The inability of an entity to withstand the adverse effects of a hostile or uncertain environment
POPULARITY
Categories
I've spent years talking about endpoint security, yet printers rarely enter the conversation. Today, that blind spot takes center stage. I'm joined by Jim LaRoe, CEO of Symphion, to unpack why printers now represent one of the most exposed corners of the enterprise and what can be done about it. Jim's team protects fleets that range from a few hundred devices to tens of thousands, and the picture he paints is stark. In many organizations, printers make up 20 to 30 percent of endpoints, and almost all of them are left in a factory default state. That means open ports, default passwords, and little to no monitoring. Pair that with the sensitive data printers receive, process, and store, plus the privileged connections they hold to email and file servers, and you start to see why attackers love them. We trace Symphion's path from a configuration management roots story in 1999 to a pivot in 2015 when a major printer manufacturer invited the company behind the curtain. What they found was a parallel universe to mainstream IT. Brand silos, disparate operating systems, and a culture that treated printers as cost items rather than connected computers. Add in the human factor, where technicians reset devices to factory defaults after service as second nature, and you have a recipe for recurring vulnerabilities that never make it into a SOC dashboard. Jim explains how Symphion's Print Fleet Cybersecurity as a Service tackles this mess with cross-brand software, professional operations, and proven processes delivered for a simple per-device price. The model is designed to remove operational burden from IT teams. Automated daily monitoring detects drift, same-day remediation resets hardened controls, and comprehensive reporting supports regulatory needs in sectors like healthcare where compliance is non-negotiable. The goal is steady cyber hygiene for printers that mirrors what enterprises already expect for servers and PCs, without cobbling together multiple vendor tools, licenses, and extra headcount to operate them. We also talk about the hidden costs of DIY printer security. Licensing multiple management platforms for different brands, training staff who already have full plates, and outages caused by misconfigurations all add up. Jim shares real-world perspectives from organizations that tried to patch together a solution before calling in help. The pattern is familiar. Costs creep. Vulnerabilities reappear. Incidents push the topic onto the CISO's agenda. Symphion's pitch is straightforward. Treat print fleets like any other class of critical infrastructure in the enterprise, and measure outcomes in risk reduction, time saved, and fewer surprises. If you are commuting while listening and now hearing alarm bells, you are not alone. Think about the printers scattered across your offices and clinics. Consider the data that passes through them every day. Then picture an attacker who finds default credentials in minutes and uses a printer to move across your network. Tune in for a fast, practical look at a risk hiding in plain sight, and learn how Symphion's Print Fleet Cybersecurity as a Service can help you close a gap that attackers know too well. ********* Visit the Sponsor of Tech Talks Network: Land your first job in tech in 6 months as a Software QA Engineering Bootcamp with Careerist https://crst.co/OGCLA
Join host G Mark Hardy on CISO Tradecraft as he welcomes Patrick Garrity from VulnCheck and Tod Beardsley from Run Zero to discuss the latest in cybersecurity vulnerabilities, exploits, and defense strategies. Learn about their backgrounds, the complexities of security research, and strategies for effective communication within enterprises. The discussion delves into vulnerabilities, the significant risks posed by ransomware, and actionable steps for CISOs and security executives to protect their organizations. Stay tuned for invaluable insights on cybersecurity leadership and management. Chapters 00:00 Introduction and Guest Welcome 00:57 Meet Patrick Garrity: Security Researcher and Skateboard Enthusiast 02:12 Meet Todd Beardsley: From Hacker to Security Research VP 03:58 The Evolution of Vulnerabilities and Patching 07:06 Understanding CVE Numbering and Exploitation 14:01 The Role of Attribution in Cybersecurity 16:48 Cyber Warfare and Global Threat Landscape 20:18 The Rise of International Hacking 22:01 Delegation of Duties in Offensive Warfare 22:25 The Role of Companies in Cyber Defense 23:00 Attack Vectors and Exploits 24:25 Real-World Scenarios and Threats 28:46 The Importance of Communication Skills for CISOs 31:42 Ransomware: A Divisive Topic 38:39 Actionable Steps for Security Executives 45:58 Conclusion and Final Thoughts
BigBear.ai is at the forefront of innovation for national security, and is committed to supporting the critical infrastructure driving America's competitive edge. The company deploys cutting-edge Al, machine learning, and computer vision solutions to defend critical operations and win with decision advantage. Our guests are Eric Conway, Vice President of Technology, and Joe Davis, Cybersecurity Research Scientist at Bigbear.ai. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
AP Washington correspondent Sagar Meghani reports on this week's showdown between NATO jets and Russian drones over Poland.
"Revelation" is about exposing what's hidden: Vulnerabilities, Truths, and the role of hackers in revealing them.In this conversation, Casey John Ellis, founder of Bugcrowd, shares his journey from a curious child fascinated by technology to a pioneer in crowdsourced security. He discusses the evolution of bug bounty programs, the importance of community in cybersecurity, and the challenges of scaling a startup. Casey also emphasizes the need for good faith hackers, the role of AI in security, and the importance of mentorship in entrepreneurship. He reflects on the changing landscape of cybersecurity and the necessity for collaboration between generations in the field.00:00 - Introduction and Technical Challenges02:02 - Casey Ellis: A Journey into Hacking04:50 - Pioneering Crowdsourced Security with Bug Crowd07:36 - Building a Community of Hackers10:36 - Scaling Bug Crowd: Achievements and Growth13:35 - Unexpected Bug Bounty Submissions16:32 - Testing Infrastructure: Virtualization and Real-World Applications19:14 - Advocating for Good Faith Cybersecurity Research22:11 - Government Engagement and Cyber Policy25:03 - Adapting to the Current Threat Landscape26:41 - The Evolving Landscape of Cybersecurity29:58 - AI and Human Collaboration in Security34:22 - The Gray Areas of Cyber Ethics39:50 - Lessons in Entrepreneurship and Leadership44:17 - Generational Shifts in Cybersecurity Media46:40 - Finding Balance: Hobbies and Downtime48:24 - Imagining a Cybersecurity-Themed BarSYMLINKS[ Casey John Ellis Blog - https://cje.io ]The personal website of Casey John Ellis, featuring his writings and insights on cybersecurity, hacker rights, and vulnerability research.[ LinkedIn - https://www.linkedin.com/in/caseyjohnellis ]Casey's professional profile where he shares career updates and connects with the cybersecurity community.[ Bluesky - https://caseyjohnellis.bsky.social ]Casey's Bluesky account for sharing thoughts and engaging with the infosec community.[ Mastodon - https://infosec.exchange/@caseyjohnellis ]Casey's Mastodon profile on Infosec Exchange, where he posts updates and insights for the federated social community.[ X/Twitter - https://x.com/caseyjohnellis ]Casey's main microblogging profile where he actively shares cybersecurity insights and hacker advocacy.[ Linktree - https://linktr.ee/caseyjohnellis ]A hub linking to all of Casey's active social profiles and resources.[ BugCrowd - https://www.bugcrowd.com ]A leading crowdsourced security platform that connects organizations with a global hacker community to find and fix vulnerabilities.[ Disclose.io - https://disclose.io ]An open-source project standardizing best practices for vulnerability disclosure programs, enabling safe collaboration between researchers and organizations.
AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less
AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less
On the Maurin Academy's Political Philosophy podcast, Laurie is covering Jerzy Kosinski's Being There, a satirical novel about an image and wealth-obsessed American society bent on the mass narcissism of literally loving a politician. This is part 5 in the series. … More The Vulnerabilities of Democracy in the Age of Image
Podcast: Industrial Cybersecurity InsiderEpisode: FBI Alerts, OT Vulnerabilities, and What Comes NextPub date: 2025-09-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig and Dino break down the FBI's latest cybersecurity advisory and what it means for industrial organizations. From Cisco hardware vulnerabilities on the plant floor to the widening gap between IT and OT security teams, they address the critical blind spots that attackers often exploit. They discuss why manufacturing has become ransomware's “cash register,” the importance of continuous monitoring and asset visibility, and why every organization must have an incident response plan in place before a crisis. This episode is packed with real-world insights and actionable strategies. It's a must-listen for CISOs, CIOs, OT engineers, and plant leaders safeguarding manufacturing and critical infrastructure.Chapters:00:00:52 - Welcome to Industrial Cybersecurity Insider Podcast00:01:21 - A New FBI Advisory on Nation-State OT Threats00:02:37 - Cisco Hardware on the Plant Floor Targeted in Advisory00:03:18 - The IT/OT Disconnect: OT Assets are Often Invisible to InfoSec Teams00:04:19 - The Awareness Gap: Critical Security Alerts Fail to Reach OT Operations00:04:54 - The OT Cybersecurity Skills Gap and Cultural Divide00:07:32 - Why All Manufacturing is Critical, Citing the JBS Breach00:08:37 - The Staggering Economic Cost of OT Breaches00:09:33 - The "Cash Register" Concept: Why Attackers Target Manufacturing00:10:29 - OT as the New Frontier for Attacks on Unpatched Systems00:11:28 - The "Disinterested Third Party": When OEMs See Security as the Client's Problem00:12:31 - The Foundational First Step: Gaining Asset Visibility & Continuous Monitoring00:13:53 - The Impracticality of Patching in OT Due to Downtime and Safety Risks00:15:25 - Academic vs. Practitioner: Why High-Level Advice Fails on the Plant Floor00:18:25 - The Minimum Requirement: A Practiced, OT-Inclusive Incident Response Plan00:18:58 - Why CISOs Must Build Relationships with Key OT Partners00:22:46 - Practice, Partner, and Protect NowLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
The FBI investigates crimes of all types and sizes, but did you know that the FBI plays a role in securing U.S. agriculture?
The FBI investigates crimes of all types and sizes, but did you know that the FBI plays a role in securing U.S. agriculture?
Why are nearly all American homes built out of wood when most of the world uses brick, steel, or concrete? In Part I of our conversation Architect Jeana Ripple, author of The Type V City, explains how the U.S.'s reliance on light wood framing—known as Type V construction—became the national default. She breaks down the benefits (affordability, flexibility, sustainability) and the hidden risks (mold, storm damage, limited adaptability) that slowly shape the country's homes, neighborhoods, cities, and built environment. This conversation reveals how building codes and materials influence urban life far more than most of us realize.Jeana Ripple is the Chair of the Department of Architecture and the Vincent and Eleanor Shea Professor at the University of Virginia. A registered architect, she is principal and co-founder of the collaborative architecture firm, Mir Collective.LinksJeana Ripple - https://www.arch.virginia.edu/people/jeana-rippleMir Collective - https://mircollective.com/Purchase the BookUT Press: The Type V City: Codifying Material Inequity in Urban America - https://utpress.utexas.edu/9781477331620/Amazon: The Type V City: Codifying Material Inequity in Urban America - https://a.co/d/cUzKkySSubscribe to Most Podern on:Spotify - https://open.spotify.com/show/3zYvX2lRZOpHcZW41WGVrpApple Podcasts - https://podcasts.apple.com/us/podcast/most-podern-podcast/id1725756164Youtube - https://www.youtube.com/@MostPodernInstagram - https://www.instagram.com/most.podernLinkedIn - https://www.linkedin.com/company/most-podernKeywordsType V construction, The Type V City, Jeana Ripple, American housing, Wood frame construction, U.S. building codes, Urban design, Architecture podcast, Why U.S. houses are wood, Building codes explained, Wood vs concrete housing, Mass timber, Multifamily housing design, Housing crisis America, Home maintenance mold, Sustainable building materialsChapters00:00 Introduction to Type 5 Construction01:32 Understanding Type 5 and Its Global Context05:11 The Dominance of Type 5 in the U.S.07:58 The Evolution of Wood Frame Construction11:41 Maintenance and Vulnerabilities of Type 5 Buildings15:44 Consumer Awareness and Decision-Making19:10 The Role of Policy in Building Codes22:43 The Impact of Interest Groups on Building Regulations25:59 Future Directions for Type 5 Construction
In this week's Security Sprint, Dave and Andy covered the following topics:Main Topics:Annunciation Catholic Church Attack • Minneapolis Suspect Knew Her Target, but Motive Is a Mystery• Shooter who opened fire on Minneapolis Catholic school posted rambling videos• Robin Westman: Minneapolis gunman was son of church employee• Robin Westman posted a manifesto on YouTube prior to Annunciation Church shooting• Minneapolis school shooter wrote “I am terrorist” and “Kill yourself” in Russian on weapon magazines and listened to Russian rappers• Minneapolis Catholic Church shooter mocked Christ in video before attack• Minneapolis school shooter 'obsessed with idea of killing children', authorities say• Minnesota Mass Shooter Steeped in Far-Right Lore, White Nationalist Murderers• In Secret Diaries, the Church Shooter's Plans for Mass Murder• Minneapolis church shooting search warrants reveal new details and evidence• 'There is no message': The search for ideological motives in the Minneapolis shooting• Minneapolis Church Shooting: Understanding the Suspect's Video• More Of Minnesota Shooter's Writings Uncovered: ‘Gender And Weed F***ed Up My Head'• Classmates say Minnesota school shooter gave Nazi salutes and idolized school shootings back in middle schoolHoax Active Shooter Reports• More than a dozen universities have been targeted by false active shooter reports• This Is the Group That's Been Swatting US Universities• FBI urges students to be vigilant amid wave of swatting hoaxesAI & Cyber Threats • The Era of AI-Generated Ransomware Has Arrived• Researchers flag code that uses AI systems to carry out ransomware attacks & First known AI-powered ransomware uncovered by ESET Research • Anthropic: Detecting and countering misuse of AI: August 2025• A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four yearsCountering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System• FBI warns Chinese hacking campaign has expanded, reaching 80 countries• Allied spy agencies blame 3 Chinese tech companies for Salt Typhoon attacks• UK NCSC: UK and allies expose China-based technology companies for enabling global cyber campaign against critical networksQuick Hits:• Storm-0501's evolving techniques lead to cloud-based ransomware • Why Hypervisors Are the New-ish Ransomware Target• FBI Releases Use-of-Force Data Update• Denmark summons US envoy over report on covert American ‘influence operations' in Greenland• Falsos Amigos• Surge in coordinated scans targets Microsoft RDP auth servers• Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424• Citrix patches trio of NetScaler bugs – after attackers beat them to it• U.S., Japan, and ROK Join Mandiant to Counter North Korean IT Worker Threats• US sanctions fraud network used by North Korean ‘remote IT workers' to seek jobs and steal money• H1 2025 Malware and Vulnerability Trends • The FDA just overhauled its COVID vaccine guidance. Here's what it means for you• 25 August 2025 NCSC, AFOSI, ACIC, NCIS, DCSA, FBI, ED, NIST, NSF bulletin • DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says• Blistering Wyden letter seeks review of federal court cybersecurity, citing ‘incompetence,' ‘negligence'• Email Phishing Scams Increasingly Target Churches
I cover the announcement of Windows 11 25H2 entering preview, worrying details about Citrix Netscaler vulnerabilities, a company changing AI approach after public failures and much more! Reference Links: https://www.rorymon.com/blog/windows-11-25h2-now-in-preview-citrix-netscaler-vulnerabilities-disclosed-amazing-ai-stethoscope/
CannCon and Ashe in America welcome Phillip Davis, known online as @Mad_Liberals, for a deep-dive into election vulnerabilities exposed at DEFCON. Davis, a veteran software developer with decades in fingerprint identification systems, walks through how voting machines can be accessed and manipulated using readily available technician and poll worker cards. He explains the ease of altering ballots, prompts, and even candidate displays without leaving an audit trail, demonstrating how voters themselves can be unknowingly hacked. The conversation also unpacks the infamous Halderman Report, systemic security failures, and the lack of accountability in election administration. From Goodwill voting machines to encryption keys left in plain sight, Davis reveals how fragile U.S. election infrastructure really is, sparking a raw discussion on trust, oversight, and the future of voting.
Rob Allen joins us to discuss the importance of security research teams, and some cool stuff they've worked on. Then, in the Security News: Flipper Zero, unlocking cars: The saga continues The one where they stole the vulnerabilities ESP32 Bus Pirates AI will weaponize everything, maybe What are in-the-wild exploits? Docker and security boundaries, and other such lies AI-powered ransomeware BadCAM, BadUSB, and novel defenses 5G sniffers Jeff breaks down all the breach reports AI in your browser is a bad idea And How to rob a hotel - a nod to the way hacking used to be This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-889
Show NotesIn this episode of 'One in Ten,' host Teresa Huizar interviews Dr. Kimberly Mitchell from the University of New Hampshire's Crimes Against Children Research Center. The discussion centers on image-based sexual abuse (IBSA) and its unique, amplifying effects on victims. They delve into the disturbing prevalence of various forms of IBSA, including coercion and threatening behavior among youth. The conversation also explores the severe psychological impacts such as increased risk of suicide and non-suicidal self-injury among victims. Additionally, Dr. Mitchell discusses the challenges and complexities of researching this rapidly evolving field amidst advances in digital and AI technology. Potential future research directions, including the role of social support and community engagement, are also highlighted. Time Topic 00:00 Introduction to Image-Based Sexual Abuse 01:15 Defining Image-Based Sexual Abuse 02:53 Research Background and Technological Impact 05:07 Unique Harms of Image-Based Sexual Abuse 08:47 Study Design and Participant Demographics 11:05 Key Findings and Hypotheses 14:35 Diverse Experiences and Future Research 17:57 Prevalence and Prevention Challenges 23:35 Navigating Healthy Spaces and Influencer Strategies 24:37 Creative Approaches in Child Abuse Prevention 25:58 Global Perspectives on Youth Involvement 28:44 Vulnerabilities of Sexual Minority Youth Online 30:09 Social Support and Online Vulnerabilities 33:18 Non-Suicidal Self-Injury and Image-Based Sexual Abuse 38:24 Future Research Directions and Resiliency 39:52 Bystander Intervention and Positive Variance 41:00 Conclusion and Final Thoughts ResourcesImage-based sexual abuse profiles: Integrating mental health, adversities, and victimization to explore social contexts in a diverse group of young adults - ScienceDirectSupport the showDid you like this episode? Please leave us a review on Apple Podcasts.
Rob Allen joins us to discuss the importance of security research teams, and some cool stuff they've worked on. Then, in the Security News: Flipper Zero, unlocking cars: The saga continues The one where they stole the vulnerabilities ESP32 Bus Pirates AI will weaponize everything, maybe What are in-the-wild exploits? Docker and security boundaries, and other such lies AI-powered ransomeware BadCAM, BadUSB, and novel defenses 5G sniffers Jeff breaks down all the breach reports AI in your browser is a bad idea And How to rob a hotel - a nod to the way hacking used to be This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-889
Rob Allen joins us to discuss the importance of security research teams, and some cool stuff they've worked on. Then, in the Security News: Flipper Zero, unlocking cars: The saga continues The one where they stole the vulnerabilities ESP32 Bus Pirates AI will weaponize everything, maybe What are in-the-wild exploits? Docker and security boundaries, and other such lies AI-powered ransomeware BadCAM, BadUSB, and novel defenses 5G sniffers Jeff breaks down all the breach reports AI in your browser is a bad idea And How to rob a hotel - a nod to the way hacking used to be This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/psw-889
Discover the hidden psychology of manipulation; the hooks that pull you in and the pressure points others exploit for control. Learn how marketers, con artists, and even spies use these tactics, and how to spot them in everyday life. From sales tactics, to office politics, and toxic relationships, these 21 vulnerabilities are essential for protecting yourself from being taken advantage of.
SummaryIn this conversation, cybersecurity expert Christian Espinosa shares his journey from military service to entrepreneurship, emphasizing the importance of emotional intelligence and effective communication in the tech industry. He discusses the vulnerabilities in medical devices, the significance of hiring for cultural fit, and the steps to improve leadership skills. The discussion also covers the concepts of monotasking versus multitasking, empathy in leadership, and the need for continuous improvement in personal and professional development.TakeawaysChristian emphasizes the importance of communication in cybersecurity.Niche focus can lead to increased success in business.Hiring for cultural fit is crucial for team dynamics.Emotional intelligence is often lacking in highly intelligent individuals.The meaning of communication is determined by the response you receive.Monotasking is more effective than multitasking for productivity.Empathy in leadership helps bridge gaps between team members.Continuous improvement is essential for personal growth.Establishing core values can guide hiring and team behavior.Collaboration is key to overcoming intellectual bullying in teams.Chapters00:00 Introduction to Christian Espinosa01:42 Christian's Journey in Cybersecurity05:26 Entrepreneurship and the Military Background09:05 Niche Focus in Cybersecurity10:29 Vulnerabilities in Medical Devices14:39 Hiring for Culture and Core Values19:00 The Smartest Person in the Room21:10 Seven Steps to Improve Emotional Intelligence34:18 Monotasking vs. Multitasking37:15 Empathy and Kaizen in Leadership39:43 Building Effective Teams44:27 Conclusion and RecommendationsCredits:Hosted by Ryan Roghaar and Michael SmithProduced by Ryan RoghaarTheme music: "Perfect Day" by OPM The Eggs Podcast Spotify playlist:bit.ly/eggstunesThe Plugs:The Show: eggscast.com@eggshow on twitter and instagramOn iTunes: itun.es/i6dX3pCOnStitcher: bit.ly/eggs_on_stitcherAlso available on Google Play Music!Mike "DJ Ontic": Shows and info: djontic.com@djontic on twitterRyan Roghaar:rogha.ar
“I think when you're young you really allow yourself to be stupid.” Welcome to part 2 of my conversation with Yan Ge. Yan Ge is here to discuss her life and writing. She was born in Chengdu, Sichuan Province People's Republic of China. Emerging as a prodigious writer in Chinese and Sichuanese, she was named as one of China's twenty future literary masters by People Magazine. In 2012, she was chosen as Best New Writer by the Prestigious Chinese Literature Media Prize. For English language readers, Nicky Harman first translated her novella, White Horse, for Hope Road publishing in 2014, a story about young girls negotiating adolescence in the presence of a mysterious white horse. Then, four years later, Nicky translated The Chilli Bean Paste Clan in 2018, published by Balestier. Elsewhere arrived in 2023 (Faber), and Yan Ge treated us to a new dimension of her work entirely: short fiction and, for the first time, written in English. Remember, if you buy from Rippling Pages Bookshop on bookshop.org.uk are all sourced from indie bookshops! https://uk.bookshop.org/shop/ripplingpagespod Support the Rippling Pages on a new Patreon https://patreon.com/RipplingPagesPod?utm_medium=unknown&utm_source=join_link&utm_campaign=creatorshare_creator&utm_content=copyLink Interested in hosting your own podcast? Follow this link and find out how: https://www.podbean.com/ripplingpages Rippling Points Chapters - 3.30 - writing parts of ourselves that are distinct - 7.35 - SBoC taking off - 10.05 - identifying vulnerabilities - 12.15 -all consuming spells of writing - 16.45 - finding balance - 20.15 - inspired by a younger self - 24.40 - The Chilli Bean Paste Clan - 27.35 - food in Yan ges work - 31.35 - Yan's parents - 35.02 - Another Liam! Reference Points Nicky Harman Jeremy Tiang
The Council of Supply Chain Management Professionals (CSCMP) and Supply Chain Xchange bring you this podcast filled with deep industry discussions. We talk to today's top thought innovators, spanning topics across the entire supply chain. Supply Chain in the Fast Lane fast tracks topics you need to know from leaders you want to know.In this Sixth Season of eight episodes, we look at The Top Threats to our Supply ChainsSEASON 6 :Top Supply Chain ThreatsEPISODE 7: Risks and Vulnerabilities in Automated WarehousesWith technology continuing to advance in the warehousing space, MIT research scientist Miguel Garcia explains key vulnerabilities facing automated warehouses today.Guest: Miguel Garcia, research scientist at the Massachusetts Institute of Technology (MIT)Moderator: Diane Rand, managing editor, Supply Chain XchangeSupply Chain in the Fast Lane is sponsored by:HERE TechnologiesLinksLearn more about CSCMPJoin the CSCMP communityCSCMP's Supply Chain XchangeSubscribe to CSCMP's Supply Chain XchangeSign up for our FREE newslettersListen to our sister podcast, Logistics MattersAdvertise with CSCMP's Supply Chain XchangeJoin the Supply Chain in the Fast Lane team at CSCMP EDGE 2025, October 5-8 at the Gaylord in Washington, D.C. Go to CSCMP.org to find out more.
The Medcurity Podcast: Security | Compliance | Technology | Healthcare
In this episode, we talk about Network Vulnerability Assessments (NVAs)—how they pinpoint weaknesses like open ports and unsafe accounts before attackers can exploit them, and why they're key to shutting down easy entry points.We also walk through Medcurity's new NVA Dashboard, now live in the platform. Instead of static PDFs, you get a real-time, interactive view of what needs attention, why it matters, and how to fix it. And with our Advanced NVA, you can go deeper with Attack Path Visualization, Active Directory Security Configuration Analysis, and a HIPAA Group Policy Assessment. Listen in to see how it works and how it can streamline your security efforts.Learn more about Medcurity and what we do here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #NVA #RiskManagement
In this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full domain compromise, urgent action is needed. Citrix Bleed 2 is actively being exploited, with significant incidents reported in the Netherlands and thousands of devices still unpatched globally. Fortinet SSL VPNs are experiencing a spike in brute force attacks, hinting at a possible new vulnerability on the horizon. Lastly, Shipley highlights notable moments from DEFCON 33, including innovative security hacks and sobering realities of the hacker community. Tune in for detailed breakdowns and insights on how to stay vigilant against these threats. 00:00 Introduction and Overview 00:32 Microsoft Exchange Vulnerability 02:54 Citrix Bleed Two Exploits 05:21 Fortinet SSL VPN Brute Force Attacks 07:39 Insights from DEFCON 33 13:46 Conclusion and Final Thoughts
VisionSpace Technologies has demonstrated how easy it is to exploit software vulnerabilities on satellites, as well as the ground stations that control them. China has conducted its first test of a lunar lander that they plan to use to take humans to the Moon. Rocket Lab has completed the Systems Integration Review (SIR) for the US Space Force's VICTUS HAZE mission, and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Guest We are joined by NASASpaceflight.com with the Space Traffic Report. Selected Reading Yamcs v5.8.6 Vulnerability Assessment OpenC3 Cosmos 6.0.0: A Security Assessment of an Open-Source Mission Framework – VisionSpace China tests spacecraft it hopes will put first Chinese on the moon- Reuters Rocket Lab Clears Integration Milestone for VICTUS HAZE, Delivering End-to-End Capabilities for Responsive Space Operations Rocket Lab Announces Second Quarter 2025 Financial Results, Posts Record Quarterly Revenue of $144m, Representing 36% Year-on-Year Growth, While Expanding Gross Margins 650 Basis Points Year-on-Year Globalstar Announces Second Quarter 2025 Financial Results Karman Space & Defense Reports Second Quarter Fiscal Year 2025 Financial Results Firefly Aerospace hits $9.8 billion valuation in Nasdaq debut as shares takeoff- Reuters Voyager Acquires ElectroMagnetic Systems, Inc. As NASA Missions Study Interstellar Comet, Hubble Makes Size Estimate AV and SNC Announce Strategic Partnership to Deliver Golden Dome for America "Limited Area Defense" Architecture Muon Space Unveils XL Satellite Platform, Announces Hubble Network as First Customer The Goddard 100 Student Contest Celebrating a Century of Rocketry - NSS Goddard 100 Contest T-Minus Crew Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode, host Jim Love thanks listeners for their support of his book 'Elisa, A Tale of Quantum Kisses,' which is available for 99 cents on Kindle. The show then dives into pressing cybersecurity issues discussed at Black Hat USA, including vulnerabilities in AI assistants via prompt injection attacks, and critical flaws in Broadcom chips used by Dell laptops that can lead to stealth backdoors. Microsoft Exchange zero-day vulnerabilities actively being exploited are also covered, along with a listener report about a Canadian domain registrar's expired security certificate. The episode emphasizes the importance of keeping systems and software updated to mitigate these security risks. 00:00 Introduction and Book Promotion 00:58 Cybersecurity Headlines 01:25 AI Assistant Vulnerabilities 03:36 Broadcom Chip Flaws in Dell Laptops 06:10 Microsoft Exchange Zero-Day Exploits 08:18 Listener's Domain Registrar Experience 10:36 Show Wrap-Up and Listener Engagement
Two sophisticated ransomware groups, Akira and Lynx, are increasingly targeting managed service providers (MSPs) and small businesses by exploiting stolen credentials and vulnerabilities. Together, they have compromised over 365 organizations, with Akira targeting major firms like Hitachi Vantara and Lynx focusing on critical infrastructure, including a CBS affiliate in Chattanooga, Tennessee. Both groups utilize double extortion tactics, combining file encryption with data theft to pressure victims into paying ransoms. This shift in tactics highlights the evolving threat landscape for MSPs and small businesses.In response to the growing cybersecurity threats, the U.S. Cybersecurity and Infrastructure Security Agency has released Thorium, an open-source platform designed for malware and forensic analysis. Thorium can automate tasks and process over 10 million files per hour, empowering IT professionals without in-house malware analysis capabilities to conduct effective preliminary analyses. This tool aims to enhance cybersecurity operations and better manage risks associated with complex malware threats.Additionally, SonicWall has issued a warning to its customers to disable SSL Virtual Private Network (VPN) services due to active ransomware attacks targeting its systems. Meanwhile, Google's AI-powered bug hunter, Big Sleep, has identified 20 security vulnerabilities in popular open-source software, raising concerns about the reliability of AI-generated bug reports. A newly discovered prompt injection vulnerability in Google's Gemini AI chatbot poses serious security risks, enabling attackers to craft convincing phishing campaigns without relying on links or attachments.The podcast also discusses the alarming rise in cybersecurity incidents, particularly social engineering attacks, which have tripled in the first half of 2025. A report from Level Blue indicates that social engineering now accounts for 39% of initial access incidents, with fake CAPTCHA schemes rising dramatically. Furthermore, the report highlights the risks associated with unauthorized AI tool usage, revealing that 97% of organizations lack adequate access controls, exposing sensitive data to potential threats. This underscores the need for organizations to strengthen their defenses and educate users on emerging threats. Four things to know today00:00 Attackers Up Their Game: Ransomware Hits MSPs, SonicWall Vulnerable, and Google's AI Found Exploitable05:53 Social Engineering Surges as Shadow AI Breaches Drive Up Cyber Costs and Risk Exposure08:35 Neglected Tech, Rising Risk: Email and Printers Still Expose Businesses to Modern Threats11:04 From Ransomware to Retirements: Vendor Shifts Reveal Risks and Realignment in the IT Channel This is the Business of Tech. Supported by: https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship https://getflexpoint.com/msp-radio/ Tell us about a newsletter! https://bit.ly/biztechnewsletter All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
Two Chinese nationals are arrested for allegedly exporting sensitive Nvidia AI chips. A critical security flaw has been discovered in Microsoft's new NLWeb protocol. Vulnerabilities in Dell laptop firmware could let attackers bypass Windows logins and install malware. Trend Micro warns of an actively exploited remote code execution flaw in its endpoint security platform. Google confirms a data breach involving one of its Salesforce databases. A lack of MFA leaves a Canadian city on the hook for ransomware recovery costs. Nvidia's CSO denies the need for backdoors or kill switches in the company's GPUs. CISA flags multiple critical vulnerabilities in Tigo Energy's Cloud Connect Advanced (CCA) platform. DHS grants funding cuts off the MS-ISAC. Helicopter parenting officially hits the footwear aisle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity (CLTC) discussing her proposed nationwide roadmap to scale cyber defense for community organizations. Black Hat Women on the street Live from Black Hat USA 2025, it's a special “Women on the Street” segment with Halcyon's Cynthia Kaiser, SVP Ransomware Research Center, and CISO Stacey Cameron. Hear what's happening on the ground and what's top of mind in cybersecurity this year. Selected Reading Two Arrested in the US for Illegally Exporting Microchips Used in AI Applications to China (TechNadu) Microsoft's plan to fix the web with AI has already hit an embarrassing security flaw (The Verge) ReVault flaws let hackers bypass Windows login on Dell laptops (Bleeping Computer) Trend Micro warns of Apex One zero-day exploited in attacks (Bleeping Computer) Google says hackers stole its customers' data in a breach of its Salesforce database (TechCrunch) Hamilton taxpayers on the hook for full $18.3M cyberattack repair bill after insurance claim denied (CP24) Nvidia rejects US demand for backdoors in AI chips (The Verge) Critical vulnerabilities reported in Tigo Energy Cloud connect advanced solar management platform (Beyond Machines) New state, local cyber grant rules prohibit spending on MS-ISAC (StateScoop) Skechers skewered for adding secret Apple AirTag compartment to kids' sneakers — have we reached peak obsessive parenting? (NY Post) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University – also check out Derek's substack. Thanks to our show sponsor, Dropzone AI Security teams everywhere are drowning in alerts. That's why companies like Zapier and CBTS turned to Dropzone AI—the leader in autonomous alert investigation. Their AI investigates everything, giving your analysts time back for real security work. No more 40-minute rabbit holes. If you're at BlackHat, find them in Startup City. Otherwise, check out their self-guided demo at dropzone.ai. This is how modern SOCs are scaling without burning out. All links and the video of this episode can be found on CISO Series.com
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
Calle is the creator and lead maintainer of the Cashu open source protocol. Cashu enables users to easily use bitcoin in a private, offline, and programmable way. Calle is also the maintainer of Bitchat android, a cross platform meshnet app that enables users to chat and send bitcoin without an internet connection.Calle on Nostr: https://primal.net/calleCalle on X: https://x.com/callebtcBitchat: https://bitchat.free/Cashu: https://cashu.space/AOS: https://andotherstuff.org/EPISODE: 171BLOCK: 907832PRICE: 847 sats per dollar(00:00:00) Bloomberg Intro(00:02:47) Happy Bitcoin Wednesday(00:06:42) Bitchat: Concept and Development(00:15:25) Mesh Networks(00:23:01) Real-World Applications of Mesh Networks(00:29:39) Challenges and Vulnerabilities of Mesh Networks(00:37:14) Adoption Challenges for Mesh Technology(00:44:07) Integrating Cashu with Bitchat(00:52:50) Offline Payments and Privacy with Cashu(01:06:14) Vibe Coding and Development Process(01:25:48) Future of Bitchat and Open Source Funding(01:34:44) Sustainability in Open Source Projects(01:47:00) Final Thoughts and Call to ActionVideo: https://primal.net/e/nevent1qqs2evgxy64mhhr3mw7ywtattah0sw3c8dv2hg7tjdryfnc9xghc54gr90q3nmore info on the show: https://citadeldispatch.comlearn more about me: https://odell.xyz
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
On this week's Security Sprint, Dave is solo and talked about the following topics.Warm Opening.Check out the blogs on the Gate 15 website including the recent one on network segmentation (www.gate15.global). https://gate15.global/digital-firebreaks/Main Topics.NYC active shooter incident. https://www.nbcnews.com/news/us-news/nyc-shooting-suspect-shane-devon-temura-what-know-rcna221638Walmart incident and bystanders. https://www.nbcnews.com/news/us-news/walmart-stabbings-michigan-traverse-city-suspect-terrorism-what-know-rcna221445CISA Active Shooter resources: https://www.cisa.gov/topics/physical-security/active-shooter-preparednessChinese ‘Fire Ant' spies start to bite unpatched VMware instances. https://www.csoonline.com/article/4029545/chinese-fire-ant-spies-start-to-bite-unpatched-vmware-instances.htmlSygnia Uncovers Active Chinese-Nexus Threat Actor Targeting Critical Infrastructure. https://www.sygnia.co/press-release/sygnia-uncovers-chinese-threat-targeting-critical-infrastructure/
Dan Berte, director of IoT security at Bitdefender, joins the Nexus Podcast to join his team's ongoing research into the security of solar grid inverters and three serious vulnerabilities uncovered in the popular Deye Solarman management platform.Dan discusses his team's research, the disclosure process, and the implications on green energy initiatives overall. With the growing popularity of these platforms, Berte cautions that attackers are going to continue to analyze their security for weaknesses and attempt to exploit them. Listen to the Nexus Podcast on your favorite podcast platform.
From the rise of enterprise-grade networking to the complexities of command center interoperability, the AV world is evolving at lightning speed. And with new cybersecurity threats looming, how can companies protect themselves?In this episode of AVWeek, Patrick Norton steps in as guest host, joined by top industry guests to explore the importance of robust networks in commercial AV, the growing role of IP in command centers, and how businesses can safeguard themselves against the latest Microsoft SharePoint vulnerabilities.Host: Patrick NortonGuests:Jennifer Weaver – Jennifer on LinkedInDanny Hayasaka – Danny on LinkedInSamantha Potter – Samantha on LinkedInThis Week In AV:AV Magazine – Tomorrowland Stage ReconstructionSCN – Panasonic's Deal with ORIX Falls ThroughAVNation – Registration Opens for CEDIA Expo/Commercial Integrator ExpoThe Verge – Google Killing their Short LinksRoundtable Topics:Commercial Integrator – Networks in Enterprise-Grade ProjectsAV Network – Interoperability for Command & Control SpacesThe Verge – Vulnerability Found in Microsoft SharepointSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam discuss the vulnerabilities in solar technology, particularly focusing on smart inverters and their implications for power grids. They delve into the cybersecurity landscape, emphasizing China's role in technology transfer and its impact on national security. The conversation shifts to the potential of AI in cybersecurity, highlighting its ability to discover vulnerabilities and anomalies, and how it can enhance security operations. The episode concludes with a positive outlook on the integration of AI in cybersecurity practices.----------------------------------------------------YouTube Video Link: https://youtu.be/u3TfSpw10Qc----------------------------------------------------Documentation:https://www.newscientist.com/article/2487089-cyberattacks-could-exploit-home-solar-panels-to-disrupt-power-grids/https://open.spotify.com/show/1xFnf1ReS81p79TtR7f6vj?si=4d4ea5acc39c4bcehttps://www.pcmag.com/news/this-ai-is-outranking-humans-as-a-top-software-bug-hunter----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
A recent report by Auvik reveals significant challenges faced by managed service providers (MSPs), highlighting issues such as tool sprawl, burnout among IT professionals, and the increasing reliance on IT generalists. The report indicates that 50% of MSPs use over ten tools to manage client networks, with many professionals experiencing high levels of stress and burnout. The ongoing retirement of baby boomers in the IT sector exacerbates these issues, leading to a demand for specialists who can assist generalists in navigating the complexities of technology. Key areas of interest for IT professionals include cybersecurity planning and cloud computing, as they seek to enhance productivity and user experience.In addition to the challenges faced by MSPs, two significant cybersecurity incidents have come to light. Kaseya's Network Detective tool was found to have critical vulnerabilities that could expose sensitive data across managed environments. Similarly, a flaw in McDonald's chatbot job application platform compromised the personal information of over 64 million applicants due to weak security measures. These incidents underscore the importance of robust vendor security practices, as clients often hold their MSPs accountable for data breaches, regardless of the source.The podcast also discusses the ongoing struggle for right-to-repair legislation, which has seen limited enforcement despite public support. A report indicates that many products lack accessible repair materials, and manufacturers continue to resist changes that would facilitate repairs. This situation presents an opportunity for service firms to incorporate repairability into their procurement strategies and asset management services, aligning with client values around sustainability and cost control.Finally, Sonomi has launched new tools aimed at enhancing business impact analysis and continuity planning for cybersecurity professionals. These tools are designed to help MSPs communicate the business value of cybersecurity to leadership, shifting the perception of security from a cost center to a value driver. The success of these initiatives will depend on MSPs' ability to integrate these features into their service delivery, ultimately positioning them as strategic partners who understand both technology and business needs. Four things to know today 00:00 Auvik Report Warns MSPs of Tool Sprawl, Talent Drain, and Rising Burnout04:10 Kaseya and McDonald's Incidents Reveal Fragile Trust in Vendor Security Practices07:01 Manufacturers Withhold Parts, Manuals Despite State-Level Repair Rights Legislation08:40 Cynomi Adds Business Impact and Continuity Planning Tools to Help MSPs Drive Strategic Outcomes This is the Business of Tech. Supported by: https://getflexpoint.com/msp-radio/ ThreatDown Webinar: https://bit.ly/threatdown All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
PREVIEW US ELECTRIC GRID: Colleague Jack Burnham of FDD reports recent revelation that Chinese scholars have published hundreds of articles identifying vulnerabilities in the US electric grid. More. 1940 WUHAN UNIVERSITY