Podcasts about vulnerabilities

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow

Send us a textToday's episode offers a comprehensive overview of Cyber Threat Exposure Management (CTEM), defining it as a proactive framework for continuously evaluating digital and physical asset accessibility, exposure, and exploitability. It clarifies foundational cybersecurity concepts such as vulnerabilities, attack surface, threats, and impact, explaining how their interplay creates exposure. The speaker categorizes various types of exposure, from internet-facing systems to data leakage and phishing susceptibility, emphasizing the expanding attack surface due to interconnected IT infrastructure. Furthermore, the discussion elaborates on exposure management processes and related technologies, including vulnerability scanning, patch management, penetration testing, breach and attack simulation, and external attack surface management, alongside an explanation of how these tools are evolving to support a more unified CTEM approach. Finally, the transcript explores how Artificial Intelligence (AI) is enhancing CTEM through automated discovery, smarter prioritization, intelligent remediation, and enhanced automation.Support the showGoogle Drive link for Podcast content:https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnkoMy Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/Youtube Channnel : https://www.youtube.com/@TheCybermanShow Twitter handle https://twitter.com/prashant_cyber PS: The views are my own and dont reflect any views from my employer.

This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878

Drex covers three critical cybersecurity incidents: dual cyber attacks affecting healthcare systems in Lewiston, Maine; an AT&T database breach exposing 86 million records with decrypted sensitive data; and concerning backup management issues at login.gov that could impact government service access. The episode concludes with a practical reminder to test backup systems regularly.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Reviewing the Sabine Hossenfelder’s video, “AI is becoming dangerous. Are we ready?”

This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878

Referências do EpisódioTuring Day 2025 – 5º edição - 17/06Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flawsCVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage Stealth FalconSAP Security Patch Day - June 2025Security Advisory Ivanti Workspace Control (CVE-2025-5353, CVE- CVE-2025-22463, CVE-2025-22455)CVE-2025-31104 no FortiADCAdobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security GapsA vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variableINSYDE-SA-2025002 - CVE-2025-4275Roteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

The Spring 2025 issue of AI Cyber Magazine details some of 2024's major AI security vulnerabilities and sheds light on the funding landscape. Confidence Staveley, Africa's most celebrated female cybersecurity leader, is the founder of the Cybersafe Foundation, a Non-Governmental Organization on a mission to facilitate pockets of changes that ensure a safer internet for everyone with digital access in Africa. In this episode, Confidence joins host Amanda Glassner to discuss. To learn more about Confidence, visit her website at https://confidencestaveley.com, and for more on the CyberSafe Foundation, visit https://cybersafefoundation.org.

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Aram Hovsepyan, an active contributor to the OWASP SAMM project, brings a critical perspective to how the industry approaches security metrics, especially in vulnerability management. His message is clear: the way we collect and use metrics needs a serious rethink if we want to make real progress in reducing risk.Too often, organizations rely on readily available tool-generated metrics—like vulnerability counts—without pausing to ask what those numbers actually mean in context. These metrics may look impressive in a dashboard or board report, but as Aram points out, they're often disconnected from business goals. Worse, they can drive the wrong behaviors, such as trying to reduce raw vulnerability counts without considering exploitability or actual impact.Aram emphasizes the importance of starting with organizational goals, formulating questions that reflect progress toward those goals, and only then identifying metrics that provide meaningful answers. It's a research-backed approach that has been known for decades but is often ignored in favor of convenience.False positives, inflated dashboards, and a lack of alignment between metrics and strategy are recurring issues. Aram notes that many tools err on the side of overreporting to avoid false negatives, which leads to overwhelming—and often irrelevant—volumes of data. In some cases, up to 80% of identified vulnerabilities may be false positives, leaving security teams drowning in noise and chasing issues that may not matter.What's missing, he argues, is a strategic lens. Vulnerability management should be one component of a broader application security program, not the centerpiece. The OWASP Software Assurance Maturity Model (SAMM) offers a framework for evaluating and improving across a range of practices—strategy, risk analysis, and threat modeling among them—that collectively support better decision-making.To move forward, organizations need to stop treating vulnerability data as a performance metric and start treating it as a signal in a larger conversation about risk, impact, and architectural choices. Aram's call to action is simple: ask better questions, use tools more purposefully, and build security strategies that actually serve the business.GUEST: Aram Hovsepyan | OWASP SAMM Project Core Team member and CEO/Founder at CODIFIC | https://www.linkedin.com/in/aramhovsep/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Dan and Lynda Artesani discuss the latest rash of Intuit Accountant login hijackings and what ProAdvisors can do to safeguard their logins to protect their client's data.QB Power Hour is a free, biweekly webinar series for accountants, ProAdvisors, CPAs, bookkeepers and QuickBooks consultants presented by Dan DeLong and Matthew Fulton who are very passionate about the industry, QuickBooks and apps that integrate with QuickBooks.Earn CPE through Earmark: https://bit.ly/QBPHCPEWatch or listen to all of the QB Power Hours at https://www.qbpowerhour.com/blogRegister for upcoming webinars at https://www.qbpowerhour.com/

In this episode, FLASH President and CEO Leslie Chapman Henderson discusses the importance of wind science and building resilience with Dr. Tanya Brown-Giammanco and Dr. Marc Levitan from the National Institute of Standards and Technology (NIST). They explore personal journeys into wind science, the evolution of tornado safety design, and the differences between tornadoes and hurricanes. The conversation highlights the vulnerabilities in home structures, particularly roofs and garage doors, and emphasizes the need for updated building codes and community involvement in safety measures. Learn things you may not know with these two engaging national experts as they dispel tornado myths and share practical steps for homeowners.Discussion TopicsPersonal Journeys into Wind Science (1:04)Understanding Tornado Safety and Dual-Objective-Based Tornado Design Philosophy (3:53)Differences Between Tornadoes and Hurricanes (8:50)Assessing Building Performance After Wind Events (11:42)Vulnerabilities in Home Structures in Regard to High Winds (16:08)Surprising Findings in Wind Engineering (23:03)Future Directions for Garage Door Safety (27:33)Elevating Garage Door Performance through Rating (30:15)Advancing Building Codes via Community Engagement (30:53)Resources ⁠Tornado-Strong.orgNational Institute of Standards and TechnologyUnderstanding Building Codes and StandardsDisaster and Failure Studies ProgramNew Tornado Resistant Building CodesFEMA/NIST Fact Sheet - Improving Windstorm and Tornado Resilience: Recommendations for One- and Two-Family Residential Structures⁠New Strong Homes Scale - InspectToProtect.orgThe Enhanced Fujita Scale  Checklist - Strengthen Your Garage Door  Checklist - Strengthen Your Roof  Checklist - Strengthen Your Gutters Checklist - Sealed Roof Decks ConnectDr. Tanya Brown-GiammancoLeslie Chapman-HendersonDr. Marc Levitan

In this episode, I sit down with longtime industry leader and visionary Phil Venables to discuss the evolution of cybersecurity leadership, including Phil's own journey from CISO to Venture Capitalist. We chatted about: A recent interview Phil gave about CISOs transforming into business-critical digital risk leaders and some of the key themes and areas CISOs need to focus on the most when making that transition Some of the key attributes CISOs need to be the most effective in terms of technical, soft skills, financial acumen, and more, leaning on Phil's 30 years of experience in the field and as a multiple-time CISO Phil's transition to Venture Capital with Ballistic Ventures and what drew him to this space from being a security practitioner Some of the product areas and categories Phil is most excited about from an investment perspectiveThe double-edged sword is AI, which is used for security and needs security. Phil's past five years blogging and sharing his practical, hard-earned wisdom at www.philvenables.com, and how that has helped him organize his thinking and contribute to the community.Some specific tactics and strategies Phil finds the most valuable when it comes to maintaining deep domain expertise, but also broader strategic skillsets, and the importance of being in the right environment around the right people to learn and grow

In this episode, we delve into security and development within the Apple ecosystem with cybersecurity expert Csaba Fitzl. He discusses the vulnerabilities of Electron apps, using Discord as an example, and shares his transition from network management to ethical hacking. Csaba evaluates Apple's security entitlements and the measures taken to enhance user protection while addressing developer access challenges. He also highlights the impact of iOS security advancements on device theft and the importance of threat models. Furthermore, Csaba reflects on AI tools that have improved his workflow, advocates for community engagement through conferences, and emphasizes the need for a balance between professional growth and personal well-being. With a wealth of experience in vulnerability research, Csaba shares his journey from network management to ethical hacking. He recounts how a week-long training transformed his perception of security, igniting his passion for discovering system vulnerabilities. This background plays a pivotal role in his approach to security, where understanding infrastructure aids significantly in identifying flaws and weaknesses in applications. The conversation then pivots to a critical topic: Apple's security entitlements. Csaba evaluates the balance Apple strikes between protecting users and providing developers with the access needed to build secure applications. He elaborates on the systemic measures Apple has implemented to mitigate vulnerabilities, which often complicate the developer experience but ultimately result in a more secure ecosystem. We also touch on the personal impact of physical device security. Csaba emphasizes how advancements in iOS security protocols have significantly deterred casual theft, making stolen devices virtually unusable. This leads to a broader discussion about threat models, illustrating how different levels of targeted attacks require varying defensive measures, especially in a world where both sophisticated and untrained actors exist. Csaba draws attention to his recent experiences with AI tools, which he initially approached with skepticism. He explains how these technologies have revolutionized his workflow, particularly in automation and reverse engineering tasks. By leveraging AI, he has been able to improve the quality of his code analysis and enhance his vulnerability discovery process, albeit while recognizing the limitations and risks associated with AI-generated outputs. As the episode progresses, we delve into the importance of community in the security landscape. Csaba passionately advocates for attending conferences like Mac DevOps YVR, highlighting the invaluable networking opportunities and the familial atmosphere within the Mac-centric community. He insists that while recorded talks provide great content, the personal connections and discussions that happen in the hallways are what truly enrich the conference experience. In closing, Csaba shares his enthusiasm for continuing to navigate the evolving field of cybersecurity, expressing a firm belief in the value of collaborative learning and sharing knowledge. His passion for his work and outdoor pursuits in the mountains showcase a well-rounded approach to life that encourages us all to find a balance between professional growth and personal well-being.

In this episode of our InfoSecurity Europe 2024 On Location coverage, Marco Ciappelli and Sean Martin sit down with Professor Peter Garraghan, Chair in Computer Science at Lancaster University and co-founder of the AI security startup Mindgard. Peter shares a grounded view of the current AI moment—one where attention-grabbing capabilities often distract from fundamental truths about software security.At the heart of the discussion is the question: Can my AI be hacked? Peter's answer is a firm “yes”—but not for the reasons most might expect. He explains that AI is still software, and the risks it introduces are extensions of those we've seen for decades. The real difference lies not in the nature of the threats, but in how these new interfaces behave and how we, as humans, interact with them. Natural language interfaces, in particular, make it easier to introduce confusion and harder to contain behaviors, especially when people overestimate the intelligence of the systems.Peter highlights that prompt injection, model poisoning, and opaque logic flows are not entirely new challenges. They mirror known classes of vulnerabilities like SQL injection or insecure APIs—only now they come wrapped in the hype of generative AI. He encourages teams to reframe the conversation: replace the word “AI” with “software” and see how the risk profile becomes more recognizable and manageable.A key takeaway is that the issue isn't just technical. Many organizations are integrating AI capabilities without understanding what they're introducing. As Peter puts it, “You're plugging in software filled with features you don't need, which makes your risk modeling much harder.” Guardrails are often mistaken for full protections, and foundational practices in application development and threat modeling are being sidelined by excitement and speed to market.Peter's upcoming session at InfoSecurity Europe—Can My AI Be Hacked?—aims to bring this discussion to life with real-world attack examples, systems-level analysis, and a practical call to action: retool, retrain, and reframe your approach to AI security. Whether you're in development, operations, or governance, this session promises perspective that cuts through the noise and anchors your strategy in reality.___________Guest: Peter Garraghan, Professor in Computer Science at Lancaster University, Fellow of the UK Engineering Physical Sciences and Research Council (EPSRC), and CEO & CTO of Mindgard | https://www.linkedin.com/in/pgarraghan/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesPeter's Session: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.4355.239479.can-my-ai-be-hacked.htmlLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

The Rich Dickman Show – Unauthorized Timestamps: 0:08   Mini Bar Madness   0:57   Podcast Introduction   2:46   Hotel Room Chronicles   4:15   Chicken and Pets   5:35   High School Lunch Adventures   6:36   On the Taste of Cat   7:46   Culinary Curiosities   10:48  Tech Troubles in Hotels   15:27  California Conundrums   19:02  Family and Technology   22:04  Pitching New Ideas   26:17  Golfing Shenanigans   28:56  College Memories   31:25  Boston Sightseeing   32:18  Historical Reflections   34:27  AI and Creativity   38:49  Personal Updates   44:34  Layoffs and Promotions   46:10  Business Decisions in Wrestling   47:06  Wrestling in the Neighborhood   1:05:36 The Journey to Wrestling School   1:10:29 The Fine Line of Comedy   1:19:29 The Mini Fridge Heist   1:23:59 Unconventional Food Discussions   1:26:17 The AI Triple T Pivot   1:30:26 Personal Struggles and Vulnerabilities   1:33:43 The Chaotic Outro   Episode Summary This is The Rich Dickman Show completely off the rails. The Unauthorized episode fires from the hip—Ray's war with a price-gouging mini fridge sets the tone for a no-filter, no-safety-net ride through food taboos, tech failures, and philosophical bullshit. Rem and Randy argue the ethics of eating pets, debate whether “all pets are food, but not all food is pets,” and spiral into tales of questionable school lunches, bat meat, and the global weirdness of what people eat when nobody's looking. If it walks, crawls, or flies, someone's tried to eat it here. In between, hotel tech goes full “user hostile,” Airbnb drama erupts, and Ray tries to convince everyone that California is paradise (spoiler: not everyone buys it). Randy pitches an insane AI-driven Dickman archive that nobody asked for but now somehow must exist. But it's not just chaos for chaos's sake. Real talk breaks through—layoffs, promotions, wrestling dreams deferred, and personal failures all get dragged into the light, with the crew exposing a little vulnerability behind the relentless jokes. If you want a “safe” show, go elsewhere. If you want friendship forged in chaos, dumb ideas, and hard-earned wisdom, this is the only podcast that delivers. Tags #Comedy #Podcast #FoodEthics #HotelFails #TechTrouble #CulinaryOddities #AI #Wrestling #RealTalk #Chaos #Friendship #Unfiltered    

Podcast: Hack the Plant (LS 35 · TOP 3% what is this?)Episode: The Truth About OT VulnerabilitiesPub date: 2025-05-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationBryson Bort sits down with Adam Robbie, Head of OT Threat Research at Palo Alto Networks, to pull back the curtain on OT threat research. With a background in electrical engineering, Adam's first job in cybersecurity was at an IT help desk. He now leads a team dedicated to identifying, analyzing, and mitigating cyber threats targeting Operational Technology (OT) environments.What are the top threats Adam is seeing in OT attacks? Why is manufacturing such a vulnerable sector? And if he could wave a magic, non-Internet connected wand, what would he change? “I really would love to have more experts in OT,” Adam said. “The more knowledge…and the more experts we have, it will fasten this process [of innovation].” Join us for this and more on this episode of Hack the Plan[e]t. The views and opinions expressed in this podcast represent those of the speaker, and do not necessarily represent the views and opinions of their employers. Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology. The podcast and artwork embedded on this page are from Bryson Bort, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Learn about a new VMware Tools vulnerability allowing privilege escalation, Microsoft's Patch Tuesday releasing fixes for 70 vulnerabilities including 5 actively exploited zero-days, and Apple's comprehensive OS updates. The episode highlights the importance of patching industrial control systems from Siemens, Schneider Electric, and Phoenix Contact that may be present in healthcare facility automation, EV charging, and data center power systems.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

I'm joined by guests Rob Hamilton, Craig Raw & Matt Odell to go through the list.OP_RETURN Drama (00:00:52) Odell's thoughts (00:04:29) Craig's thoughts (00:05:59) NVK's thoughts (00:07:47) Rob's thoughtsBitcoin • Software Releases & Project Updates (00:22:10) COLDCARD (00:22:35) Cove Wallet (00:24:03) BTCPay Server (00:24:06) Nunchuk Android (00:24:12) Bitcoin Keeper (00:24:14) Bitcoin Safe (00:24:18) Wasabi Wallet (00:25:43) RoboSats (00:25:46) Umbrel (00:25:57) Zaprite (00:26:22) Blockstream Satellite (00:26:45) Stratum Work (00:26:58) SeedHammer II (00:27:11) ESP-Miner• Project Spotlight (00:27:34) Bitcoin Feature Matrix (00:27:41) secp256k1lab (00:28:00) GPGap (00:28:16) NVK Validation Tweet (00:28:54) BriberBrother (00:29:11) Stack MathVulnerability Disclosures(00:30:23) CVE-2024-52919(00:33:02) CVE-2025-43707(00:34:46) Hackers breach LockBitAudience Questions (00:35:12) What's the difference between test net and signet? And what are the benefits of each? (00:37:15) Can you explain, in simple terms, what OP_CHECKCONTRACTVERIFY does?Nostr • Software Releases & Project Updates (00:46:55) Nostr Messaging Layer Security (00:48:42) Primal (00:48:43) DamusBoosts (01:01:58) Shoutout to top boosters Rod Palmer, AVERAGE_GARY, pink money, user4, Wartime & btconboardTech Tip of the Day (01:03:51) A free online cryptography course repository by Alfred MenezesLinks & Contacts:Website: https://bitcoin.review/Substack: https://substack.bitcoin.review/Twitter: https://twitter.com/bitcoinreviewhqNVK Twitter: https://twitter.com/nvkTelegram: https://t.me/BitcoinReviewPodEmail: producer@coinkite.comNostr & LN: ⚡nvk@nvk.org (not an email!)Full show notes: https://bitcoin.review/podcast/episode-96

Ever wondered why the idea of working for someone else just never quite fit, or why chaos seems to call your name (and you answer with gusto)? If you're an entrepreneur who's found yourself drawn to the thrill of building your own path—and maybe even stumbled more than a few times along the way—you are going to love this week's guest interview. I recently sat down with Dr. Michael A. Freeman, an acclaimed psychiatrist, professor, and serial entrepreneur whose groundbreaking research uncovers the fascinating relationship between ADHD, bipolar spectrum conditions, and the entrepreneurial drive. In this lively conversation, we get real about what makes entrepreneurs with ADHD different—and what it takes to turn those differences into undeniable strengths instead of exhausting liabilities. Here's what you'll hear in this episode:Why do so many entrepreneurs have ADHD tendenciesDr. Freeman breaks down fascinating research on why we're more likely to go solo in our careers—and why we struggle in traditional workplaces.The double-edged sword of the ADHD entrepreneurial brainWe chat about superpowers and vulnerabilities, with a big emphasis on how to recognize your “zone of genius” (and when to call in backup!).Building your own ADHD-friendly toolkit for sustainable successFrom teams and routines, to handling sleep and “offloading the boring stuff,” we talk actionable strategies (yes, including coaching and medication).The myth vs. reality of the entrepreneurial lifeSpoiler: it isn't all glamor and “get rich quick”—and Dr. Freeman shares why radical self-awareness and resilience are must-haves.Why fun is non-negotiable for the entrepreneur with ADHDTurns out, fun isn't just a bonus—it's the main event for the ADHD brain, and Dr. Freeman explains how to keep your business (and life) playfully sustainable.Make it actionable: Take three minutes to reflect: what feels fun, energizing, or “flow-y” in your own work? What support do you need more of?Feeling inspired to start, pivot, or quit? Get a “personal board of directors” before you make big decisions or take big risks.Get to know Michael Freeman, MD Michael A. Freeman, MD, is a clinical professor at UCSF School of Medicine, a researcher and mentor at the UCSF Entrepreneurship Center, a psychiatrist and executive coach for entrepreneurs, and an integrated behavioral healthcare systems consultant. His current research focuses on the identification of emotional overwhelm with early intervention and support. Dr. Freeman's thought leadership on entrepreneurship and mental health has been featured in the New York Times, Washington Post, Wall St. Journal, Fortune Magazine, Inc., Entrepreneur, CNN Money, Financial Times, and Bloomberg News.Mentioned in this episode:UC San Francisco, UC Berkeley, Stanford University, the Gallup Organization Connect with Michael A Freeman, MDWebsite - LinkedIn

In this episode, Drex covers three key security stories: the HSCC's "On the Edge" report on rural healthcare cybersecurity vulnerabilities, Mossimo's security breach affecting their manufacturing operations, and the hacking of LockBit ransomware gang which exposed Bitcoin wallets and negotiation messages. Drex also mentions his panel at HIMSS Southern California on healthcare cybersecurity.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Ever wondered why the idea of working for someone else just never quite fit, or why chaos seems to call your name (and you answer with gusto)? If you're an entrepreneur who's found yourself drawn to the thrill of building your own path—and maybe even stumbled more than a few times along the way—you are going to love this week's guest interview. I recently sat down with Dr. Michael A. Freeman, an acclaimed psychiatrist, professor, and serial entrepreneur whose groundbreaking research uncovers the fascinating relationship between ADHD, bipolar spectrum conditions, and the entrepreneurial drive. In this lively conversation, we get real about what makes entrepreneurs with ADHD different—and what it takes to turn those differences into undeniable strengths instead of exhausting liabilities. Here's what you'll hear in this episode:Why do so many entrepreneurs have ADHD tendenciesDr. Freeman breaks down fascinating research on why we're more likely to go solo in our careers—and why we struggle in traditional workplaces.The double-edged sword of the ADHD entrepreneurial brainWe chat about superpowers and vulnerabilities, with a big emphasis on how to recognize your “zone of genius” (and when to call in backup!).Building your own ADHD-friendly toolkit for sustainable successFrom teams and routines, to handling sleep and “offloading the boring stuff,” we talk actionable strategies (yes, including coaching and medication).The myth vs. reality of the entrepreneurial lifeSpoiler: it isn't all glamor and “get rich quick”—and Dr. Freeman shares why radical self-awareness and resilience are must-haves.Why fun is non-negotiable for the entrepreneur with ADHDTurns out, fun isn't just a bonus—it's the main event for the ADHD brain, and Dr. Freeman explains how to keep your business (and life) playfully sustainable.Make it actionable: Take three minutes to reflect: what feels fun, energizing, or “flow-y” in your own work? What support do you need more of?Feeling inspired to start, pivot, or quit? Get a “personal board of directors” before you make big decisions or take big risks.Get to know Michael Freeman, MD Michael A. Freeman, MD, is a clinical professor at UCSF School of Medicine, a researcher and mentor at the UCSF Entrepreneurship Center, a psychiatrist and executive coach for entrepreneurs, and an integrated behavioral healthcare systems consultant. His current research focuses on the identification of emotional overwhelm with early intervention and support. Dr. Freeman's thought leadership on entrepreneurship and mental health has been featured in the New York Times, Washington Post, Wall St. Journal, Fortune Magazine, Inc., Entrepreneur, CNN Money, Financial Times, and Bloomberg News.Mentioned in this episode:UC San Francisco, UC Berkeley, Stanford University, the Gallup Organization Connect with Michael A Freeman, MDWebsite - LinkedIn

Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction 01:16 Accessing the DBIR Report 02:38 Key Takeaways from the DBIR 03:15 Third-Party Breaches 04:32 Ransomware Insights 08:08 Exploitation of Vulnerabilities 09:39 Credential Abuse 12:25 Espionage Attacks 14:04 System Intrusions in APAC 15:04 Business Email Compromise (BEC) 18:07 Human Risk and Security Awareness 19:19 Industry-Specific Trends 20:06 Multi-Layered Defense Strategy 21:08 Data Leakage to Gen AI

As “vibe coding” gains in popularity and tech companies push devs in their employ to embrace generative AI tools, a platform that scans for vulnerabilities in AI-generated code has raised a fresh round of funding. Learn more about your ad choices. Visit podcastchoices.com/adchoices

George Chen heads the Cloud and Application Security functions at Dyson. In this episode, he joins host Melissa O'Leary and Alina Tan, senior program manager at Dyson, to discuss recent findings regarding dashcam security risks, which Chen and Tan recently shared at Black Hat Asia, as well as sharing a breakdown of the vulnerabilities and their impact on drivers. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Electric motors usually feature rare-earths metals to run. But WSJ tech columnist Christopher Mims writes about a new start up that excludes them, which could begin to help end the American auto industry's reliance on China. Then, Chinese automakers are also reliant on US imports for critical chips to power their cars. WSJ deputy Beijing bureau chief Yoko Kubota explores how the trade war has shown both US and Chinese tech industry vulnerabilities to the long-running spat. Sign up for the WSJ's free Technology newsletter. Learn more about your ad choices. Visit megaphone.fm/adchoices

Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. In this episode of Apple @ Work, I talk with John Amaral and Ian Riopel from Root about their solution to transform container security. Listen and subscribe Apple Podcasts Overcast Spotify Pocket Casts Castro RSS Listen to Past Episodes

SAN FRANCISCO — RSA Conference 2025 "Sixty percent of the attacks we're tracking target low-profile vulnerabilities—things like privilege escalation and security bypasses, not the headline-making zero days," says Douglas McKee, Executive Director of Threat Research at SonicWall. Speaking live from the show floor at RSA 2025, McKee outlined how SonicWall is helping partners prioritize threats that are actually being exploited, not just those getting attention. In a fast-paced conversation with Technology Reseller News publisher Doug Green, McKee unveiled SonicWall's upcoming Managed Prevention Security Services (MPSS). The offering is designed to help reduce misconfigurations—a leading cause of breaches—by assisting with firewall patching and configuration validation. SonicWall is also collaborating with CySurance to package cyber insurance into this new managed service, providing peace of mind and operational relief to MSPs and customers alike. “Over 95% of the incidents we see are due to human error,” McKee noted. “With MPSS, we're stepping in as a partner to reduce that risk.” McKee also previewed an upcoming threat brief focused on Microsoft vulnerabilities, revealing an 11% year-over-year increase in attacks. Despite attention on high-profile CVEs, SonicWall's data shows attackers often rely on under-the-radar vulnerabilities with lower CVSS scores. For MSPs, McKee shared a stark warning: nearly 50% of the organizations SonicWall monitors are still vulnerable to decade-old exploits like Log4j and Heartbleed. SonicWall's telemetry-driven insights allow MSPs to focus remediation on widespread, high-impact threats. SonicWall's transformation from a firewall vendor to a full-spectrum cybersecurity provider was on display at RSA Booth #6353 (North Hall), where the company showcased its SonicSensory MDR, cloud offerings, and threat intelligence. "We've evolved into a complete cybersecurity partner," McKee said. "Whether it's in the cloud or on-prem, we're helping MSPs and enterprises defend smarter." Visitors to the SonicWall booth were treated to live presentations and fresh coffee—while those not attending can explore SonicWall's insights, including its February 2024 Threat Report and upcoming threat briefs, at www.sonicwall.com.

More Scans for SMS Gateways and APIs Attackers are not just looking for SMS Gateways like the scans we reported on last week, but they are also actively scanning for other ways to use APIs and add on tools to send messages using other people s credentials. https://isc.sans.edu/diary/More%20Scans%20for%20SMS%20Gateways%20and%20APIs/31902 AirBorne: AirPlay Vulnerabilities Researchers at Oligo revealed over 20 weaknesses they found in Apple s implementation of the AirPlay protocol. These vulnerabilities can be abused to execute code or launch denial-of-service attacks against affected devices. Apple patched the vulnerabilities in recent updates. https://www.oligo.security/blog/airborne

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO emeritus, The Carlyle Group Thanks to our show sponsor, Dropzone AI Alert investigation is eating up your security team's day—30 to 40 minutes per alert adds up fast. Dropzone AI‘s SOC Analyst transforms this reality by investigating every alert with expert-level thoroughness at machine speed. Our AI SOC Analyst gathers evidence, connects the dots across your security tools, and delivers clear reports with recommended actions—all in minutes. No playbooks to build, no code to write. Just consistent, high-quality investigations that free your team to focus on what matters: stopping actual threats. Meet us at RSA Booth ESE-60. All links and the video of this episode can be found on CISO Series.com

AI-generated code is no doubt changing how software is built, but it's also introducing new security challenges. More than 50% of organizations encounter security issues with AI-produced code sometimes or frequently, according to a late 2023 survey by developer security platform Synk. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Two widespread communications failures in the Northland storm and Otago-Southland within two days last week have again exposed the vulnerability of critical infrastructure. Phil Pennington spoke to Ingrid Hipkiss.

James “Jim” Myers, Senior Vice President of the Civil Systems Group at the Aerospace Corporation discusses the shift in cybersecurity threats and the need for better cyber hygiene in the space industry.  You can connect with Jim on LinkedIn, and learn more about the Aerospace Corporation on their website. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Talos researchers Martin Lee and Thorsten Rosendahl join Hazel for the first of our dedicated episodes on the top findings from Talos' 2024 Year in Review. We discuss the vulnerabilities that attackers most targeted, how this compares with CISA's list, and how to protect network devices. Given how email lures are evolving, we spend some time chatting about how the current world news cycle may play into adversary's campaign cycles. And finally we touch on how to spot signs that your own sysadmin tools may be being used against you. For the full report, head to https://blog.talosintelligence.com/2024yearinreview/

Andreas Brekken is best known for creating SideShift.ai and acting as the CEO of Shitcoin.com. In this episode, he talks about his views on Bitcoin development, the emergence of DeFi, and the reasons why he considers cryptocurrencies superior to fiat. Time stamps: Introducing Andreas Brekken (00:00:51) The Sam Bankman-Fried Interview on Shitcoin.com (00:01:50) Clustering Analysis and Customer Funds (00:02:44) Bybit's Technical Issues (00:05:18) Historical Context of Exchanges (00:09:26) Shapeshift's KYC Moment (00:11:13) Why Aren't Zcash and Monero on SideShift? (00:14:59) Bitcoin Cash Hard Forks (00:20:45) Lightning Network Integration (00:22:23) Vulnerabilities in the Lightning Protocol (00:26:17) Critique of Lightning Network's Design (00:28:29) Submarine Swaps (00:29:28) LNBits v1 Launch (00:29:44) Lightning Wallets (00:30:19) LNBits is like Start9? (00:30:40) Andreas Brekken's Lightning Network Experience (00:31:15) Even Martti Malmi Is Using Wallet of Satoshi (00:31:37) Zcash Protocol (00:32:11) Bitcoin Variants on SideShift (00:32:26) Decentralized Finance (DeFi) on Ethereum (00:34:00) Citrea Project (00:35:26) Multisig Solutions (00:36:30) Automation in Bitcoin (00:41:18) Political Dynamics in Bitcoin Development (00:47:15) News Coverage on Bitcoin.com (00:51:27) Bitcoin Volatility and Performance Against Stonks (00:53:14) Peter Schiff Appreciation Era (00:55:42) Peter Schiff's Debates with Erik Voorhees (00:56:23) Bitcoin's Growing Influence (00:58:15) Future of Bitcoin (00:59:15) Layer Two Labs and Drive Chains (01:00:34) Innovation in Bitcoin (01:02:05) Convenience of Layer Two Solutions (01:02:51) Decred Discussion (01:09:53) Favorite Shitcoins (01:11:49) Subscribe to the shitcoin.com Newsletter? (01:16:31)

Keywords:  cybersecurity, medical devices, entrepreneurship, business model, aviation security, solopreneur, FDA regulations, market niche, business lessons, technology, cybersecurity, healthcare, medical devices, FDA, HIPAA, patient safety, risk management, cybersecurity education, device vulnerabilities, consumer awareness Summary:  In this episode, Mitch Beinhaker interviews Christian Espinosa, a cybersecurity expert with a background in the Air Force and experience in protecting critical systems. They discuss Christian's journey from working in aviation cybersecurity to becoming an entrepreneur focused on medical device cybersecurity. Christian shares insights on the challenges of running a business, the importance of niche markets, and the lessons learned from selling his first company during the COVID-19 pandemic. The conversation also covers the business model of his current company, emphasizing fixed fees and efficiency incentives for his team. In this conversation, Christian Espinosa discusses the critical importance of cybersecurity in the healthcare sector, particularly concerning medical devices. He emphasizes the unique risks associated with these devices, the regulatory landscape, and the need for specialized knowledge in cybersecurity. The discussion also highlights the responsibility of patients to be informed about the devices they use and the potential vulnerabilities that exist. Espinosa shares insights on the challenges of scaling a cybersecurity business and the importance of having systems in place to ensure long-term success. Takeaways Christian's background includes military service and cybersecurity for aviation. Transitioning to entrepreneurship can stem from personal stress and dissatisfaction. Focusing on a niche market can lead to greater business success. Selling a company during a crisis can lead to unexpected outcomes. Medical device cybersecurity is increasingly important due to regulatory requirements. Fixed fee structures can incentivize efficiency in service delivery. Understanding the supply chain is crucial in cybersecurity for aviation and medical devices. Learning from past mistakes is essential for business growth. Marketing and sales strategies are vital for a startup's success. The landscape of medical device cybersecurity is competitive but lacks expertise. Cybersecurity in healthcare is crucial due to potential risks. Understanding FDA and HIPAA regulations is essential for device companies. Consumer education is key to making informed choices about medical devices. Choosing the right cybersecurity partner can prevent costly mistakes. Vulnerabilities in medical devices can lead to serious consequences. Patients should take agency over their health decisions and research devices. Cybersecurity must be integrated into the design phase of medical devices. Ongoing monitoring and testing are necessary for device safety. Scaling a business requires careful planning and the right team. The value of a business increases with systems that reduce reliance on the owner. Titles Navigating Cybersecurity: From Military to Medical Devices The Entrepreneurial Journey of a Cybersecurity Expert Lessons Learned in Medical Device Cybersecurity From Aviation to Medical Devices: A Cybersecurity Transition Building a Niche: The Importance of Specialization in Business Sound Bites "I was in the air force for a while." "I sold that company in 2020." "I thought everybody needed cybersecurity." "We charge fixed fee to our clients." "I have a fractional CFO." "There's a couple I consider competitors." "You can kill somebody or harm them." "We got all this knowledge." "It's much more effective as designed in." "You can't be the single point of failure." "We can certainly take advice." Chapters 00:00 Introduction and Background 04:24 Cybersecurity in Aviation 09:09 Transition to Entrepreneurship 12:12 Focus on Medical Device Cybersecurity 16:49 Lessons from Selling a Company 20:28 Business Model and Operations 27:11 Navigating Cybersecurity in Healthcare 33:44 Understanding Vulnerabilities in Medical Devices 50:55 Empowering Patients: Taking Charge of Cybersecurity

Class action lawsuits have been filed against Oracle in Texas following recent cyber incidents, with lawyers alleging poor security framework, inadequate staff training, and failure to implement preventative software. The Health Sector Coordinating Council's cybersecurity working group testified to Congress about medical device security and the suspended HIPAA security rule update, citing unrealistic cost estimates and implementation challenges. Additionally, critical zero-day vulnerabilities in Apple devices require immediate updates, plus a warning about a GPS app with 320,000 downloads that could allow stalkers to steal location data in real time.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Google and Mozilla patch nearly two dozen security flaws. The UK's Royal Mail Group sees 144GB of data stolen and leaked. A bizarre campaign looks to recruit cybersecurity professionals to hack Chinese websites. PostgreSQL servers with weak credentials have been compromised for cryptojacking. Google Cloud patches a vulnerability affecting its Cloud Run platform. Oracle faces a class-action lawsuit over alleged cloud services data breaches. CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation and Hitachi Energy products. General Paul Nakasone offers a candid assessment of America's evolving cyber threats. On today's CertByte segment,  a look at the Cisco Enterprise Network Core Technologies exam. Are AI LLMs more like minds or mirrors? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources, this week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Enterprise Network Core Technologies (350-401 ENCOR) v1.1 exam. Today's question comes from N2K's Cisco CCNP Implementing and Operating Cisco Enterprise Network Core Technologies ENCOR (350-401) Practice Test. The ENCOR exam enables candidates to earn the Cisco Certified Specialist - Enterprise Core certification, which can also be used to meet exam requirements for several other Cisco certifications. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.cisco.com/site/us/en/learn/training-certifications/exams/encor.html   Selected Reading Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities (SecurityWeek) Royal Mail Group Loses 144GB to Infostealers: Same Samsung Hacker, Same 2021 Infostealer Log (Infostealers) Someone is trying to recruit security researchers in bizarre hacking campaign (TechCrunch) Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers (SC Media) ImageRunner Flaw Exposed Sensitive Information in Google Cloud (SecurityWeek) Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users (SecurityWeek) Oracle now faces class action amid alleged data breaches (The Register) CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS (Cyber Security News) Exclusive: Gen. Paul Nakasone says China is now our biggest cyber threat (The Record) Large AI models are cultural and social technologies (Science) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  In this episode of Cyber Security Today, host Jim Love covers several major cybersecurity incidents and vulnerabilities. Key stories include the compromise of Windows Defender and other Endpoint Detection and Response (EDR) systems, a data breach on X (formerly known as Twitter) exposing over 200 million user records, and a security flaw in several UK-based dating apps that led to the exposure of approximately 1.5 million private images. The discussion highlights how attackers are increasingly using legitimate software tools to bypass security measures, the implications of these breaches for users, and offers practical tips for maintaining robust cybersecurity. 00:00 Introduction to Today's Cyber Security News 00:29 Compromised Endpoint Detection and Response Systems 01:06 Bypassing Windows Defender: Methods and Implications 02:52 Ransomware Tactics and Legitimate Tool Exploits 04:20 Time Traveling Attacks and EDR Limitations 06:33 Massive Data Breach on X (Twitter) 08:30 UK Dating Apps Expose Private Images 10:47 Fraud Alerts and Scams 13:25 Conclusion and Final Thoughts

Cybersecurity Today: Hacktivism, Solar Power Vulnerabilities, and Global Phishing Challenges In this episode of Cybersecurity Today, host David Shipley covers multiple cybersecurity stories including: a Canadian hacker charged for the 2021 Texas GOP hack, vulnerabilities in solar power gear, France's national phishing test for students, and the tragic impact of online fraud in India. Shipley delves into the implications for cybersecurity professionals and emphasizes the need to destigmatize fraud and support victims. 00:00 Introduction and Headlines 00:25 Canadian Hacker Charged for Texas GOP Hack 02:12 Vulnerabilities in Solar Power Gear 02:56 France's National Phishing Simulation for Students 04:19 Tragic Consequences of Online Fraud in India 05:16 Rising Online Fraud and Its Impact in Canada 06:15 Conclusion and Call to Action

Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 Our honeypots detected a deserialization attack against the CMS Sitecore using a thumnailaccesstoken header. The underlying vulnerability was patched in January, and security firm Searchlight Cyber revealed details about this vulnerability a couple of weeks ago. https://isc.sans.edu/diary/Sitecore%20%22thumbnailsaccesstoken%22%20Deserialization%20Scans%20%28and%20some%20new%20reports%29%20CVE-2025-27218/31806 Blasting Past Webp Google s Project Zero revealed details how the NSO BLASTPASS exploit took advantage of a Webp image parsing vulnerability in iOS. This zero-click attack was employed in targeted attack back in 2023 and Apple patched the underlying vulnerability in September 2023. But this is the first byte by byte description showing how the attack worked. https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html Splunk Vulnerabilities Splunk patched about a dozen of vulnerabilities. None of them are rated critical, but a vulnerability rated High allows authenticated users to execute arbitrary code. https://advisory.splunk.com/ Firefox 0-day Patched Mozilla patched a sandbox escape vulnerability that is already being exploited. https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/

Former FBI Trainer, Rob Chadwick talks to Colion about the state of the US and its vulnerabilites.

The White House names their nominee for CISA's top spot. Patch Tuesday updates. Apple issues emergency updates for a zero-day WebKit vulnerability. Researchers highlight advanced MFA-bypassing techniques. North Korea's Lazarus Group targets cryptocurrency wallets and browser data. Our guest today is Rocco D'Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Making sense of the skills gap paradox.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us today is Rocco D'Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Selected Reading Trump nominates Sean Plankey as new CISA director (Tech Crunch) CISA worker says 100-strong red team fired after DOGE action (The Register) March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, 7 Zero-Days (Hackread) ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens (SecurityWeek) CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild (Cyber Security News) Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks (Cyber Security News) Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account (Cyber Security News) North Korean Lazarus hackers infect hundreds via npm packages (Bleeping Computer) Welcome to the skills gap paradox (Computing) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

On Future War is a 12-part series exploring the evolving landscape of military strategy and defense technologies with a focus on the Indo-Pacific.This tenth episode explores the vulnerability of computer chip manufacturing. With over 98% of logic and memory chips fabricated in just two countries, both located in the Indo-Pacific region, what happens if the supply of these chips is threatened? How can the United States meet this challenge? Host Scott Chafian and guest Daniel Marujo explore solutions.Brought to you by Authentic Media with the support of Cubic Defense.Support this podcast at — https://redcircle.com/the-fighter-pilot-podcast/donations