd issued some patches to address these vulnerabilities. Now that's all well and good, but Smart TVs go un updated, potentially forever, the most alarming vulnerability that has been patched, which is CVE 2023 6317, allows attackers to circumvent PIN verification processes to add a privileged user to the TV, requiring no interaction from the device owner. Another vulnerability lets attackers elevate their access level to root, or the highest level of access. Bitdefender's research uncovered that over 91, 000 devices worldwide had this vulnerable service exposed to the internet. Which essentially means that Bitdefender can open up their laptop and scan the internet for your device and find it. And if Bitdefender can do it, any attacker can do it. So make sure that your TVs are up to date, go into the settings, double check which version it is, And make sure it's the most up to date. There should be some sort of indicator saying your system is up to date. If it's not, and your TV is internet facing, attackers can infiltrate your TV, create a backdoor, so that even after the update, they can still access. Then, if your TV has a microphone or a camera, they'll be able to access those things and see what's going on inside your house. They could use those things to steal data. If you've entered in your credit card number into the TV, they'll have access to that. It could be used as a pivot point to try to get to your more sensitive devices like your laptop or your phone, and then inject malware there. If your office space uses an LG Smart TV, it could be used to pivot and conduct a ransomware attack. The uses of this vulnerability are limited only by the attacker's creativity, so make sure to go in. And ensure your device is updated. And a lot of these devices just go to sleep. They don't do a full power cycle or a restart. So go in, maybe unplug the TV for a couple minutes, maybe overnight, however long you can. And then replug it in when you need to use it again. That should wipe the temporary memory and increase the chances that you've gotten rid of the attacker from your TV. In an effort to bolster security measures for its Google Workspace customers, Google has introduced a new feature designed to mitigate the risk of unauthorized or accidental changes within its system. The tech giant announced the rollout of multi party approvals for its cloud based productivity and collaboration platform. This optional security measure requires that certain sensitive admin actions receive approval from another admin before they can be executed. The multi party approvals feature aims to combat potential threats from both inside and outside an organization. By ensuring that changes to critical settings, such as two step verification and account recovery policies, undergo an additional layer of scrutiny. Admins will have the ability to review details of each request, making informed decisions on whether to allow or deny the proposed changes. This process not only secures the platform against unauthorized access, but also streamlines administrative tasks by executing actions automatically once they receive approval. Google Workspace's multi party approvals will be accessible to a broad range of customers, including those subscribed to the enterprise standard. Enterprise Plus, Education Standard, Education Plus, and Cloud Identity Premium plans. But, the feature is turned off by default and can be enabled through the admin console under the multi party approval settings. This is a pretty nice feature for Google to introduce. Probably pretty easy to do on their end, just require more permissions before being able to accomplish certain tasks. Granted, this only requires twice as many permissions as were required before, so if an attacker can get in and make these changes, what's to say they can't get in, create a new account, new admin account, and get the required approvals that way. Anyway, The blog post by Google doesn't address this use case specifically, but it would be great if Google required multiple admins in order to create a new admin, which would essentially solve this problem. And then what's also cool about this new feature is that, yeah, it's introducing new automation features as well. Once you have the approvals, Google will automatically go in and place the changes that were already requested. This doesn't save any time from the legacy workflow, which is where admins would go in and do these actions. They would happen immediately. Because the admins will still have to go in and perform these actions, they will just require approvals afterwards. So the action time is the same, but luckily they don't have to wait for approval and then go perform the action again or something like that. It'll happen automatically. And this is so important because one of the first things that an attacker will try to do once they infiltrate your environment is to make sure they can get back in. And one of the ways they can do that is to create accounts or alter security settings, maybe change logging preferences so that their tracks might be more covered up, allowing them to move more freely throughout your network and perform more malicious actions unrestricted. If it requires multiple admins, To edit logging preferences from debug to verbose or turn off two factor authentication so that attackers can sign in from wherever or any of these things, attackers are less likely to succeed down the line. So if you do run a Google workspace, however small, and you have multiple admins, I highly encourage you to go enable this feature once it's available. It's coming out and it's going to be cool. Our final segment discusses new Microsoft SharePoint vulnerabilities that Varonis Threat Labs discovered, which could allow hackers to stealthily download files from SharePoint, evading traditional audit logs or detection methods. The first method exploits the quote, open in app feature of SharePoint, which when used does not log a file downloaded event, but rather an access event, which might not raise immediate alarms for administrators. This loophole could facilitate what's being termed as silent data exfiltration, allowing for the downloading of documents in a manner that doesn't attract the usual scrutiny. So there's so many events that go on in the Microsoft ecosystem, especially in SharePoint, whether it's opening or downloading or transferring. So many events, they all kind of get funneled into different categories of event. As mentioned, there's a download event and there's an access event. So you might be able to see the Severity difference in these two events. If someone's downloading something that's a little more severe than just opening something. And so security teams will create alerts for different types. of event. So they might have a more serious alert for the download event than they do the access event. And so this first attack is essentially leveraging a bet that security teams aren't alerting as scrutinously on access events, and they're able to download files while only triggering an access event, not a download event. The second vulnerability, uh, Involves spoofing the user agent string of file access requests to appear as if the actions are part of a routine data syncing operation within Microsoft's SkyDrive sync. Thus making the download seem less suspect and more like benign sync events. Both methods open the door to stealthy exfiltration of sensitive documents, bypassing the eyes of cloud access, security tools, and security information and event management platforms, or SIMs. Some recommendations include monitoring for unusual access patterns or high volumes of data activity, which could indicate unauthorized data movements. Until Microsoft addresses these vulnerabilities, we're not sure. Which have currently been acknowledged, but rated as moderate and hence are not slated for immediate patching. Organizations are urged to adopt proactive measures to mitigate potential risks. And I would agree with that assessment. It's a moderate vulnerability and it will be slated for patching, but maybe not immediately since they are still generating events, just maybe not at the correct severity. If this is an important thing to you, make sure to write to Microsoft. Send them an email, get your whole team to send them an email. Try to get them to bump up the priority on this to get it patched. Otherwise, there's going to be a lot of false positive alerts if you're trying to monitor for things that are generally less severe. Hoping for the needle in the haystack. That's going to exhaust your security teams and Reduce the quality of their output. My best advice, if you are planning to take the alerting route, is to create some sort of event sequence based alerting. Like, if someone does this, and someone does this, and someone does this, then generate an alert. Now, not everyone has the ability to do that, but simply raising the severity of Access based alerts isn't going to be the best method and potentially the download alerts will fall through the cracks while analysts are focusing on these. Less severe alerts looking for that, like I said, needle in a haystack. That's all I got for you today. Thanks so much for listening. Hope you got a chance to enjoy the solar eclipse on Monday. I was lucky enough to have the day off from work and this podcast. Huge thanks to dogespan for covering down for me. And it was a really cool experience. And send us a message, send us a DM, send us an email with anything. We'd love to hear from you. Any feedback, anything you'd like to see, we'd greatly appreciate it. And we will talk to you some more later.

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

President Biden to sign EO to bolster maritime port security. Apple announces post-quantum encryption for iMessage. Malwarebytes examines the i-Soon data leak. Law enforcement airs LockBit's dirty laundry. Varonis highlights vulnerabilities affecting Salesforce platforms. An appeals court overturns a $1 billion piracy verdict. NSA's Rob Joyce announces his retirement. Anne Neuberger chats with WIRED.  A leading staffing firm finds its data for sale on the dark web. In our sponsored Industry Voices segment, Navneet Singh, VP of Marketing Network Security at Palo Alto Networks, discusses the transition to the cloud and shares some examples from healthcare. Hackers and hobbyists push back on the proposed Flipper Zero ban.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Navneet Singh, VP of Marketing Network Security at Palo Alto Networks, discusses the transition to the cloud and shares some examples in healthcare. Selected Reading Biden to sign executive order to give Coast Guard added authority over maritime cyber threats (CyberScoop) Apple Announces 'Groundbreaking' New Security Protocol for iMessage (MacRumors) A first analysis of the i-Soon data leak (Malwarebytes) Cops turn LockBit ransomware gang's countdown timers against them (The Register) Security Vulnerabilities in Apex Code Could Leak Salesforce Data (Varonis) Court blocks $1 billion copyright ruling that punished ISP for its users' piracy (Ars Technica) NSA cyber director to step down after 34 years of service (Nextgov/FCW) Anne Neuberger, a Top White House Cyber Official, Is Staying Surprisingly Optimistic (WIRED) Critical flaw found in deprecated VMware EAP. Uninstall it immediately (Security Affairs) Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data (HackRead) Save Flipper (Save Flipper) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The major indexes continue to hold near highs, while small caps rose modestly. Buying opportunities are relatively scarce, and often from earnings. Palantir, BellRing Brands and Varonis flashed different buy signals following earnings.

The UK Government's denial of a cyber incident at Sellafield. There's been a surge in Iranian cyberattacks on US infrastructure. Misuse of Apple's lockdown mode, the mysterious AeroBlade's activities in aerospace, and a clever "Disney+" scam. Plus The latest application security trends, and a new cybersecurity futures study. In our Industry Voices segment, On today's Industry Voices segment, we welcome Matt Radolec, Vice President of Incident Response and Cloud Operations at Varonis explaining the intersection of AI, cloud and insider threats. And insights on resilience from the UK's Deputy PM. CyberWire Guest On today's Industry Voices segment, we welcome Matt Radolec. Matt is Vice President of Incident Response and Cloud Operations at Varonis. He talks about the  intersection of AI, cloud and insider threats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/230 Selected Reading Sellafield nuclear site hacked by groups linked to Russia and China (The Guardian) Response to a news report on cyber security at Sellafield (GOV.UK) Guardian news article (Office of Nuclear Regulation) Ministers pressed by Labour over cyber-attack at Sellafield by foreign groups (The Guardian) US warns Iranian terrorist crew broke into 'multiple' US water facilities (The Register) Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks (The Record) AeroBlade on the Hunt Targeting the U.S. Aerospace Industry (Blackberry) Fake Lockdown Mode: A post-exploitation tampering technique (Jamf) Disney+ Impersonated in Elaborate Multi-Stage Email Attack with Personalized Attachments (Abnormal Security) Building Security in Maturity Model (BSIMM) report (Synopsis) Deputy Prime Minister annual Resilience Statement (GOV.UK)

A new type of mercenary spyware came on the radar called Predator. It'll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world. In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/. We also hear from Bill Marczak and John Scott-Railton from Citizen Lab. If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus. To hear another episode about Greece check out episode 64 called Athens Shadow Games. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Varonis Systems, Inc., Q2 2023 Earnings Call, Jul 31, 2023

Joel Kletkke, Founder of Case Study Buddy, shares how he creates snackable customer success stories that sell. Download the free powerups cheatsheet: https://marketingpowerups.com/028

Varonis Systems, Inc. - Analyst/Investor Day

Omar Avilez worked in the CSIRT of the Dominican Republic when a major cyber security incident erupted. Omar walks us through what happened and the incident response procedures that he went through. Breakmaster Cylinder's new album: https://breakmastercylinder.bandcamp.com/album/the-moon-all-that. Sponsors Support for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Flare. Flare automates monitoring across the dark & clear web to detect high-risk exposure, before threat actors have a chance to leverage it. Their unified solution makes it easy to rapidly identify risks across thousands of sources, including developers leaking secrets on public GitHub Repositories, threat actors selling infected devices on dark web markets, and targeted attacks being planned on illicit Telegram Channels. Visit https://flare.io to learn more. Sources https://www.wired.com/story/costa-rica-ransomware-conti/ https://malpedia.caad.fkie.fraunhofer.de/details/win.bandook https://www.youtube.com/watch?v=QHYH0U66K5Q https://www.youtube.com/live/prCr7Z94078 https://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/ https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/ Attribution Darknet Diaries is created by Jack Rhysider. Assembled by Tristan Ledger. Episode artwork by odibagas. Mixing by Proximity Sound. Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify. Learn more about your ad choices. Visit podcastchoices.com/adchoices

All links and images for this episode can be found on CISO Series. Why does it seem that the only time we hear about a company's concern about security and privacy is after they're compromised. It is only at that moment they feel compelled to let us know that they're taking this situation very seriously because as we've ll heard before “security and privacy are very important to us.” This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Andrea Bergamini, CISO, Orbia. Thanks to our podcast sponsor, Varonis Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren't needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries. In this episode:  Why does it seem that the only time we hear about a company's concern about security and privacy is after they're compromised? Is it only because at that moment they feel compelled to let us know that they're taking this situation very seriously? How do you get things going before you have a massive breach?

You can rebuild infrastructure. But you can't un-breach data – Data sits at the core of an organization and is often the most open and vulnerable. This is why data security is the most important and urgent security problem to solve right now. We're joined by Matt Radolec, Senior Director of Incident Response and Cloud Operations at Varonis, to walk through the blast radius concept – from what it is and how to use it to understand your organization's risk, to how it can serve as a guide to securing data from insiders and external attackers.   Segment Resources: The Great SaaS Data Risk Exposure report: https://info.varonis.com/hubfs/Files/docs/research_reports/Varonis-The-Great-SaaS-Data-Exposure.pdf The Forrester Wave™: Data Security Platforms, Q1 2023 https://reprints2.forrester.com/#/assets/2/1646/RES178465/report Learn more about the Varonis Data Security Platform https://www.varonis.com/products/data-security-platform   This segment is sponsored by Varonis. Visit https://securityweekly.com/varonis to learn more about them!   In the leadership and communications section: Do You Really Need a CISO?, A CISO Employment Contract May Mean the Difference Between Success and Jail, When Your Employee Tells You They're Burned Out, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw307 

You can rebuild infrastructure. But you can't un-breach data – Data sits at the core of an organization and is often the most open and vulnerable. This is why data security is the most important and urgent security problem to solve right now. We're joined by Matt Radolec, Senior Director of Incident Response and Cloud Operations at Varonis, to walk through the blast radius concept – from what it is and how to use it to understand your organization's risk, to how it can serve as a guide to securing data from insiders and external attackers. Segment Resources: The Great SaaS Data Risk Exposure report: https://info.varonis.com/hubfs/Files/docs/research_reports/Varonis-The-Great-SaaS-Data-Exposure.pdf The Forrester Wave™: Data Security Platforms, Q1 2023 https://reprints2.forrester.com/#/assets/2/1646/RES178465/report Learn more about the Varonis Data Security Platform https://www.varonis.com/products/data-security-platform   This segment is sponsored by Varonis. Visit https://securityweekly.com/varonis to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw307 

You can rebuild infrastructure. But you can't un-breach data – Data sits at the core of an organization and is often the most open and vulnerable. This is why data security is the most important and urgent security problem to solve right now. We're joined by Matt Radolec, Senior Director of Incident Response and Cloud Operations at Varonis, to walk through the blast radius concept – from what it is and how to use it to understand your organization's risk, to how it can serve as a guide to securing data from insiders and external attackers.   Segment Resources: The Great SaaS Data Risk Exposure report: https://info.varonis.com/hubfs/Files/docs/research_reports/Varonis-The-Great-SaaS-Data-Exposure.pdf The Forrester Wave™: Data Security Platforms, Q1 2023 https://reprints2.forrester.com/#/assets/2/1646/RES178465/report Learn more about the Varonis Data Security Platform https://www.varonis.com/products/data-security-platform   This segment is sponsored by Varonis. Visit https://securityweekly.com/varonis to learn more about them!   In the leadership and communications section: Do You Really Need a CISO?, A CISO Employment Contract May Mean the Difference Between Success and Jail, When Your Employee Tells You They're Burned Out, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw307 

All links and images for this episode can be found on CISO Series. Turns out cybersecurity professionals lie on their resumes. They add degrees and certifications they don't have. They omit degrees for fear of looking overqualified. And sometimes, they flat out invent jobs. But given the responses as to why people do it, it's because they're trying to get by the unnecessary barriers of cybersecurity hiring. Does that make the lying justified? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is David Nolan, vp, enterprise risk & CISO, Aaron's. Thanks to our podcast sponsor, Varonis Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren't needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries. In this episode:  Do some cybersecurity professionals really lie on their resumes? Is this because they're trying to get by the unnecessary barriers of cybersecurity hiring? Does that make the lying justified?

All links and images for this episode can be found on CISO Series. Given the ease of sharing data, our sensitive information is going more places that we want it. We have means to secure data, but you really can't do that if you don't know where your data actually is. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Brian Vecci (@BrianTheVecci), field CTO, Varonis. Thanks to our podcast sponsor, Varonis Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren't needed – reducing your risk on a continual basis.  Discover more at www.varonis.com/cisoseries. In this episode: What exactly is “dark data”? Are we creating more problems for ourselves by holding onto dark data? What is this generated yet unused data? Is this the same as ROT data or redundant, obsolete, trivial data? How can it be discovered and classified?

All links and images for this episode can be found on CISO Series. Future cybersecurity talent is frustrated. The industry demand for cybersecurity professionals is huge, but the openings for green cyber people eager to get into the field are few. They want professional training, and they want the hiring companies to provide the training. Problem is not enough companies have training programs in place and as a result they can only hire experienced cyber talent, shutting out those who want to get in. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Matt Radolec, sr. director incident response and cloud operations, Varonis. Thanks to our podcast sponsor, Varonis Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren't needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries. In this episode:  The industry demand for cybersecurity professionals is huge, so why are the openings for green cyber people eager to get into the field so few? Should more hiring companies provide the training? Is the problem that not enough companies have training programs in place?

All links and images for this episode can be found on CISO Series. A CISO calls on security vendors to stop the spamming and cold calling. Are these annoyances the direct result the way salespeople are measured? Is that what drives the desperation and bad behavior? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Dmitriy Sokolovskiy, CISO, Avid. Thanks to our podcast sponsor, Varonis Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren't needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries. In this episode: What NEW ways could salespeople be measured that would encourage good behavior with CISOs? There's still this desire to draw a linear path to sales, but how often does it cleanly play out that way? Are integrators, MSSPs, and resellers leveling the playing field for cybersecurity vendors?

All links and images for this episode can be found on CISO Series. What happens when you want to adhere to more secure behavior, but the tool you're using forces you to be less secure, solely because they didn't architect in more stringent security when they created the program. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Terrance Cooley, CISO, Air Force JADC2 R&D Center. Thanks to our podcast sponsor, Varonis Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren't needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries. In this episode: What is the worst security behavior you've seen from an IT vendor? Are you applying talent-to-value recruiting techniques to reduce corporate risk? What are your predictions for the evolution of cyber threats?

Andy Greenberg (https://twitter.com/a_greenberg) brings us a gut wrenching story of how criminal investigators used bitcoin tracing techniques to try to find out who was at the center of a child sexual abuse darkweb website. This story is part of Andy's new book “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency”. An affiliate link to the book on Amazon is here: https://amzn.to/3VkjSh7. Sponsors Support for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Learn more about your ad choices. Visit podcastchoices.com/adchoices

US Department of Justice unseals three indictments in PRC spying cases. CERT-UA warns of Cuba ransomware group phishing campaign. Varonis discovers two Windows vulnerabilities. Mr Security Answer Person John Pescatore on security through obscurity. Ben Yelin on the DOJ's spying cases against China. CISA expands its Known Exploited Vulnerabilities Catalog with six new entries. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/205 Selected reading. Two Arrested and 13 Charged in Three Separate Cases for Alleged Participation in Malign Schemes in the United States on Behalf of the Government of the People's Republic of China (US Department of Justice) U.S. Justice Department Fires Warning Shot at Chinese Spies (Foreign Policy) Chinese spies charged with trying to thwart Huawei investigation (Quartz) DOJ Charges 13 Over Chinese Interference In US Affairs (Law360)  U.S. Says Chinese Tried to Obstruct Huawei Prosecution (Wall Street Journal) U.S. charges Chinese nationals with schemes to steal info, punish critics and recruit spies (CBS News) Cuba ransomware affiliate targets Ukrainian govt agencies (BleepingComputer) Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries (BlackBerry) The Logging Dead: Two Event Log Vulnerabilities Haunting Windows (Varonis)  CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA)

In this episode we hear some insider threat stories from Lisa Forte. Sponsors Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Snyk. Snyk is a developer security platform that helps you secure your applications from the start. It automatically scans your code, dependencies, containers, and cloud infrastructure configs — finding and fixing vulnerabilities in real time. Create your free account at snyk.co/darknet. Attribution Darknet Diaries is created by Jack Rhysider. Editing by Damienne. Assembled by Tristan Ledger. Sound designed by Andrew Meriwether. Episode artwork by odibagas. Mixing by Proximity Sound. Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify.

This is the story about when Mohammed Aldoub, AKA Voulnet, (twitter.com/Voulnet) found a vulnerability on Virus Total and Tweeted about it. Sponsors Support for this podcast comes from Cybereason. Cybereason reverses the attacker's advantage and puts the power back in the defender's hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Support for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Sources https://www.cyberscoop.com/story/trial-error-kuwait-mohammed-aldoub-case/

Adam got a job doing IT work at a learning academy. He liked it and was happy there and feeling part of the team. But a strange series of events took him in another direction, that definitely didn't make him happy. Sponsors Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this podcast comes from Cybereason. Cybereason reverses the attacker's advantage and puts the power back in the defender's hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Support for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.