The inability of an entity to withstand the adverse effects of a hostile or uncertain environment
POPULARITY
Categories
In this episode of the Logistics & Leadership Podcast, Brian Hastings sits down with Jimmy Menges—National Director and freight crime investigator—to expose the hidden world of cargo theft and the organized crime rings fueling it.Jimmy pulls back the curtain on how scammers hijack legitimate operations, the loopholes they exploit, and what really happens in the first 48 hours after a load vanishes. From forged documents to fake drivers, and warehouse accomplices to massive multi-million dollar heists, this episode reveals the high-stakes reality most brokers and carriers aren't prepared for.Whether you're a freight broker, a carrier rep, or a shipper trying to protect your freight, this episode is packed with tactical insight, investigative war stories, and hard-won lessons that could save your business.The Logistics & Leadership Podcast, powered by Veritas Logistics, redefines logistics and personal growth. Hosted by industry veterans and supply chain leaders Brian Hastings and Justin Maines, it shares their journey from humble beginnings to a $50 million company. Discover invaluable lessons in logistics, mental toughness, and embracing the entrepreneurial spirit. The show delves into personal and professional development, routine, and the power of betting on oneself. From inspiring stories to practical insights, this podcast is a must for aspiring entrepreneurs, logistics professionals, and anyone seeking to push limits and achieve success.Timestamps:(00:02) – The Nature of the Job(04:33) – The Landscape of Cargo Theft in California(09:29) – Freight Brokerage Challenges & Vulnerabilities(16:20) – How Load Scams Are Investigated(19:04) – Inside the Warehouse Incident(26:46) – The Business Impact of Cargo Theft(34:15) – How to Spot & Fight Industry Scams(36:01) – Navigating Fraud as a Freight Broker(41:33) – Reducing Risk in Freight ShippingConnect with Jimmy Menges:LinkedIn: https://www.linkedin.com/in/jimmy-menges-4a95a4a6Connect with us! ▶️ Website | LinkedIn | Brian's LinkedIn | Justin's LinkedIn▶️ Get our newsletter for more logistics insights▶️ Send us your questions!! ask@go-veritas.comWatch the pod on: YouTube
402-521-3080In this conversation, Stephanie Olson and Rebecca Saunders delve into the myths surrounding human trafficking, discussing common misconceptions, the realities of traffickers and their victims, and the importance of community awareness and education. They emphasize the need to understand the complexities of trafficking, including the vulnerabilities that make individuals susceptible to exploitation, the dehumanization involved, and the challenges faced during recovery. The discussion also touches on the role of media and immigration in shaping perceptions of trafficking, advocating for a more informed and compassionate approach to prevention and support.TakeawaysHuman traffickers often target individuals they know.Trafficking is not just about kidnapping; it involves manipulation and grooming.Vulnerabilities can make anyone a target for trafficking.Dehumanization is a key factor in trafficking and exploitation.Rescue is not a simple solution; recovery is complex and ongoing.Traffickers can be male or female, and often work in couples.Media representations of trafficking can perpetuate myths.Community education is crucial for prevention and awareness.Trafficking can affect individuals of all ages and backgrounds.Everyone has intrinsic value, regardless of their circumstances.Sound Bites"Human traffickers will target people.""Traffickers go after the vulnerable.""The reality is that trauma is ongoing."Chapters00:00 Introduction to Human Trafficking Myths02:58 Debunking Common Myths05:41 Understanding the Grooming Process08:41 The Reality of Trafficking Targets11:41 The Role of Traffickers14:23 The Intrinsic Value of All Humans17:23 The Complexity of Trafficking Dynamics26:23 The Role of Children in Trafficking27:10 Immigration and Human Trafficking28:18 The Misconception of Border Control30:17 Vulnerabilities of Immigrants32:05 The Human Aspect of Trafficking34:26 Dehumanization in Society35:59 The Complexity of Rescue38:12 Understanding Trauma in Survivors39:59 The Reality of Recovery42:12 Emotional Isolation and Trust Issues44:23 Vulnerabilities and Scams47:24 Protecting Ourselves and Our Communities49:47 Education and Community EngagementSupport the showEveryone has resilience, but what does that mean, and how do we use it in life and leadership? Join Stephanie Olson, an expert in resiliency and trauma, every week as she talks to other experts living lives of resilience. Stephanie also shares her own stories of addictions, disordered eating, domestic and sexual violence, abandonment, and trauma, and shares the everyday struggles and joys of everyday life. As a wife, mom, and CEO she gives commentaries and, sometimes, a few rants to shed light on what makes a person resilient. So, if you have experienced adversity in life in any way and want to learn how to better lead your family, your workplace, and, well, your life, this podcast is for you!https://setmefreeproject.net https://www.stephanieolson.com/
PREVIEW US ELECTRIC GRID: Colleague Jack Burnham of FDD reports recent revelation that Chinese scholars have published hundreds of articles identifying vulnerabilities in the US electric grid. More. 1940 WUHAN UNIVERSITY
In this thought-provoking episode of Project Synapse, host Jim and his friends Marcel Gagne and John Pinard delve into the complexities of artificial intelligence, especially in the context of cybersecurity. The discussion kicks off by revisiting a blog post by Sam Altman about reaching a 'Gentle Singularity' in AI development, where the progress towards artificial superintelligence seems inevitable. They explore the idea of AI surpassing human intelligence and the implications of machines learning to write their own code. Throughout their engaging conversation, they emphasize the need to integrate security into AI systems from the start, rather than as an afterthought, citing recent vulnerabilities like Echo Leak and Microsoft Copilot's Zero Click vulnerability. Derailing into stories from the past and pondering philosophical questions, they wrap up by urging for a balanced approach where speed and thoughtful planning coexist, and to prioritize human welfare in technological advancements. This episode serves as a captivating blend of storytelling, technical insights, and ethical debates. 00:00 Introduction to Project Synapse 00:38 AI Vulnerabilities and Cybersecurity Concerns 02:22 The Gentle Singularity and AI Evolution 04:54 Human and AI Intelligence: A Comparison 07:05 AI Hallucinations and Emotional Intelligence 12:10 The Future of AI and Its Limitations 27:53 Security Flaws in AI Systems 30:20 The Need for Robust AI Security 32:22 The Ubiquity of AI in Modern Society 32:49 Understanding Neural Networks and Model Security 34:11 Challenges in AI Security and Human Behavior 36:45 The Evolution of Steganography and Prompt Injection 39:28 AI in Automation and Manufacturing 40:49 Crime as a Business and Security Implications 42:49 Balancing Speed and Security in AI Development 53:08 Corporate Responsibility and Ethical Considerations 57:31 The Future of AI and Human Values
In this episode of 'Cybersecurity Today,' host Jim Love discusses several alarming cybersecurity developments. A recent Washington Post breach raises critical questions about Microsoft 365's enterprise security as foreign government hackers compromised the email accounts of journalists. Additionally, a critical Linux flaw allows attackers to gain root access, making millions of systems vulnerable. Upgraded Godfather malware now creates virtual banking apps on infected Android devices to steal credentials in real-time. Moreover, a record-breaking data breach has exposed 16 billion logins, including Apple accounts, underscoring the fundamental flaws of password-based security. Finally, the episode addresses the systemic vulnerabilities of SMS-based two-factor authentication, advocating for a transition to app-based or hardware key solutions. 00:00 Introduction and Major Headlines 00:24 Microsoft 365 Security Breach 03:19 Critical Linux Vulnerabilities 05:59 Godfather Malware Evolution 08:18 Massive Data Breach Exposed 11:30 The Fall of SMS Two-Factor Authentication 13:21 Conclusion and Final Thoughts
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
Ian Riopel is the CEO and Co-founder of Root, applying agentic AI to fix vulnerabilities instantly. A US Army veteran and former Counterintelligence Agent, he's held roles at Cisco, CloudLock, and Rapid7. Ian brings military-grade security expertise to software supply chains. John Amaral is the CTO and Co-founder of Root. Previously, he scaled Cisco Cloud Security to $500M in revenue and led CloudLock to a $300M acquisition. With five exits behind him, John specializes in building cybersecurity startups with strong technical vision. In this episode… Patching software vulnerabilities remains one of the biggest security challenges for many organizations. Security teams are often stretched thin as they try to keep up with vulnerabilities that can quickly be exploited. Open-source components and containerized deployments add even more complexity, especially when updates risk breaking production systems. As compliance requirements tighten and the volume of vulnerabilities grows, how can businesses eliminate software security risks without sacrificing productivity? Companies like Root are transforming how organizations approach software vulnerability remediation by applying agentic AI to streamline their approach. Rather than relying on engineers to triage and prioritize thousands of issues, Root's AI-driven platform scans container images, applies safe patches where available, and generates custom patches for outdated components that lack official fixes. Root's AI automation resolves approximately 95% or more vulnerabilities without breaking production systems, allowing organizations to meet compliance requirements while developers stay focused on building and delivering software. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Ian Riopel and John Amaral, Co-founders of Root, about how AI streamlines software vulnerability detection. Together, they explain how Root's agentic AI platform uses specialized agents to automate patching while maintaining software stability. John and Ian also discuss how regulations and compliance pressures are driving the need for faster remediation, and how Root differs from threat detection solutions. They also explain how AI can reduce security workloads without replacing human expertise.
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
Send us a textToday's episode offers a comprehensive overview of Cyber Threat Exposure Management (CTEM), defining it as a proactive framework for continuously evaluating digital and physical asset accessibility, exposure, and exploitability. It clarifies foundational cybersecurity concepts such as vulnerabilities, attack surface, threats, and impact, explaining how their interplay creates exposure. The speaker categorizes various types of exposure, from internet-facing systems to data leakage and phishing susceptibility, emphasizing the expanding attack surface due to interconnected IT infrastructure. Furthermore, the discussion elaborates on exposure management processes and related technologies, including vulnerability scanning, patch management, penetration testing, breach and attack simulation, and external attack surface management, alongside an explanation of how these tools are evolving to support a more unified CTEM approach. Finally, the transcript explores how Artificial Intelligence (AI) is enhancing CTEM through automated discovery, smarter prioritization, intelligent remediation, and enhanced automation.Support the showGoogle Drive link for Podcast content:https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnkoMy Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/Youtube Channnel : https://www.youtube.com/@TheCybermanShow Twitter handle https://twitter.com/prashant_cyber PS: The views are my own and dont reflect any views from my employer.
In this episode of Cybersecurity Today, host Jim Love discusses critical AI-related security issues, such as the Echo Leak vulnerability in Microsoft's AI, MCP's universal integration risks, and Meta's privacy violations in Europe. The episode also explores the dangers of internet-exposed cameras as discovered by BitSight, highlighting the urgent need for enhanced AI security and the legal repercussions for companies like Meta. 00:00 Introduction to AI Security Issues 00:24 Echo Leak: The Zero-Click AI Vulnerability 03:17 MCP Protocol: Universal Interface, Universal Vulnerabilities 07:01 Meta's Privacy Scandal: Local Host Tracking 10:11 The Peep Show: Internet-Connected Cameras Exposed 12:08 Conclusion and Call to Action
This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878
Drex covers three critical cybersecurity incidents: dual cyber attacks affecting healthcare systems in Lewiston, Maine; an AT&T database breach exposing 86 million records with decrypted sensitive data; and concerning backup management issues at login.gov that could impact government service access. The episode concludes with a practical reminder to test backup systems regularly.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer
Reviewing the Sabine Hossenfelder’s video, “AI is becoming dangerous. Are we ready?”
This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878
This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Show Notes: https://securityweekly.com/psw-878
The Spring 2025 issue of AI Cyber Magazine details some of 2024's major AI security vulnerabilities and sheds light on the funding landscape. Confidence Staveley, Africa's most celebrated female cybersecurity leader, is the founder of the Cybersafe Foundation, a Non-Governmental Organization on a mission to facilitate pockets of changes that ensure a safer internet for everyone with digital access in Africa. In this episode, Confidence joins host Amanda Glassner to discuss. To learn more about Confidence, visit her website at https://confidencestaveley.com, and for more on the CyberSafe Foundation, visit https://cybersafefoundation.org.
In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Aram Hovsepyan, an active contributor to the OWASP SAMM project, brings a critical perspective to how the industry approaches security metrics, especially in vulnerability management. His message is clear: the way we collect and use metrics needs a serious rethink if we want to make real progress in reducing risk.Too often, organizations rely on readily available tool-generated metrics—like vulnerability counts—without pausing to ask what those numbers actually mean in context. These metrics may look impressive in a dashboard or board report, but as Aram points out, they're often disconnected from business goals. Worse, they can drive the wrong behaviors, such as trying to reduce raw vulnerability counts without considering exploitability or actual impact.Aram emphasizes the importance of starting with organizational goals, formulating questions that reflect progress toward those goals, and only then identifying metrics that provide meaningful answers. It's a research-backed approach that has been known for decades but is often ignored in favor of convenience.False positives, inflated dashboards, and a lack of alignment between metrics and strategy are recurring issues. Aram notes that many tools err on the side of overreporting to avoid false negatives, which leads to overwhelming—and often irrelevant—volumes of data. In some cases, up to 80% of identified vulnerabilities may be false positives, leaving security teams drowning in noise and chasing issues that may not matter.What's missing, he argues, is a strategic lens. Vulnerability management should be one component of a broader application security program, not the centerpiece. The OWASP Software Assurance Maturity Model (SAMM) offers a framework for evaluating and improving across a range of practices—strategy, risk analysis, and threat modeling among them—that collectively support better decision-making.To move forward, organizations need to stop treating vulnerability data as a performance metric and start treating it as a signal in a larger conversation about risk, impact, and architectural choices. Aram's call to action is simple: ask better questions, use tools more purposefully, and build security strategies that actually serve the business.GUEST: Aram Hovsepyan | OWASP SAMM Project Core Team member and CEO/Founder at CODIFIC | https://www.linkedin.com/in/aramhovsep/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this episode, FLASH President and CEO Leslie Chapman Henderson discusses the importance of wind science and building resilience with Dr. Tanya Brown-Giammanco and Dr. Marc Levitan from the National Institute of Standards and Technology (NIST). They explore personal journeys into wind science, the evolution of tornado safety design, and the differences between tornadoes and hurricanes. The conversation highlights the vulnerabilities in home structures, particularly roofs and garage doors, and emphasizes the need for updated building codes and community involvement in safety measures. Learn things you may not know with these two engaging national experts as they dispel tornado myths and share practical steps for homeowners.Discussion TopicsPersonal Journeys into Wind Science (1:04)Understanding Tornado Safety and Dual-Objective-Based Tornado Design Philosophy (3:53)Differences Between Tornadoes and Hurricanes (8:50)Assessing Building Performance After Wind Events (11:42)Vulnerabilities in Home Structures in Regard to High Winds (16:08)Surprising Findings in Wind Engineering (23:03)Future Directions for Garage Door Safety (27:33)Elevating Garage Door Performance through Rating (30:15)Advancing Building Codes via Community Engagement (30:53)Resources Tornado-Strong.orgNational Institute of Standards and TechnologyUnderstanding Building Codes and StandardsDisaster and Failure Studies ProgramNew Tornado Resistant Building CodesFEMA/NIST Fact Sheet - Improving Windstorm and Tornado Resilience: Recommendations for One- and Two-Family Residential StructuresNew Strong Homes Scale - InspectToProtect.orgThe Enhanced Fujita Scale Checklist - Strengthen Your Garage Door Checklist - Strengthen Your Roof Checklist - Strengthen Your Gutters Checklist - Sealed Roof Decks ConnectDr. Tanya Brown-GiammancoLeslie Chapman-HendersonDr. Marc Levitan
In this episode, I sit down with longtime industry leader and visionary Phil Venables to discuss the evolution of cybersecurity leadership, including Phil's own journey from CISO to Venture Capitalist. We chatted about: A recent interview Phil gave about CISOs transforming into business-critical digital risk leaders and some of the key themes and areas CISOs need to focus on the most when making that transition Some of the key attributes CISOs need to be the most effective in terms of technical, soft skills, financial acumen, and more, leaning on Phil's 30 years of experience in the field and as a multiple-time CISO Phil's transition to Venture Capital with Ballistic Ventures and what drew him to this space from being a security practitioner Some of the product areas and categories Phil is most excited about from an investment perspectiveThe double-edged sword is AI, which is used for security and needs security. Phil's past five years blogging and sharing his practical, hard-earned wisdom at www.philvenables.com, and how that has helped him organize his thinking and contribute to the community.Some specific tactics and strategies Phil finds the most valuable when it comes to maintaining deep domain expertise, but also broader strategic skillsets, and the importance of being in the right environment around the right people to learn and grow
In this episode, we delve into security and development within the Apple ecosystem with cybersecurity expert Csaba Fitzl. He discusses the vulnerabilities of Electron apps, using Discord as an example, and shares his transition from network management to ethical hacking. Csaba evaluates Apple's security entitlements and the measures taken to enhance user protection while addressing developer access challenges. He also highlights the impact of iOS security advancements on device theft and the importance of threat models. Furthermore, Csaba reflects on AI tools that have improved his workflow, advocates for community engagement through conferences, and emphasizes the need for a balance between professional growth and personal well-being. With a wealth of experience in vulnerability research, Csaba shares his journey from network management to ethical hacking. He recounts how a week-long training transformed his perception of security, igniting his passion for discovering system vulnerabilities. This background plays a pivotal role in his approach to security, where understanding infrastructure aids significantly in identifying flaws and weaknesses in applications. The conversation then pivots to a critical topic: Apple's security entitlements. Csaba evaluates the balance Apple strikes between protecting users and providing developers with the access needed to build secure applications. He elaborates on the systemic measures Apple has implemented to mitigate vulnerabilities, which often complicate the developer experience but ultimately result in a more secure ecosystem. We also touch on the personal impact of physical device security. Csaba emphasizes how advancements in iOS security protocols have significantly deterred casual theft, making stolen devices virtually unusable. This leads to a broader discussion about threat models, illustrating how different levels of targeted attacks require varying defensive measures, especially in a world where both sophisticated and untrained actors exist. Csaba draws attention to his recent experiences with AI tools, which he initially approached with skepticism. He explains how these technologies have revolutionized his workflow, particularly in automation and reverse engineering tasks. By leveraging AI, he has been able to improve the quality of his code analysis and enhance his vulnerability discovery process, albeit while recognizing the limitations and risks associated with AI-generated outputs. As the episode progresses, we delve into the importance of community in the security landscape. Csaba passionately advocates for attending conferences like Mac DevOps YVR, highlighting the invaluable networking opportunities and the familial atmosphere within the Mac-centric community. He insists that while recorded talks provide great content, the personal connections and discussions that happen in the hallways are what truly enrich the conference experience. In closing, Csaba shares his enthusiasm for continuing to navigate the evolving field of cybersecurity, expressing a firm belief in the value of collaborative learning and sharing knowledge. His passion for his work and outdoor pursuits in the mountains showcase a well-rounded approach to life that encourages us all to find a balance between professional growth and personal well-being.
In this episode of our InfoSecurity Europe 2024 On Location coverage, Marco Ciappelli and Sean Martin sit down with Professor Peter Garraghan, Chair in Computer Science at Lancaster University and co-founder of the AI security startup Mindgard. Peter shares a grounded view of the current AI moment—one where attention-grabbing capabilities often distract from fundamental truths about software security.At the heart of the discussion is the question: Can my AI be hacked? Peter's answer is a firm “yes”—but not for the reasons most might expect. He explains that AI is still software, and the risks it introduces are extensions of those we've seen for decades. The real difference lies not in the nature of the threats, but in how these new interfaces behave and how we, as humans, interact with them. Natural language interfaces, in particular, make it easier to introduce confusion and harder to contain behaviors, especially when people overestimate the intelligence of the systems.Peter highlights that prompt injection, model poisoning, and opaque logic flows are not entirely new challenges. They mirror known classes of vulnerabilities like SQL injection or insecure APIs—only now they come wrapped in the hype of generative AI. He encourages teams to reframe the conversation: replace the word “AI” with “software” and see how the risk profile becomes more recognizable and manageable.A key takeaway is that the issue isn't just technical. Many organizations are integrating AI capabilities without understanding what they're introducing. As Peter puts it, “You're plugging in software filled with features you don't need, which makes your risk modeling much harder.” Guardrails are often mistaken for full protections, and foundational practices in application development and threat modeling are being sidelined by excitement and speed to market.Peter's upcoming session at InfoSecurity Europe—Can My AI Be Hacked?—aims to bring this discussion to life with real-world attack examples, systems-level analysis, and a practical call to action: retool, retrain, and reframe your approach to AI security. Whether you're in development, operations, or governance, this session promises perspective that cuts through the noise and anchors your strategy in reality.___________Guest: Peter Garraghan, Professor in Computer Science at Lancaster University, Fellow of the UK Engineering Physical Sciences and Research Council (EPSRC), and CEO & CTO of Mindgard | https://www.linkedin.com/in/pgarraghan/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesPeter's Session: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.4355.239479.can-my-ai-be-hacked.htmlLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
The Rich Dickman Show – Unauthorized Timestamps: 0:08 Mini Bar Madness 0:57 Podcast Introduction 2:46 Hotel Room Chronicles 4:15 Chicken and Pets 5:35 High School Lunch Adventures 6:36 On the Taste of Cat 7:46 Culinary Curiosities 10:48 Tech Troubles in Hotels 15:27 California Conundrums 19:02 Family and Technology 22:04 Pitching New Ideas 26:17 Golfing Shenanigans 28:56 College Memories 31:25 Boston Sightseeing 32:18 Historical Reflections 34:27 AI and Creativity 38:49 Personal Updates 44:34 Layoffs and Promotions 46:10 Business Decisions in Wrestling 47:06 Wrestling in the Neighborhood 1:05:36 The Journey to Wrestling School 1:10:29 The Fine Line of Comedy 1:19:29 The Mini Fridge Heist 1:23:59 Unconventional Food Discussions 1:26:17 The AI Triple T Pivot 1:30:26 Personal Struggles and Vulnerabilities 1:33:43 The Chaotic Outro Episode Summary This is The Rich Dickman Show completely off the rails. The Unauthorized episode fires from the hip—Ray's war with a price-gouging mini fridge sets the tone for a no-filter, no-safety-net ride through food taboos, tech failures, and philosophical bullshit. Rem and Randy argue the ethics of eating pets, debate whether “all pets are food, but not all food is pets,” and spiral into tales of questionable school lunches, bat meat, and the global weirdness of what people eat when nobody's looking. If it walks, crawls, or flies, someone's tried to eat it here. In between, hotel tech goes full “user hostile,” Airbnb drama erupts, and Ray tries to convince everyone that California is paradise (spoiler: not everyone buys it). Randy pitches an insane AI-driven Dickman archive that nobody asked for but now somehow must exist. But it's not just chaos for chaos's sake. Real talk breaks through—layoffs, promotions, wrestling dreams deferred, and personal failures all get dragged into the light, with the crew exposing a little vulnerability behind the relentless jokes. If you want a “safe” show, go elsewhere. If you want friendship forged in chaos, dumb ideas, and hard-earned wisdom, this is the only podcast that delivers. Tags #Comedy #Podcast #FoodEthics #HotelFails #TechTrouble #CulinaryOddities #AI #Wrestling #RealTalk #Chaos #Friendship #Unfiltered
Podcast: Hack the Plant (LS 35 · TOP 3% what is this?)Episode: The Truth About OT VulnerabilitiesPub date: 2025-05-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationBryson Bort sits down with Adam Robbie, Head of OT Threat Research at Palo Alto Networks, to pull back the curtain on OT threat research. With a background in electrical engineering, Adam's first job in cybersecurity was at an IT help desk. He now leads a team dedicated to identifying, analyzing, and mitigating cyber threats targeting Operational Technology (OT) environments.What are the top threats Adam is seeing in OT attacks? Why is manufacturing such a vulnerable sector? And if he could wave a magic, non-Internet connected wand, what would he change? “I really would love to have more experts in OT,” Adam said. “The more knowledge…and the more experts we have, it will fasten this process [of innovation].” Join us for this and more on this episode of Hack the Plan[e]t. The views and opinions expressed in this podcast represent those of the speaker, and do not necessarily represent the views and opinions of their employers. Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology. The podcast and artwork embedded on this page are from Bryson Bort, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Learn about a new VMware Tools vulnerability allowing privilege escalation, Microsoft's Patch Tuesday releasing fixes for 70 vulnerabilities including 5 actively exploited zero-days, and Apple's comprehensive OS updates. The episode highlights the importance of patching industrial control systems from Siemens, Schneider Electric, and Phoenix Contact that may be present in healthcare facility automation, EV charging, and data center power systems.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer
I'm joined by guests Rob Hamilton, Craig Raw & Matt Odell to go through the list.OP_RETURN Drama (00:00:52) Odell's thoughts (00:04:29) Craig's thoughts (00:05:59) NVK's thoughts (00:07:47) Rob's thoughtsBitcoin • Software Releases & Project Updates (00:22:10) COLDCARD (00:22:35) Cove Wallet (00:24:03) BTCPay Server (00:24:06) Nunchuk Android (00:24:12) Bitcoin Keeper (00:24:14) Bitcoin Safe (00:24:18) Wasabi Wallet (00:25:43) RoboSats (00:25:46) Umbrel (00:25:57) Zaprite (00:26:22) Blockstream Satellite (00:26:45) Stratum Work (00:26:58) SeedHammer II (00:27:11) ESP-Miner• Project Spotlight (00:27:34) Bitcoin Feature Matrix (00:27:41) secp256k1lab (00:28:00) GPGap (00:28:16) NVK Validation Tweet (00:28:54) BriberBrother (00:29:11) Stack MathVulnerability Disclosures(00:30:23) CVE-2024-52919(00:33:02) CVE-2025-43707(00:34:46) Hackers breach LockBitAudience Questions (00:35:12) What's the difference between test net and signet? And what are the benefits of each? (00:37:15) Can you explain, in simple terms, what OP_CHECKCONTRACTVERIFY does?Nostr • Software Releases & Project Updates (00:46:55) Nostr Messaging Layer Security (00:48:42) Primal (00:48:43) DamusBoosts (01:01:58) Shoutout to top boosters Rod Palmer, AVERAGE_GARY, pink money, user4, Wartime & btconboardTech Tip of the Day (01:03:51) A free online cryptography course repository by Alfred MenezesLinks & Contacts:Website: https://bitcoin.review/Substack: https://substack.bitcoin.review/Twitter: https://twitter.com/bitcoinreviewhqNVK Twitter: https://twitter.com/nvkTelegram: https://t.me/BitcoinReviewPodEmail: producer@coinkite.comNostr & LN: ⚡nvk@nvk.org (not an email!)Full show notes: https://bitcoin.review/podcast/episode-96
Ever wondered why the idea of working for someone else just never quite fit, or why chaos seems to call your name (and you answer with gusto)? If you're an entrepreneur who's found yourself drawn to the thrill of building your own path—and maybe even stumbled more than a few times along the way—you are going to love this week's guest interview. I recently sat down with Dr. Michael A. Freeman, an acclaimed psychiatrist, professor, and serial entrepreneur whose groundbreaking research uncovers the fascinating relationship between ADHD, bipolar spectrum conditions, and the entrepreneurial drive. In this lively conversation, we get real about what makes entrepreneurs with ADHD different—and what it takes to turn those differences into undeniable strengths instead of exhausting liabilities. Here's what you'll hear in this episode:Why do so many entrepreneurs have ADHD tendenciesDr. Freeman breaks down fascinating research on why we're more likely to go solo in our careers—and why we struggle in traditional workplaces.The double-edged sword of the ADHD entrepreneurial brainWe chat about superpowers and vulnerabilities, with a big emphasis on how to recognize your “zone of genius” (and when to call in backup!).Building your own ADHD-friendly toolkit for sustainable successFrom teams and routines, to handling sleep and “offloading the boring stuff,” we talk actionable strategies (yes, including coaching and medication).The myth vs. reality of the entrepreneurial lifeSpoiler: it isn't all glamor and “get rich quick”—and Dr. Freeman shares why radical self-awareness and resilience are must-haves.Why fun is non-negotiable for the entrepreneur with ADHDTurns out, fun isn't just a bonus—it's the main event for the ADHD brain, and Dr. Freeman explains how to keep your business (and life) playfully sustainable.Make it actionable: Take three minutes to reflect: what feels fun, energizing, or “flow-y” in your own work? What support do you need more of?Feeling inspired to start, pivot, or quit? Get a “personal board of directors” before you make big decisions or take big risks.Get to know Michael Freeman, MD Michael A. Freeman, MD, is a clinical professor at UCSF School of Medicine, a researcher and mentor at the UCSF Entrepreneurship Center, a psychiatrist and executive coach for entrepreneurs, and an integrated behavioral healthcare systems consultant. His current research focuses on the identification of emotional overwhelm with early intervention and support. Dr. Freeman's thought leadership on entrepreneurship and mental health has been featured in the New York Times, Washington Post, Wall St. Journal, Fortune Magazine, Inc., Entrepreneur, CNN Money, Financial Times, and Bloomberg News.Mentioned in this episode:UC San Francisco, UC Berkeley, Stanford University, the Gallup Organization Connect with Michael A Freeman, MDWebsite - LinkedIn
In this episode, Drex covers three key security stories: the HSCC's "On the Edge" report on rural healthcare cybersecurity vulnerabilities, Mossimo's security breach affecting their manufacturing operations, and the hacking of LockBit ransomware gang which exposed Bitcoin wallets and negotiation messages. Drex also mentions his panel at HIMSS Southern California on healthcare cybersecurity.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer
Ever wondered why the idea of working for someone else just never quite fit, or why chaos seems to call your name (and you answer with gusto)? If you're an entrepreneur who's found yourself drawn to the thrill of building your own path—and maybe even stumbled more than a few times along the way—you are going to love this week's guest interview. I recently sat down with Dr. Michael A. Freeman, an acclaimed psychiatrist, professor, and serial entrepreneur whose groundbreaking research uncovers the fascinating relationship between ADHD, bipolar spectrum conditions, and the entrepreneurial drive. In this lively conversation, we get real about what makes entrepreneurs with ADHD different—and what it takes to turn those differences into undeniable strengths instead of exhausting liabilities. Here's what you'll hear in this episode:Why do so many entrepreneurs have ADHD tendenciesDr. Freeman breaks down fascinating research on why we're more likely to go solo in our careers—and why we struggle in traditional workplaces.The double-edged sword of the ADHD entrepreneurial brainWe chat about superpowers and vulnerabilities, with a big emphasis on how to recognize your “zone of genius” (and when to call in backup!).Building your own ADHD-friendly toolkit for sustainable successFrom teams and routines, to handling sleep and “offloading the boring stuff,” we talk actionable strategies (yes, including coaching and medication).The myth vs. reality of the entrepreneurial lifeSpoiler: it isn't all glamor and “get rich quick”—and Dr. Freeman shares why radical self-awareness and resilience are must-haves.Why fun is non-negotiable for the entrepreneur with ADHDTurns out, fun isn't just a bonus—it's the main event for the ADHD brain, and Dr. Freeman explains how to keep your business (and life) playfully sustainable.Make it actionable: Take three minutes to reflect: what feels fun, energizing, or “flow-y” in your own work? What support do you need more of?Feeling inspired to start, pivot, or quit? Get a “personal board of directors” before you make big decisions or take big risks.Get to know Michael Freeman, MD Michael A. Freeman, MD, is a clinical professor at UCSF School of Medicine, a researcher and mentor at the UCSF Entrepreneurship Center, a psychiatrist and executive coach for entrepreneurs, and an integrated behavioral healthcare systems consultant. His current research focuses on the identification of emotional overwhelm with early intervention and support. Dr. Freeman's thought leadership on entrepreneurship and mental health has been featured in the New York Times, Washington Post, Wall St. Journal, Fortune Magazine, Inc., Entrepreneur, CNN Money, Financial Times, and Bloomberg News.Mentioned in this episode:UC San Francisco, UC Berkeley, Stanford University, the Gallup Organization Connect with Michael A Freeman, MDWebsite - LinkedIn
Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction 01:16 Accessing the DBIR Report 02:38 Key Takeaways from the DBIR 03:15 Third-Party Breaches 04:32 Ransomware Insights 08:08 Exploitation of Vulnerabilities 09:39 Credential Abuse 12:25 Espionage Attacks 14:04 System Intrusions in APAC 15:04 Business Email Compromise (BEC) 18:07 Human Risk and Security Awareness 19:19 Industry-Specific Trends 20:06 Multi-Layered Defense Strategy 21:08 Data Leakage to Gen AI
As “vibe coding” gains in popularity and tech companies push devs in their employ to embrace generative AI tools, a platform that scans for vulnerabilities in AI-generated code has raised a fresh round of funding. Learn more about your ad choices. Visit podcastchoices.com/adchoices
George Chen heads the Cloud and Application Security functions at Dyson. In this episode, he joins host Melissa O'Leary and Alina Tan, senior program manager at Dyson, to discuss recent findings regarding dashcam security risks, which Chen and Tan recently shared at Black Hat Asia, as well as sharing a breakdown of the vulnerabilities and their impact on drivers. • For more on cybersecurity, visit us at https://cybersecurityventures.com
Electric motors usually feature rare-earths metals to run. But WSJ tech columnist Christopher Mims writes about a new start up that excludes them, which could begin to help end the American auto industry's reliance on China. Then, Chinese automakers are also reliant on US imports for critical chips to power their cars. WSJ deputy Beijing bureau chief Yoko Kubota explores how the trade war has shown both US and Chinese tech industry vulnerabilities to the long-running spat. Sign up for the WSJ's free Technology newsletter. Learn more about your ad choices. Visit megaphone.fm/adchoices
Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. In this episode of Apple @ Work, I talk with John Amaral and Ian Riopel from Root about their solution to transform container security. Listen and subscribe Apple Podcasts Overcast Spotify Pocket Casts Castro RSS Listen to Past Episodes
SAN FRANCISCO — RSA Conference 2025 "Sixty percent of the attacks we're tracking target low-profile vulnerabilities—things like privilege escalation and security bypasses, not the headline-making zero days," says Douglas McKee, Executive Director of Threat Research at SonicWall. Speaking live from the show floor at RSA 2025, McKee outlined how SonicWall is helping partners prioritize threats that are actually being exploited, not just those getting attention. In a fast-paced conversation with Technology Reseller News publisher Doug Green, McKee unveiled SonicWall's upcoming Managed Prevention Security Services (MPSS). The offering is designed to help reduce misconfigurations—a leading cause of breaches—by assisting with firewall patching and configuration validation. SonicWall is also collaborating with CySurance to package cyber insurance into this new managed service, providing peace of mind and operational relief to MSPs and customers alike. “Over 95% of the incidents we see are due to human error,” McKee noted. “With MPSS, we're stepping in as a partner to reduce that risk.” McKee also previewed an upcoming threat brief focused on Microsoft vulnerabilities, revealing an 11% year-over-year increase in attacks. Despite attention on high-profile CVEs, SonicWall's data shows attackers often rely on under-the-radar vulnerabilities with lower CVSS scores. For MSPs, McKee shared a stark warning: nearly 50% of the organizations SonicWall monitors are still vulnerable to decade-old exploits like Log4j and Heartbleed. SonicWall's telemetry-driven insights allow MSPs to focus remediation on widespread, high-impact threats. SonicWall's transformation from a firewall vendor to a full-spectrum cybersecurity provider was on display at RSA Booth #6353 (North Hall), where the company showcased its SonicSensory MDR, cloud offerings, and threat intelligence. "We've evolved into a complete cybersecurity partner," McKee said. "Whether it's in the cloud or on-prem, we're helping MSPs and enterprises defend smarter." Visitors to the SonicWall booth were treated to live presentations and fresh coffee—while those not attending can explore SonicWall's insights, including its February 2024 Threat Report and upcoming threat briefs, at www.sonicwall.com.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
More Scans for SMS Gateways and APIs Attackers are not just looking for SMS Gateways like the scans we reported on last week, but they are also actively scanning for other ways to use APIs and add on tools to send messages using other people s credentials. https://isc.sans.edu/diary/More%20Scans%20for%20SMS%20Gateways%20and%20APIs/31902 AirBorne: AirPlay Vulnerabilities Researchers at Oligo revealed over 20 weaknesses they found in Apple s implementation of the AirPlay protocol. These vulnerabilities can be abused to execute code or launch denial-of-service attacks against affected devices. Apple patched the vulnerabilities in recent updates. https://www.oligo.security/blog/airborne
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO emeritus, The Carlyle Group Thanks to our show sponsor, Dropzone AI Alert investigation is eating up your security team's day—30 to 40 minutes per alert adds up fast. Dropzone AI‘s SOC Analyst transforms this reality by investigating every alert with expert-level thoroughness at machine speed. Our AI SOC Analyst gathers evidence, connects the dots across your security tools, and delivers clear reports with recommended actions—all in minutes. No playbooks to build, no code to write. Just consistent, high-quality investigations that free your team to focus on what matters: stopping actual threats. Meet us at RSA Booth ESE-60. All links and the video of this episode can be found on CISO Series.com
Two widespread communications failures in the Northland storm and Otago-Southland within two days last week have again exposed the vulnerability of critical infrastructure. Phil Pennington spoke to Ingrid Hipkiss.
James “Jim” Myers, Senior Vice President of the Civil Systems Group at the Aerospace Corporation discusses the shift in cybersecurity threats and the need for better cyber hygiene in the space industry. You can connect with Jim on LinkedIn, and learn more about the Aerospace Corporation on their website. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Andreas Brekken is best known for creating SideShift.ai and acting as the CEO of Shitcoin.com. In this episode, he talks about his views on Bitcoin development, the emergence of DeFi, and the reasons why he considers cryptocurrencies superior to fiat. Time stamps: Introducing Andreas Brekken (00:00:51) The Sam Bankman-Fried Interview on Shitcoin.com (00:01:50) Clustering Analysis and Customer Funds (00:02:44) Bybit's Technical Issues (00:05:18) Historical Context of Exchanges (00:09:26) Shapeshift's KYC Moment (00:11:13) Why Aren't Zcash and Monero on SideShift? (00:14:59) Bitcoin Cash Hard Forks (00:20:45) Lightning Network Integration (00:22:23) Vulnerabilities in the Lightning Protocol (00:26:17) Critique of Lightning Network's Design (00:28:29) Submarine Swaps (00:29:28) LNBits v1 Launch (00:29:44) Lightning Wallets (00:30:19) LNBits is like Start9? (00:30:40) Andreas Brekken's Lightning Network Experience (00:31:15) Even Martti Malmi Is Using Wallet of Satoshi (00:31:37) Zcash Protocol (00:32:11) Bitcoin Variants on SideShift (00:32:26) Decentralized Finance (DeFi) on Ethereum (00:34:00) Citrea Project (00:35:26) Multisig Solutions (00:36:30) Automation in Bitcoin (00:41:18) Political Dynamics in Bitcoin Development (00:47:15) News Coverage on Bitcoin.com (00:51:27) Bitcoin Volatility and Performance Against Stonks (00:53:14) Peter Schiff Appreciation Era (00:55:42) Peter Schiff's Debates with Erik Voorhees (00:56:23) Bitcoin's Growing Influence (00:58:15) Future of Bitcoin (00:59:15) Layer Two Labs and Drive Chains (01:00:34) Innovation in Bitcoin (01:02:05) Convenience of Layer Two Solutions (01:02:51) Decred Discussion (01:09:53) Favorite Shitcoins (01:11:49) Subscribe to the shitcoin.com Newsletter? (01:16:31)
Google and Mozilla patch nearly two dozen security flaws. The UK's Royal Mail Group sees 144GB of data stolen and leaked. A bizarre campaign looks to recruit cybersecurity professionals to hack Chinese websites. PostgreSQL servers with weak credentials have been compromised for cryptojacking. Google Cloud patches a vulnerability affecting its Cloud Run platform. Oracle faces a class-action lawsuit over alleged cloud services data breaches. CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation and Hitachi Energy products. General Paul Nakasone offers a candid assessment of America's evolving cyber threats. On today's CertByte segment, a look at the Cisco Enterprise Network Core Technologies exam. Are AI LLMs more like minds or mirrors? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources, this week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Enterprise Network Core Technologies (350-401 ENCOR) v1.1 exam. Today's question comes from N2K's Cisco CCNP Implementing and Operating Cisco Enterprise Network Core Technologies ENCOR (350-401) Practice Test. The ENCOR exam enables candidates to earn the Cisco Certified Specialist - Enterprise Core certification, which can also be used to meet exam requirements for several other Cisco certifications. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.cisco.com/site/us/en/learn/training-certifications/exams/encor.html Selected Reading Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities (SecurityWeek) Royal Mail Group Loses 144GB to Infostealers: Same Samsung Hacker, Same 2021 Infostealer Log (Infostealers) Someone is trying to recruit security researchers in bizarre hacking campaign (TechCrunch) Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers (SC Media) ImageRunner Flaw Exposed Sensitive Information in Google Cloud (SecurityWeek) Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users (SecurityWeek) Oracle now faces class action amid alleged data breaches (The Register) CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS (Cyber Security News) Exclusive: Gen. Paul Nakasone says China is now our biggest cyber threat (The Record) Large AI models are cultural and social technologies (Science) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 Our honeypots detected a deserialization attack against the CMS Sitecore using a thumnailaccesstoken header. The underlying vulnerability was patched in January, and security firm Searchlight Cyber revealed details about this vulnerability a couple of weeks ago. https://isc.sans.edu/diary/Sitecore%20%22thumbnailsaccesstoken%22%20Deserialization%20Scans%20%28and%20some%20new%20reports%29%20CVE-2025-27218/31806 Blasting Past Webp Google s Project Zero revealed details how the NSO BLASTPASS exploit took advantage of a Webp image parsing vulnerability in iOS. This zero-click attack was employed in targeted attack back in 2023 and Apple patched the underlying vulnerability in September 2023. But this is the first byte by byte description showing how the attack worked. https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html Splunk Vulnerabilities Splunk patched about a dozen of vulnerabilities. None of them are rated critical, but a vulnerability rated High allows authenticated users to execute arbitrary code. https://advisory.splunk.com/ Firefox 0-day Patched Mozilla patched a sandbox escape vulnerability that is already being exploited. https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/
Former FBI Trainer, Rob Chadwick talks to Colion about the state of the US and its vulnerabilites.
The White House names their nominee for CISA's top spot. Patch Tuesday updates. Apple issues emergency updates for a zero-day WebKit vulnerability. Researchers highlight advanced MFA-bypassing techniques. North Korea's Lazarus Group targets cryptocurrency wallets and browser data. Our guest today is Rocco D'Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Making sense of the skills gap paradox. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us today is Rocco D'Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Selected Reading Trump nominates Sean Plankey as new CISA director (Tech Crunch) CISA worker says 100-strong red team fired after DOGE action (The Register) March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, 7 Zero-Days (Hackread) ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens (SecurityWeek) CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild (Cyber Security News) Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks (Cyber Security News) Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account (Cyber Security News) North Korean Lazarus hackers infect hundreds via npm packages (Bleeping Computer) Welcome to the skills gap paradox (Computing) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices