The inability of an entity to withstand the adverse effects of a hostile or uncertain environment
POPULARITY
Categories
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
On this week's Security Sprint, Dave is solo and talked about the following topics.Warm Opening.Check out the blogs on the Gate 15 website including the recent one on network segmentation (www.gate15.global). https://gate15.global/digital-firebreaks/Main Topics.NYC active shooter incident. https://www.nbcnews.com/news/us-news/nyc-shooting-suspect-shane-devon-temura-what-know-rcna221638Walmart incident and bystanders. https://www.nbcnews.com/news/us-news/walmart-stabbings-michigan-traverse-city-suspect-terrorism-what-know-rcna221445CISA Active Shooter resources: https://www.cisa.gov/topics/physical-security/active-shooter-preparednessChinese ‘Fire Ant' spies start to bite unpatched VMware instances. https://www.csoonline.com/article/4029545/chinese-fire-ant-spies-start-to-bite-unpatched-vmware-instances.htmlSygnia Uncovers Active Chinese-Nexus Threat Actor Targeting Critical Infrastructure. https://www.sygnia.co/press-release/sygnia-uncovers-chinese-threat-targeting-critical-infrastructure/
Dan Berte, director of IoT security at Bitdefender, joins the Nexus Podcast to join his team's ongoing research into the security of solar grid inverters and three serious vulnerabilities uncovered in the popular Deye Solarman management platform.Dan discusses his team's research, the disclosure process, and the implications on green energy initiatives overall. With the growing popularity of these platforms, Berte cautions that attackers are going to continue to analyze their security for weaknesses and attempt to exploit them. Listen to the Nexus Podcast on your favorite podcast platform.
ChatGPT: OpenAI, Sam Altman, AI, Joe Rogan, Artificial Intelligence, Practical AI
In this episode, we're discussing the unusual side of ai vulnerabilities under the theme of AI and Cybersecurity: The Rise of False Bug Reports. This phenomenon is changing the game for ethical hackers, revealing new layers of complexity in cybersecurity defense. We look at what's driving the rise of false bug reports—and how to stay ahead of the curve.Try AI Box: https://aibox.aiAI Chat YouTube Channel: https://www.youtube.com/@JaedenSchaferJoin my AI Hustle Community: https://www.skool.com/aihustle/about
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit
SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam discuss the vulnerabilities in solar technology, particularly focusing on smart inverters and their implications for power grids. They delve into the cybersecurity landscape, emphasizing China's role in technology transfer and its impact on national security. The conversation shifts to the potential of AI in cybersecurity, highlighting its ability to discover vulnerabilities and anomalies, and how it can enhance security operations. The episode concludes with a positive outlook on the integration of AI in cybersecurity practices.----------------------------------------------------YouTube Video Link: https://youtu.be/u3TfSpw10Qc----------------------------------------------------Documentation:https://www.newscientist.com/article/2487089-cyberattacks-could-exploit-home-solar-panels-to-disrupt-power-grids/https://open.spotify.com/show/1xFnf1ReS81p79TtR7f6vj?si=4d4ea5acc39c4bcehttps://www.pcmag.com/news/this-ai-is-outranking-humans-as-a-top-software-bug-hunter----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
Ms. Kim Woofter and Dr. John Cox discuss the latest updates to the evidence-based standards on oncology medical homes developed by ASCO and COA. These standards serve as the basis for the ASCO Certified program. They share the new and revised standards around topics including the culture of safety and just culture in oncology practice, geriatric assessment and geriatric assessment-guided management, and multidisciplinary team management. They expand on the importance of these standards for clinicians and oncology practices to ensure every patient receives optimal care. Read the complete standards, “Oncology Medical Homes: ASCO-Community Oncology Alliance Standards Update” at www.asco.org/standards. TRANSCRIPT These standards, clinical tools, and resources are available at www.asco.org/standards. Read the full text of the guideline and review authors' disclosures of potential conflicts of interest in the JCO Oncology Practice, https://ascopubs.org/doi/10.1200/OP-25-00498 Brittany Harvey: Hello and welcome to the ASCO Guidelines podcast, one of ASCO's podcasts delivering timely information to keep you up to date on the latest changes, challenges, and advances in oncology. You can find all the shows, including this one, at asco.org/podcasts. My name is Brittany Harvey, and today I'm interviewing Ms. Kim Woofter, a registered nurse in practice leadership and administration from AC3 Inc in South Bend, Indiana, and Dr. John Cox, a medical oncologist and adjunct faculty member from UT Southwestern Medical Center in Dallas, Texas, co-chairs on "Oncology Medical Homes, American Society of Clinical Oncology – Community Oncology Alliance Standards." Thank you for being here today, Ms. Woofter and Dr. Cox. Dr. John Cox: You bet. Ms. Kim Woofter: Thank you. Brittany Harvey: And then before we discuss these standards, I'd just like to note that ASCO takes great care in the development of its standards and ensuring that the ASCO Conflict of Interest Policy is followed for each guidance product. The disclosures of potential conflicts of interest for the expert panel, including Dr. Cox and Ms. Woofter, who have joined us here today, are available online with the publication of the standards in JCO Oncology Practice, which is linked in the show notes. So then, to dive into what we're here today to talk about, Dr. Cox, could you start us off by explaining what prompted an update to these ASCO-COA standards and what the scope of this update is? Dr. John Cox: Well, the ASCO-COA standards relative to defining and outlining Oncology Medical Home were initially published four or five years ago. At the time, we planned a regular update of the standards. So, in essence, this is a planned update. The whole program is built on the idea of continuous improvement. So, this update and future updates are prompted and defined by our literature, our science, the science of care delivery, and new developments and insights gained from studies and evaluations of care delivery methods, and informed by the practice. These standards are in place to underpin a program of care delivery by ASCO, the ASCO Certified, and as practices engage in this program, we are learning from them. The whole idea is to enlarge and improve how patients are cared for in practice. Brittany Harvey: Absolutely. It's great to have this iterative process to continue to review the evidence and update these standards that form the basis for ASCO Certified. So then, following that background, Ms. Woofter, I'd like to review the key points of the revised standards for our listeners. First, how do the revised standards address the culture of safety and just culture in oncology practice? Ms. Kim Woofter: I think safety is of utmost importance to all of us. So let me say that first and foremost. And what we know in oncology is our QOPI standards already address safety in the infusion suite process. So, safe delivery of chemotherapy agents and antineoplastics. It also talked about near misses and medication errors - absolutely essential, for sure. But what we need to do is look at a more systemic approach to safety because we know is processes throughout an organization they'll often cause you trouble. To do that, we know you need what we call a just culture, which is a very common term in today's workplace. But what it really means is it's a culture of open reporting of any potential for error, any potential for malfunction, and it can be in any place in the organization. So, what we are doing in our new standard is to say, look at your entire processes throughout the organization, and approach that in an open-minded way so that people don't feel scared to report things, and it's a really positive approach to intervening early and making sure that errors don't occur anywhere in the workplace. Brittany Harvey: Taking that systemic approach to look at overarching processes seems really key to ensuring safety in oncology practices. So then, the next new section, Dr. Cox, what are the new OMH standards surrounding geriatric assessment and geriatric assessment–guided management? Dr. John Cox: This is a challenging update for our standards. As many folks in practice recognize, there is a deep literature on recognizing the geriatric population in oncology. Geriatric - those in my age group over age 60, 65 - make up the majority of cancer patients in this country. And yet, there are many aspects that should be taken into account as you address treatment decisions in this population. ASCO's recognized this. There has been a guideline previously on geriatric assessment. It's been updated, and we really felt it's time that it be incorporated in any iteration of what oncology care delivery means, so, within the oncology medical home standards. In short, what the standard outlines is that practices that are using these standards, that are using this benchmark, should have a geriatric assessment for patients within the practice care and use that information to guide management. Now, the standard allows wide exploration of how practices meet this standard, but it really puts on the table that if an oncology practice in the United States, or anywhere in the world really, is adhering to a good practice, that they're going to include and recognize these assessments in practice. Ms. Kim Woofter: I would like to add that this is a highly discussed and reviewed standard. Many of our community practices were concerned that they would have the time and manpower to perform this assessment. We all know it reduces toxicities if done appropriately at treatment planning, and so the outcomes are better. And we really left it to the practices to define how they're going to implement it, understanding that it will evolve to every single patient, but maybe day one, it was a step approach to be able to implement. So, I was really proud of the team that - the expert panel - that said, okay, let's step into this, but we do think it's essential. Brittany Harvey: Absolutely. It's important to recognize that practices may have limited resources and time, and implementing it in the way that makes sense for them allows this to be a standard that can be used in practice. And it's great to have this geriatric assessment guideline integrated into these standards to improve care delivery. And we can provide a link to that guideline in the show notes of this episode as well (Practical Assessment and Management of Vulnerabilities in Older Patients Receiving Systemic Cancer Therapy: ASCO Guideline Update). So then, following that section of the standards, Ms. Woofter, how do the updated standards now address multidisciplinary team management? Ms. Kim Woofter: Well, we address multidisciplinary team management in a more comprehensive way in the updated standard. We always thought that that was a critical piece when doing treatment planning, and we kind of highlighted it in a bigger way, understanding that not everybody has the same resources available at the time of treatment planning. And again, this was a much-discussed standard, in that that multidisciplinary team approach doesn't necessarily have to be in a tumor board or a prospective analysis of every case. It is actually a conversation between specialists, between the surgeon and pathologist and the medical oncologist. And we are saying, do what works for you, but we know that that team approach, every specialty coming to the table at time of treatment planning, truly provides better outcomes for our patients. And so we kind of reiterated that, understanding that again, it doesn't have to be a formal tumor board, but it has to be a dialogue between specialties. And we highlighted that again in the new standard. Brittany Harvey: Open communication of all team members is really critical to providing optimal care. Dr. Cox, I'd like to ask you, in your view, how will these updated standards impact both clinicians and oncology practices? Dr. John Cox: Well, our whole goal with discussing a comprehensive care model for oncology practice is to have a benchmark, to have an iteration of what good oncology care delivery looks like. So, our hope is that practices, all practices, whether you're participating formally in ASCO Certified, the marquee quality program for ASCO, or if you are simply running a practice or a team within an academic environment or institutional environment, these standards are to apply across the board wherever oncology is practiced - that you can look at these standards as a benchmark and compare what you are doing in your practice and where are the gaps. So ideally, we drive improved care across the board. You know, one thing I've learned over the last couple of years as ASCO Certified is getting spun up and using and implementing these standards, is practices are remarkably innovative. We've learned a lot by seeing how pilot practices have met the standards, and that's gone into informing how we can improve care delivery for all of our practices and, importantly, for the team members who are delivering this care. The fourth rail of burnout and the like is inefficiency that occurs in practice. And when you know you've got a good, spun-up, effective team, less burnout, less stress for practice. I hope clinicians and oncology practices will use this to help drive improvements in their care and gain insight into how they can approach practice problems in a better way. Kim, you've been leading practices. I have to ask you, your thoughts in leaning into this question. Ms. Kim Woofter: I think very well said, I will say that first. And what I love about this is for practice leaders who are new to our ecosystem, if you will, they need a playbook. It's “Where do I begin?” And Dr. Cox said it very well, no one does everything perfectly day one, but it's a step-by-step self-assessment approach to say, “How do I get to this gold standard?” I really love the standards because they are very comprehensive, everything from treatment planning to end of life. So it's the spectrum of the care we deliver in the oncology setting. So as a leader and an administrator, it is the standard I want all of my departments to understand, adhere to, and engage, and be excited about. We now have a baseline approach, and what's even more important, these standards will evolve as our intelligence evolves, as literature evolves. It's a system that will always grow and change, and that's what we love about it. It's not a one-and-done. So, I'm very proud of the fact that it gives them a road map. Brittany Harvey: Yes, these evidence-based standards provide a critical foundation for practices in ASCO Certified, for those team members you mentioned, and for quality improvement beyond just those individuals and practices as well. So then finally, to wrap us up, Ms. Woofter, what do these revised standards mean for patients receiving cancer treatment? Ms. Kim Woofter: Well, I think that's the most exciting part, is we all do this for our patients and the best outcomes for our patients and the best treatment plans for our patients and their families. And these standards, that is their core, their absolute core. So what it's going to do for a patient is they can say, “Am I at a practice that implements ASCO standards?” And if that is a ‘yes', there's a confidence that, “I am in an evidence-based medicine thinking practice, I have a team around me, they will care for me not only at time of treatment planning but at the time of end of life, they will help me be part of that decision-making, and they will give me resources available to me in my community.” So, it is a true comprehensive approach. As a patient, I have that comfort, that it is bigger than just a great doctor. It is a great team. As a patient, that would be very important to me and important to my family. That being said, Kim Woofter would love every practice to be ASCO Certified. Understanding that that isn't feasible day one, just to know that the practice is implementing and engaging the standards is the great place to start. Every patient can't go to an ASCO Certified practice day one, but our dream would be that everyone would adhere to those standards, engage those standards, believe them, educate their staff on what they mean, so that patient outcomes and satisfaction will be optimized for everyone. The other piece to this that we all know is if you give evidence-based medicine, cost-effective, efficient care, it's better for the system as a whole. And I'm not saying that insurance is our driver - certainly patient outcomes are our driver - but the whole ecosystem of oncology benefits when you do the right thing. Dr. John Cox: It's hard to add anything to Kim's good statements, but I just highlight that this whole area began with the patient-centered medical home, and every time we've met, patients and how we deliver care to patients is top of mind. I think that reflects our community. It reflects oncology as a whole. I don't know any oncologist or practice that is focused on anything else as the prime goal. Brittany Harvey: That's what I was just going to say. The ultimate goal here is to provide patient-centered care across where every single patient is receiving treatment and at every stage of that treatment. So, I want to thank you both so much for your work to update these standards, to review the evidence, and discuss with the experts on the panel to come up with the solutions that will help drive quality improvement across care delivery. So, thank you for that, and thank you for your time today, Dr. Cox and Ms. Woofter. And finally, thank you to all of our listeners for tuning in to the ASCO Guidelines podcast. To read the complete standards, go to www.asco.org/standards. You can also find many of our standards and interactive resources in the free ASCO Guidelines app, which is available on the Apple App Store or the Google Play Store. If you have enjoyed what you've heard today, please rate and review the podcast, and be sure to subscribe so you never miss an episode. The purpose of this podcast is to educate and to inform. This is not a substitute for professional medical care and is not intended for use in the diagnosis or treatment of individual conditions. Guests on this podcast express their own opinions, experience, and conclusions. Guest statements on the podcast do not express the opinions of ASCO. The mention of any product, service, organization, activity, or therapy should not be construed as an ASCO endorsement.
In this episode hosted by Jim Love, 'Cybersecurity Today' celebrates its recognition as number 10 on the Feed Spot list of Canadian News Podcasts and approaches a milestone of 10 million downloads. Key topics include new research identifying Nvidia GPUs as vulnerable to Rowhammer style attacks, Microsoft's significant security improvements in Microsoft 365, a critical Bluetooth vulnerability affecting 350 million cars, and a data exposure incident involving the Fredericton Police. Additionally, the official 'Elmo' account on X was hacked to post offensive content, emphasizing security gaps in high-profile social media accounts. For detailed information, visit technewsday.com or .ca. 00:00 Introduction and Milestones 00:52 Nvidia's Rowhammer Vulnerability 03:39 Microsoft's Security Overhaul 05:45 PerfektBlue Bluetooth Flaw 08:09 Police Data Leak Incident 10:12 Elmo's Twitter Account Hacked 12:43 Conclusion and Thanks
A recent report by Auvik reveals significant challenges faced by managed service providers (MSPs), highlighting issues such as tool sprawl, burnout among IT professionals, and the increasing reliance on IT generalists. The report indicates that 50% of MSPs use over ten tools to manage client networks, with many professionals experiencing high levels of stress and burnout. The ongoing retirement of baby boomers in the IT sector exacerbates these issues, leading to a demand for specialists who can assist generalists in navigating the complexities of technology. Key areas of interest for IT professionals include cybersecurity planning and cloud computing, as they seek to enhance productivity and user experience.In addition to the challenges faced by MSPs, two significant cybersecurity incidents have come to light. Kaseya's Network Detective tool was found to have critical vulnerabilities that could expose sensitive data across managed environments. Similarly, a flaw in McDonald's chatbot job application platform compromised the personal information of over 64 million applicants due to weak security measures. These incidents underscore the importance of robust vendor security practices, as clients often hold their MSPs accountable for data breaches, regardless of the source.The podcast also discusses the ongoing struggle for right-to-repair legislation, which has seen limited enforcement despite public support. A report indicates that many products lack accessible repair materials, and manufacturers continue to resist changes that would facilitate repairs. This situation presents an opportunity for service firms to incorporate repairability into their procurement strategies and asset management services, aligning with client values around sustainability and cost control.Finally, Sonomi has launched new tools aimed at enhancing business impact analysis and continuity planning for cybersecurity professionals. These tools are designed to help MSPs communicate the business value of cybersecurity to leadership, shifting the perception of security from a cost center to a value driver. The success of these initiatives will depend on MSPs' ability to integrate these features into their service delivery, ultimately positioning them as strategic partners who understand both technology and business needs. Four things to know today 00:00 Auvik Report Warns MSPs of Tool Sprawl, Talent Drain, and Rising Burnout04:10 Kaseya and McDonald's Incidents Reveal Fragile Trust in Vendor Security Practices07:01 Manufacturers Withhold Parts, Manuals Despite State-Level Repair Rights Legislation08:40 Cynomi Adds Business Impact and Continuity Planning Tools to Help MSPs Drive Strategic Outcomes This is the Business of Tech. Supported by: https://getflexpoint.com/msp-radio/ ThreatDown Webinar: https://bit.ly/threatdown All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
In this episode of 'Cybersecurity Today,' hosted by David Shipley from the Exchange Security 2025 conference, urgent updates are provided on critical cybersecurity vulnerabilities and threats. CISA mandates a 24-hour patch for Citrix NetScaler due to a severe vulnerability actively being exploited, dubbed 'Citrix Bleed.' Fortinet's FortiWeb also faces a critical pre-auth remote code execution flaw that demands immediate patching. Additionally, significant vulnerabilities in AI-driven developments are highlighted, including shortcomings in Jack Dorsey's BitChat app and a method to extract Windows keys from ChatGPT-4. The episode emphasizes the importance of timely updates, robust security measures, and the potential risks involved with AI-generated code. 00:00 Introduction and Overview 00:35 Urgent Citrix Vulnerability Alert 03:26 Fortinet FortiWeb Exploit Details 06:23 Ingram Micro Ransomware Recovery 09:26 AI Coding and Security Risks 14:03 ChatGPT Security Flaw Exposed 17:20 Conclusion and Contact Information
Bob Moats and Mike Wiemuth dive deep into the shadowy world of negative recruiting in college basketball, exploring the tactics, effectiveness, and ethics of programs steering players away from rival schools.Main TopicsSports Dead Period & Pacers Reflection[00:00-15:00]Bob and Mike discuss the dreaded summer sports lull and reflect on the Indiana Pacers' surprising playoff run. They examine the team's selfless ball movement, Tyrese Haliburton's devastating injury, and what the season meant for bringing fans back to NBA basketball after years away.Negative Recruiting Parallels to Politics[15:00-25:00]Drawing parallels to political campaigning, Bob and Mike establish how negative recruiting works as a persuasion contest. They discuss:Key differences between political ads and recruiting (multiple "candidates," shadow operations)The concept of "kamikaze" recruiting to prevent rivals from landing recruitsStrategic timing of when to go negative in recruitment battlesThe Intelligence Game[25:00-35:00]The conversation turns to how programs gather intelligence on recruits and families. Topics include:Assistant coaches' extensive networks and relationship-buildingUnderstanding family dynamics and decision-makersThe role of third-party surrogates like AAU coachesHow specific intel can get (down to restaurant preferences)Variables & Vulnerabilities[35:00-45:00]Using a comprehensive list of recruiting factors, they explore how different variables create opportunities for negative recruiting. The discussion covers playing time, facilities, academics, party scene, geography, and more, emphasizing how each recruit's priorities differ dramatically.The Scott Drew vs. Bob Knight Story[45:00-55:00]Bob and Mike recount the legendary bathroom confrontation where Bob Knight cornered Scott Drew over negative recruiting materials. This story illustrates the tensions between established programs and upstart challengers trying to disrupt the recruiting landscape.Player Compensation Era & IU's Fresh Start[55:00-End]The discussion shifts to how NIL has changed recruiting dynamics and examines IU's situation under the new coaching staff. They analyze recent comments about fan expectations and how confident leadership can address external criticism.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
AMD warns of new Meltdown, Spectre-like bugs affecting CPUs Multiple vulnerabilities in Mozilla Thunderbird could allow for arbitrary code execution Bitcoin Depot breach exposes data of nearly 27,000 crypto users, More than $40 million stolen from GMX crypto platform Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines
Hello, my lovely listeners
In this episode of Hashtag Trending, host Jim Love covers a range of topics: an increase in copper theft leading to phone and internet outages in North America, allegations against Uber's hidden algorithm for boosting profits by raising fares and cutting driver pay, and a new technique called 'info flood' to trick AI chatbots into providing dangerous information by using academic jargon. The episode explores the implications of these issues and the ongoing challenges for companies and consumers. 00:00 Introduction and Headlines 00:17 Copper Theft Crisis 03:12 Uber's Algorithm Controversy 06:25 Tricking AI with Academic Jargon 07:58 Conclusion and Contact Information
This is a panel discussion.We discussed multiple topics-Floods in Texas, and effects of non-notification-Vulnerabilities imposed by the BBBill-Troops deployed in Florida, California-the ICE budget-Trump's hate for half the US population WNHNLP.ORG productionMusic: David Rovics
In this episode of the Logistics & Leadership Podcast, Brian Hastings sits down with Jimmy Menges—National Director and freight crime investigator—to expose the hidden world of cargo theft and the organized crime rings fueling it.Jimmy pulls back the curtain on how scammers hijack legitimate operations, the loopholes they exploit, and what really happens in the first 48 hours after a load vanishes. From forged documents to fake drivers, and warehouse accomplices to massive multi-million dollar heists, this episode reveals the high-stakes reality most brokers and carriers aren't prepared for.Whether you're a freight broker, a carrier rep, or a shipper trying to protect your freight, this episode is packed with tactical insight, investigative war stories, and hard-won lessons that could save your business.The Logistics & Leadership Podcast, powered by Veritas Logistics, redefines logistics and personal growth. Hosted by industry veterans and supply chain leaders Brian Hastings and Justin Maines, it shares their journey from humble beginnings to a $50 million company. Discover invaluable lessons in logistics, mental toughness, and embracing the entrepreneurial spirit. The show delves into personal and professional development, routine, and the power of betting on oneself. From inspiring stories to practical insights, this podcast is a must for aspiring entrepreneurs, logistics professionals, and anyone seeking to push limits and achieve success.Timestamps:(00:02) – The Nature of the Job(04:33) – The Landscape of Cargo Theft in California(09:29) – Freight Brokerage Challenges & Vulnerabilities(16:20) – How Load Scams Are Investigated(19:04) – Inside the Warehouse Incident(26:46) – The Business Impact of Cargo Theft(34:15) – How to Spot & Fight Industry Scams(36:01) – Navigating Fraud as a Freight Broker(41:33) – Reducing Risk in Freight ShippingConnect with Jimmy Menges:LinkedIn: https://www.linkedin.com/in/jimmy-menges-4a95a4a6Connect with us! ▶️ Website | LinkedIn | Brian's LinkedIn | Justin's LinkedIn▶️ Get our newsletter for more logistics insights▶️ Send us your questions!! ask@go-veritas.comWatch the pod on: YouTube
402-521-3080In this conversation, Stephanie Olson and Rebecca Saunders delve into the myths surrounding human trafficking, discussing common misconceptions, the realities of traffickers and their victims, and the importance of community awareness and education. They emphasize the need to understand the complexities of trafficking, including the vulnerabilities that make individuals susceptible to exploitation, the dehumanization involved, and the challenges faced during recovery. The discussion also touches on the role of media and immigration in shaping perceptions of trafficking, advocating for a more informed and compassionate approach to prevention and support.TakeawaysHuman traffickers often target individuals they know.Trafficking is not just about kidnapping; it involves manipulation and grooming.Vulnerabilities can make anyone a target for trafficking.Dehumanization is a key factor in trafficking and exploitation.Rescue is not a simple solution; recovery is complex and ongoing.Traffickers can be male or female, and often work in couples.Media representations of trafficking can perpetuate myths.Community education is crucial for prevention and awareness.Trafficking can affect individuals of all ages and backgrounds.Everyone has intrinsic value, regardless of their circumstances.Sound Bites"Human traffickers will target people.""Traffickers go after the vulnerable.""The reality is that trauma is ongoing."Chapters00:00 Introduction to Human Trafficking Myths02:58 Debunking Common Myths05:41 Understanding the Grooming Process08:41 The Reality of Trafficking Targets11:41 The Role of Traffickers14:23 The Intrinsic Value of All Humans17:23 The Complexity of Trafficking Dynamics26:23 The Role of Children in Trafficking27:10 Immigration and Human Trafficking28:18 The Misconception of Border Control30:17 Vulnerabilities of Immigrants32:05 The Human Aspect of Trafficking34:26 Dehumanization in Society35:59 The Complexity of Rescue38:12 Understanding Trauma in Survivors39:59 The Reality of Recovery42:12 Emotional Isolation and Trust Issues44:23 Vulnerabilities and Scams47:24 Protecting Ourselves and Our Communities49:47 Education and Community EngagementSupport the showEveryone has resilience, but what does that mean, and how do we use it in life and leadership? Join Stephanie Olson, an expert in resiliency and trauma, every week as she talks to other experts living lives of resilience. Stephanie also shares her own stories of addictions, disordered eating, domestic and sexual violence, abandonment, and trauma, and shares the everyday struggles and joys of everyday life. As a wife, mom, and CEO she gives commentaries and, sometimes, a few rants to shed light on what makes a person resilient. So, if you have experienced adversity in life in any way and want to learn how to better lead your family, your workplace, and, well, your life, this podcast is for you!https://setmefreeproject.net https://www.stephanieolson.com/
PREVIEW US ELECTRIC GRID: Colleague Jack Burnham of FDD reports recent revelation that Chinese scholars have published hundreds of articles identifying vulnerabilities in the US electric grid. More. 1940 WUHAN UNIVERSITY
In this thought-provoking episode of Project Synapse, host Jim and his friends Marcel Gagne and John Pinard delve into the complexities of artificial intelligence, especially in the context of cybersecurity. The discussion kicks off by revisiting a blog post by Sam Altman about reaching a 'Gentle Singularity' in AI development, where the progress towards artificial superintelligence seems inevitable. They explore the idea of AI surpassing human intelligence and the implications of machines learning to write their own code. Throughout their engaging conversation, they emphasize the need to integrate security into AI systems from the start, rather than as an afterthought, citing recent vulnerabilities like Echo Leak and Microsoft Copilot's Zero Click vulnerability. Derailing into stories from the past and pondering philosophical questions, they wrap up by urging for a balanced approach where speed and thoughtful planning coexist, and to prioritize human welfare in technological advancements. This episode serves as a captivating blend of storytelling, technical insights, and ethical debates. 00:00 Introduction to Project Synapse 00:38 AI Vulnerabilities and Cybersecurity Concerns 02:22 The Gentle Singularity and AI Evolution 04:54 Human and AI Intelligence: A Comparison 07:05 AI Hallucinations and Emotional Intelligence 12:10 The Future of AI and Its Limitations 27:53 Security Flaws in AI Systems 30:20 The Need for Robust AI Security 32:22 The Ubiquity of AI in Modern Society 32:49 Understanding Neural Networks and Model Security 34:11 Challenges in AI Security and Human Behavior 36:45 The Evolution of Steganography and Prompt Injection 39:28 AI in Automation and Manufacturing 40:49 Crime as a Business and Security Implications 42:49 Balancing Speed and Security in AI Development 53:08 Corporate Responsibility and Ethical Considerations 57:31 The Future of AI and Human Values
In this episode of 'Cybersecurity Today,' host Jim Love discusses several alarming cybersecurity developments. A recent Washington Post breach raises critical questions about Microsoft 365's enterprise security as foreign government hackers compromised the email accounts of journalists. Additionally, a critical Linux flaw allows attackers to gain root access, making millions of systems vulnerable. Upgraded Godfather malware now creates virtual banking apps on infected Android devices to steal credentials in real-time. Moreover, a record-breaking data breach has exposed 16 billion logins, including Apple accounts, underscoring the fundamental flaws of password-based security. Finally, the episode addresses the systemic vulnerabilities of SMS-based two-factor authentication, advocating for a transition to app-based or hardware key solutions. 00:00 Introduction and Major Headlines 00:24 Microsoft 365 Security Breach 03:19 Critical Linux Vulnerabilities 05:59 Godfather Malware Evolution 08:18 Massive Data Breach Exposed 11:30 The Fall of SMS Two-Factor Authentication 13:21 Conclusion and Final Thoughts
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
Ian Riopel is the CEO and Co-founder of Root, applying agentic AI to fix vulnerabilities instantly. A US Army veteran and former Counterintelligence Agent, he's held roles at Cisco, CloudLock, and Rapid7. Ian brings military-grade security expertise to software supply chains. John Amaral is the CTO and Co-founder of Root. Previously, he scaled Cisco Cloud Security to $500M in revenue and led CloudLock to a $300M acquisition. With five exits behind him, John specializes in building cybersecurity startups with strong technical vision. In this episode… Patching software vulnerabilities remains one of the biggest security challenges for many organizations. Security teams are often stretched thin as they try to keep up with vulnerabilities that can quickly be exploited. Open-source components and containerized deployments add even more complexity, especially when updates risk breaking production systems. As compliance requirements tighten and the volume of vulnerabilities grows, how can businesses eliminate software security risks without sacrificing productivity? Companies like Root are transforming how organizations approach software vulnerability remediation by applying agentic AI to streamline their approach. Rather than relying on engineers to triage and prioritize thousands of issues, Root's AI-driven platform scans container images, applies safe patches where available, and generates custom patches for outdated components that lack official fixes. Root's AI automation resolves approximately 95% or more vulnerabilities without breaking production systems, allowing organizations to meet compliance requirements while developers stay focused on building and delivering software. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Ian Riopel and John Amaral, Co-founders of Root, about how AI streamlines software vulnerability detection. Together, they explain how Root's agentic AI platform uses specialized agents to automate patching while maintaining software stability. John and Ian also discuss how regulations and compliance pressures are driving the need for faster remediation, and how Root differs from threat detection solutions. They also explain how AI can reduce security workloads without replacing human expertise.
An exploited iOS iMessage vulnerability Apple denies? The NPM repository is under siege with no end in sight. Were Comcast and Digital Realty compromised? Don't ask them. Matthew Green agrees: XChat does not offer true security. We may know how Russia is convicting Telegram users. Microsoft finally decides to block two insane Outlook file types. 40,000 openly available video camera are online. Who owns them? Running SpinRite on encrypted drives. An LLM describes Steve's (my) evolution on Microsoft security. What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit material.security drata.com/securitynow bigid.com/securitynow
Send us a textToday's episode offers a comprehensive overview of Cyber Threat Exposure Management (CTEM), defining it as a proactive framework for continuously evaluating digital and physical asset accessibility, exposure, and exploitability. It clarifies foundational cybersecurity concepts such as vulnerabilities, attack surface, threats, and impact, explaining how their interplay creates exposure. The speaker categorizes various types of exposure, from internet-facing systems to data leakage and phishing susceptibility, emphasizing the expanding attack surface due to interconnected IT infrastructure. Furthermore, the discussion elaborates on exposure management processes and related technologies, including vulnerability scanning, patch management, penetration testing, breach and attack simulation, and external attack surface management, alongside an explanation of how these tools are evolving to support a more unified CTEM approach. Finally, the transcript explores how Artificial Intelligence (AI) is enhancing CTEM through automated discovery, smarter prioritization, intelligent remediation, and enhanced automation.Support the showGoogle Drive link for Podcast content:https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnkoMy Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/Youtube Channnel : https://www.youtube.com/@TheCybermanShow Twitter handle https://twitter.com/prashant_cyber PS: The views are my own and dont reflect any views from my employer.
In this episode of Cybersecurity Today, host Jim Love discusses critical AI-related security issues, such as the Echo Leak vulnerability in Microsoft's AI, MCP's universal integration risks, and Meta's privacy violations in Europe. The episode also explores the dangers of internet-exposed cameras as discovered by BitSight, highlighting the urgent need for enhanced AI security and the legal repercussions for companies like Meta. 00:00 Introduction to AI Security Issues 00:24 Echo Leak: The Zero-Click AI Vulnerability 03:17 MCP Protocol: Universal Interface, Universal Vulnerabilities 07:01 Meta's Privacy Scandal: Local Host Tracking 10:11 The Peep Show: Internet-Connected Cameras Exposed 12:08 Conclusion and Call to Action
This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878
Drex covers three critical cybersecurity incidents: dual cyber attacks affecting healthcare systems in Lewiston, Maine; an AT&T database breach exposing 86 million records with decrypted sensitive data; and concerning backup management issues at login.gov that could impact government service access. The episode concludes with a practical reminder to test backup systems regularly.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer
Reviewing the Sabine Hossenfelder’s video, “AI is becoming dangerous. Are we ready?”
This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878
The Spring 2025 issue of AI Cyber Magazine details some of 2024's major AI security vulnerabilities and sheds light on the funding landscape. Confidence Staveley, Africa's most celebrated female cybersecurity leader, is the founder of the Cybersafe Foundation, a Non-Governmental Organization on a mission to facilitate pockets of changes that ensure a safer internet for everyone with digital access in Africa. In this episode, Confidence joins host Amanda Glassner to discuss. To learn more about Confidence, visit her website at https://confidencestaveley.com, and for more on the CyberSafe Foundation, visit https://cybersafefoundation.org.
In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Aram Hovsepyan, an active contributor to the OWASP SAMM project, brings a critical perspective to how the industry approaches security metrics, especially in vulnerability management. His message is clear: the way we collect and use metrics needs a serious rethink if we want to make real progress in reducing risk.Too often, organizations rely on readily available tool-generated metrics—like vulnerability counts—without pausing to ask what those numbers actually mean in context. These metrics may look impressive in a dashboard or board report, but as Aram points out, they're often disconnected from business goals. Worse, they can drive the wrong behaviors, such as trying to reduce raw vulnerability counts without considering exploitability or actual impact.Aram emphasizes the importance of starting with organizational goals, formulating questions that reflect progress toward those goals, and only then identifying metrics that provide meaningful answers. It's a research-backed approach that has been known for decades but is often ignored in favor of convenience.False positives, inflated dashboards, and a lack of alignment between metrics and strategy are recurring issues. Aram notes that many tools err on the side of overreporting to avoid false negatives, which leads to overwhelming—and often irrelevant—volumes of data. In some cases, up to 80% of identified vulnerabilities may be false positives, leaving security teams drowning in noise and chasing issues that may not matter.What's missing, he argues, is a strategic lens. Vulnerability management should be one component of a broader application security program, not the centerpiece. The OWASP Software Assurance Maturity Model (SAMM) offers a framework for evaluating and improving across a range of practices—strategy, risk analysis, and threat modeling among them—that collectively support better decision-making.To move forward, organizations need to stop treating vulnerability data as a performance metric and start treating it as a signal in a larger conversation about risk, impact, and architectural choices. Aram's call to action is simple: ask better questions, use tools more purposefully, and build security strategies that actually serve the business.GUEST: Aram Hovsepyan | OWASP SAMM Project Core Team member and CEO/Founder at CODIFIC | https://www.linkedin.com/in/aramhovsep/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this episode, FLASH President and CEO Leslie Chapman Henderson discusses the importance of wind science and building resilience with Dr. Tanya Brown-Giammanco and Dr. Marc Levitan from the National Institute of Standards and Technology (NIST). They explore personal journeys into wind science, the evolution of tornado safety design, and the differences between tornadoes and hurricanes. The conversation highlights the vulnerabilities in home structures, particularly roofs and garage doors, and emphasizes the need for updated building codes and community involvement in safety measures. Learn things you may not know with these two engaging national experts as they dispel tornado myths and share practical steps for homeowners.Discussion TopicsPersonal Journeys into Wind Science (1:04)Understanding Tornado Safety and Dual-Objective-Based Tornado Design Philosophy (3:53)Differences Between Tornadoes and Hurricanes (8:50)Assessing Building Performance After Wind Events (11:42)Vulnerabilities in Home Structures in Regard to High Winds (16:08)Surprising Findings in Wind Engineering (23:03)Future Directions for Garage Door Safety (27:33)Elevating Garage Door Performance through Rating (30:15)Advancing Building Codes via Community Engagement (30:53)Resources Tornado-Strong.orgNational Institute of Standards and TechnologyUnderstanding Building Codes and StandardsDisaster and Failure Studies ProgramNew Tornado Resistant Building CodesFEMA/NIST Fact Sheet - Improving Windstorm and Tornado Resilience: Recommendations for One- and Two-Family Residential StructuresNew Strong Homes Scale - InspectToProtect.orgThe Enhanced Fujita Scale Checklist - Strengthen Your Garage Door Checklist - Strengthen Your Roof Checklist - Strengthen Your Gutters Checklist - Sealed Roof Decks ConnectDr. Tanya Brown-GiammancoLeslie Chapman-HendersonDr. Marc Levitan
In this episode of our InfoSecurity Europe 2024 On Location coverage, Marco Ciappelli and Sean Martin sit down with Professor Peter Garraghan, Chair in Computer Science at Lancaster University and co-founder of the AI security startup Mindgard. Peter shares a grounded view of the current AI moment—one where attention-grabbing capabilities often distract from fundamental truths about software security.At the heart of the discussion is the question: Can my AI be hacked? Peter's answer is a firm “yes”—but not for the reasons most might expect. He explains that AI is still software, and the risks it introduces are extensions of those we've seen for decades. The real difference lies not in the nature of the threats, but in how these new interfaces behave and how we, as humans, interact with them. Natural language interfaces, in particular, make it easier to introduce confusion and harder to contain behaviors, especially when people overestimate the intelligence of the systems.Peter highlights that prompt injection, model poisoning, and opaque logic flows are not entirely new challenges. They mirror known classes of vulnerabilities like SQL injection or insecure APIs—only now they come wrapped in the hype of generative AI. He encourages teams to reframe the conversation: replace the word “AI” with “software” and see how the risk profile becomes more recognizable and manageable.A key takeaway is that the issue isn't just technical. Many organizations are integrating AI capabilities without understanding what they're introducing. As Peter puts it, “You're plugging in software filled with features you don't need, which makes your risk modeling much harder.” Guardrails are often mistaken for full protections, and foundational practices in application development and threat modeling are being sidelined by excitement and speed to market.Peter's upcoming session at InfoSecurity Europe—Can My AI Be Hacked?—aims to bring this discussion to life with real-world attack examples, systems-level analysis, and a practical call to action: retool, retrain, and reframe your approach to AI security. Whether you're in development, operations, or governance, this session promises perspective that cuts through the noise and anchors your strategy in reality.___________Guest: Peter Garraghan, Professor in Computer Science at Lancaster University, Fellow of the UK Engineering Physical Sciences and Research Council (EPSRC), and CEO & CTO of Mindgard | https://www.linkedin.com/in/pgarraghan/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesPeter's Session: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.4355.239479.can-my-ai-be-hacked.htmlLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Ever wondered why the idea of working for someone else just never quite fit, or why chaos seems to call your name (and you answer with gusto)? If you're an entrepreneur who's found yourself drawn to the thrill of building your own path—and maybe even stumbled more than a few times along the way—you are going to love this week's guest interview. I recently sat down with Dr. Michael A. Freeman, an acclaimed psychiatrist, professor, and serial entrepreneur whose groundbreaking research uncovers the fascinating relationship between ADHD, bipolar spectrum conditions, and the entrepreneurial drive. In this lively conversation, we get real about what makes entrepreneurs with ADHD different—and what it takes to turn those differences into undeniable strengths instead of exhausting liabilities. Here's what you'll hear in this episode:Why do so many entrepreneurs have ADHD tendenciesDr. Freeman breaks down fascinating research on why we're more likely to go solo in our careers—and why we struggle in traditional workplaces.The double-edged sword of the ADHD entrepreneurial brainWe chat about superpowers and vulnerabilities, with a big emphasis on how to recognize your “zone of genius” (and when to call in backup!).Building your own ADHD-friendly toolkit for sustainable successFrom teams and routines, to handling sleep and “offloading the boring stuff,” we talk actionable strategies (yes, including coaching and medication).The myth vs. reality of the entrepreneurial lifeSpoiler: it isn't all glamor and “get rich quick”—and Dr. Freeman shares why radical self-awareness and resilience are must-haves.Why fun is non-negotiable for the entrepreneur with ADHDTurns out, fun isn't just a bonus—it's the main event for the ADHD brain, and Dr. Freeman explains how to keep your business (and life) playfully sustainable.Make it actionable: Take three minutes to reflect: what feels fun, energizing, or “flow-y” in your own work? What support do you need more of?Feeling inspired to start, pivot, or quit? Get a “personal board of directors” before you make big decisions or take big risks.Get to know Michael Freeman, MD Michael A. Freeman, MD, is a clinical professor at UCSF School of Medicine, a researcher and mentor at the UCSF Entrepreneurship Center, a psychiatrist and executive coach for entrepreneurs, and an integrated behavioral healthcare systems consultant. His current research focuses on the identification of emotional overwhelm with early intervention and support. Dr. Freeman's thought leadership on entrepreneurship and mental health has been featured in the New York Times, Washington Post, Wall St. Journal, Fortune Magazine, Inc., Entrepreneur, CNN Money, Financial Times, and Bloomberg News.Mentioned in this episode:UC San Francisco, UC Berkeley, Stanford University, the Gallup Organization Connect with Michael A Freeman, MDWebsite - LinkedIn
Electric motors usually feature rare-earths metals to run. But WSJ tech columnist Christopher Mims writes about a new start up that excludes them, which could begin to help end the American auto industry's reliance on China. Then, Chinese automakers are also reliant on US imports for critical chips to power their cars. WSJ deputy Beijing bureau chief Yoko Kubota explores how the trade war has shown both US and Chinese tech industry vulnerabilities to the long-running spat. Sign up for the WSJ's free Technology newsletter. Learn more about your ad choices. Visit megaphone.fm/adchoices