Podcasts about vulnerabilities

The inability of an entity to withstand the adverse effects of a hostile or uncertain environment

  • 1,332PODCASTS
  • 5,298EPISODES
  • 49mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • May 28, 2025LATEST
vulnerabilities

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about vulnerabilities

Show all podcasts related to vulnerabilities

Latest podcast episodes about vulnerabilities

Strong Homes, Safe Families!
Overturning Myths and Exploring Advancements in Tornado Resilience

Strong Homes, Safe Families!

Play Episode Listen Later May 28, 2025 40:38


In this episode, FLASH President and CEO Leslie Chapman Henderson discusses the importance of wind science and building resilience with Dr. Tanya Brown-Giammanco and Dr. Marc Levitan from the National Institute of Standards and Technology (NIST). They explore personal journeys into wind science, the evolution of tornado safety design, and the differences between tornadoes and hurricanes. The conversation highlights the vulnerabilities in home structures, particularly roofs and garage doors, and emphasizes the need for updated building codes and community involvement in safety measures. Learn things you may not know with these two engaging national experts as they dispel tornado myths and share practical steps for homeowners.Discussion TopicsPersonal Journeys into Wind Science (1:04)Understanding Tornado Safety and Dual-Objective-Based Tornado Design Philosophy (3:53)Differences Between Tornadoes and Hurricanes (8:50)Assessing Building Performance After Wind Events (11:42)Vulnerabilities in Home Structures in Regard to High Winds (16:08)Surprising Findings in Wind Engineering (23:03)Future Directions for Garage Door Safety (27:33)Elevating Garage Door Performance through Rating (30:15)Advancing Building Codes via Community Engagement (30:53)Resources ⁠Tornado-Strong.orgNational Institute of Standards and TechnologyUnderstanding Building Codes and StandardsDisaster and Failure Studies ProgramNew Tornado Resistant Building CodesFEMA/NIST Fact Sheet - Improving Windstorm and Tornado Resilience: Recommendations for One- and Two-Family Residential Structures⁠New Strong Homes Scale - InspectToProtect.orgThe Enhanced Fujita Scale  Checklist - Strengthen Your Garage Door  Checklist - Strengthen Your Roof  Checklist - Strengthen Your Gutters Checklist - Sealed Roof Decks ConnectDr. Tanya Brown-GiammancoLeslie Chapman-HendersonDr. Marc Levitan

Resilient Cyber
Resilient Cyber w Phil Venables Security Leadership: Vulnerabilities to VC

Resilient Cyber

Play Episode Listen Later May 23, 2025 30:37


In this episode, I sit down with longtime industry leader and visionary Phil Venables to discuss the evolution of cybersecurity leadership, including Phil's own journey from CISO to Venture Capitalist. We chatted about: A recent interview Phil gave about CISOs transforming into business-critical digital risk leaders and some of the key themes and areas CISOs need to focus on the most when making that transition Some of the key attributes CISOs need to be the most effective in terms of technical, soft skills, financial acumen, and more, leaning on Phil's 30 years of experience in the field and as a multiple-time CISO Phil's transition to Venture Capital with Ballistic Ventures and what drew him to this space from being a security practitioner Some of the product areas and categories Phil is most excited about from an investment perspectiveThe double-edged sword is AI, which is used for security and needs security. Phil's past five years blogging and sharing his practical, hard-earned wisdom at www.philvenables.com, and how that has helped him organize his thinking and contribute to the community.Some specific tactics and strategies Phil finds the most valuable when it comes to maintaining deep domain expertise, but also broader strategic skillsets, and the importance of being in the right environment around the right people to learn and grow

ITSPmagazine | Technology. Cybersecurity. Society
When Guardrails Aren't Enough: How to Handle AI's Hidden Vulnerabilities | An Infosecurity Europe 2025 Pre-Event Conversation with Peter Garraghan | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 22, 2025 23:45


In this episode of our InfoSecurity Europe 2024 On Location coverage, Marco Ciappelli and Sean Martin sit down with Professor Peter Garraghan, Chair in Computer Science at Lancaster University and co-founder of the AI security startup Mindgard. Peter shares a grounded view of the current AI moment—one where attention-grabbing capabilities often distract from fundamental truths about software security.At the heart of the discussion is the question: Can my AI be hacked? Peter's answer is a firm “yes”—but not for the reasons most might expect. He explains that AI is still software, and the risks it introduces are extensions of those we've seen for decades. The real difference lies not in the nature of the threats, but in how these new interfaces behave and how we, as humans, interact with them. Natural language interfaces, in particular, make it easier to introduce confusion and harder to contain behaviors, especially when people overestimate the intelligence of the systems.Peter highlights that prompt injection, model poisoning, and opaque logic flows are not entirely new challenges. They mirror known classes of vulnerabilities like SQL injection or insecure APIs—only now they come wrapped in the hype of generative AI. He encourages teams to reframe the conversation: replace the word “AI” with “software” and see how the risk profile becomes more recognizable and manageable.A key takeaway is that the issue isn't just technical. Many organizations are integrating AI capabilities without understanding what they're introducing. As Peter puts it, “You're plugging in software filled with features you don't need, which makes your risk modeling much harder.” Guardrails are often mistaken for full protections, and foundational practices in application development and threat modeling are being sidelined by excitement and speed to market.Peter's upcoming session at InfoSecurity Europe—Can My AI Be Hacked?—aims to bring this discussion to life with real-world attack examples, systems-level analysis, and a practical call to action: retool, retrain, and reframe your approach to AI security. Whether you're in development, operations, or governance, this session promises perspective that cuts through the noise and anchors your strategy in reality.___________Guest: Peter Garraghan, Professor in Computer Science at Lancaster University, Fellow of the UK Engineering Physical Sciences and Research Council (EPSRC), and CEO & CTO of Mindgard | https://www.linkedin.com/in/pgarraghan/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesPeter's Session: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.4355.239479.can-my-ai-be-hacked.htmlLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Today in Health IT
2 Minute Drill: VMware Vulnerabilities & Patch Tuesday Roundup With Drex DeFord

Today in Health IT

Play Episode Listen Later May 16, 2025 3:15 Transcription Available


Learn about a new VMware Tools vulnerability allowing privilege escalation, Microsoft's Patch Tuesday releasing fixes for 70 vulnerabilities including 5 actively exploited zero-days, and Apple's comprehensive OS updates. The episode highlights the importance of patching industrial control systems from Siemens, Schneider Electric, and Phoenix Contact that may be present in healthcare facility automation, EV charging, and data center power systems.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

The Driven Woman
Entrepreneurial Strengths & Vulnerabilities with Psychiatrist, Researcher & Serial Entrepreneur

The Driven Woman

Play Episode Listen Later May 13, 2025 39:35 Transcription Available


Ever wondered why the idea of working for someone else just never quite fit, or why chaos seems to call your name (and you answer with gusto)? If you're an entrepreneur who's found yourself drawn to the thrill of building your own path—and maybe even stumbled more than a few times along the way—you are going to love this week's guest interview. I recently sat down with Dr. Michael A. Freeman, an acclaimed psychiatrist, professor, and serial entrepreneur whose groundbreaking research uncovers the fascinating relationship between ADHD, bipolar spectrum conditions, and the entrepreneurial drive. In this lively conversation, we get real about what makes entrepreneurs with ADHD different—and what it takes to turn those differences into undeniable strengths instead of exhausting liabilities. Here's what you'll hear in this episode:Why do so many entrepreneurs have ADHD tendenciesDr. Freeman breaks down fascinating research on why we're more likely to go solo in our careers—and why we struggle in traditional workplaces.The double-edged sword of the ADHD entrepreneurial brainWe chat about superpowers and vulnerabilities, with a big emphasis on how to recognize your “zone of genius” (and when to call in backup!).Building your own ADHD-friendly toolkit for sustainable successFrom teams and routines, to handling sleep and “offloading the boring stuff,” we talk actionable strategies (yes, including coaching and medication).The myth vs. reality of the entrepreneurial lifeSpoiler: it isn't all glamor and “get rich quick”—and Dr. Freeman shares why radical self-awareness and resilience are must-haves.Why fun is non-negotiable for the entrepreneur with ADHDTurns out, fun isn't just a bonus—it's the main event for the ADHD brain, and Dr. Freeman explains how to keep your business (and life) playfully sustainable.Make it actionable: Take three minutes to reflect: what feels fun, energizing, or “flow-y” in your own work? What support do you need more of?Feeling inspired to start, pivot, or quit? Get a “personal board of directors” before you make big decisions or take big risks.Get to know Michael Freeman, MD Michael A. Freeman, MD, is a clinical professor at UCSF School of Medicine, a researcher and mentor at the UCSF Entrepreneurship Center, a psychiatrist and executive coach for entrepreneurs, and an integrated behavioral healthcare systems consultant. His current research focuses on the identification of emotional overwhelm with early intervention and support. Dr. Freeman's thought leadership on entrepreneurship and mental health has been featured in the New York Times, Washington Post, Wall St. Journal, Fortune Magazine, Inc., Entrepreneur, CNN Money, Financial Times, and Bloomberg News.Mentioned in this episode:UC San Francisco, UC Berkeley, Stanford University, the Gallup Organization Connect with Michael A Freeman, MDWebsite - LinkedIn

Today in Health IT
2 Minute Drill: Rural Health Vulnerabilities and LockBit Ransomware Gang Hacked with Drex DeFord

Today in Health IT

Play Episode Listen Later May 13, 2025 4:40 Transcription Available


In this episode, Drex covers three key security stories: the HSCC's "On the Edge" report on rural healthcare cybersecurity vulnerabilities, Mossimo's security breach affecting their manufacturing operations, and the hacking of LockBit ransomware gang which exposed Bitcoin wallets and negotiation messages. Drex also mentions his panel at HIMSS Southern California on healthcare cybersecurity.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

CISO Tradecraft
#232 - Inside The 2025 Verizon Data Breach Investigations Report

CISO Tradecraft

Play Episode Listen Later May 12, 2025 26:25 Transcription Available


Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction 01:16 Accessing the DBIR Report 02:38 Key Takeaways from the DBIR 03:15 Third-Party Breaches 04:32 Ransomware Insights 08:08 Exploitation of Vulnerabilities 09:39 Credential Abuse 12:25 Espionage Attacks 14:04 System Intrusions in APAC 15:04 Business Email Compromise (BEC) 18:07 Human Risk and Security Awareness 19:19 Industry-Specific Trends 20:06 Multi-Layered Defense Strategy 21:08 Data Leakage to Gen AI

TechCrunch Startups – Spoken Edition
Ox Security lands a fresh $60M to scan for vulnerabilities in code

TechCrunch Startups – Spoken Edition

Play Episode Listen Later May 9, 2025 3:26


As “vibe coding” gains in popularity and tech companies push devs in their employ to embrace generative AI tools, a platform that scans for vulnerabilities in AI-generated code has raised a fresh round of funding. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Chill Chill Security
EP2104: Chill Chill Security - Known Exploited Vulnerabilities Intel

Chill Chill Security

Play Episode Listen Later May 9, 2025 3:25


Sponsor by ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠SEC Playground⁠⁠

Cybercrime Magazine Podcast
Dashcam Security Risks. Vulnerabilities & Impact On Drivers Revealed. George Chen & Alina Tan, Dyson

Cybercrime Magazine Podcast

Play Episode Listen Later May 8, 2025 12:42


George Chen heads the Cloud and Application Security functions at Dyson. In this episode, he joins host Melissa O'Leary and Alina Tan, senior program manager at Dyson, to discuss recent findings regarding dashcam security risks, which Chen and Tan recently shared at Black Hat Asia, as well as sharing a breakdown of the vulnerabilities and their impact on drivers. • For more on cybersecurity, visit us at https://cybersecurityventures.com

WSJ Tech News Briefing
Trump's Trade War With China Highlights Tech Vulnerabilities on Both Sides

WSJ Tech News Briefing

Play Episode Listen Later May 7, 2025 13:22


Electric motors usually feature rare-earths metals to run. But WSJ tech columnist Christopher Mims writes about a new start up that excludes them, which could begin to help end the American auto industry's reliance on China. Then, Chinese automakers are also reliant on US imports for critical chips to power their cars. WSJ deputy Beijing bureau chief Yoko Kubota explores how the trade war has shown both US and Chinese tech industry vulnerabilities to the long-running spat. Sign up for the WSJ's free Technology newsletter. Learn more about your ad choices. Visit megaphone.fm/adchoices

Apple @ Work
Root automatically patches vulnerabilities in container image

Apple @ Work

Play Episode Listen Later May 6, 2025 28:30


Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. In this episode of Apple @ Work, I talk with John Amaral and Ian Riopel from Root about their solution to transform container security. Listen and subscribe Apple Podcasts Overcast Spotify Pocket Casts Castro RSS Listen to Past Episodes

Telecom Reseller
“It's Not the Flashy Vulnerabilities—It's the Ones You Miss”: SonicWall's Douglas McKee on Prioritizing Cybersecurity at RSA, Podcast

Telecom Reseller

Play Episode Listen Later May 2, 2025


SAN FRANCISCO — RSA Conference 2025 "Sixty percent of the attacks we're tracking target low-profile vulnerabilities—things like privilege escalation and security bypasses, not the headline-making zero days," says Douglas McKee, Executive Director of Threat Research at SonicWall. Speaking live from the show floor at RSA 2025, McKee outlined how SonicWall is helping partners prioritize threats that are actually being exploited, not just those getting attention. In a fast-paced conversation with Technology Reseller News publisher Doug Green, McKee unveiled SonicWall's upcoming Managed Prevention Security Services (MPSS). The offering is designed to help reduce misconfigurations—a leading cause of breaches—by assisting with firewall patching and configuration validation. SonicWall is also collaborating with CySurance to package cyber insurance into this new managed service, providing peace of mind and operational relief to MSPs and customers alike. “Over 95% of the incidents we see are due to human error,” McKee noted. “With MPSS, we're stepping in as a partner to reduce that risk.” McKee also previewed an upcoming threat brief focused on Microsoft vulnerabilities, revealing an 11% year-over-year increase in attacks. Despite attention on high-profile CVEs, SonicWall's data shows attackers often rely on under-the-radar vulnerabilities with lower CVSS scores. For MSPs, McKee shared a stark warning: nearly 50% of the organizations SonicWall monitors are still vulnerable to decade-old exploits like Log4j and Heartbleed. SonicWall's telemetry-driven insights allow MSPs to focus remediation on widespread, high-impact threats. SonicWall's transformation from a firewall vendor to a full-spectrum cybersecurity provider was on display at RSA Booth #6353 (North Hall), where the company showcased its SonicSensory MDR, cloud offerings, and threat intelligence. "We've evolved into a complete cybersecurity partner," McKee said. "Whether it's in the cloud or on-prem, we're helping MSPs and enterprises defend smarter." Visitors to the SonicWall booth were treated to live presentations and fresh coffee—while those not attending can explore SonicWall's insights, including its February 2024 Threat Report and upcoming threat briefs, at www.sonicwall.com.

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Apr 30, 2025 8:51


More Scans for SMS Gateways and APIs Attackers are not just looking for SMS Gateways like the scans we reported on last week, but they are also actively scanning for other ways to use APIs and add on tools to send messages using other people s credentials. https://isc.sans.edu/diary/More%20Scans%20for%20SMS%20Gateways%20and%20APIs/31902 AirBorne: AirPlay Vulnerabilities Researchers at Oligo revealed over 20 weaknesses they found in Apple s implementation of the AirPlay protocol. These vulnerabilities can be abused to execute code or launch denial-of-service attacks against affected devices. Apple patched the vulnerabilities in recent updates. https://www.oligo.security/blog/airborne

Cyber Security Headlines
Week in Review: Secure by Design departure, Microsoft's security report, LLMs outrace vulnerabilities

Cyber Security Headlines

Play Episode Listen Later Apr 25, 2025 30:25


Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO emeritus, The Carlyle Group Thanks to our show sponsor, Dropzone AI Alert investigation is eating up your security team's day—30 to 40 minutes per alert adds up fast. Dropzone AI‘s SOC Analyst transforms this reality by investigating every alert with expert-level thoroughness at machine speed. Our AI SOC Analyst gathers evidence, connects the dots across your security tools, and delivers clear reports with recommended actions—all in minutes. No playbooks to build, no code to write. Just consistent, high-quality investigations that free your team to focus on what matters: stopping actual threats. Meet us at RSA Booth ESE-60. All links and the video of this episode can be found on CISO Series.com

TechCrunch Startups – Spoken Edition
Endor Labs, which builds tools to scan AI-generated code for vulnerabilities, lands $93M

TechCrunch Startups – Spoken Edition

Play Episode Listen Later Apr 25, 2025 3:55


AI-generated code is no doubt changing how software is built, but it's also introducing new security challenges. More than 50% of organizations encounter security issues with AI-produced code sometimes or frequently, according to a late 2023 survey by developer security platform Synk. Learn more about your ad choices. Visit podcastchoices.com/adchoices

RNZ: Morning Report
Critical infrastructure vulnerabilities exposed

RNZ: Morning Report

Play Episode Listen Later Apr 22, 2025 4:33


Two widespread communications failures in the Northland storm and Otago-Southland within two days last week have again exposed the vulnerability of critical infrastructure. Phil Pennington spoke to Ingrid Hipkiss.

The Manila Times Podcasts
NEWS: Vulnerabilities in PH education cited | April 23, 2025

The Manila Times Podcasts

Play Episode Listen Later Apr 22, 2025 2:18


NEWS: Vulnerabilities in PH education cited | April 23, 2025Visit our website at https://www.manilatimes.netFollow us:Facebook - https://tmt.ph/facebookInstagram - https://tmt.ph/instagramTwitter - https://tmt.ph/twitterDailyMotion - https://tmt.ph/dailymotionSubscribe to our Digital Edition - https://tmt.ph/digitalSign up to our newsletters: https://tmt.ph/newslettersCheck out our Podcasts:Spotify - https://tmt.ph/spotifyApple Podcasts - https://tmt.ph/applepodcastsAmazon Music - https://tmt.ph/amazonmusicDeezer: https://tmt.ph/deezerStitcher: https://tmt.ph/stitcherTune In: https://tmt.ph/tunein#TheManilaTimesVisit our website at https://www.manilatimes.netFollow us:Facebook - https://tmt.ph/facebookInstagram - https://tmt.ph/instagramTwitter - https://tmt.ph/twitterDailyMotion - https://tmt.ph/dailymotionSubscribe to our Digital Edition - https://tmt.ph/digitalSign up to our newsletters: https://tmt.ph/newslettersCheck out our Podcasts:Spotify - https://tmt.ph/spotifyApple Podcasts - https://tmt.ph/applepodcastsAmazon Music - https://tmt.ph/amazonmusicDeezer: https://tmt.ph/deezerStitcher: https://tmt.ph/stitcherTune In: https://tmt.ph/tunein#TheManilaTimes Hosted on Acast. See acast.com/privacy for more information.

T-Minus Space Daily
Space Vulnerabilities with the Aerospace Corporation.

T-Minus Space Daily

Play Episode Listen Later Apr 19, 2025 29:18


James “Jim” Myers, Senior Vice President of the Civil Systems Group at the Aerospace Corporation discusses the shift in cybersecurity threats and the need for better cyber hygiene in the space industry.  You can connect with Jim on LinkedIn, and learn more about the Aerospace Corporation on their website. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Talos Takes
Year in Review special part 1: vulnerabilities, email threats, and adversary tooling

Talos Takes

Play Episode Listen Later Apr 10, 2025 18:15


Talos researchers Martin Lee and Thorsten Rosendahl join Hazel for the first of our dedicated episodes on the top findings from Talos' 2024 Year in Review. We discuss the vulnerabilities that attackers most targeted, how this compares with CISA's list, and how to protect network devices. Given how email lures are evolving, we spend some time chatting about how the current world news cycle may play into adversary's campaign cycles. And finally we touch on how to spot signs that your own sysadmin tools may be being used against you. For the full report, head to https://blog.talosintelligence.com/2024yearinreview/

The Briefing
Albo wins first debate + The hacker exposing all our vulnerabilities

The Briefing

Play Episode Listen Later Apr 8, 2025 23:29


Wednesday Headlines: Anthony Albanese wins first leaders debate, Jim Chalmers having high-level finance talks, Australia's median home value has increased, META is expanding its teen account protections, Sea World Helicopter crash findings to be delivered today, and a wolf that’s been extinct for over 13-thousand years has been brought back to life ... or has it?! Deep Dive: Australia’s preparing for a new kind of war, one that doesn’t involve soldiers and weapons, but cyber criminals who could take whole cities offline with just the press of a button. One former hacker turned future crime researcher says he’s paid to prepare the country against modern warfare - a kind of war he says even our own military couldn’t protect us from. In today’s episode of The Briefing, Tara Cassidy is joined by futurist Skeeve Stevens to find out all the ways we are being targeted, who our biggest threats are and what we’re doing about it. Follow The Briefing: TikTok: @listnrnewsroom Instagram: @listnrnewsroom @thebriefingpodcast YouTube: @LiSTNRnewsroom Facebook: @LiSTNR NewsroomSee omnystudio.com/listener for privacy information.

Bitcoin Takeover Podcast
S16 E16: Andreas Brekken on SideShift & Bitcoin Moderation

Bitcoin Takeover Podcast

Play Episode Listen Later Apr 7, 2025 78:43


Andreas Brekken is best known for creating SideShift.ai and acting as the CEO of Shitcoin.com. In this episode, he talks about his views on Bitcoin development, the emergence of DeFi, and the reasons why he considers cryptocurrencies superior to fiat. Time stamps: Introducing Andreas Brekken (00:00:51) The Sam Bankman-Fried Interview on Shitcoin.com (00:01:50) Clustering Analysis and Customer Funds (00:02:44) Bybit's Technical Issues (00:05:18) Historical Context of Exchanges (00:09:26) Shapeshift's KYC Moment (00:11:13) Why Aren't Zcash and Monero on SideShift? (00:14:59) Bitcoin Cash Hard Forks (00:20:45) Lightning Network Integration (00:22:23) Vulnerabilities in the Lightning Protocol (00:26:17) Critique of Lightning Network's Design (00:28:29) Submarine Swaps (00:29:28) LNBits v1 Launch (00:29:44) Lightning Wallets (00:30:19) LNBits is like Start9? (00:30:40) Andreas Brekken's Lightning Network Experience (00:31:15) Even Martti Malmi Is Using Wallet of Satoshi (00:31:37) Zcash Protocol (00:32:11) Bitcoin Variants on SideShift (00:32:26) Decentralized Finance (DeFi) on Ethereum (00:34:00) Citrea Project (00:35:26) Multisig Solutions (00:36:30) Automation in Bitcoin (00:41:18) Political Dynamics in Bitcoin Development (00:47:15) News Coverage on Bitcoin.com (00:51:27) Bitcoin Volatility and Performance Against Stonks (00:53:14) Peter Schiff Appreciation Era (00:55:42) Peter Schiff's Debates with Erik Voorhees (00:56:23) Bitcoin's Growing Influence (00:58:15) Future of Bitcoin (00:59:15) Layer Two Labs and Drive Chains (01:00:34) Innovation in Bitcoin (01:02:05) Convenience of Layer Two Solutions (01:02:51) Decred Discussion (01:09:53) Favorite Shitcoins (01:11:49) Subscribe to the shitcoin.com Newsletter? (01:16:31)

The Accidental Entrepreneur
Lessons Learned in Medical Device Cybersecurity

The Accidental Entrepreneur

Play Episode Listen Later Apr 4, 2025 55:29


Keywords:  cybersecurity, medical devices, entrepreneurship, business model, aviation security, solopreneur, FDA regulations, market niche, business lessons, technology, cybersecurity, healthcare, medical devices, FDA, HIPAA, patient safety, risk management, cybersecurity education, device vulnerabilities, consumer awareness Summary:  In this episode, Mitch Beinhaker interviews Christian Espinosa, a cybersecurity expert with a background in the Air Force and experience in protecting critical systems. They discuss Christian's journey from working in aviation cybersecurity to becoming an entrepreneur focused on medical device cybersecurity. Christian shares insights on the challenges of running a business, the importance of niche markets, and the lessons learned from selling his first company during the COVID-19 pandemic. The conversation also covers the business model of his current company, emphasizing fixed fees and efficiency incentives for his team. In this conversation, Christian Espinosa discusses the critical importance of cybersecurity in the healthcare sector, particularly concerning medical devices. He emphasizes the unique risks associated with these devices, the regulatory landscape, and the need for specialized knowledge in cybersecurity. The discussion also highlights the responsibility of patients to be informed about the devices they use and the potential vulnerabilities that exist. Espinosa shares insights on the challenges of scaling a cybersecurity business and the importance of having systems in place to ensure long-term success. Takeaways Christian's background includes military service and cybersecurity for aviation. Transitioning to entrepreneurship can stem from personal stress and dissatisfaction. Focusing on a niche market can lead to greater business success. Selling a company during a crisis can lead to unexpected outcomes. Medical device cybersecurity is increasingly important due to regulatory requirements. Fixed fee structures can incentivize efficiency in service delivery. Understanding the supply chain is crucial in cybersecurity for aviation and medical devices. Learning from past mistakes is essential for business growth. Marketing and sales strategies are vital for a startup's success. The landscape of medical device cybersecurity is competitive but lacks expertise. Cybersecurity in healthcare is crucial due to potential risks. Understanding FDA and HIPAA regulations is essential for device companies. Consumer education is key to making informed choices about medical devices. Choosing the right cybersecurity partner can prevent costly mistakes. Vulnerabilities in medical devices can lead to serious consequences. Patients should take agency over their health decisions and research devices. Cybersecurity must be integrated into the design phase of medical devices. Ongoing monitoring and testing are necessary for device safety. Scaling a business requires careful planning and the right team. The value of a business increases with systems that reduce reliance on the owner. Titles Navigating Cybersecurity: From Military to Medical Devices The Entrepreneurial Journey of a Cybersecurity Expert Lessons Learned in Medical Device Cybersecurity From Aviation to Medical Devices: A Cybersecurity Transition Building a Niche: The Importance of Specialization in Business Sound Bites "I was in the air force for a while." "I sold that company in 2020." "I thought everybody needed cybersecurity." "We charge fixed fee to our clients." "I have a fractional CFO." "There's a couple I consider competitors." "You can kill somebody or harm them." "We got all this knowledge." "It's much more effective as designed in." "You can't be the single point of failure." "We can certainly take advice." Chapters 00:00 Introduction and Background 04:24 Cybersecurity in Aviation 09:09 Transition to Entrepreneurship 12:12 Focus on Medical Device Cybersecurity 16:49 Lessons from Selling a Company 20:28 Business Model and Operations 27:11 Navigating Cybersecurity in Healthcare 33:44 Understanding Vulnerabilities in Medical Devices 50:55 Empowering Patients: Taking Charge of Cybersecurity

Today in Health IT
2 Minute Drill: Oracle Lawsuits Begin, HIPAA Rule Challenges, and Apple Vulnerabilities with Drex DeFord

Today in Health IT

Play Episode Listen Later Apr 4, 2025 3:46 Transcription Available


Class action lawsuits have been filed against Oracle in Texas following recent cyber incidents, with lawyers alleging poor security framework, inadequate staff training, and failure to implement preventative software. The Health Sector Coordinating Council's cybersecurity working group testified to Congress about medical device security and the suspended HIPAA security rule update, citing unrealistic cost estimates and implementation challenges. Additionally, critical zero-day vulnerabilities in Apple devices require immediate updates, plus a warning about a GPS app with 320,000 downloads that could allow stalkers to steal location data in real time.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Exploit Brokers - Hacking News
HN59 - Microsoft AI Discovers 20 Zero-Day Vulnerabilities in Bootloaders!

Exploit Brokers - Hacking News

Play Episode Listen Later Apr 3, 2025 19:22


The CyberWire
Chrome & Firefox squash the latest flaws.

The CyberWire

Play Episode Listen Later Apr 2, 2025 30:28


Google and Mozilla patch nearly two dozen security flaws. The UK's Royal Mail Group sees 144GB of data stolen and leaked. A bizarre campaign looks to recruit cybersecurity professionals to hack Chinese websites. PostgreSQL servers with weak credentials have been compromised for cryptojacking. Google Cloud patches a vulnerability affecting its Cloud Run platform. Oracle faces a class-action lawsuit over alleged cloud services data breaches. CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation and Hitachi Energy products. General Paul Nakasone offers a candid assessment of America's evolving cyber threats. On today's CertByte segment,  a look at the Cisco Enterprise Network Core Technologies exam. Are AI LLMs more like minds or mirrors? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources, this week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Enterprise Network Core Technologies (350-401 ENCOR) v1.1 exam. Today's question comes from N2K's Cisco CCNP Implementing and Operating Cisco Enterprise Network Core Technologies ENCOR (350-401) Practice Test. The ENCOR exam enables candidates to earn the Cisco Certified Specialist - Enterprise Core certification, which can also be used to meet exam requirements for several other Cisco certifications. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.cisco.com/site/us/en/learn/training-certifications/exams/encor.html   Selected Reading Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities (SecurityWeek) Royal Mail Group Loses 144GB to Infostealers: Same Samsung Hacker, Same 2021 Infostealer Log (Infostealers) Someone is trying to recruit security researchers in bizarre hacking campaign (TechCrunch) Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers (SC Media) ImageRunner Flaw Exposed Sensitive Information in Google Cloud (SecurityWeek) Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users (SecurityWeek) Oracle now faces class action amid alleged data breaches (The Register) CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS (Cyber Security News) Exclusive: Gen. Paul Nakasone says China is now our biggest cyber threat (The Record) Large AI models are cultural and social technologies (Science) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Security Today
Cyber Security Alerts: Recent Breaches and EDR Software Vulnerabilities

Cyber Security Today

Play Episode Listen Later Apr 2, 2025 14:01 Transcription Available


  In this episode of Cyber Security Today, host Jim Love covers several major cybersecurity incidents and vulnerabilities. Key stories include the compromise of Windows Defender and other Endpoint Detection and Response (EDR) systems, a data breach on X (formerly known as Twitter) exposing over 200 million user records, and a security flaw in several UK-based dating apps that led to the exposure of approximately 1.5 million private images. The discussion highlights how attackers are increasingly using legitimate software tools to bypass security measures, the implications of these breaches for users, and offers practical tips for maintaining robust cybersecurity. 00:00 Introduction to Today's Cyber Security News 00:29 Compromised Endpoint Detection and Response Systems 01:06 Bypassing Windows Defender: Methods and Implications 02:52 Ransomware Tactics and Legitimate Tool Exploits 04:20 Time Traveling Attacks and EDR Limitations 06:33 Massive Data Breach on X (Twitter) 08:30 UK Dating Apps Expose Private Images 10:47 Fraud Alerts and Scams 13:25 Conclusion and Final Thoughts

Cyber Security Headlines
Mozilla Thunderbird takes on Gmail, surge in scans on PAN GlobalProtect VPNs, Microsoft uncovers bootloader vulnerabilities

Cyber Security Headlines

Play Episode Listen Later Apr 2, 2025 6:35


Mozilla Thunderbird finally takes on Gmail with new email service Surge in scans on PAN GlobalProtect VPNs hints at attacks Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk Management. Visit qualys.com/etm for more information."  

The BlueHat Podcast
AI & the Hunt for Hidden Vulnerabilities with Tobias Diehl

The BlueHat Podcast

Play Episode Listen Later Apr 2, 2025 35:25


In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by security researcher Tobias Diehl, a top contributor to the Microsoft Security Research Center (MSRC) leaderboards and a Most Valuable Researcher. Tobias shares his journey from IT support to uncovering vulnerabilities in Microsoft products. He discusses his participation in the upcoming Zero Day Quest hacking challenge and breaks down a recent discovery involving Power Automate, where he identified a security flaw that could be exploited via malicious URLs. Tobias explains how developers can mitigate such risks and the importance of strong proof-of-concept submissions in security research.  In This Episode You Will Learn:  Researching vulnerabilities in Power Automate, Power Automate Desktop, and Azure The importance of user prompts to prevent unintended application behavior Key vulnerabilities Tobias looks for when researching Microsoft products Some Questions We Ask: Have you submitted any AI-related findings to Microsoft or other bug bounty programs? How does the lack of visibility into AI models impact the research process? Has your approach to security research changed when working with AI versus traditional systems?    Resources:      View Tobias Diehl on LinkedIn   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks   Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. 

Cyber Security Today
Canadian Hacker Linked To Anonymous Charged In Texas GOP Hack: Cyber Security Today for March 31, 2025

Cyber Security Today

Play Episode Listen Later Mar 31, 2025 6:41 Transcription Available


Cybersecurity Today: Hacktivism, Solar Power Vulnerabilities, and Global Phishing Challenges In this episode of Cybersecurity Today, host David Shipley covers multiple cybersecurity stories including: a Canadian hacker charged for the 2021 Texas GOP hack, vulnerabilities in solar power gear, France's national phishing test for students, and the tragic impact of online fraud in India. Shipley delves into the implications for cybersecurity professionals and emphasizes the need to destigmatize fraud and support victims. 00:00 Introduction and Headlines 00:25 Canadian Hacker Charged for Texas GOP Hack 02:12 Vulnerabilities in Solar Power Gear 02:56 France's National Phishing Simulation for Students 04:19 Tragic Consequences of Online Fraud in India 05:16 Rising Online Fraud and Its Impact in Canada 06:15 Conclusion and Call to Action

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Friday, March 27th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Mar 28, 2025 6:15


Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 Our honeypots detected a deserialization attack against the CMS Sitecore using a thumnailaccesstoken header. The underlying vulnerability was patched in January, and security firm Searchlight Cyber revealed details about this vulnerability a couple of weeks ago. https://isc.sans.edu/diary/Sitecore%20%22thumbnailsaccesstoken%22%20Deserialization%20Scans%20%28and%20some%20new%20reports%29%20CVE-2025-27218/31806 Blasting Past Webp Google s Project Zero revealed details how the NSO BLASTPASS exploit took advantage of a Webp image parsing vulnerability in iOS. This zero-click attack was employed in targeted attack back in 2023 and Apple patched the underlying vulnerability in September 2023. But this is the first byte by byte description showing how the attack worked. https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html Splunk Vulnerabilities Splunk patched about a dozen of vulnerabilities. None of them are rated critical, but a vulnerability rated High allows authenticated users to execute arbitrary code. https://advisory.splunk.com/ Firefox 0-day Patched Mozilla patched a sandbox escape vulnerability that is already being exploited. https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/

Cyber Security Headlines
JavaScript injection campaign, solar power vulnerabilities, SIM swap lawsuit

Cyber Security Headlines

Play Episode Listen Later Mar 28, 2025 8:16


150,000 sites compromised by JavaScript injection Vulnerabilities in numerous solar power systems found T-Mobile pays $33 million in SIM swap lawsuit Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. Find the stories behind the headlines at CISOseries.com.

The Gambling Files
Firesand's Chris Blake talks IT insecurity, suppliers and much more: The Gambling Files RTFM 203

The Gambling Files

Play Episode Listen Later Mar 28, 2025 56:32


Another week, another chance for us to caress your ears with our words and wisdom. Well, the wisdom of our guests. No Fintan this episode though, our apologies. He's executiving.In this episode of the Gambling Files podcast, host Jon Bruford welcomes Chris Blake, a director at FireSand, to discuss the critical issues surrounding cybersecurity in the iGaming industry. They explore a recent data breach incident involving a German operator, the vulnerabilities that were exploited, and the importance of proper API security and penetration testing.The conversation also delves into regulatory frameworks, the challenges of supply chain security, and the necessity for proactive security measures to protect sensitive data. We get into the vulnerabilities inherent in software security, the evolution of security practices, and the importance of continuous security measures. The conversation highlights real-world challenges faced by casinos, the intersection of physical and cyber security, and the brand responsibility that comes with managing these risks. They emphasize the need for a deeper understanding of security within organizations and the unique challenges faced by the gambling sector in addressing cybersecurity effectively.Choice quotes: "It's marking your own homework""The gaming sector is a bit behind.""It's a supply chain problem.""It's only got to go wrong once, right?""It's not a chain, it's a fucking web.""Security isn't well understood."Chapters: 00:00 Introduction and Sponsor Acknowledgment02:48 Guest Introduction and Background06:02 Cybersecurity in the iGaming Industry09:01 Vulnerabilities in German Operator's Data11:59 Understanding API Security and Misconfigurations14:50 Regulatory Frameworks and Penetration Testing17:48 In-House vs. Outsourced Security Testing21:00 The Importance of Proactive Security Measures23:55 Supply Chain Security Challenges29:45 Understanding Supply Chain Vulnerabilities31:49 The Evolution of Software Security33:41 The Challenge of Code Security35:46 The Importance of Continuous Security Practices36:53 Real-World Security Challenges in Casinos39:04 Brand Responsibility in Security42:00 The Intersection of Physical and Cyber Security46:12 The Complexity of Security in Organizations51:59 Addressing Cybersecurity in the Gambling IndustryThe Rembrandt of CRM, we thank Optimove for their support, which helps us to keep this podcast ticking over. They turn customer data into PURE GOLD, with tools that make businesses shine. Optimove, your support helps us make things that people listen to. I was going to write 'entertain people' but realised it was a bit of a reach. Clarion Gaming is of course the industry's Da Vinci, and we thank them for keeping the gaming industry buzzing and sponsoring our podcast! If you've been at ICE in Barcelona, you'll know they knocked it out of the park. Every day is a Vitruvian Man with Clarion.And of course there's our wonderful Van Gogh-like sponsors at OddsMatrix Sports Betting Software Solutions — your go-to for sportsbook platforms and data feeds. EveryMatrix's coverage is so wonderful, it makes Wheatfield With Crows look rubbish.The Gambling Files podcast delves into the business side of the betting...

The Colion Noir Podcast
Former FBI Trainer Talks US Vulnerabilities

The Colion Noir Podcast

Play Episode Listen Later Mar 26, 2025 41:49


Former FBI Trainer, Rob Chadwick talks to Colion about the state of the US and its vulnerabilites.

Absolute AppSec
Episode 280 - Middleware Vulnerabilities, Identifying Enumeration with LLMs

Absolute AppSec

Play Episode Listen Later Mar 25, 2025


Seth and Ken are back with an episode dedicated to a review of the recent Next.js middleware vulnerability and how that impacts application security both specifically and in general. Over-dependence on third party software accompanied by agile development can lead to devastating results when security flaws are identified. A followup and demo of using LLMs to analyze HTTP sessions for user enumeration flaws as a sneak peak of an upcoming talk by Seth for BSidesSLC.

PodRocket - A web development podcast from LogRocket
Moving to ESM from CJS with Anthony Fu

PodRocket - A web development podcast from LogRocket

Play Episode Listen Later Mar 20, 2025 25:10


Anthony Fu, Framework Developer at Nuxt Labs, discusses the shift to ESM-only formats in JavaScript development. He covers the controversy surrounding ESM, the advantages of moving from CJS to ESM, and what this transition means for the future of web development. Tune in to learn why now is the ideal time for this change, and how it benefits developers! Links https://antfu.me https://bsky.app/profile/antfu.me https://github.com/antfu https://x.com/antfu7 https://www.linkedin.com/in/antfu https://antfu.me/posts/move-on-to-esm-only We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Anthony Fu.

Cyber Security Today
Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations: Wednesday, March 19, 2025

Cyber Security Today

Play Episode Listen Later Mar 19, 2025 8:10 Transcription Available


Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations In this episode of Cybersecurity Today, host Jim Love discusses several pressing cybersecurity issues including the exploitation of a server-side request forgery (SSRF) vulnerability in OpenAI's ChatGPT infrastructure (CVE-2024-27564), leading attackers to redirect users to malicious URLs. He also talks about how researchers at Tiny Hack have made breakthroughs in cracking Akira ransomware using high-powered GPUs, and Malwarebytes' warning about malware embedded in free online file converters. The episode highlights the importance of robust cybersecurity measures, innovative methods to combat ransomware, and cautious internet usage. 00:00 Introduction to Cybersecurity Threats 00:19 Exploiting ChatGPT Vulnerabilities 02:15 Cracking Akira Ransomware 05:01 Malware in Free Online Converters 07:12 Conclusion and Listener Support

Storm⚡️Watch by GreyNoise Intelligence
Unforgivable Vulnerabilities & The Ballista Botnet Nightmare: Why Your Router Might Be Part of a Global Attack

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Mar 18, 2025 62:30


Forecast = Router-geddon: Ballista storms brewing with a chance of unforgivable vulnerabilities. Patch umbrella required. ‍ In this episode of Storm ⚡ ️Watch, the crew laments the sorry state of modern edge computing through the lens of Steve Coley's 2007 paper on "Unforgivable Vulnerabilities". The discussion examines security flaws that should never appear in properly developed software yet continue to plague systems today. These vulnerabilities demonstrate a systematic disregard for secure development practices and would be immediately obvious to anyone with basic security awareness. The team breaks down "The Lucky 13" vulnerabilities, including buffer overflows, cross-site scripting, SQL injection, and hard-coded credentials, while also exploring how modern AI tools might inadvertently introduce these same issues into today's codebase, and how one might go about properly and safely use them in coding and security engineering. The episode also features an in-depth analysis of the newly discovered Ballista botnet that's actively targeting TP-Link Archer routers through a vulnerability discovered two years ago. First detected on January 10, 2025, this botnet has already infected over 6,000 devices worldwide, with the most recent activity observed in mid-February. The threat actors behind Ballista, believed to be based in Italy, have targeted organizations across multiple sectors including manufacturing, healthcare, services, and technology in the US, Australia, China, and Mexico. The botnet exploits CVE-2023-1389 to spread malware that establishes encrypted command and control channels, enabling attackers to launch DDoS attacks and further compromise vulnerable systems. The team rounds out the episode with updates from their partner organizations. Censys shares insights on JunOS vulnerabilities and the RedPenguin threat actor, along with an investigation into server misidentification issues. RunZero discusses the importance of cybersecurity labeling for end-of-life and end-of-support consumer IoT devices. GreyNoise alerts listeners to a new surge in SSRF exploitation attempts reminiscent of the 2019 Capital One breach and promotes their upcoming webinar on March 24th. As always, the Storm⚡️Watch crew delivers actionable intelligence and expert analysis to help security professionals stay ahead of emerging threats in the ever-evolving cybersecurity landscape. Storm Watch Homepage >> Learn more about GreyNoise >>  

Touchy Subjects Podcast
Vulnerabilities to Abusive Relationships ft Dana Diaz

Touchy Subjects Podcast

Play Episode Listen Later Mar 14, 2025 49:34


Send us a textWhat we experience in childhood plays an integral role in our adult lives. Those experiences, when they are neglect, abuse, and degradation, can set us up for having unhealthy or abusive relationships in the future. Join as our friend Dana chats with us about her experiences and how they made her vulnerable to the abuse she later experienced.  For more about Dana, find her on Instagram @danas.diaz, on Facebook at DanaSDiazAuthor, and on her website danasdiaz.com.Stay up to date with our episodes and happenings by following us on Facebook, Threads, Instagram, and LinkedIn and please email any questions or feedback to TouchySubjectsPodcast@gmail.com or head to our website TouchySubjectsPodcast.com.If you or someone you know wants assistance please call the National Hotline at 1−800−799−7233 or visit https://www.thehotline.org or the National Sexual Assault Helpline at 1-800-656-4673 or RAINN.org.Music credits: Uplifting Summer by Alex_MakeMusic (2021) Licensed under a Pixabay License. http://pixabay.com/music/dance-uplifting-summer-10356/The views and opinions expressed in this podcast are the host's own and might not represent the official views and opinions of the agencies in which they represent. 

Cloud Security Podcast
CNAPPs & CSPMs don't tell the full cloud security story

Cloud Security Podcast

Play Episode Listen Later Mar 13, 2025 49:23


In this episode we speak to Nick Jones, an expert in offensive cloud security and Head of Research at WithSecure to expose the biggest security gaps in cloud environments and why CNAPPs and CSPMs alone are not enough often.How cloud pentesting differs from traditional pentestingWhy CSPMs & CNAPPs don't tell the full cloud security storyThe biggest cloud attack paths—identity, IAM users, and CI/CDWhy “misconfigurations vs vulnerabilities” is the wrong debateHow organizations should prepare for a cloud pentestWith real-world examples from red team engagements and cloud security research, Nick shares insider knowledge on how attackers target AWS, Azure, and Kubernetes environments—and what security teams can do to stop them.Guest Socials: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Nick's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:40) A bit about Nick Jones(03:56) How has Cloud Security Evolved?(05:52) Why do we need pentesting in Cloud Security?(08:09) Misconfiguration vs Vulnerabilities(11:04) Cloud Pentesting in Different Environments(17:05) Impact of Kubernetes Adoption on Offensive Cloud Security(20:19) Planning for a Cloud Pentest(29:04) Common Attacks Paths in Cloud(33:05) Mitigating Common Risk in Cloud(35:14) What is Detection as Code?(41:17) Skills for Cloud Pentesting(45:28) Fun Sections

The CyberWire
Will Plankey lead CISA to victory?

The CyberWire

Play Episode Listen Later Mar 12, 2025 32:09


The White House names their nominee for CISA's top spot. Patch Tuesday updates. Apple issues emergency updates for a zero-day WebKit vulnerability. Researchers highlight advanced MFA-bypassing techniques. North Korea's Lazarus Group targets cryptocurrency wallets and browser data. Our guest today is Rocco D'Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Making sense of the skills gap paradox.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us today is Rocco D'Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Selected Reading Trump nominates Sean Plankey as new CISA director (Tech Crunch) CISA worker says 100-strong red team fired after DOGE action (The Register) March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, 7 Zero-Days (Hackread) ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens (SecurityWeek) CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild (Cyber Security News) Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks (Cyber Security News) Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account (Cyber Security News) North Korean Lazarus hackers infect hundreds via npm packages (Bleeping Computer) Welcome to the skills gap paradox (Computing) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Autonomous IT
Patch [FIX] Tuesday – March 2025: [Expert Analysis of Chromium, MMC, and VHD Vulnerabilities], E17

Autonomous IT

Play Episode Listen Later Mar 11, 2025 16:58


Tune in as Automox's cybersecurity experts break down the latest vulnerabilities from Microsoft's March Patch Tuesday release. This explores recent Chromium-based vulnerabilities, a significant Microsoft Management Console flaw, and file system vulnerabilities impacting VHD files. Beyond the technical analysis, the discussion highlights essential practices, including security training, robust password management, and recognizing the dangers posed by untrusted sources. Whether you're an IT professional or a cybersecurity enthusiast, this podcast provides actionable insights to help safeguard your organization.

Storm⚡️Watch by GreyNoise Intelligence
Cybersecurity Chaos: CISA Controversy, Telecom Hacks, and Exploited Vulnerabilities

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Mar 11, 2025 62:30


Forecast: Cloudy with a chance of compromised credentials and scattered vulnerabilities—stay alert out there! ‍ In this episode of Storm⚡️Watch, we're unpacking some of the most pressing developments in cybersecurity and what they mean for the industry. First, we tackle the state of CISA and its mounting challenges. From allegations that the Trump administration ordered U.S. Cyber Command and CISA to stand down on addressing Russian cyber threats, to financial groups pushing back against CISA's proposed incident reporting rule, there's no shortage of turbulence. Adding fuel to the fire, Homeland Security Secretary Kristi Noem has disbanded eight federal advisory committees, including key cybersecurity groups, citing compliance with a Trump-era executive order. Critics argue these cuts could weaken public-private collaboration and hinder CISA's ability to protect critical infrastructure. We'll break down what all this means for the future of cybersecurity leadership in the U.S. Next, we revisit a shocking case involving a U.S. soldier who plans to plead guilty to hacking 15 telecom carriers. This story highlights the ongoing risks posed by insider threats and the vulnerabilities within telecom networks, which are often targeted for their treasure troves of sensitive data. We'll explore how this case unfolded, what it reveals about vetting processes for individuals with access to critical systems, and the broader implications for cybersecurity in government-affiliated organizations. We also spotlight some fascinating research from Censys on a phishing scam exploiting toll systems across multiple states. Attackers are leveraging cheap foreign SIM cards and Chinese-hosted infrastructure in a campaign that keeps evolving. Plus, RunZero sheds light on a critical vulnerability affecting Edimax IP cameras (CVE-2025-1316), while GreyNoise reports on mass exploitation of a PHP-CGI vulnerability (CVE-2024-4577) and active threats linked to Silk Typhoon-associated CVEs. Storm Watch Homepage >> Learn more about GreyNoise >>  

Bitcoin Takeover Podcast
S16 E11: Paul Sztorc on Roger Ver

Bitcoin Takeover Podcast

Play Episode Listen Later Mar 4, 2025 225:44


Despite your bad memories from the Block Size war, you should support Roger Ver's campaign for clemency – or at least this is what Layer Two Labs CEO Paul Sztorc thinks you should do. In this episode, we discuss why Roger deserves to stay free. Time stamps: Introducing Paul Sztorc (00:00:54) The host welcomes listeners and introduces guest Paul Sztorc, discussing Roger Ver's situation. Paul's Connection with Roger Ver (00:01:42) Paul shares his connection to Roger Ver and his experiences in the Bitcoin community. Roger Ver's Contributions (00:02:54) Discussion on Roger's significant investments and efforts in early Bitcoin companies. Challenges at Mt. Gox (00:03:59) Paul recounts Roger's volunteer work during the Mt. Gox crisis, highlighting his dedication. Bitcoin's Early Days (00:05:05) Reflections on Bitcoin's obscurity before mainstream recognition, including the Financial Times article. The Evolution of Bitcoin Conferences (00:06:18) Paul reminisces about early Bitcoin conferences and their small scale compared to today. Tax Evasion Claims and Bitcoin's Value (00:08:23) Discussion on misconceptions about Bitcoin's value and Roger's tax situation during its early days. Roger's Generosity and Alliances (00:10:34) Highlighting Roger's contributions to various libertarian causes and his personal sacrifices. The Block Size War (00:11:39) Introduction to the block size debate and its impact on Roger's reputation in the Bitcoin community. Michael Saylor's Skepticism (00:12:29) The host references a tweet from Michael Saylor expressing doubts about Bitcoin in 2013. Roger's Early Bitcoin Investments (00:13:13) Paul shares a story about Roger's commitment to Bitcoin, selling his Lamborghini for more BTC. Roger's Influence and Marketing (00:14:26) Discussion on Roger's positive energy and efforts to promote Bitcoin to the public. The Role of BitPay (00:15:38) Explaining how BitPay helped businesses accept Bitcoin, making it more accessible. Roger's Vision for Bitcoin (00:18:48) Paul discusses Roger's motivations during the block size war and his vision for Bitcoin's future. Aftermath of the Block Size War (00:20:06) Reflections on the complacency of the Bitcoin community post-war and the resulting divisions. Playing the Villain (00:20:45) The host introduces a playful debate format, questioning Roger's promotion of Bitcoin Cash. The Scammer Accusation (00:21:18) Discussion about accusations against Roger Ver being labeled a scammer due to perceived financial losses. The Block Size Debate (00:21:35) Debate on the implications of hard forks and naming conventions in the context of Bitcoin's block size. Satoshi's Conflicted Views (00:22:22) Exploration of Satoshi Nakamoto's ambiguous stance on block sizes and their impact on Bitcoin. Mt. Gox Video Controversy (00:24:23) Reference to Roger Ver's video on Mount Gox and its perceived implications for Bitcoin's credibility. Self-Custody Awareness (00:25:03) Discussion on the understanding of self-custody in Bitcoin during the early days compared to now. Roger's Involvement with Mt. Gox (00:26:57) Analysis of Roger Ver's proactive attempts to assist Mount Gox during its crisis. Historical Context of Criticism (00:29:06) Reflection on how hindsight alters perceptions of Roger's actions during the Mt. Gox incident. Debate Dynamics (00:31:00) Insights into Roger Ver's debate style and the challenges faced by opponents like Jimmy Song. Roger's Support of Craig Wright (00:36:22) Discussion on Roger Ver's past support for Craig Wright and subsequent regrets regarding that decision. Legal Battles with Craig Wright (00:40:14) Mention of Roger Ver's successful lawsuit against Craig Wright as a potential redemption. Romance Scams and Reporting (00:40:53) Discussion on how victims of romance scams often feel ashamed and do not report incidents. Karmic Justice and Roger Ver (00:44:16) Exploration of public anger towards Roger Ver and perceptions of justice regarding his past actions. Chaos Climbers in the Bitcoin Community (00:45:03) Analysis of individuals rising in influence by criticizing opposing factions during the block size war. Debate Analysis: Samson vs. Roger (00:46:02) Reflection on the 2018 debate between Samson and Roger, highlighting performance over substance. Clipping and Public Perception (00:48:11) Discussion on how clipped statements can distort public perception and impact reputations. Economic Growth and Human Welfare (00:49:07) The importance of economic growth for human welfare and the misunderstanding surrounding its implications. Performativity in Bitcoin Discourse (00:50:26) Critique of the performative outrage in Bitcoin discussions and its effects on community dynamics. Debate Takeaways and Misrepresentation (00:51:08) Observations on how the narrative from the debate overshadowed substantive discussions about Bitcoin. Scaling Solutions: Lightning vs. Bitcoin Cash (00:52:13) Comparison of the Lightning Network and Bitcoin Cash as competing solutions to Bitcoin's scaling issues. Hard Forks and Community Splits (00:54:43) Discussion on the implications of hard forks on community cohesion and the future of Bitcoin. Victimless Crimes in Forks (00:57:54) Reflection on the benefits of Bitcoin forks and the perception of them as victimless crimes. Toxic Bitcoin Maximalism (00:58:41) Analysis of how toxic maximalism emerged as a reaction to the proliferation of altcoins and forks. Conception of Money and Community (00:59:03) Discussion on the importance of a unified currency and the challenges posed by multiple forks. Ethereum as the Opposition (01:00:28) Exploration of Ethereum's role as a competing force against Bitcoin and its community dynamics. Network Effects and Complacency (01:00:52) Discussion on how dominant networks can lead to complacency and hinder competition in the crypto space. Block Size War and Ethereum's Rise (01:01:40) Exploration of Ethereum's growth during the block size debate and its impact on the crypto landscape. Scaling Challenges in Bitcoin (01:02:52) Overview of scaling solutions and the failures that led to external developments outside Bitcoin. Layer Two Labs Promotion (01:04:00) Introduction of Layer Two Labs and its mission to scale Bitcoin through sidechains. Drive Chains vs. Tree Chains (01:05:15) Comparison of Drive Chains and Tree Chains, highlighting conceptual differences and critiques. Bitcoin.com News Collaboration (01:08:40) Discussion about Bitcoin.com News and its valuable coverage of cryptocurrency topics. Critique of Current Thought Leaders (01:09:46) Speaker expresses disappointment in the insights provided by prominent figures in the crypto community. Exit Tax Controversy (01:11:20) Debate on the legitimacy and implications of the U.S. exit tax in relation to Roger Ver. Berlin Wall Explanation (01:21:19) Description of the Berlin Wall's historical significance and its role in the Cold War. The Berlin Wall Discussion (01:23:06) The speakers discuss the historical significance and implications of the Berlin Wall and its impact on families. Roger Ver's Moral Responsibility (01:27:02) A conversation about Roger Ver's rejection of the social contract based on his moral beliefs regarding taxation. Exit Tax Controversy (01:27:30) Debate on the fairness of the exit tax and its implications for individuals like Roger Ver. Roger Ver's Legal Representation (01:28:09) Discussion on Roger Ver's legal situation and the role of his law firm in his tax issues. Greg Maxwell's Threats (01:29:33) Mention of Greg Maxwell's threats towards Roger Ver and the potential consequences of such actions. Birthday Surprise (01:30:18) A light-hearted moment as the host celebrates a birthday surprise during the podcast. Tax Law Complications (01:32:07) The complexity of tax law and its implications for Roger Ver's financial situation are explored. Jameson Lopp's Tweet (01:35:14) Analysis of a tweet discussing Roger Ver's tax issues and the IRS's claims against him. CoinFlex Bankruptcy Discussion (01:37:01) Exploration of Roger Ver's financial troubles related to CoinFlex and the implications of his legal battles. Roger's Video Explanation (01:39:14) Discussion about a video Roger Ver released explaining his situation with CoinFlex and legal constraints. Legal Challenges and Persecution (01:42:43) Reflections on Roger Ver's past legal challenges and the perception of him as a criminal in the Bitcoin community. Vindictiveness of the Blocksize War (01:43:46) Commentary on the negative attitudes and tactics used by some during the blocksize debate against Roger Ver. Discussion on Roger Ver's Bitcoin Contributions (01:44:56) We discuss Roger Ver's early contributions to Bitcoin and the controversies surrounding him. Twitter Controversies and Public Perception (01:46:00) The conversation touches on Twitter dynamics and public perceptions of Roger Ver's financial status. Taxation and IRS Issues (01:49:02) Concerns are raised about the lack of clarity from the IRS regarding tax obligations for Roger Ver. Critique of Tax System (01:50:05) A critique of the U.S. tax system and the complexities faced by taxpayers is presented. Roger Ver's Future and Clemency (01:52:39) Discussion on Roger Ver's potential return to the U.S. and the implications of his clemency. Plea Deals and Coercion in Legal System (02:01:29) The speakers examine the coercive nature of plea deals in the U.S. legal system. Justice System Inequities (02:03:59) A reflection on the inequities in the justice system and the challenges of sentencing. Introduction to Alexander Vinnik (02:05:07) Discussion about Vinnik's arrest and his connection to the Mount Gox hack. Comparison with Roger Ver (02:06:18) Contrasting Vinnik's criminal actions with the legal troubles faced by Roger Ver. Plea Deals and Legal System Issues (02:06:39) Exploring the coercive nature of plea deals in the justice system. Vinnik's Sentencing and Release (02:08:39) Details about Vinnik's sentencing and the circumstances of his release. Negotiations for Prisoner Exchange (02:09:50) Discussion about the political implications of Vinnik's negotiation for freedom. Details on the Trade (02:10:46) Information about the American teacher traded for Vinnik and her situation. Question from the Audience (02:12:54) Transition to audience questions regarding Bitcoin's scalability and potential forks. The Exodus Question (02:13:02) Audience inquiry about the potential migration to alternative cryptocurrencies. Forking Bitcoin Discussion (02:15:17) Analysis of the challenges and implications of forking Bitcoin. Cultural Apathy in Bitcoin Community (02:20:15) Reflection on the disconnection between miners and Bitcoin's philosophical discussions. Future of Bitcoin and Sidechains (02:22:33) Speculation on Bitcoin's ability to scale and the role of sidechains in its future. Discussion on Bitcoin Market Dynamics (02:27:41) Exploration of Bitcoin's market behavior and the implications of pricing strategies in a competitive landscape. Contention in Bitcoin Governance (02:28:31) Debate on the contentious nature of Bitcoin governance and the challenges of achieving consensus within the community. Concerns Over Bitcoin's Cultural Issues (02:30:31) Discussion on potential cultural problems within Bitcoin and the implications for its future success. Measuring Decentralization (02:31:58) Introduction to the concept of decentralization and its measurement within cryptocurrency contexts. Critique of Mining Centralization (02:32:08) Examination of the complexities and contradictions in defining mining centralization in Bitcoin. Transparency and Decentralization (02:34:03) Discussion on the importance of transparency and the peer-to-peer nature of Bitcoin versus traditional systems. State Rejection of Bitcoin Reserves (02:40:55) Insights into states rejecting Bitcoin reserve bills due to volatility concerns, reflecting on societal attitudes toward Bitcoin. Bitcoin's Role in Black Market Transactions (02:44:27) Analysis of Bitcoin's potential as a payment system in both legal and illegal markets, emphasizing its dual utility. Roleplay Request on BTC vs BCH (02:48:10) Engagement in a roleplay scenario discussing the market's preference for BTC over BCH and its implications. Orthodox Plan for Scaling (02:49:21) Discussion on the orthodox plan for Bitcoin scaling and competition with Ethereum and other altcoins. Competition and Market Share (02:50:39) Analysis of market competition and the declining market share of Bitcoin compared to Ethereum and Monero. Libertarian Party Dynamics (02:53:11) Exploration of the fragmentation within the Libertarian Party and its implications for political strategy. Libertarian Vote in Elections (02:54:52) Investigation into the percentage of votes received by the Libertarian Party in recent elections. Trump's Influence on Libertarians (02:56:40) Discussion on Trump's appeal to Libertarians and its impact on voting patterns. Free Ross Campaign Strategy (02:59:17) Strategy for political advocacy, focusing on the Free Ross campaign and leveraging support for major candidates. Comparing Cryptocurrency Market Positions (03:01:56) Examination of the market positions of various cryptocurrencies and their relative values. Bitcoin Cash Capabilities (03:02:50) Discussion on the capabilities of Bitcoin Cash and its potential for innovation in the crypto space. Historical Context of Bitcoin Development (03:04:12) Reflection on Bitcoin's development history and the missed opportunities for innovation. Language and Technological Change (03:06:27) Analogy between language evolution and cryptocurrency dominance, emphasizing technological impacts. Early Bitcoin Innovations (03:09:39) Revisiting early innovations in Bitcoin and their relevance to today's cryptocurrency landscape. Ossification and Innovation in Blockchain (03:11:36) Discussion on the ossification of blockchain and the need for innovation in Layer 2 solutions. Programming Languages Debate (03:12:43) Comparison of programming languages used in Bitcoin and Ethereum, referencing Steve Jobs' philosophy. Bitcoin's Imperfections (03:14:15) Discussion on Bitcoin's evolution and the ongoing need for improvements despite claims of perfection. Vulnerabilities in Bitcoin (03:15:21) Concerns over the delayed disclosure of vulnerabilities in Bitcoin's code and its implications. Power Dynamics in Bitcoin Development (03:16:41) Analysis of the influence of Bitcoin Core on development and the challenges faced by forks. John Dillon's Controversial Emails (03:18:00) Exploration of accusations against John Dillon and the implications for Bitcoin's governance. Coinjoin Bounty Scandal (03:20:19) Revelation of John Dillon's involvement with a bounty fund and its impact on project funding. The Role of Competition in Development (03:22:14) Importance of competition among software in driving innovation and user satisfaction. Roger Ver's Legal Troubles (03:25:28) Discussion about the potential consequences for those prosecuting Roger Ver and the nature of his accusations. Mail Fraud Charges Against Roger Ver (03:27:12) Overview of the legal accusations against Roger Ver, particularly concerning mail fraud. Hypothetical Perspective on Roger Ver (03:28:44) A thought experiment about how perceptions of Roger Ver would change based on exposure to propaganda. Thoughts on Taxation and Consent (03:32:32) Discussion on the ethics of taxation and Roger Ver's views on consent in financial matters. Tax Dollars and Freedom (03:33:53) Discussion on how American tax dollars fund IRS enforcement and the implications for those wanting to leave the country. Exit Tax Debate (03:35:06) Debate on the fairness of an exit tax and its implications for American citizens leaving the country. Roger Ver's Legal Battle (03:36:04) Analysis of Roger Ver's resources and challenges in his ongoing legal issues with tax authorities. Future Tax Laws and Risks (03:36:30) Concerns about potential future tax laws and their impact on individuals' financial situations. Legal Precedents and Justice (03:37:53) Discussion on how Roger Ver's case may set precedents for others facing similar legal challenges. Political Influence on Justice (03:38:58) Exploration of the arbitrary nature of legal sentences and political influences on the justice system. Dignity in Departure (03:39:29) Reflections on the emotional toll of leaving the U.S. while maintaining dignity and facing potential repercussions. Logistics of a Pardon (03:40:30) Speculation on the political motivations behind a potential pardon for Roger Ver. Tax Law Evolution (03:41:53) Discussion on how tax laws have changed over time, affecting the classification of Bitcoin. Legal Advice and Accountability (03:43:14) Questioning the responsibilities of tax attorneys in guiding clients through complex legal issues. Closing Remarks and Thanks (03:44:15)

american time community money donald trump strategy marketing freedom vision future news challenges elections innovation evolution speaker debate playing influence development revelation language transition reflections trade bitcoin competition engagement accountability reflection threats comparison exploring concerns mt generosity scams audience blockchain aftermath risks villains transparency scaling commentary criticism cold war steve jobs opposition investigation negotiation irs explaining reporting analysis exploration persecution consent pardon questioning speculation dignity financial times logistics critique ethereum observations departure libertarians involvement imperfection lamborghini complacency contributions skepticism taxation layer examination conception btc early days berlin wall alliances sentencing closing remarks economic growth analogy forks vulnerabilities contention decentralization coercion satoshi legal system libertarian party historical context satoshi nakamoto power dynamics legal battle market share legal advice clemency lightning network clipping monero legal challenges tax evasion public perception bitcoin cash michael saylor tax dollars birthday surprise gox craig wright bch network effects misrepresentation romance scams mt gox hard fork political influence roger ver moral responsibility jimmy song cultural issues bitpay bitcoin core technological change jameson lopp freeross bitcoin maximalism sidechains performativity john dillon bitcoin jesus coinflex drivechains alexander vinnik greg maxwell blocksize war human welfare
Absolute AppSec
Episode 278 - Security Conferences, Testing Data in Git, Unforgivable Vulnerabilities

Absolute AppSec

Play Episode Listen Later Mar 4, 2025


Seth and Ken return without a guest to discuss recent news, breaches, and research. Initial discussions around the purposes of the various security conferences and what is recommended for various professional levels. An article discussing recent customer data exposure by Zapier in git test data. Synthetic test data has been an issue for long time so not a surprising turn of events. Finally, thoughts on the definitions and classification of Unforgivable Vulnerabilities as proposed by the UK's National Cyber Security Centre.

Trent Loos Podcast
Rural Route Radio Feb 27, 2025 Kevin Kenney once again showing the vulnerabilities the farmer has

Trent Loos Podcast

Play Episode Listen Later Feb 28, 2025 48:04


Kevin says we could be 3 weeks away from the farmer losing the most effective ever tool in weed and pest control. In addition he has the notion the CO2 pipeline is a front for something else that nobody is talking about.

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Friday Feb 21st: Kibana Queries; Mongoose Injection; U-Boot Flaws; Unifi Protect Camera Vulnerabilities; Protecting Network Devices as Endpoint (Austin Clark @sans_edu)

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Feb 21, 2025 12:29


Using ES|QL In Kibana to Query DShield Honeypot Logs Using the "Elastic Search Piped Query Language" to query DShield honeypot logs https://isc.sans.edu/diary/Using%20ES%7CQL%20in%20Kibana%20to%20Queries%20DShield%20Honeypot%20Logs/31704 Mongoose Flaws Put MongoDB at risk The Object Direct Mapping library Mongoose suffers from an injection vulnerability leading to the potenitial of remote code exeuction in MongoDB https://www.theregister.com/2025/02/20/mongoose_flaws_mongodb/ U-Boot Vulnerabilities The open source boot loader U-Boot does suffer from a number of issues allowing the bypass of its integrity checks. This may lead to the execution of malicious code on boot. https://www.openwall.com/lists/oss-security/2025/02/17/2 Unifi Protect Camera Update https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f

The Fighter Pilot Podcast
OFW-10: Technology Vulnerabilities

The Fighter Pilot Podcast

Play Episode Listen Later Feb 18, 2025 56:26


On Future War is a 12-part series exploring the evolving landscape of military strategy and defense technologies with a focus on the Indo-Pacific.This tenth episode explores the vulnerability of computer chip manufacturing. With over 98% of logic and memory chips fabricated in just two countries, both located in the Indo-Pacific region, what happens if the supply of these chips is threatened? How can the United States meet this challenge? Host Scott Chafian and guest Daniel Marujo explore solutions.Brought to you by Authentic Media with the support of Cubic Defense.Support this podcast at — https://redcircle.com/the-fighter-pilot-podcast/donations

The CyberWire
Trump's opening moves.

The CyberWire

Play Episode Listen Later Jan 21, 2025 43:44


President Trump rolls back AI regulations and throws TikTok a lifeline. Attackers pose as Ukraine's CERT-UA tech support. A critical vulnerability is found in the Brave browser. Sophos observes hacking groups abusing Microsoft 365 services and exploiting default Microsoft Teams settings. Researchers uncover critical flaws in tunneling protocols. A breach exposes personal information of thousands of students and educators. Oracle patches 320 security vulnerabilities. Kaspersky reveals over a dozen vulnerabilities in a Mercedes-Benz infotainment system. Tim Starks from CyberScoop discusses executive orders on cybersecurity and the future of CISA. We preview coming episodes of Threat Vector.  Honesty isn't always the best policy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector podcast preview today:  IoT devices are everywhere, with billions deployed globally in industries like healthcare, manufacturing, and critical infrastructure. But this explosion of connectivity brings unprecedented security challenges. Host David Moulton speaks with Dr. May Wang, CTO of IoT Security at Palo Alto Networks, about how AI is transforming IoT security. Stay tuned for the full conversation this Thursday.  CyberWire Guest Our guest is Tim Starks from CyberScoop discussing executive orders on cybersecurity and the future of CISA. You can read Tim's article on the recent Biden EO here.   Selected Reading Trump revokes Biden executive order on addressing AI risks (Reuters) TikTok is back up in the US after Trump says he will extend deadline (Bleeping Computer) Hackers impersonate Ukraine's CERT to trick people into allowing computer access (The Record)  Brave Browser Vulnerability Let Malicious Website Mimic as Legitimate One (Cyber Security News)  Ransomware Groups Abuse Microsoft Services for Initial Access (SecurityWeek) Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally (Hackread) Students, Educators Impacted by PowerSchool Data Breach (SecurityWeek) Oracle To Address 320 Vulnerabilities in January Patch Update (Infosecurity Magazine) Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities (SecurityWeek) Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices