Podcasts about vulnerabilities

The inability of an entity to withstand the adverse effects of a hostile or uncertain environment

  • 1,357PODCASTS
  • 5,392EPISODES
  • 49mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Sep 7, 2025LATEST
vulnerabilities

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about vulnerabilities

Show all podcasts related to vulnerabilities

Latest podcast episodes about vulnerabilities

Political Philosophy
The Vulnerabilities of Democracy in the Age of Image

Political Philosophy

Play Episode Listen Later Sep 7, 2025 21:43


On the Maurin Academy's Political Philosophy podcast, Laurie is covering Jerzy Kosinski's Being There, a satirical novel about an image and wealth-obsessed American society bent on the mass narcissism of literally loving a politician. This is part 5 in the series. … More The Vulnerabilities of Democracy in the Age of Image

@BEERISAC: CPS/ICS Security Podcast Playlist
FBI Alerts, OT Vulnerabilities, and What Comes Next

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Sep 6, 2025 24:05


Podcast: Industrial Cybersecurity InsiderEpisode: FBI Alerts, OT Vulnerabilities, and What Comes NextPub date: 2025-09-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig and Dino break down the FBI's latest cybersecurity advisory and what it means for industrial organizations. From Cisco hardware vulnerabilities on the plant floor to the widening gap between IT and OT security teams, they address the critical blind spots that attackers often exploit. They discuss why manufacturing has become ransomware's “cash register,” the importance of continuous monitoring and asset visibility, and why every organization must have an incident response plan in place before a crisis. This episode is packed with real-world insights and actionable strategies. It's a must-listen for CISOs, CIOs, OT engineers, and plant leaders safeguarding manufacturing and critical infrastructure.Chapters:00:00:52 - Welcome to Industrial Cybersecurity Insider Podcast00:01:21 - A New FBI Advisory on Nation-State OT Threats00:02:37 - Cisco Hardware on the Plant Floor Targeted in Advisory00:03:18 - The IT/OT Disconnect: OT Assets are Often Invisible to InfoSec Teams00:04:19 - The Awareness Gap: Critical Security Alerts Fail to Reach OT Operations00:04:54 - The OT Cybersecurity Skills Gap and Cultural Divide00:07:32 - Why All Manufacturing is Critical, Citing the JBS Breach00:08:37 - The Staggering Economic Cost of OT Breaches00:09:33 - The "Cash Register" Concept: Why Attackers Target Manufacturing00:10:29 - OT as the New Frontier for Attacks on Unpatched Systems00:11:28 - The "Disinterested Third Party": When OEMs See Security as the Client's Problem00:12:31 - The Foundational First Step: Gaining Asset Visibility & Continuous Monitoring00:13:53 - The Impracticality of Patching in OT Due to Downtime and Safety Risks00:15:25 - Academic vs. Practitioner: Why High-Level Advice Fails on the Plant Floor00:18:25 - The Minimum Requirement: A Practiced, OT-Inclusive Incident Response Plan00:18:58 - Why CISOs Must Build Relationships with Key OT Partners00:22:46 - Practice, Partner, and Protect NowLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Most Podern Podcast
Why U.S. Homes Are All Built the Same Way - Type V City Part I

Most Podern Podcast

Play Episode Listen Later Sep 3, 2025 30:22


Why are nearly all American homes built out of wood when most of the world uses brick, steel, or concrete? In Part I of our conversation Architect Jeana Ripple, author of The Type V City, explains how the U.S.'s reliance on light wood framing—known as Type V construction—became the national default. She breaks down the benefits (affordability, flexibility, sustainability) and the hidden risks (mold, storm damage, limited adaptability) that slowly shape the country's homes, neighborhoods, cities, and built environment. This conversation reveals how building codes and materials influence urban life far more than most of us realize.Jeana Ripple is the Chair of the Department of Architecture and the Vincent and Eleanor Shea Professor at the University of Virginia. A registered architect, she is principal and co-founder of the collaborative architecture firm, Mir Collective.LinksJeana Ripple - ⁠https://www.arch.virginia.edu/people/jeana-ripple⁠Mir Collective - ⁠https://mircollective.com/⁠Purchase the BookUT Press: The Type V City: Codifying Material Inequity in Urban America -  ⁠https://utpress.utexas.edu/9781477331620/⁠Amazon: The Type V City: Codifying Material Inequity in Urban America -  ⁠https://a.co/d/cUzKkyS⁠Subscribe to Most Podern on:Spotify - https://open.spotify.com/show/3zYvX2lRZOpHcZW41WGVrpApple Podcasts - https://podcasts.apple.com/us/podcast/most-podern-podcast/id1725756164Youtube - https://www.youtube.com/@MostPodernInstagram - https://www.instagram.com/most.podernLinkedIn - https://www.linkedin.com/company/most-podernKeywordsType V construction, The Type V City, Jeana Ripple, American housing, Wood frame construction, U.S. building codes, Urban design, Architecture podcast, Why U.S. houses are wood, Building codes explained, Wood vs concrete housing, Mass timber, Multifamily housing design, Housing crisis America, Home maintenance mold, Sustainable building materialsChapters00:00 Introduction to Type 5 Construction01:32 Understanding Type 5 and Its Global Context05:11 The Dominance of Type 5 in the U.S.07:58 The Evolution of Wood Frame Construction11:41 Maintenance and Vulnerabilities of Type 5 Buildings15:44 Consumer Awareness and Decision-Making19:10 The Role of Policy in Building Codes22:43 The Impact of Interest Groups on Building Regulations25:59 Future Directions for Type 5 Construction

The Gate 15 Podcast Channel
Weekly Security Sprint EP 125. Hostile Events, AI driven Ransomware, and more!

The Gate 15 Podcast Channel

Play Episode Listen Later Sep 2, 2025 18:42


In this week's Security Sprint, Dave and Andy covered the following topics:Main Topics:Annunciation Catholic Church Attack • Minneapolis Suspect Knew Her Target, but Motive Is a Mystery• Shooter who opened fire on Minneapolis Catholic school posted rambling videos• Robin Westman: Minneapolis gunman was son of church employee• Robin Westman posted a manifesto on YouTube prior to Annunciation Church shooting• Minneapolis school shooter wrote “I am terrorist” and “Kill yourself” in Russian on weapon magazines and listened to Russian rappers• Minneapolis Catholic Church shooter mocked Christ in video before attack• Minneapolis school shooter 'obsessed with idea of killing children', authorities say• Minnesota Mass Shooter Steeped in Far-Right Lore, White Nationalist Murderers• In Secret Diaries, the Church Shooter's Plans for Mass Murder• Minneapolis church shooting search warrants reveal new details and evidence• 'There is no message': The search for ideological motives in the Minneapolis shooting• Minneapolis Church Shooting: Understanding the Suspect's Video• More Of Minnesota Shooter's Writings Uncovered: ‘Gender And Weed F***ed Up My Head'• Classmates say Minnesota school shooter gave Nazi salutes and idolized school shootings back in middle schoolHoax Active Shooter Reports• More than a dozen universities have been targeted by false active shooter reports• This Is the Group That's Been Swatting US Universities• FBI urges students to be vigilant amid wave of swatting hoaxesAI & Cyber Threats • The Era of AI-Generated Ransomware Has Arrived• Researchers flag code that uses AI systems to carry out ransomware attacks & First known AI-powered ransomware uncovered by ESET Research • Anthropic: Detecting and countering misuse of AI: August 2025• A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four yearsCountering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System• FBI warns Chinese hacking campaign has expanded, reaching 80 countries• Allied spy agencies blame 3 Chinese tech companies for Salt Typhoon attacks• UK NCSC: UK and allies expose China-based technology companies for enabling global cyber campaign against critical networksQuick Hits:• Storm-0501's evolving techniques lead to cloud-based ransomware • Why Hypervisors Are the New-ish Ransomware Target• FBI Releases Use-of-Force Data Update• Denmark summons US envoy over report on covert American ‘influence operations' in Greenland• Falsos Amigos• Surge in coordinated scans targets Microsoft RDP auth servers• Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424• Citrix patches trio of NetScaler bugs – after attackers beat them to it• U.S., Japan, and ROK Join Mandiant to Counter North Korean IT Worker Threats• US sanctions fraud network used by North Korean ‘remote IT workers' to seek jobs and steal money• H1 2025 Malware and Vulnerability Trends • The FDA just overhauled its COVID vaccine guidance. Here's what it means for you• 25 August 2025 NCSC, AFOSI, ACIC, NCIS, DCSA, FBI, ED, NIST, NSF bulletin • DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says• Blistering Wyden letter seeks review of federal court cybersecurity, citing ‘incompetence,' ‘negligence'• Email Phishing Scams Increasingly Target Churches

5bytespodcast
Windows 11 25H2 Now In Preview! Citrix NetScaler Vulnerabilities Disclosed! Amazing AI Stethoscope!

5bytespodcast

Play Episode Listen Later Sep 1, 2025 18:55


I cover the announcement of Windows 11 25H2 entering preview, worrying details about Citrix Netscaler vulnerabilities, a company changing AI approach after public failures and much more! Reference Links: https://www.rorymon.com/blog/windows-11-25h2-now-in-preview-citrix-netscaler-vulnerabilities-disclosed-amazing-ai-stethoscope/

Badlands Media
Why We Vote Ep. 139: Exposing Election Vulnerabilities w/ Phillip Davis

Badlands Media

Play Episode Listen Later Aug 30, 2025 90:12


CannCon and Ashe in America welcome Phillip Davis, known online as @Mad_Liberals, for a deep-dive into election vulnerabilities exposed at DEFCON. Davis, a veteran software developer with decades in fingerprint identification systems, walks through how voting machines can be accessed and manipulated using readily available technician and poll worker cards. He explains the ease of altering ballots, prompts, and even candidate displays without leaving an audit trail, demonstrating how voters themselves can be unknowingly hacked. The conversation also unpacks the infamous Halderman Report, systemic security failures, and the lack of accountability in election administration. From Goodwill voting machines to encryption keys left in plain sight, Davis reveals how fragile U.S. election infrastructure really is, sparking a raw discussion on trust, oversight, and the future of voting.

Paul's Security Weekly
Hackers Steal Your Car and Vulnerabilities - Rob Allen - PSW #889

Paul's Security Weekly

Play Episode Listen Later Aug 28, 2025 130:12


Rob Allen joins us to discuss the importance of security research teams, and some cool stuff they've worked on. Then, in the Security News: Flipper Zero, unlocking cars: The saga continues The one where they stole the vulnerabilities ESP32 Bus Pirates AI will weaponize everything, maybe What are in-the-wild exploits? Docker and security boundaries, and other such lies AI-powered ransomeware BadCAM, BadUSB, and novel defenses 5G sniffers Jeff breaks down all the breach reports AI in your browser is a bad idea And How to rob a hotel - a nod to the way hacking used to be This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-889

One in Ten
Image-Based Sexual Abuse: The Pain That Never Goes Away

One in Ten

Play Episode Listen Later Aug 28, 2025 41:46 Transcription Available


Show NotesIn this episode of 'One in Ten,' host Teresa Huizar interviews Dr. Kimberly Mitchell from the University of New Hampshire's Crimes Against Children Research Center. The discussion centers on image-based sexual abuse (IBSA) and its unique, amplifying effects on victims. They delve into the disturbing prevalence of various forms of IBSA, including coercion and threatening behavior among youth. The conversation also explores the severe psychological impacts such as increased risk of suicide and non-suicidal self-injury among victims.  Additionally, Dr. Mitchell discusses the challenges and complexities of researching this rapidly evolving field amidst advances in digital and AI technology. Potential future research directions, including the role of social support and community engagement, are also highlighted.  Time Topic 00:00 Introduction to Image-Based Sexual Abuse 01:15 Defining Image-Based Sexual Abuse 02:53 Research Background and Technological Impact 05:07 Unique Harms of Image-Based Sexual Abuse 08:47 Study Design and Participant Demographics 11:05 Key Findings and Hypotheses 14:35 Diverse Experiences and Future Research 17:57 Prevalence and Prevention Challenges 23:35 Navigating Healthy Spaces and Influencer Strategies 24:37 Creative Approaches in Child Abuse Prevention 25:58 Global Perspectives on Youth Involvement 28:44 Vulnerabilities of Sexual Minority Youth Online 30:09 Social Support and Online Vulnerabilities 33:18 Non-Suicidal Self-Injury and Image-Based Sexual Abuse 38:24 Future Research Directions and Resiliency 39:52 Bystander Intervention and Positive Variance 41:00 Conclusion and Final Thoughts ResourcesImage-based sexual abuse profiles: Integrating mental health, adversities, and victimization to explore social contexts in a diverse group of young adults - ScienceDirectSupport the showDid you like this episode? Please leave us a review on Apple Podcasts.

Paul's Security Weekly (Podcast-Only)
Hackers Steal Your Car and Vulnerabilities - Rob Allen - PSW #889

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Aug 28, 2025 130:12


Rob Allen joins us to discuss the importance of security research teams, and some cool stuff they've worked on. Then, in the Security News: Flipper Zero, unlocking cars: The saga continues The one where they stole the vulnerabilities ESP32 Bus Pirates AI will weaponize everything, maybe What are in-the-wild exploits? Docker and security boundaries, and other such lies AI-powered ransomeware BadCAM, BadUSB, and novel defenses 5G sniffers Jeff breaks down all the breach reports AI in your browser is a bad idea And How to rob a hotel - a nod to the way hacking used to be This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-889

Paul's Security Weekly (Video-Only)
Hackers Steal Your Car and Vulnerabilities - Rob Allen - PSW #889

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Aug 28, 2025 130:12


Rob Allen joins us to discuss the importance of security research teams, and some cool stuff they've worked on. Then, in the Security News: Flipper Zero, unlocking cars: The saga continues The one where they stole the vulnerabilities ESP32 Bus Pirates AI will weaponize everything, maybe What are in-the-wild exploits? Docker and security boundaries, and other such lies AI-powered ransomeware BadCAM, BadUSB, and novel defenses 5G sniffers Jeff breaks down all the breach reports AI in your browser is a bad idea And How to rob a hotel - a nod to the way hacking used to be This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/psw-889

Psychology hacks
How to Not Be Manipulated | The 21 Vulnerabilities

Psychology hacks

Play Episode Listen Later Aug 22, 2025 18:11


Discover the hidden psychology of manipulation; the hooks that pull you in and the pressure points others exploit for control. Learn how marketers, con artists, and even spies use these tactics, and how to spot them in everyday life. From sales tactics, to office politics, and toxic relationships, these 21 vulnerabilities are essential for protecting yourself from being taken advantage of.

EGGS - The podcast
Eggs 428: Winning the Cybersecurity War with "Kaizen" and Christian Espinosa

EGGS - The podcast

Play Episode Listen Later Aug 21, 2025 52:13


SummaryIn this conversation, cybersecurity expert Christian Espinosa shares his journey from military service to entrepreneurship, emphasizing the importance of emotional intelligence and effective communication in the tech industry. He discusses the vulnerabilities in medical devices, the significance of hiring for cultural fit, and the steps to improve leadership skills. The discussion also covers the concepts of monotasking versus multitasking, empathy in leadership, and the need for continuous improvement in personal and professional development.TakeawaysChristian emphasizes the importance of communication in cybersecurity.Niche focus can lead to increased success in business.Hiring for cultural fit is crucial for team dynamics.Emotional intelligence is often lacking in highly intelligent individuals.The meaning of communication is determined by the response you receive.Monotasking is more effective than multitasking for productivity.Empathy in leadership helps bridge gaps between team members.Continuous improvement is essential for personal growth.Establishing core values can guide hiring and team behavior.Collaboration is key to overcoming intellectual bullying in teams.Chapters00:00 Introduction to Christian Espinosa01:42 Christian's Journey in Cybersecurity05:26 Entrepreneurship and the Military Background09:05 Niche Focus in Cybersecurity10:29 Vulnerabilities in Medical Devices14:39 Hiring for Culture and Core Values19:00 The Smartest Person in the Room21:10 Seven Steps to Improve Emotional Intelligence34:18 Monotasking vs. Multitasking37:15 Empathy and Kaizen in Leadership39:43 Building Effective Teams44:27 Conclusion and RecommendationsCredits:Hosted by Ryan Roghaar and Michael SmithProduced by Ryan RoghaarTheme music: "Perfect Day" by OPM  The Eggs Podcast Spotify playlist:bit.ly/eggstunesThe Plugs:The Show: eggscast.com@eggshow on twitter and instagramOn iTunes: itun.es/i6dX3pCOnStitcher: bit.ly/eggs_on_stitcherAlso available on Google Play Music!Mike "DJ Ontic": Shows and info: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠djontic.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@djontic on twitterRyan Roghaar:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠rogha.ar

Rippling Pages: Interviews with Writers
Yan Ge Part 2 on Vulnerabilities, Younger Selves, Parents

Rippling Pages: Interviews with Writers

Play Episode Listen Later Aug 21, 2025 36:41


“I think when you're young you really allow yourself to be stupid.” Welcome to part 2 of my conversation with Yan Ge. Yan Ge is here to discuss her life and writing. She was born in Chengdu, Sichuan Province People's Republic of China. Emerging as a prodigious writer in Chinese and Sichuanese, she was named as one of China's twenty future literary masters by People Magazine. In 2012, she was chosen as Best New Writer by the Prestigious Chinese Literature Media Prize. For English language readers, Nicky Harman first translated her novella, White Horse, for Hope Road publishing in 2014, a story about young girls negotiating adolescence in the presence of a mysterious white horse. Then, four years later, Nicky translated The Chilli Bean Paste Clan in 2018, published by Balestier. Elsewhere arrived in 2023 (Faber), and Yan Ge treated us to a new dimension of her work entirely: short fiction and, for the first time, written in English.   Remember, if you buy from Rippling Pages Bookshop on bookshop.org.uk are all sourced from indie bookshops! https://uk.bookshop.org/shop/ripplingpagespod Support the Rippling Pages on a new Patreon https://patreon.com/RipplingPagesPod?utm_medium=unknown&utm_source=join_link&utm_campaign=creatorshare_creator&utm_content=copyLink  Interested in hosting your own podcast? Follow this link and find out how: https://www.podbean.com/ripplingpages    Rippling Points Chapters  - 3.30 - writing parts of ourselves that are distinct  - 7.35 - SBoC taking off  - 10.05 - identifying vulnerabilities  - 12.15 -all consuming spells of writing  - 16.45 - finding balance  - 20.15 - inspired by a younger self - 24.40 - The Chilli Bean Paste Clan - 27.35 - food in Yan ges work - 31.35 - Yan's parents   - 35.02 - Another Liam!   Reference Points Nicky Harman Jeremy Tiang  

Supply Chain in the Fast Lane
Season 6, Episode 7: Miguel Garcia, MIT research scientist, on the vulnerabilities of automated warehouses

Supply Chain in the Fast Lane

Play Episode Listen Later Aug 19, 2025 15:29


The Council of Supply Chain Management Professionals (CSCMP) and Supply Chain Xchange  bring you this podcast filled with deep industry discussions. We talk to today's top thought innovators, spanning topics across the entire supply chain. Supply Chain in the Fast Lane fast tracks topics you need to know from leaders you want to know.In this Sixth Season of eight episodes, we look at The Top Threats to our Supply ChainsSEASON 6 :Top Supply Chain ThreatsEPISODE 7: Risks and Vulnerabilities in Automated WarehousesWith technology continuing to advance in the warehousing space, MIT research scientist Miguel Garcia explains key vulnerabilities facing automated warehouses today.Guest: Miguel Garcia, research scientist at the Massachusetts Institute of Technology (MIT)Moderator: Diane Rand, managing editor, Supply Chain XchangeSupply Chain in the Fast Lane is sponsored by:HERE TechnologiesLinksLearn more about CSCMPJoin the CSCMP communityCSCMP's Supply Chain XchangeSubscribe to CSCMP's Supply Chain XchangeSign up for our FREE newslettersListen to our sister podcast, Logistics MattersAdvertise with CSCMP's Supply Chain XchangeJoin the Supply Chain in the Fast Lane team at CSCMP EDGE 2025, October 5-8 at the Gaylord in Washington, D.C. Go to CSCMP.org to find out more.

The Medcurity Podcast: Security | Compliance | Technology | Healthcare
Why Addressing Network Vulnerabilities Can't Wait | Medcurity Live 099

The Medcurity Podcast: Security | Compliance | Technology | Healthcare

Play Episode Listen Later Aug 14, 2025 7:03


In this episode, we talk about Network Vulnerability Assessments (NVAs)—how they pinpoint weaknesses like open ports and unsafe accounts before attackers can exploit them, and why they're key to shutting down easy entry points.We also walk through Medcurity's new NVA Dashboard, now live in the platform. Instead of static PDFs, you get a real-time, interactive view of what needs attention, why it matters, and how to fix it. And with our Advanced NVA, you can go deeper with Attack Path Visualization, Active Directory Security Configuration Analysis, and a HIPAA Group Policy Assessment. Listen in to see how it works and how it can streamline your security efforts.Learn more about Medcurity and what we do here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #NVA #RiskManagement

Cyber Security Today
Urgent Vulnerabilities: Patching Exchange, Citrix, and Fortinet

Cyber Security Today

Play Episode Listen Later Aug 13, 2025 14:33 Transcription Available


In this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full domain compromise, urgent action is needed. Citrix Bleed 2 is actively being exploited, with significant incidents reported in the Netherlands and thousands of devices still unpatched globally. Fortinet SSL VPNs are experiencing a spike in brute force attacks, hinting at a possible new vulnerability on the horizon. Lastly, Shipley highlights notable moments from DEFCON 33, including innovative security hacks and sobering realities of the hacker community. Tune in for detailed breakdowns and insights on how to stay vigilant against these threats. 00:00 Introduction and Overview 00:32 Microsoft Exchange Vulnerability 02:54 Citrix Bleed Two Exploits 05:21 Fortinet SSL VPN Brute Force Attacks 07:39 Insights from DEFCON 33 13:46 Conclusion and Final Thoughts

T-Minus Space Daily
Hacking satellites to expose vulnerabilities.

T-Minus Space Daily

Play Episode Listen Later Aug 8, 2025 20:43


VisionSpace Technologies has demonstrated how easy it is to exploit software vulnerabilities on satellites, as well as the ground stations that control them. China has conducted its first test of a lunar lander that they plan to use to take humans to the Moon. Rocket Lab has completed the Systems Integration Review (SIR) for the US Space Force's VICTUS HAZE mission, and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Guest We are joined by NASASpaceflight.com with the Space Traffic Report. Selected Reading Yamcs v5.8.6 Vulnerability Assessment  OpenC3 Cosmos 6.0.0: A Security Assessment of an Open-Source Mission Framework – VisionSpace  China tests spacecraft it hopes will put first Chinese on the moon- Reuters Rocket Lab Clears Integration Milestone for VICTUS HAZE, Delivering End-to-End Capabilities for Responsive Space Operations Rocket Lab Announces Second Quarter 2025 Financial Results, Posts Record Quarterly Revenue of $144m, Representing 36% Year-on-Year Growth, While Expanding Gross Margins 650 Basis Points Year-on-Year Globalstar Announces Second Quarter 2025 Financial Results Karman Space & Defense Reports Second Quarter Fiscal Year 2025 Financial Results Firefly Aerospace hits $9.8 billion valuation in Nasdaq debut as shares takeoff- Reuters Voyager Acquires ElectroMagnetic Systems, Inc. As NASA Missions Study Interstellar Comet, Hubble Makes Size Estimate AV and SNC Announce Strategic Partnership to Deliver Golden Dome for America "Limited Area Defense" Architecture Muon Space Unveils XL Satellite Platform, Announces Hubble Network as First Customer The Goddard 100 Student Contest Celebrating a Century of Rocketry - NSS Goddard 100 Contest T-Minus Crew Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Security Today
Cybersecurity Alerts: Black Hat Exposes AI and Firmware Vulnerabilities

Cyber Security Today

Play Episode Listen Later Aug 8, 2025 11:54 Transcription Available


In this episode, host Jim Love thanks listeners for their support of his book 'Elisa, A Tale of Quantum Kisses,' which is available for 99 cents on Kindle. The show then dives into pressing cybersecurity issues discussed at Black Hat USA, including vulnerabilities in AI assistants via prompt injection attacks, and critical flaws in Broadcom chips used by Dell laptops that can lead to stealth backdoors. Microsoft Exchange zero-day vulnerabilities actively being exploited are also covered, along with a listener report about a Canadian domain registrar's expired security certificate. The episode emphasizes the importance of keeping systems and software updated to mitigate these security risks. 00:00 Introduction and Book Promotion 00:58 Cybersecurity Headlines 01:25 AI Assistant Vulnerabilities 03:36 Broadcom Chip Flaws in Dell Laptops 06:10 Microsoft Exchange Zero-Day Exploits 08:18 Listener's Domain Registrar Experience 10:36 Show Wrap-Up and Listener Engagement

Business of Tech
Ransomware Attacks Surge, Google AI Vulnerabilities Exposed, and New Malware Analysis Tool Released

Business of Tech

Play Episode Listen Later Aug 7, 2025 19:33


Two sophisticated ransomware groups, Akira and Lynx, are increasingly targeting managed service providers (MSPs) and small businesses by exploiting stolen credentials and vulnerabilities. Together, they have compromised over 365 organizations, with Akira targeting major firms like Hitachi Vantara and Lynx focusing on critical infrastructure, including a CBS affiliate in Chattanooga, Tennessee. Both groups utilize double extortion tactics, combining file encryption with data theft to pressure victims into paying ransoms. This shift in tactics highlights the evolving threat landscape for MSPs and small businesses.In response to the growing cybersecurity threats, the U.S. Cybersecurity and Infrastructure Security Agency has released Thorium, an open-source platform designed for malware and forensic analysis. Thorium can automate tasks and process over 10 million files per hour, empowering IT professionals without in-house malware analysis capabilities to conduct effective preliminary analyses. This tool aims to enhance cybersecurity operations and better manage risks associated with complex malware threats.Additionally, SonicWall has issued a warning to its customers to disable SSL Virtual Private Network (VPN) services due to active ransomware attacks targeting its systems. Meanwhile, Google's AI-powered bug hunter, Big Sleep, has identified 20 security vulnerabilities in popular open-source software, raising concerns about the reliability of AI-generated bug reports. A newly discovered prompt injection vulnerability in Google's Gemini AI chatbot poses serious security risks, enabling attackers to craft convincing phishing campaigns without relying on links or attachments.The podcast also discusses the alarming rise in cybersecurity incidents, particularly social engineering attacks, which have tripled in the first half of 2025. A report from Level Blue indicates that social engineering now accounts for 39% of initial access incidents, with fake CAPTCHA schemes rising dramatically. Furthermore, the report highlights the risks associated with unauthorized AI tool usage, revealing that 97% of organizations lack adequate access controls, exposing sensitive data to potential threats. This underscores the need for organizations to strengthen their defenses and educate users on emerging threats. Four things to know today00:00 Attackers Up Their Game: Ransomware Hits MSPs, SonicWall Vulnerable, and Google's AI Found Exploitable05:53 Social Engineering Surges as Shadow AI Breaches Drive Up Cyber Costs and Risk Exposure08:35 Neglected Tech, Rising Risk: Email and Printers Still Expose Businesses to Modern Threats11:04 From Ransomware to Retirements: Vendor Shifts Reveal Risks and Realignment in the IT Channel This is the Business of Tech.     Supported by:  https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship https://getflexpoint.com/msp-radio/ Tell us about a newsletter! https://bit.ly/biztechnewsletter  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

The CyberWire
Chasing Silicon shadows.

The CyberWire

Play Episode Listen Later Aug 6, 2025 37:47


Two Chinese nationals are arrested for allegedly exporting sensitive Nvidia AI chips. A critical security flaw has been discovered in Microsoft's new NLWeb protocol. Vulnerabilities in Dell laptop firmware could let attackers bypass Windows logins and install malware. Trend Micro warns of an actively exploited remote code execution flaw in its endpoint security platform. Google confirms a data breach involving one of its Salesforce databases. A lack of MFA leaves a Canadian city on the hook for ransomware recovery costs. Nvidia's CSO denies the need for backdoors or kill switches in the company's GPUs. CISA flags multiple critical vulnerabilities in Tigo Energy's Cloud Connect Advanced (CCA) platform. DHS grants funding cuts off the MS-ISAC. Helicopter parenting officially hits the footwear aisle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity (CLTC) discussing her proposed nationwide roadmap to scale cyber defense for community organizations. Black Hat Women on the street Live from Black Hat USA 2025, it's a special “Women on the Street” segment with Halcyon's Cynthia Kaiser, SVP Ransomware Research Center, and CISO Stacey Cameron. Hear what's happening on the ground and what's top of mind in cybersecurity this year. Selected Reading Two Arrested in the US for Illegally Exporting Microchips Used in AI Applications to China (TechNadu) Microsoft's plan to fix the web with AI has already hit an embarrassing security flaw  (The Verge) ReVault flaws let hackers bypass Windows login on Dell laptops (Bleeping Computer) Trend Micro warns of Apex One zero-day exploited in attacks (Bleeping Computer) Google says hackers stole its customers' data in a breach of its Salesforce database (TechCrunch) Hamilton taxpayers on the hook for full $18.3M cyberattack repair bill after insurance claim denied (CP24) Nvidia rejects US demand for backdoors in AI chips (The Verge) Critical vulnerabilities reported in Tigo Energy Cloud connect advanced solar management platform (Beyond Machines) New state, local cyber grant rules prohibit spending on MS-ISAC (StateScoop) Skechers skewered for adding secret Apple AirTag compartment to kids' sneakers — have we reached peak obsessive parenting? (NY Post) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Security Headlines
Week in Review: Surveillance camera vulnerabilities, data sovereignty conundrum, French submarine cyberattack

Cyber Security Headlines

Play Episode Listen Later Aug 1, 2025 30:47


Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University – also check out Derek's substack. Thanks to our show sponsor, Dropzone AI Security teams everywhere are drowning in alerts. That's why companies like Zapier and CBTS turned to Dropzone AI—the leader in autonomous alert investigation. Their AI investigates everything, giving your analysts time back for real security work. No more 40-minute rabbit holes. If you're at BlackHat, find them in Startup City. Otherwise, check out their self-guided demo at dropzone.ai. This is how modern SOCs are scaling without burning out. All links and the video of this episode can be found on CISO Series.com    

Risk, Governance, and Cyber Compliance
Missed Vulnerabilities: How to Fix and Prevent Them in Future Assessments

Risk, Governance, and Cyber Compliance

Play Episode Listen Later Jul 31, 2025 8:00


Send us a textIt's a common, yet unsettling, scenario in cybersecurity risk assessment: discovering a crucial component was overlooked after an assessment is complete. The question often arises: "How do you handle missing risks in a risk assessment? What can you do in the situation, and how can you prevent this from happening again?"Let's unpack this compound query, focusing on mission-based cyber risk management and practical prevention strategies.Dr. B. 

Security Now (MP3)
SN 1036: Inside the SharePoint 0-day - Is Our Data Safe Anywhere?

Security Now (MP3)

Play Episode Listen Later Jul 30, 2025 178:21 Transcription Available


Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

All TWiT.tv Shows (MP3)
Security Now 1036: Inside the SharePoint 0-day

All TWiT.tv Shows (MP3)

Play Episode Listen Later Jul 30, 2025 178:21 Transcription Available


Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

Security Now (Video HD)
SN 1036: Inside the SharePoint 0-day - Is Our Data Safe Anywhere?

Security Now (Video HD)

Play Episode Listen Later Jul 30, 2025 178:21 Transcription Available


Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

Security Now (Video HI)
SN 1036: Inside the SharePoint 0-day - Is Our Data Safe Anywhere?

Security Now (Video HI)

Play Episode Listen Later Jul 30, 2025 178:21 Transcription Available


Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

Citadel Dispatch
CD171: CALLE - BITCHAT AND CASHU

Citadel Dispatch

Play Episode Listen Later Jul 30, 2025 112:24 Transcription Available


Calle is the creator and lead maintainer of the Cashu open source protocol. Cashu enables users to easily use bitcoin in a private, offline, and programmable way. Calle is also the maintainer of Bitchat android, a cross platform meshnet app that enables users to chat and send bitcoin without an internet connection.Calle on Nostr: https://primal.net/calleCalle on X: https://x.com/callebtcBitchat: https://bitchat.free/Cashu: https://cashu.space/AOS: https://andotherstuff.org/EPISODE: 171BLOCK: 907832PRICE: 847 sats per dollar(00:00:00) Bloomberg Intro(00:02:47) Happy Bitcoin Wednesday(00:06:42) Bitchat: Concept and Development(00:15:25) Mesh Networks(00:23:01) Real-World Applications of Mesh Networks(00:29:39) Challenges and Vulnerabilities of Mesh Networks(00:37:14) Adoption Challenges for Mesh Technology(00:44:07) Integrating Cashu with Bitchat(00:52:50) Offline Payments and Privacy with Cashu(01:06:14) Vibe Coding and Development Process(01:25:48) Future of Bitchat and Open Source Funding(01:34:44) Sustainability in Open Source Projects(01:47:00) Final Thoughts and Call to ActionVideo: https://primal.net/e/nevent1qqs2evgxy64mhhr3mw7ywtattah0sw3c8dv2hg7tjdryfnc9xghc54gr90q3nmore info on the show: https://citadeldispatch.comlearn more about me: https://odell.xyz

Radio Leo (Audio)
Security Now 1036: Inside the SharePoint 0-day

Radio Leo (Audio)

Play Episode Listen Later Jul 30, 2025 178:21 Transcription Available


Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

Security Now (Video LO)
SN 1036: Inside the SharePoint 0-day - Is Our Data Safe Anywhere?

Security Now (Video LO)

Play Episode Listen Later Jul 30, 2025 178:21 Transcription Available


Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

All TWiT.tv Shows (Video LO)
Security Now 1036: Inside the SharePoint 0-day

All TWiT.tv Shows (Video LO)

Play Episode Listen Later Jul 30, 2025 178:21 Transcription Available


Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

Radio Leo (Video HD)
Security Now 1036: Inside the SharePoint 0-day

Radio Leo (Video HD)

Play Episode Listen Later Jul 30, 2025 178:21 Transcription Available


Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

The Gate 15 Podcast Channel
Weekly Security Sprint EP 120. Active Shooters, Bystanders, and exploiting Vulnerabilities

The Gate 15 Podcast Channel

Play Episode Listen Later Jul 29, 2025 15:08


On this week's Security Sprint, Dave is solo and talked about the following topics.Warm Opening.Check out the blogs on the Gate 15 website including the recent one on network segmentation (www.gate15.global). https://gate15.global/digital-firebreaks/Main Topics.NYC active shooter incident. https://www.nbcnews.com/news/us-news/nyc-shooting-suspect-shane-devon-temura-what-know-rcna221638Walmart incident and bystanders. https://www.nbcnews.com/news/us-news/walmart-stabbings-michigan-traverse-city-suspect-terrorism-what-know-rcna221445CISA Active Shooter resources: https://www.cisa.gov/topics/physical-security/active-shooter-preparednessChinese ‘Fire Ant' spies start to bite unpatched VMware instances. https://www.csoonline.com/article/4029545/chinese-fire-ant-spies-start-to-bite-unpatched-vmware-instances.htmlSygnia Uncovers Active Chinese-Nexus Threat Actor Targeting Critical Infrastructure. https://www.sygnia.co/press-release/sygnia-uncovers-chinese-threat-targeting-critical-infrastructure/

@BEERISAC: CPS/ICS Security Podcast Playlist
Dan Berte on Solar Grid and IoT Vulnerabilities

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jul 29, 2025 32:21


Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Dan Berte on Solar Grid and IoT VulnerabilitiesPub date: 2025-07-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDan Berte, director of IoT security at Bitdefender, joins the Nexus Podcast to join his team's ongoing research into the security of solar grid inverters and three serious vulnerabilities uncovered in the popular Deye Solarman management platform.Dan discusses his team's research, the disclosure process, and the implications on green energy initiatives overall. With the growing popularity of these platforms, Berte cautions that attackers are going to continue to analyze their security for weaknesses and attempt to exploit them. Listen to the Nexus Podcast on your favorite podcast platform. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Aperture: A Claroty Podcast
Dan Berte on Solar Grid and IoT Vulnerabilities

Aperture: A Claroty Podcast

Play Episode Listen Later Jul 28, 2025 32:21


Dan Berte, director of IoT security at Bitdefender, joins the Nexus Podcast to join his team's ongoing research into the security of solar grid inverters and three serious vulnerabilities uncovered in the popular Deye Solarman management platform.Dan discusses his team's research, the disclosure process, and the implications on green energy initiatives overall. With the growing popularity of these platforms, Berte cautions that attackers are going to continue to analyze their security for weaknesses and attempt to exploit them. Listen to the Nexus Podcast on your favorite podcast platform. 

AVWeek - MP3 Edition
Vulnerabilities Found in Microsoft's Sharepoint | AVWeek 727

AVWeek - MP3 Edition

Play Episode Listen Later Jul 28, 2025 32:59


From the rise of enterprise-grade networking to the complexities of command center interoperability, the AV world is evolving at lightning speed. And with new cybersecurity threats looming, how can companies protect themselves?In this episode of AVWeek, Patrick Norton steps in as guest host, joined by top industry guests to explore the importance of robust networks in commercial AV, the growing role of IP in command centers, and how businesses can safeguard themselves against the latest Microsoft SharePoint vulnerabilities.Host: Patrick NortonGuests:Jennifer Weaver – Jennifer on LinkedInDanny Hayasaka – Danny on LinkedInSamantha Potter – Samantha on LinkedInThis Week In AV:AV Magazine – Tomorrowland Stage ReconstructionSCN – Panasonic's Deal with ORIX Falls ThroughAVNation – Registration Opens for CEDIA Expo/Commercial Integrator ExpoThe Verge – Google Killing their Short LinksRoundtable Topics:Commercial Integrator – Networks in Enterprise-Grade ProjectsAV Network – Interoperability for Command & Control SpacesThe Verge – Vulnerability Found in Microsoft SharepointSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Security Now (MP3)
SN 1035: Cloudflare's 1.1.1.1 Outage - Bypassing Passkey Protections

Security Now (MP3)

Play Episode Listen Later Jul 23, 2025 168:02


Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit

All TWiT.tv Shows (MP3)
Security Now 1035: Cloudflare's 1.1.1.1 Outage

All TWiT.tv Shows (MP3)

Play Episode Listen Later Jul 23, 2025 168:02


Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit

Security Now (Video HD)
SN 1035: Cloudflare's 1.1.1.1 Outage - Bypassing Passkey Protections

Security Now (Video HD)

Play Episode Listen Later Jul 23, 2025 168:02


Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit

Security Now (Video HI)
SN 1035: Cloudflare's 1.1.1.1 Outage - Bypassing Passkey Protections

Security Now (Video HI)

Play Episode Listen Later Jul 23, 2025 168:02


Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit

Radio Leo (Audio)
Security Now 1035: Cloudflare's 1.1.1.1 Outage

Radio Leo (Audio)

Play Episode Listen Later Jul 23, 2025 168:02


Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit

Security Now (Video LO)
SN 1035: Cloudflare's 1.1.1.1 Outage - Bypassing Passkey Protections

Security Now (Video LO)

Play Episode Listen Later Jul 23, 2025 168:02


Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit

All TWiT.tv Shows (Video LO)
Security Now 1035: Cloudflare's 1.1.1.1 Outage

All TWiT.tv Shows (Video LO)

Play Episode Listen Later Jul 23, 2025 168:02 Transcription Available


Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit

Blue Security
Power grid vulnerabilities, To Catch a Thief, AI Bug Hunter

Blue Security

Play Episode Listen Later Jul 22, 2025 43:05


SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam discuss the vulnerabilities in solar technology, particularly focusing on smart inverters and their implications for power grids. They delve into the cybersecurity landscape, emphasizing China's role in technology transfer and its impact on national security. The conversation shifts to the potential of AI in cybersecurity, highlighting its ability to discover vulnerabilities and anomalies, and how it can enhance security operations. The episode concludes with a positive outlook on the integration of AI in cybersecurity practices.----------------------------------------------------YouTube Video Link: https://youtu.be/u3TfSpw10Qc----------------------------------------------------Documentation:https://www.newscientist.com/article/2487089-cyberattacks-could-exploit-home-solar-panels-to-disrupt-power-grids/https://open.spotify.com/show/1xFnf1ReS81p79TtR7f6vj?si=4d4ea5acc39c4bcehttps://www.pcmag.com/news/this-ai-is-outranking-humans-as-a-top-software-bug-hunter----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

ASCO Guidelines Podcast Series
Oncology Medical Homes: ASCO-COA Standards Update

ASCO Guidelines Podcast Series

Play Episode Listen Later Jul 21, 2025 16:11


Ms. Kim Woofter and Dr. John Cox discuss the latest updates to the evidence-based standards on oncology medical homes developed by ASCO and COA. These standards serve as the basis for the ASCO Certified program. They share the new and revised standards around topics including the culture of safety and just culture in oncology practice, geriatric assessment and geriatric assessment-guided management, and multidisciplinary team management. They expand on the importance of these standards for clinicians and oncology practices to ensure every patient receives optimal care. Read the complete standards, “Oncology Medical Homes: ASCO-Community Oncology Alliance Standards Update” at www.asco.org/standards. TRANSCRIPT These standards, clinical tools, and resources are available at www.asco.org/standards. Read the full text of the guideline and review authors' disclosures of potential conflicts of interest in the JCO Oncology Practice, https://ascopubs.org/doi/10.1200/OP-25-00498 Brittany Harvey: Hello and welcome to the ASCO Guidelines podcast, one of ASCO's podcasts delivering timely information to keep you up to date on the latest changes, challenges, and advances in oncology. You can find all the shows, including this one, at asco.org/podcasts. My name is Brittany Harvey, and today I'm interviewing Ms. Kim Woofter, a registered nurse in practice leadership and administration from AC3 Inc in South Bend, Indiana, and Dr. John Cox, a medical oncologist and adjunct faculty member from UT Southwestern Medical Center in Dallas, Texas, co-chairs on "Oncology Medical Homes, American Society of Clinical Oncology – Community Oncology Alliance Standards." Thank you for being here today, Ms. Woofter and Dr. Cox. Dr. John Cox: You bet. Ms. Kim Woofter: Thank you. Brittany Harvey: And then before we discuss these standards, I'd just like to note that ASCO takes great care in the development of its standards and ensuring that the ASCO Conflict of Interest Policy is followed for each guidance product. The disclosures of potential conflicts of interest for the expert panel, including Dr. Cox and Ms. Woofter, who have joined us here today, are available online with the publication of the standards in JCO Oncology Practice, which is linked in the show notes. So then, to dive into what we're here today to talk about, Dr. Cox, could you start us off by explaining what prompted an update to these ASCO-COA standards and what the scope of this update is? Dr. John Cox: Well, the ASCO-COA standards relative to defining and outlining Oncology Medical Home were initially published four or five years ago. At the time, we planned a regular update of the standards. So, in essence, this is a planned update. The whole program is built on the idea of continuous improvement. So, this update and future updates are prompted and defined by our literature, our science, the science of care delivery, and new developments and insights gained from studies and evaluations of care delivery methods, and informed by the practice. These standards are in place to underpin a program of care delivery by ASCO, the ASCO Certified, and as practices engage in this program, we are learning from them. The whole idea is to enlarge and improve how patients are cared for in practice. Brittany Harvey: Absolutely. It's great to have this iterative process to continue to review the evidence and update these standards that form the basis for ASCO Certified. So then, following that background, Ms. Woofter, I'd like to review the key points of the revised standards for our listeners. First, how do the revised standards address the culture of safety and just culture in oncology practice? Ms. Kim Woofter: I think safety is of utmost importance to all of us. So let me say that first and foremost. And what we know in oncology is our QOPI standards already address safety in the infusion suite process. So, safe delivery of chemotherapy agents and antineoplastics. It also talked about near misses and medication errors - absolutely essential, for sure. But what we need to do is look at a more systemic approach to safety because we know is processes throughout an organization they'll often cause you trouble. To do that, we know you need what we call a just culture, which is a very common term in today's workplace. But what it really means is it's a culture of open reporting of any potential for error, any potential for malfunction, and it can be in any place in the organization. So, what we are doing in our new standard is to say, look at your entire processes throughout the organization, and approach that in an open-minded way so that people don't feel scared to report things, and it's a really positive approach to intervening early and making sure that errors don't occur anywhere in the workplace. Brittany Harvey: Taking that systemic approach to look at overarching processes seems really key to ensuring safety in oncology practices. So then, the next new section, Dr. Cox, what are the new OMH standards surrounding geriatric assessment and geriatric assessment–guided management? Dr. John Cox: This is a challenging update for our standards. As many folks in practice recognize, there is a deep literature on recognizing the geriatric population in oncology. Geriatric - those in my age group over age 60, 65 - make up the majority of cancer patients in this country. And yet, there are many aspects that should be taken into account as you address treatment decisions in this population. ASCO's recognized this. There has been a guideline previously on geriatric assessment. It's been updated, and we really felt it's time that it be incorporated in any iteration of what oncology care delivery means, so, within the oncology medical home standards. In short, what the standard outlines is that practices that are using these standards, that are using this benchmark, should have a geriatric assessment for patients within the practice care and use that information to guide management. Now, the standard allows wide exploration of how practices meet this standard, but it really puts on the table that if an oncology practice in the United States, or anywhere in the world really, is adhering to a good practice, that they're going to include and recognize these assessments in practice. Ms. Kim Woofter: I would like to add that this is a highly discussed and reviewed standard. Many of our community practices were concerned that they would have the time and manpower to perform this assessment. We all know it reduces toxicities if done appropriately at treatment planning, and so the outcomes are better. And we really left it to the practices to define how they're going to implement it, understanding that it will evolve to every single patient, but maybe day one, it was a step approach to be able to implement. So, I was really proud of the team that - the expert panel - that said, okay, let's step into this, but we do think it's essential. Brittany Harvey: Absolutely. It's important to recognize that practices may have limited resources and time, and implementing it in the way that makes sense for them allows this to be a standard that can be used in practice. And it's great to have this geriatric assessment guideline integrated into these standards to improve care delivery. And we can provide a link to that guideline in the show notes of this episode as well (Practical Assessment and Management of Vulnerabilities in Older Patients Receiving Systemic Cancer Therapy: ASCO Guideline Update). So then, following that section of the standards, Ms. Woofter, how do the updated standards now address multidisciplinary team management? Ms. Kim Woofter: Well, we address multidisciplinary team management in a more comprehensive way in the updated standard. We always thought that that was a critical piece when doing treatment planning, and we kind of highlighted it in a bigger way, understanding that not everybody has the same resources available at the time of treatment planning. And again, this was a much-discussed standard, in that that multidisciplinary team approach doesn't necessarily have to be in a tumor board or a prospective analysis of every case. It is actually a conversation between specialists, between the surgeon and pathologist and the medical oncologist. And we are saying, do what works for you, but we know that that team approach, every specialty coming to the table at time of treatment planning, truly provides better outcomes for our patients. And so we kind of reiterated that, understanding that again, it doesn't have to be a formal tumor board, but it has to be a dialogue between specialties. And we highlighted that again in the new standard. Brittany Harvey: Open communication of all team members is really critical to providing optimal care. Dr. Cox, I'd like to ask you, in your view, how will these updated standards impact both clinicians and oncology practices? Dr. John Cox: Well, our whole goal with discussing a comprehensive care model for oncology practice is to have a benchmark, to have an iteration of what good oncology care delivery looks like. So, our hope is that practices, all practices, whether you're participating formally in ASCO Certified, the marquee quality program for ASCO, or if you are simply running a practice or a team within an academic environment or institutional environment, these standards are to apply across the board wherever oncology is practiced - that you can look at these standards as a benchmark and compare what you are doing in your practice and where are the gaps. So ideally, we drive improved care across the board. You know, one thing I've learned over the last couple of years as ASCO Certified is getting spun up and using and implementing these standards, is practices are remarkably innovative. We've learned a lot by seeing how pilot practices have met the standards, and that's gone into informing how we can improve care delivery for all of our practices and, importantly, for the team members who are delivering this care. The fourth rail of burnout and the like is inefficiency that occurs in practice. And when you know you've got a good, spun-up, effective team, less burnout, less stress for practice. I hope clinicians and oncology practices will use this to help drive improvements in their care and gain insight into how they can approach practice problems in a better way. Kim, you've been leading practices. I have to ask you, your thoughts in leaning into this question. Ms. Kim Woofter: I think very well said, I will say that first. And what I love about this is for practice leaders who are new to our ecosystem, if you will, they need a playbook. It's “Where do I begin?” And Dr. Cox said it very well, no one does everything perfectly day one, but it's a step-by-step self-assessment approach to say, “How do I get to this gold standard?” I really love the standards because they are very comprehensive, everything from treatment planning to end of life. So it's the spectrum of the care we deliver in the oncology setting. So as a leader and an administrator, it is the standard I want all of my departments to understand, adhere to, and engage, and be excited about. We now have a baseline approach, and what's even more important, these standards will evolve as our intelligence evolves, as literature evolves. It's a system that will always grow and change, and that's what we love about it. It's not a one-and-done. So, I'm very proud of the fact that it gives them a road map. Brittany Harvey: Yes, these evidence-based standards provide a critical foundation for practices in ASCO Certified, for those team members you mentioned, and for quality improvement beyond just those individuals and practices as well. So then finally, to wrap us up, Ms. Woofter, what do these revised standards mean for patients receiving cancer treatment? Ms. Kim Woofter: Well, I think that's the most exciting part, is we all do this for our patients and the best outcomes for our patients and the best treatment plans for our patients and their families. And these standards, that is their core, their absolute core. So what it's going to do for a patient is they can say, “Am I at a practice that implements ASCO standards?” And if that is a ‘yes', there's a confidence that, “I am in an evidence-based medicine thinking practice, I have a team around me, they will care for me not only at time of treatment planning but at the time of end of life, they will help me be part of that decision-making, and they will give me resources available to me in my community.” So, it is a true comprehensive approach. As a patient, I have that comfort, that it is bigger than just a great doctor. It is a great team. As a patient, that would be very important to me and important to my family. That being said, Kim Woofter would love every practice to be ASCO Certified. Understanding that that isn't feasible day one, just to know that the practice is implementing and engaging the standards is the great place to start. Every patient can't go to an ASCO Certified practice day one, but our dream would be that everyone would adhere to those standards, engage those standards, believe them, educate their staff on what they mean, so that patient outcomes and satisfaction will be optimized for everyone. The other piece to this that we all know is if you give evidence-based medicine, cost-effective, efficient care, it's better for the system as a whole. And I'm not saying that insurance is our driver - certainly patient outcomes are our driver - but the whole ecosystem of oncology benefits when you do the right thing. Dr. John Cox: It's hard to add anything to Kim's good statements, but I just highlight that this whole area began with the patient-centered medical home, and every time we've met, patients and how we deliver care to patients is top of mind. I think that reflects our community. It reflects oncology as a whole. I don't know any oncologist or practice that is focused on anything else as the prime goal. Brittany Harvey: That's what I was just going to say. The ultimate goal here is to provide patient-centered care across where every single patient is receiving treatment and at every stage of that treatment. So, I want to thank you both so much for your work to update these standards, to review the evidence, and discuss with the experts on the panel to come up with the solutions that will help drive quality improvement across care delivery. So, thank you for that, and thank you for your time today, Dr. Cox and Ms. Woofter. And finally, thank you to all of our listeners for tuning in to the ASCO Guidelines podcast. To read the complete standards, go to www.asco.org/standards. You can also find many of our standards and interactive resources in the free ASCO Guidelines app, which is available on the Apple App Store or the Google Play Store. If you have enjoyed what you've heard today, please rate and review the podcast, and be sure to subscribe so you never miss an episode. The purpose of this podcast is to educate and to inform. This is not a substitute for professional medical care and is not intended for use in the diagnosis or treatment of individual conditions. Guests on this podcast express their own opinions, experience, and conclusions. Guest statements on the podcast do not express the opinions of ASCO. The mention of any product, service, organization, activity, or therapy should not be construed as an ASCO endorsement.

Cyber Security Today
Cybersecurity Today: GPU Vulnerabilities, Microsoft's Security Overhaul, and Major Flaws in Automotive Bluetooth

Cyber Security Today

Play Episode Listen Later Jul 16, 2025 13:08 Transcription Available


In this episode hosted by Jim Love, 'Cybersecurity Today' celebrates its recognition as number 10 on the Feed Spot list of Canadian News Podcasts and approaches a milestone of 10 million downloads. Key topics include new research identifying Nvidia GPUs as vulnerable to Rowhammer style attacks, Microsoft's significant security improvements in Microsoft 365, a critical Bluetooth vulnerability affecting 350 million cars, and a data exposure incident involving the Fredericton Police. Additionally, the official 'Elmo' account on X was hacked to post offensive content, emphasizing security gaps in high-profile social media accounts. For detailed information, visit technewsday.com or .ca. 00:00 Introduction and Milestones 00:52 Nvidia's Rowhammer Vulnerability 03:39 Microsoft's Security Overhaul 05:45 PerfektBlue Bluetooth Flaw 08:09 Police Data Leak Incident 10:12 Elmo's Twitter Account Hacked 12:43 Conclusion and Thanks

Business of Tech
Critical Vulnerabilities in Kaseya and McDonald's Chatbot Highlight MSP Security Risks

Business of Tech

Play Episode Listen Later Jul 14, 2025 12:26


A recent report by Auvik reveals significant challenges faced by managed service providers (MSPs), highlighting issues such as tool sprawl, burnout among IT professionals, and the increasing reliance on IT generalists. The report indicates that 50% of MSPs use over ten tools to manage client networks, with many professionals experiencing high levels of stress and burnout. The ongoing retirement of baby boomers in the IT sector exacerbates these issues, leading to a demand for specialists who can assist generalists in navigating the complexities of technology. Key areas of interest for IT professionals include cybersecurity planning and cloud computing, as they seek to enhance productivity and user experience.In addition to the challenges faced by MSPs, two significant cybersecurity incidents have come to light. Kaseya's Network Detective tool was found to have critical vulnerabilities that could expose sensitive data across managed environments. Similarly, a flaw in McDonald's chatbot job application platform compromised the personal information of over 64 million applicants due to weak security measures. These incidents underscore the importance of robust vendor security practices, as clients often hold their MSPs accountable for data breaches, regardless of the source.The podcast also discusses the ongoing struggle for right-to-repair legislation, which has seen limited enforcement despite public support. A report indicates that many products lack accessible repair materials, and manufacturers continue to resist changes that would facilitate repairs. This situation presents an opportunity for service firms to incorporate repairability into their procurement strategies and asset management services, aligning with client values around sustainability and cost control.Finally, Sonomi has launched new tools aimed at enhancing business impact analysis and continuity planning for cybersecurity professionals. These tools are designed to help MSPs communicate the business value of cybersecurity to leadership, shifting the perception of security from a cost center to a value driver. The success of these initiatives will depend on MSPs' ability to integrate these features into their service delivery, ultimately positioning them as strategic partners who understand both technology and business needs. Four things to know today 00:00 Auvik Report Warns MSPs of Tool Sprawl, Talent Drain, and Rising Burnout04:10 Kaseya and McDonald's Incidents Reveal Fragile Trust in Vendor Security Practices07:01 Manufacturers Withhold Parts, Manuals Despite State-Level Repair Rights Legislation08:40 Cynomi Adds Business Impact and Continuity Planning Tools to Help MSPs Drive Strategic Outcomes This is the Business of Tech.    Supported by: https://getflexpoint.com/msp-radio/ ThreatDown Webinar:  https://bit.ly/threatdown  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Cyber Security Today
Urgent Cyber Threats: Citrix Exploit, Fortinet RCE, and AI Vulnerabilities

Cyber Security Today

Play Episode Listen Later Jul 14, 2025 17:48 Transcription Available


In this episode of 'Cybersecurity Today,' hosted by David Shipley from the Exchange Security 2025 conference, urgent updates are provided on critical cybersecurity vulnerabilities and threats. CISA mandates a 24-hour patch for Citrix NetScaler due to a severe vulnerability actively being exploited, dubbed 'Citrix Bleed.' Fortinet's FortiWeb also faces a critical pre-auth remote code execution flaw that demands immediate patching. Additionally, significant vulnerabilities in AI-driven developments are highlighted, including shortcomings in Jack Dorsey's BitChat app and a method to extract Windows keys from ChatGPT-4. The episode emphasizes the importance of timely updates, robust security measures, and the potential risks involved with AI-generated code. 00:00 Introduction and Overview 00:35 Urgent Citrix Vulnerability Alert 03:26 Fortinet FortiWeb Exploit Details 06:23 Ingram Micro Ransomware Recovery 09:26 AI Coding and Security Risks 14:03 ChatGPT Security Flaw Exposed 17:20 Conclusion and Contact Information

The John Batchelor Show
PREVIEW US ELECTRIC GRID: Colleague Jack Burnham of FDD reports recent revelation that Chinese scholars have published hundreds of articles identifying vulnerabilities in the US electric grid. More.

The John Batchelor Show

Play Episode Listen Later Jul 1, 2025 1:50


PREVIEW US ELECTRIC GRID: Colleague Jack Burnham of FDD reports recent revelation that Chinese scholars have published hundreds of articles identifying vulnerabilities in the US electric grid. More. 1940 WUHAN UNIVERSITY

Security Now (MP3)
SN 1030: Internet Foreground Radiation - The NPM Repository is Under Siege

Security Now (MP3)

Play Episode Listen Later Jun 18, 2025 168:29


An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow