Podcasts about Waf

Radware says recently WAF bypasses were patched in 2023 Marks & Spencer confirms data stolen in ransomware attack Alabama suffers cybersecurity event  Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com

In dieser Folge geht es um einen spannenden Diskriminierungsfall: Eine Kundin verlangt einen männlichen statt weiblichen Berater. Erfahre, was das LAG Baden-Württemberg entschieden hat, welche Schutzpflichten der Arbeitgeber hat und wie du als Betriebsrat aktiv werden kannst. Moderiert von Lina Goldbach & Ariane Bergstermann-Casagrande – hört unbedingt rein! Themen der Episode: Wenn Kunden ihr Berater-Geschlecht ohne Grund wechseln wollen Urteil des LAG Baden-Württemberg vom 20.11.2024 Arbeitgeberpflichten nach AGG und § 75 BetrVG Mitbestimmungsrechte und Schutzaufgaben des Betriebsrats Ansätze für eine gütliche Konfliktlösung   Seminarempfehlung aus dem Podcast: Arbeitsrecht Teil 1 https://www.waf-seminar.de/br128 Betriebsverfassungsrecht Teil 3 https://www.waf-seminar.de/br257

Am 28. April ist der Welttag für Sicherheit und Gesundheit am Arbeitsplatz. Hier geht's jedoch nicht nur um Helme und Warnwesten. Unsere Fachanwälte für Arbeitsrecht, Janine Schäfer und Christian Wiszkocsill, diskutieren, wie Betriebsräte den Wandel im Arbeitsschutz aktiv mitgestalten können. Was bedeutet gesunde Arbeit in Zeiten von KI und Automatisierung? Wo stehen psychische Gesundheit und moderne Prävention heute? Für euch Betriebsräte bietet dies wieder eine ausgezeichnete Gelegenheit, wichtige Impulse im Betrieb zu setzen. Themen der Episode: Exoskelette - Wie kommt hier die KI ins Spiel? Wie kann die KI helfen, Gefahren zu verhinder und Sicherheitsstandards zu verbessern? Was sind deine Mitbestimmungsrechte als Betriebsrat? Was kannst du als Betriebsrat konkret tun? Seminarempfehlung aus dem Podcast: Arbeits- und Gesundheitsschutz Teil 1 https://waf-seminar.de/br109 Betriebsverfassungsrecht Teil 2 https://www.waf-seminar.de/br164 Seminare zum Thema KI https://www.waf-seminar.de/rubrik/kuenstliche-intelligenz

Dürfen Mitarbeitende darauf vertrauen, dass ihre Äußerungen in einer Chatgruppe mit Kolleginnen und Kollegen vertraulich sind, und vom Arbeitgeber nicht für eine Kündigung herangezogen werden dürfen? Diese spannende Frage hat das Bundesarbeitsgericht entschieden. In dieser Folge diskutieren Rechtsanwältin Susanna Suttner und Rechtsanwalt Fabian Baumgartner, was das Urteil für Beschäftigte, Betriebsräte – und die Praxis bedeutet. Themen der Episode: Wann dürfen Chat-Inhalte als Kündigungsgrund verwendet werden? Was ist eine „Vertraulichkeitserwartung“ – und wann gilt sie nicht? Welche Rolle spielt die Größe und Zusammensetzung der Chatgruppe? Wie kann der Betriebsrat reagieren – und wann muss er widersprechen? Was bedeuten §§ 75 und 104 BetrVG für den Schutz vor Betriebsstörern? Seminarempfehlung aus dem Podcast: Seminar Betriebsverfassungsrecht Teil 2 https://www.waf-seminar.de/br164 Seminar Arbeitsrecht Teil 3 https://www.waf-seminar.de/br258

Darf der Betriebsrat mitreden, wenn das Gehalt eines freigestellten Mitglieds steigt? In dieser Folge geht's um ein spannendes Urteil des Bundesarbeitsgerichts – und was es für die Praxis bedeutet. Dabei wird auch klar: Nicht alles fällt unter das Mitbestimmungsrecht nach § 99 BetrVG. Rechtsanwalt Arne Schrein und Volljuristin Ariane Bergstermann-Casagrande diskutieren über dieses spannende Thema. Themen der Episode: Wann ist ein Betriebsratsmitglied freigestellt? (§ 38 BetrVG) Was sagt § 37 Abs. 4 zur Vergütung freigestellter BR-Mitglieder?  Mitbestimmungsrecht bei Gehaltserhöhungen? Unterschied zwischen Ein-/Umgruppierung und Vergütungsanpassung Seminarempfehlung aus dem Podcast: Seminar Betriebsverfassungsrecht Teil 1 https://www.waf-seminar.de/br163 Seminar Betriebsverfassungsrecht Teil 2 https://www.waf-seminar.de/br164

Trotz des etwas sperrigen Titels geht es in diesem Podcast um einen sehr spannenden Beschluss vom Bundesarbeitsgericht. Die Rechtsanwälte Christian Wiszkocsill und Arne Schreib diskutieren, was bei einem Betriebsübergang mit Leiharbeitern zu beachten ist. Themen der Episode: Betriebsübergang und Betriebsänderung Leiharbeiter bei Betriebsübergang Was sagt das AÜG dazu? Betriebsvereinbarung zum Thema Leiharbeit Seminarempfehlung aus dem Podcast: Seminar Arbeitsrecht Teil 2 https://www.waf-seminar.de/br129 Webinar Arbeitsrecht Teil 3 https://www.waf-seminar.de/on129

Wie viele Stunden dürfen Arbeitnehmer eigentlich arbeiten – und was muss der Betriebsrat dabei wissen? Im heutigen Podcast sprechen Fachanwältin für Arbeitsrecht Susanna Suttner und Rechtsanwalt Fabian Baumgartner über eine der zentralen Vorschriften des Arbeitszeitgesetzes: § 3 ArbZG. Klingt einfach – ist es aber nicht. Es gibt viele Missverständnisse rund um tägliche und wöchentliche Höchstarbeitszeiten, Ausgleichszeiträume und die Rolle des Betriebsrats. Wir klären auf, räumen mit Irrtümern auf und geben klare Orientierung für die Praxis. Themen der Episode: § 3 ArbZG: Die tägliche und wöchentliche Höchstarbeitszeit 48 oder 60 Stunden pro Woche – was gilt wann? Monatsarbeitszeit – was rechnerisch möglich ist (und was nicht) Was zählt beim Ausgleichszeitraum von 24 Wochen? Urlaub, Krankheit und Freizeitausgleich: Was ist neutral, was zählt mit? Seminarempfehlung aus dem Podcast: Seminar Arbeitsrecht Teil 1 https://www.waf-seminar.de/br128

Betriebsratsarbeit – das kann manchmal richtig stressig sein. Wer kennt das nicht: Ein Termin jagt den anderen, hinzu kommen die hohen Erwartungen der Kollegen und der Dauerdruck durch den Arbeitgeber. Um so wichtiger, dass du als Betriebsrat die wichtigsten Methoden kennt, die laut aktuellen wissenschaftlichen Erkenntnissen Stress lindern! Darüber unterhalten sich: Hartmuth Brandt, Diplom-Ökonom und Krankenpfleger und Niklas Pastille, LL.M aus Berlin, heute über dieses spannende Thema. Themen der Episode: Individuell erfolgreiche Methoden vs. Methoden, die bei den Meisten erfolgreich sind Erkenntnisse aus der Stress- und Hirnforschung Die 10 wissenschaftlich bewiesenen Methoden Seminarempfehlung aus dem Podcast: Seminar Psychische Belastungen am Arbeitsplatz Teil 1 https://www.waf-seminar.de/br350 Seminar Burn-out: Prävention und Hilfestellung https://www.waf-seminar.de/br462  

rWotD Episode 2871: Water associated fraction Welcome to Random Wiki of the Day, your journey through Wikipedia’s vast and varied content, one random article at a time.The random article for Friday, 14 March 2025 is Water associated fraction.The water associated fraction (WAF), sometimes termed the water-soluble fraction (W. S. F.), is the solution of low molecular mass hydrocarbons naturally released from petroleum hydrocarbon mixtures in contact with water. Although generally regarded as hydrophobic, many petroleum hydrocarbons are soluble in water to a limited extent. This combination often also contains less soluble, higher molecular mass components, and more soluble products of chemical and biological degradation.This recording reflects the Wikipedia text as of 00:19 UTC on Friday, 14 March 2025.For the full current version of the article, see Water associated fraction on Wikipedia.This podcast uses content from Wikipedia under the Creative Commons Attribution-ShareAlike License.Visit our archives at wikioftheday.com and subscribe to stay updated on new episodes.Follow us on Mastodon at @wikioftheday@masto.ai.Also check out Curmudgeon's Corner, a current events podcast.Until next time, I'm neural Arthur.

Frauen sind im Berufsleben oft mit unsichtbaren Hürden konfrontiert: schlechtere Bezahlung, weniger Aufstiegschancen und höhere Erwartungen an ihre „Vereinbarkeit“ von Beruf und Familie. Doch warum ist das so? Und vor allem: Wie können wir das ändern? In dieser besonderen Episode zum Internationalen Frauentag sprechen Ariane Bergstermann-Casagrande und Franziska Grimm über die zentrale Rolle von Frauen im Betriebsrat, decken bestehende Ungleichheiten auf und zeigen, welche konkreten Maßnahmen nötig sind. Jetzt gleich reinhören und erfahren, wie wir gemeinsam für mehr Chancengleichheit sorgen können! Themen der Episode: Frauen im Betriebsrat Gender-Gaps im Arbeitsleben Strukturelle Hürden Lösungen statt leere Versprechen! Seminarempfehlung aus dem Podcast: Seminar Allgemeines Gleichbehandlungsgesetz https://www.waf-seminar.de/br358 Seminar Frauen im Betriebsrat https://www.waf-seminar.de/br553    

The ASX 200 continued to struggle down 46 points at 8095 (0.6%) as stocks going ex -dividend weighed. Banks eased yet again with CBA off 1.8% and WBC down 0.9% as the Big Bank Basket fell to $248.82 (-1.1%). MQG off another 0.4% as one broker downgraded. Insurers also in the eye of the cyclone, SUN down 1.0% and QBE dropping 1.3%. REITs eased back, GMG down 0.2% and SCG off 0.9%. Industrials also lost ground, WES fell 1.6% with WOW and COL slipping, QAN down 2.0% from heady highs and TLS slid 1.0%. REA was a positive today up 4.3%. Tech mixed again, WTC up 4.7%. In resources, RIO Ex dividend knocked 2.2% off, BHP down 0.8% after it went Ex, gold miners better, NEM up 1.4% and EVN up 2.7% on copper exposure too. SFR ran 4.8% on its copper exposure, MIN bounced 2.6% and WAF jumped 11.9% on production upgrades. Oil and gas stocks on the nose as crude hits 3-year lows, WDS down 4.7% (XD) and STO off 1.9%. Uranium stocks feeling slightly perkier, BOE up 1.3% and PDN up 1.1% on some broker upgrades. On the corporate front, AMC dropped1.6 % on plans to reorganise it business. AUD has had its best week since 2023. LTM now delisted. SGR looks to HK for a bail out as Brisbane casino set to be sold. On the economic front, Building approvals rose 6.3%. Asian markets remain firm, Alibaba helping Japan up 0.9%, HK up 2.6% and China up 1.3%. 10-year yields back up to 4.48%.Want to invest with Marcus Today? The Managed Strategy Portfolio is designed for investors seeking exposure to our strategy while we do the hard work for you. If you're looking for personal financial advice, our friends at Clime Investment Management can help. Their team of licensed advisers operates across most states, offering tailored financial planning services.  Why not sign up for a free trial? Gain access to expert insights, research, and analysis to become a better investor.

The ASX 200 dropped another 57 points to 8141 (-0.7%) partially ignoring a decent rally in US futures as Trump gave his State of the Union address. China now targeting 5% GDP growth in a separate proclamation. Banks dragged us down with the Big Bank Basket down to $251.84 (-1.0%). CBA down 0.9% and MQG off 1.3% with XYZ continuing to stumble down another 4.1%. REITs slipped lower, VCX down 0.5% and GPT off 0.9%. Healthcare also down, RMD falling 2.3% and TLX off 1.2%. Industrials under pressure across the board with ex dividends not helping. WES dropped 0.8% with WOW and COL sliding on ex-dividend as did TWE off 5.6%. Retail eased back, PMV off 2.4% and JBH down 1.8% with GYG up 2.1% on a broker upgrade. Tech stocks mixed, WTC up 1.2% and XRO down 0.7%. The All-Tech Index off 0.4%. Resources were mixed, iron ore stocks seeing some buying, BHP up 0.2% and RIO up 0.2%. MIN still under pressure on debt and governance issues, down 1.9%. Gold miners were positive, WAF up 6.5% and EVN up 1.4%. Energy stocks still falling, WDS down 1.5% and STO falling 1.6%. Uranium stocks finding some support. In corporate news, Virgin gets approval for Qatar investment. WTC said it expects to appoint new directors very soon. MIN saw a downgrade by Fitch and SUN and IAG clarified Alfred impacts. In economic news, we saw a better than expected 0.6% rise in GDP. Asian markets were steady on Chinese stimulus talk, Japan up 0.7%, HK up 1.7% and China up 0.3%. 10-year yields 4.35%.Want to invest with Marcus Today? The Managed Strategy Portfolio is designed for investors seeking exposure to our strategy while we do the hard work for you. If you're looking for personal financial advice, our friends at Clime Investment Management can help. Their team of licensed advisers operates across most states, offering tailored financial planning services.  Why not sign up for a free trial? Gain access to expert insights, research, and analysis to become a better investor.

Der Fachkräftemangel setzt viele Unternehmen unter Druck – doch auch Betriebsräte stehen vor großen Herausforderungen. Überlastung, schlechte Arbeitsbedingungen und eine unfaire Arbeitsverteilung können die Folge sein. Doch welche Beteiligungsrechte haben Betriebsräte, um gegenzusteuern? In dieser Episode besprechen wir die wichtigsten Hebel. Höre rein und erfahre mehr von Franziska Grimm und Christoph Gussenstätter! Themen der Episode: Fachkräftemangel (Definition, Ursachen, Auswirkungen) Herausforderungen für Betriebsräte Möglichkeiten der Beteiligung des BR Seminarempfehlung aus dem Podcast: Seminar Fachkräftemangel https://www.waf-seminar.de/br533 Fachtagung Fachkräftemangel vs. KI https://www.waf-seminar.de/seminare/fachtagung/fachkraeftemangel

In this episode, I sit with the Head of Cloud Security Engineering at Check Point Software. Brian McHenry joined Check Point after over a decade and a half at F5 focused on WAF. Brian has been a practitioner, a Sales Engineer, and a Product Manager. Hear why Brian left F5 and joined Check Point and what he started in NY in 2016.

The Wisconsin Association of Fairs (WAF) is undergoing a major revamp to ensure the long-term success of the fair industry. Executive Director Jayme Buttke shared that this transformation is a result of careful strategic planning. "Two years ago, our board sat down and asked, 'Where do we want the next level of the fair industry to be?'" Buttke said. "We needed to take a hard look at what WAF provides and where we are going." One of the most significant changes includes a brand refresh, with a new website. "We want to make our online presence more user-friendly and incorporate modern technology," Buttke explained. "It's all about the next group of leaders—whether fair board members or exhibitors."See omnystudio.com/listener for privacy information.

In dieser Podcast-Episode geht es um das Thema „Arbeiten trotz Krankschreibung“. Christian Wiszkocsill und Franziska Grimm beleuchten die rechtlichen Hintergründe und praktischen Herausforderungen, wenn Arbeitnehmer trotz Arbeitsunfähigkeitsbescheinigung wieder arbeiten möchten oder vom Arbeitgeber dazu aufgefordert werden. Anhand eines konkreten Fallbeispiels wird außerdem diskutiert, ob es erlaubt ist, während einer Krankmeldung bei einem anderen Arbeitgeber tätig zu sein. Zum Abschluss geben die beiden wichtige Hinweise und wertvolle Tipps, wie sich Arbeitnehmer im Dschungel von Arbeitsunfähigkeit und Krankschreibung sicher bewegen können und welche Bedeutung das Thema „Arbeitsunfähigkeit“ für die BR-Arbeit hat. Themen der Episode: Abgrenzung: Krankheit und Arbeitsunfähigkeit Wunsch des Arbeitnehmers Aufforderung des Arbeitgebers Hinweise und Tipps für Arbeitnehmer Bezug zur Betriebsratsarbeit: Kündigung, Krankmeldungen und Datenschutz, Gesundheitsförderung und Prävention, Unterstützung bei Rückkehr an den Arbeitsplatz, Information und Beratung der Mitarbeiter Seminarempfehlung aus dem Podcast: Seminar Arbeitsrecht Teil 2: https://www.waf-seminar.de/br129 Seminar Arbeitsrecht Teil 3 https://www.waf-seminar.de/br258

Submaroach Episode 222: Koj's Engaged, Military Tech, and Fixing Nigeria After a weekend of partying Submaroach hosts TMT, Mayowa, and Koj dive into a mix of personal news, political insights, and their usual hilarious takes on life. You don't want to miss this one! Koj is Engaged! Big news—our very own Koj is officially off the market! The boys celebrate the engagement and share some laughs about love, weddings, and everything in between. Show him some love! WAF x Israel Adesanya Collab? TMT imagines how a collaboration between Nigerian skateboard brand WAF and UFC star Israel Adesanya could save Israel's career. Nigerian Military Coups & Tech Issues: TMT draws unexpected connections between Nigeria's military coups in the 80s and today's tech problems—yes, it's as wild as it sounds. Fixing Nigeria: The boys put on their problem-solving hats and discuss (probably impractical) ways to fix Nigeria's many challenges. Expect hot takes and hilarious suggestions. Churches & Money: They dive into the fragile and often controversial relationship between churches and money in Nigeria. Grammy Stuff, Trump Stuff: Some Grammy gossip, some Trump antics—it's all on the table. Koj's Court Marriage: Koj shares his experience getting legally hitched, with plenty of funny stories and insights. Pet Peeves & Bad Habits: From personal annoyances to bad habits they can't seem to shake, the boys let loose on what grinds their gears. Ending on a Nigerian Music High Note: Mayowa is something else. Tune in to Submaroach Episode 222 for laughs, life updates, and some seriously strange conversations. Don't forget to subscribe, rate, and leave a review!

Shlomo Kramer, CEO and co-founder of Cato Networks is a rare bird in the cybersecurity industry, having built three unicorns in his career. For many in the cybersecurity industry, Sholmo needs no introduction. One of the early pioneers in Israel's cybersecurity startup ecosystem, what makes Shlomo remarkable is his ability to repeatedly build category-defining companies. He first co-founded Check Point, which pioneered the firewall category and today commands a $20 billion market cap. Then, seeing the shift to the cloud, he launched Imperva, focusing on web application security (WAF). That was his second IPO. Now with Cato Networks, he's created an entirely new category called SASE – Secure Access Service Edge – and Cato has already reached over $200 million in annual recurring revenue.But Shlomo isn't just a builder – he's also a remarkably successful investor with an eye for transformative companies. His portfolio includes Trusteer, which IBM acquired for $1 billion, and Palo Alto Networks, in which he wrote the first angel check and sat on its board - a company now valued well over $100 billion dollars.In this episode, we get inside the mind of the only entrepreneur we know who's on track to potentially take his third cybersecurity company public. Many founders are satisfied with one IPO, some rarely go to two and Shlomo is on track for his third IPO - a hat trick if he pulls it off. In the cybersecurity hall of fame, very few could equal what Shlomo has accomplished.We discuss building cybersecurity companies, the evolution of the security market over the past three decades, why founders should focus on their customers instead of competitors, how building startups has changed from when Shlomo started Check Point, and many other aspects of the founder's journey. 

Technische Einrichtungen sind heute in jedem Betrieb und Unternehmen allgegenwärtig. Auch das Thema KI führt dazu, dass die Mitbestimmung des Betriebsrates bei IT-Systemen stetig wächst. Durch die Mitbestimmung des Betriebsrats und den Abschluss von Betriebsvereinbarungen entstehen aber tatsächlich auch wieder neue Themen und Regeln, welchen wir uns heute widmen wollen. Dabei geht es um die Frage wie freiwillig die Anwendung einer technischen Einrichtung sein muss, damit diese nicht der Mitbestimmung unterliegt und wie Betriebsvereinbarungen abzuschließen sind, damit diese datenrechtskonform sind. Rechtsanwältin Lina Goldbach und Fachreferentin Ariane Begstermann-Casagrande tauschen sich über die Grenzen der Mitarbeiterüberwachung und der Frage der Freiwilligkeit bei Mitarbeiterüberwachung, dem Verhandeln von Betriebsvereinbarung und dem Datenschutz in Betriebsvereinbarung aus. Themen der Episode: Überwachung am Arbeitsplatz: Welche Maßnahmen sind zulässig, welche nicht? Rechte der Arbeitnehmer: Warum Datenschutz und Persönlichkeitsrechte eine zentrale Rolle spielen. Praxis-Tipps für Betriebsräte: Worauf muss bei Betriebsvereinbarungen besonders geachtet werden? Seminarempfehlung aus dem Podcast: Seminar Betriebsverfassungsrecht Teil 2 https://www.waf-seminar.de/br164 Webinar Betriebsverfassungsrecht Teil 2 https://www.waf-seminar.de/on164

In dieser Podcast-Episode diskutieren Rechtsanwalt Arne Schrein und Volljuristin Ariane Bergstermann-Casagrande das Urteil des Bundesarbeitsgerichts vom 5. Dezember 2024 (Az. 8 AZR 370/20).  Themen der Episode: Abgrenzung § 8 TzBfG und § 9a TzBfG! Ungleichbehandlung von Teilzeitbeschäftigten und deren rechtliche Einordnung (§ 4 Abs. 1 TzBfG) Urteil des Bundesarbeitsgerichts und Einfluss des EuGH Tarifvertragliche Regelungen und ihre Grenzen Geschlechtsspezifische mittelbare Benachteiligung in der Praxis Handlungsmöglichkeiten für Betriebsräte Seminarempfehlung aus dem Podcast: Seminar Arbeitsrecht Teil 2: https://www.waf-seminar.de/br129

In dieser Episode widmen wir uns einer brisanten Debatte: Keine Lohnfortzahlung am ersten Krankheitstag? Ein Vorschlag des Allianz-Chefs Oliver Bäte hat für Aufsehen gesorgt und wirft viele Fragen auf. Welche Auswirkungen hätte eine solche Regelung für Arbeitnehmer, Unternehmen und die Gesellschaft? Höre rein und erfahre mehr von Tobias Gerlach und Janine Schäfer! Themen der Episode: Aktuelle Diskussion Rechtslage in Deutschland Regelungen im europäischen Ausland Kritikpunkte und Risiken einer solchen Maßnahme Mögliche Alternativen zur Reduzierung von Krankheitsfällen Seminarempfehlung aus dem Podcast: Seminar Arbeitsrecht Teil 1 https://www.waf-seminar.de/br129 Webinar Arbeitsrecht Teil 1 https://www.waf-seminar.de/on128

In diesem Podcast erklären Christian Wiszkocsill und Franziska Grimm, wann Arbeitnehmer auch ohne Arbeitsleistung einen Anspruch auf Entgeltfortzahlung haben – und das nicht nur im Krankheitsfall! Wir werfen einen Blick auf § 616 BGB und klären, welche persönlichen Ereignisse oder familiäre Notfälle als mögliche „Verhinderungsgründe“ gelten und eine Entgeltfortzahlung des Arbeitgebers rechtfertigen können. Erfahren Sie, wie lange eine solche Arbeitsverhinderung dauern darf, und warum tarifliche oder betriebliche Vereinbarungen eine große Rolle spielen. Themen der Episode: Grundsatz: „Ohne Arbeit keinen Lohn“ Voraussetzungen für einen Anspruch auf Entgeltfortzahlung wegen unvermeidbarer kurzzeitiger Arbeitsverhinderung nach § 616 BGB Verhinderungsgründe im Sinne von § 616 BGB Dauer einer Verhinderung Abänderung und Ausschluss des § 616 BGB Weitere gesetzliche Ansprüche auf bezahlte Freistellung bei persönlichen Leistungshindernissen Seminarempfehlung aus dem Podcast: Arbeitsrecht Teil 1 https://www.waf-seminar.de/br128 Arbeitsrecht Teil 2 https://www.waf-seminar.de/br129

Tonight, the Wisconsin Association of Fairs will crown the 59th Fairest of the Fairs. Roughly three dozen young women are in the running for the position. At the WAF annual convention in the Wisconsin Dells, we caught up with outgoing Fairest Kelsey Henderson of Racine County before she passes on the crown. She reflects on her year as Wisconsin's fair ambassador. You wouldn't believe how busy she was during fair season! But since Kelsey has been attending fairs since she was in diapers, it was nothing out of the ordinary.See omnystudio.com/listener for privacy information.

CDN и DDoS-защита: взболтать, но не смешивать? Марат давно хотел выпуск про CDN, а тут ещё и повод громкий подвернулся - Cloudflare то блокируют, то не блокируют, куда податься и что делать - решительно непонятно. Поэтому в компании со знающими людьми будем разбираться, можно ли совмещать CDN и DDoS-защиту в одном флаконе. И при чём тут гномы. Кто: Георгий Тарасов, продакт CDN и антибота в Curator Про что: Я подключил CDN, но меня все равно ддосят, что я делаю не так? Layer 7 DDoS-атаки на динамику и на статику: какие у них векторы и мишени Отличия сетей CDN и сетей фильтрации трафика: архитектура, быстродействие, косты Как CDN защищают себя и клиента от перегрузок. Подпись запросов, шилдинг, шардирование. Что, если объединить системы и задачи antiDDoS и CDN? Однородный и эшелонированный подходы. Я теперь подключил WAF, но меня все равно ддосят, что опять я делаю не так? Сообщение sysadmins №53. CDN и DDoS-защита: взболтать, но не смешивать? появились сначала на linkmeup.

In this week's episode, we look at recent Microsoft Tech updates. By popular request, we're expanding the scope beyond just Azure to include Microsoft 365, Power Platform, and similar Microsoft platforms and capabilities. What's new? What's interesting? What's retiring? Also, Tobi asks Jussi an unexpected question.(00:00) - Intro and catching up.(03:14) - Show content starts.Show links- Sign-up form for WAF on Application Gateway for Containers- Azure Automation limits and quotas- Migrate to Azure CDN from Edtio to Azure Front Door- Microsoft 365 network connectivity test- Defender for Cloud "Setup experience" (Azure Portal)- New Message Trace in Exchange OnlineFind us on Bluesky- Tobias Zimmergren (@zimmergren.net) — Bluesky- Jussi Roine • Microsoft MVP (@jussiroine.com) — Bluesky - Give us feedback!

In der heutigen Podcast-Folge geht es um einen Streit über Fortbestand des Arbeitsverhältnisses nach einem Aufhebungsvertrag. Die Klägerin behauptet, der Vertrag sei unter widerrechtlicher Drohung abgeschlossen worden. Die Rechtsanwälte Tobias Gerlach und Ansgar Dittmar betrachten den Fall, den das Bundesarbeitsgericht entschieden hat und erläutern, was Betriebsräte in diesem Fall tun sollten. Themen der Episode: Irrtum Nummer 1: Ich kann das BEM einklagen, wenn der Arbeitgeber seiner Pflicht zu einem BEM einzuladen nicht nachkommt. Irrtum Nummer 2: Jeder, der will, kann bei dem BEM-Gespräch dabei sitzen. Irrtum Nummer 3: Es ist optional, ob das Inklusion/Integrationsamt hinzugezogen wird Seminarempfehlung aus dem Podcast: Betriebliches Eingliederungsmanagement für die SBV: https://www.waf-seminar.de/br403

Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF bypasses, report writing, and more.They discuss the importance of contextual knowledge, the cost implications, and the strengths of different LLM Models.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!Today's Guest - https://x.com/JhaddixResourcesKeynote: Red, Blue, and Purple AI - Jason Haddixhttps://www.youtube.com/watch?v=XHeTn7uWVQMAttention in transformers,https://www.youtube.com/watch?v=eMlx5fFNoYcShifthttps://shiftwaitlist.com/The Darkest Side of Bug Bountyhttps://www.youtube.com/watch?v=6SNy0u6pYOcTimestamps(00:00:00) Introduction(00:01:25) Micro-agents and Weird Machine Tricks(00:11:05) Web fuzzing with AI(00:18:15) Brainstorming Shift and micro-agents(00:34:40) Strengths of different AI Models, and using AI to write reports(00:54:21) The Darkest Side of Bug Bounty

In der heutigen Podcast-Folge geht es um einen Streit über Fortbestand des Arbeitsverhältnisses nach einem Aufhebungsvertrag. Die Klägerin behauptet, der Vertrag sei unter widerrechtlicher Drohung abgeschlossen worden. Die Rechtsanwälte Tobias Gerlach und Ansgar Dittmar betrachten den Fall, den das Bundesarbeitsgericht entschieden hat und erläutern, was Betriebsräte in diesem Fall tun sollten. Themen der Episode: Schilderung des Urteils (BAG, Urt. V. 24.02.22 – 6 AZR 333/21) Was kannst du als Betriebsrat in einem solchen Fall machen? Wie kannst du als Betriebsrat deine Kollegen sensibilisieren?  Seminarempfehlung aus dem Podcast: Seminar Arbeitsrecht Teil 3: https://www.waf-seminar.de/br258 Seminar Betriebsverfassungsrecht 2: https://www.waf-seminar.de/br164

Neben dem Ausspruch einer betriebsbedingten Kündigung ist das hauptsächliche Gestaltungsmittel des Arbeitgebers bei einem Stellenabbau der Abschluss eines Aufhebungsvertrages. Eigentlich eine Win-win-Situation. Aber Vorsicht: Denn wenn der Arbeitnehmer keinen neuen Job hat und sich arbeitslos melden muss, dann kann der Abschluss eines Aufhebungsvertrages erhebliche Nachteile haben. Denn die Arbeitsagenturen prüfen sehr genau, ob nicht eine Sperrzeit verhängt werden kann oder der Bezug von Arbeitslosengeld ruht. In diesem Podcast, beleuchten Rechtsanwalt Christian Wiszkocsill und Juristin Franziska Grimm, welche Fallstricke es gibt und worauf man beim Abschluss eines Aufhebungsvertrages achten sollte, um Nachteile beim Bezug von Arbeitslosengeld zu vermeiden. Themen der Episode: Warum ist das nicht nur für den AN, sondern auch für den BR interessant? Möglichkeiten der Vermeidung von Nachteilen Fazit Seminarempfehlung aus dem Podcast: Seminar Arbeitsrecht Teil 3 https://www.waf-seminar.de/br258 Seminar Arbeits- und sozialrechtliche Probleme älterer Arbeitnehmer https://www.waf-seminar.de/br136

Überstunden als Betriebsrat sind ein heiß diskutiertes Thema. Im Podcast wird ein aktuelles Urteil des Arbeitsgerichts Köln besprochen, das zeigt, warum die korrekte Dokumentation von Mehrarbeit für Betriebsräte unerlässlich ist. Die Rechtsanwälte Lina Goldbach und Fabian Baumgartner sprechen über dieses wichtige Thema Themen der Episode: Fallbeispiel zu Arbeitszeitbetrug und Dokumentationspflicht für freigestellte Betriebsratsmitglieder Wichtige rechtliche Grundlagen Weisungsrecht des Arbeitgebers Seminarempfehlung aus dem Podcast: Seminar Betriebsverfassungsrecht Teil 1 https://www.waf-seminar.de/br163

Urlaub nehmen, wann und wie viel Sie möchten – das klingt fast zu schön, um wahr zu sein, oder? Im neuen Podcast klären wir auf, was hinter dem Konzept des Vertrauensurlaubs steckt und ob es wirklich so ideal ist, wie es klingt. Unsere Experten diskutieren Chancen und Risiken, geben Praxisbeispiele und zeigen auf, wie Vertrauensurlaub in Deutschland umgesetzt werden kann. Themen, die Sie erwarten: Was versteht man unter Vertrauensurlaub, und wie unterscheidet er sich vom regulären Urlaub? Welche Vorteile und Herausforderungen bringt dieses Modell für Arbeitnehmer und Arbeitgeber? Rechtliche Aspekte: Was Betriebsräte über Vertrauensurlaub wissen müssen. Seminarempfehlung aus dem Podcast: Betriebsverfassungsrecht Teil 2: https://www.waf-seminar.de/br164

Guest: Daniel Shechter, Co-Founder and CEO at Miggo Security Topics: Why do we need Application Detection and Response (ADR)? BTW, how do you define it? Isn't ADR a subset of CDR (for cloud)?  What is the key difference that sets ADR apart from traditional EDR and CDR tools? Why can't I just send my application data - or eBPF traces - to my SIEM and achieve the goals of ADR that way? We had RASP and it failed due to instrumentation complexities. How does an ADR solution address these challenges and make it easier for security teams to adopt and implement? What are the key inputs into an ADR tool? Can you explain how your ADR correlates cloud, container, and application contexts to provide a better  view of threats? Could you share real-world examples of types of badness solved for users? How would ADR work with other application security technologies like DAST/SAST, WAF and ASPM? What are your thoughts on the evolution of ADR? Resources: EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud EP143 Cloud Security Remediation: The Biggest Headache? Miggo research re: vulnerability ALBeast “WhatDR or What Detection Domain Needs Its Own Tools?” blog “Making Sense of the Application Security Product Market” blog “Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem“ book

In episode 741 of QAV, Tony and Cam discuss fear and greed with quotes from "Reminiscences of a Stock Operator", analyse West African Resources' (WAF) market situation due to Burkina Faso's political climate, Bank of Queensland's (BOQ) franchise strategies, Tony's attempts to get ChatGPT to help with the Kelly Criterion, answer a question about US Dummy Portfolio Strategy, and discuss insights on price-to-cash flow ratios from 'What Works on Wall Street' by O'Shaughnessy. The 'Pulled Pork' section features an in-depth look at Adairs (ADH) and its new strategic direction. And, of course, After Hours.

Guest: Steve Wilson, Chief Product Officer, Exabeam [@exabeam] & Project Lead,  OWASP Top 10 for Larage Language Model Applications [@owasp]On LinkedIn | https://www.linkedin.com/in/wilsonsd/On Twitter | https://x.com/virtualsteve____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of Redefining CyberSecurity, host Sean Martin sat down with Steve Wilson, chief product officer at Exabeam, to discuss the critical topic of secure AI development. The conversation revolved around the nuances of developing and deploying large language models (LLMs) in the field of cybersecurity.Steve Wilson's expertise lies at the intersection of AI and cybersecurity, a point he emphasized while sharing his journey from founding the Top 10 group for large language models to authoring his new book, "The Developer's Playbook for Large Language Model Security." In this insightful discussion, Wilson and Martin explore the roles of developers and product managers in ensuring the safety and security of AI systems.One of the key themes in the conversation is the categorization of AI applications into chatbots, co-pilots, and autonomous agents. Wilson explains that while chatbots are open-ended, interacting with users on various topics, co-pilots focus on enhancing productivity within specific domains by interacting with user data. Autonomous agents are more independent, executing tasks with minimal human intervention.Wilson brings attention to the concept of overreliance on AI models and the associated risks. Highlighting that large language models can hallucinate or produce unreliable outputs, he stresses the importance of designing systems that account for these limitations. Product managers play a crucial role here, ensuring that AI applications are built to mitigate risks and communicate their reliability to users effectively.The discussion also touches on the importance of security guardrails and continuous monitoring. Wilson introduces the idea of using tools akin to web app firewalls (WAF) or runtime application self-protection (RASP) to keep AI models within safe operational parameters. He mentions frameworks like Nvidia's open-source project, Nemo Guardrails, which aid developers in implementing these defenses.Moreover, the conversation highlights the significance of testing and evaluation in AI development. Wilson parallels the education and evaluation of LLMs to training and testing a human-like system, underscoring that traditional unit tests may not suffice. Instead, flexible test cases and advanced evaluation tools are necessary. Another critical aspect Wilson discusses is the need for red teaming in AI security. By rigorously testing AI systems and exploring their vulnerabilities, organizations can better prepare for real-world threats. This proactive approach is essential for maintaining robust AI applications.Finally, Wilson shares insights from his book, including the Responsible AI Software Engineering (RAISE) framework. This comprehensive guide offers developers and product managers practical steps to integrate secure AI practices into their workflows. With an emphasis on continuous improvement and risk management, the RAISE framework serves as a valuable resource for anyone involved in AI development.About the BookLarge language models (LLMs) are not just shaping the trajectory of AI, they're also unveiling a new era of security challenges. This practical book takes you straight to the heart of these threats. Author Steve Wilson, chief product officer at Exabeam, focuses exclusively on LLMs, eschewing generalized AI security to delve into the unique characteristics and vulnerabilities inherent in these models.Complete with collective wisdom gained from the creation of the OWASP Top 10 for LLMs list—a feat accomplished by more than 400 industry experts—this guide delivers real-world guidance and practical strategies to help developers and security teams grapple with the realities of LLM applications. Whether you're architecting a new application or adding AI features to an existing one, this book is your go-to resource for mastering the security landscape of the next frontier in AI.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Steve Wilson, Chief Product Officer, Exabeam [@exabeam] & Project Lead,  OWASP Top 10 for Larage Language Model Applications [@owasp]On LinkedIn | https://www.linkedin.com/in/wilsonsd/On Twitter | https://x.com/virtualsteve____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of Redefining CyberSecurity, host Sean Martin sat down with Steve Wilson, chief product officer at Exabeam, to discuss the critical topic of secure AI development. The conversation revolved around the nuances of developing and deploying large language models (LLMs) in the field of cybersecurity.Steve Wilson's expertise lies at the intersection of AI and cybersecurity, a point he emphasized while sharing his journey from founding the Top 10 group for large language models to authoring his new book, "The Developer's Playbook for Large Language Model Security." In this insightful discussion, Wilson and Martin explore the roles of developers and product managers in ensuring the safety and security of AI systems.One of the key themes in the conversation is the categorization of AI applications into chatbots, co-pilots, and autonomous agents. Wilson explains that while chatbots are open-ended, interacting with users on various topics, co-pilots focus on enhancing productivity within specific domains by interacting with user data. Autonomous agents are more independent, executing tasks with minimal human intervention.Wilson brings attention to the concept of overreliance on AI models and the associated risks. Highlighting that large language models can hallucinate or produce unreliable outputs, he stresses the importance of designing systems that account for these limitations. Product managers play a crucial role here, ensuring that AI applications are built to mitigate risks and communicate their reliability to users effectively.The discussion also touches on the importance of security guardrails and continuous monitoring. Wilson introduces the idea of using tools akin to web app firewalls (WAF) or runtime application self-protection (RASP) to keep AI models within safe operational parameters. He mentions frameworks like Nvidia's open-source project, Nemo Guardrails, which aid developers in implementing these defenses.Moreover, the conversation highlights the significance of testing and evaluation in AI development. Wilson parallels the education and evaluation of LLMs to training and testing a human-like system, underscoring that traditional unit tests may not suffice. Instead, flexible test cases and advanced evaluation tools are necessary. Another critical aspect Wilson discusses is the need for red teaming in AI security. By rigorously testing AI systems and exploring their vulnerabilities, organizations can better prepare for real-world threats. This proactive approach is essential for maintaining robust AI applications.Finally, Wilson shares insights from his book, including the Responsible AI Software Engineering (RAISE) framework. This comprehensive guide offers developers and product managers practical steps to integrate secure AI practices into their workflows. With an emphasis on continuous improvement and risk management, the RAISE framework serves as a valuable resource for anyone involved in AI development.About the BookLarge language models (LLMs) are not just shaping the trajectory of AI, they're also unveiling a new era of security challenges. This practical book takes you straight to the heart of these threats. Author Steve Wilson, chief product officer at Exabeam, focuses exclusively on LLMs, eschewing generalized AI security to delve into the unique characteristics and vulnerabilities inherent in these models.Complete with collective wisdom gained from the creation of the OWASP Top 10 for LLMs list—a feat accomplished by more than 400 industry experts—this guide delivers real-world guidance and practical strategies to help developers and security teams grapple with the realities of LLM applications. Whether you're architecting a new application or adding AI features to an existing one, this book is your go-to resource for mastering the security landscape of the next frontier in AI.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

How does Edge Security fit into the future of Cloud Protection ? In this episode, we sat down with Brian McHenry, Global Head of Cloud Security Engineering at Check Point at BlackHat USA, to chat about the evolving landscape of cloud security in 2024. With cloud adoption accelerating and automation reshaping how we manage security, Brian spoke to us about the challenges that organizations face today—from misconfigurations and alert fatigue to the role of AI in application security. We tackle the question: Is CSPM (Cloud Security Posture Management) still enough, or do we need to rethink our approach? Brian shares his thoughts on edge security, why misconfigurations are more dangerous than ever, and how automation can quickly turn small risks into significant threats. Guest Socials:⁠ ⁠⁠⁠⁠⁠Brian's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (03:28) State of Cloud Market (04:44) Is CSPM not enough? (06:35) Edge Security in Cloud Context (08:31) Where is edge security going? (10:11) Where to start with Cloud Security Tooling? (11:08) Transitioning from Network Security to Cloud Security (13:11) How is AI Changing Edge Security? (14:45) How is WAF and DDos Protection evolving? (18:16) Should people be doing network pentest? (19:57) North Star for WAF in a cybersecurity program (20:55) The evolution to platformization (23:13) Highlight from BlackHat USA 2024

1. We Are Family's website - https://wearefamilycharleston.org/ 2. Closet Case Thrift Store - https://wearefamilycharleston.org/closetcasethrift 3. Park Circle Pride - https://www.parkcirclepride.com/ 4. WAF's Facebook - https://www.facebook.com/WeAreFamilyCharleston 5. WAF's Instagram - https://www.instagram.com/wearefamilycharleston/ 6. WAF's YouTube - https://www.youtube.com/user/wearefamilychs 7. WAF's Twitter - https://twitter.com/wearefamilychs 8. WAF's LinkedIn - https://www.linkedin.com/company/we-are-familychs/ This episode's music is by Tyler Boone (tylerboonemusic.com). The episode was produced by LMC Soundsystem.

In this episode of the Application Security Podcast, host Chris Romeo welcomes James Berthoty, a cloud security engineer with a diverse IT background, to discuss his journey into application and product security. The conversation spans James's career trajectory from IT operations to cloud security, his experiences with security tools like Snyk and StackHawk, and the evolving landscape of Dynamic Application Security Testing (DAST) and API security. They delve into the practical challenges of CVEs, reachability analysis, and the complexities of patching in mid-sized companies. James shares his views on the often misunderstood role of WAF and the importance of fixing issues over merely identifying them. The discussion concludes with insights into James's initiative, Latio Tech, which aims to help security professionals evaluate and understand application security products better. James Berthoty's LinkedIn post: AppSec Kool-Aid Statements I Disagree Withhttps://www.linkedin.com/posts/james-berthoty_appsec-kool-aid-statements-i-disagree-with-activity-7166084208686256128-tb1U?utm_source=share&utm_medium=member_desktopWhat is Art by Leo Tolstoyhttps://www.gutenberg.org/files/64908/64908-h/64908-h.htmFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Resources:?. Tweethttps://x.com/garethheyes/status/1786836956032176215 NoWafPlshttps://github.com/assetnote/nowafplsRedacted Reportshttps://x.com/deadvolvo/status/1790397012468199651Breaking CORShttps://x.com/MtnBer/status/1794657827115696181Sandbox-iframe XSS challenge solutionhttps://joaxcar.com/blog/2024/05/16/sandbox-iframe-xss-challenge-solution/iframe and window.open magichttps://blog.huli.tw/2022/04/07/en/iframe-and-window-open/#detecting-when-a-new-window-has-finished-loadingdomloggerpphttps://github.com/kevin-mizu/domloggerppTimestamps(00:00:00) Introduction(00:03:29) ?. Operator in JS and NoWafPls(00:07:22) Redacting our own reports(00:11:13) Breaking CORS(00:17:07) Sandbox-iframes(00:24:11) Dom hook plugins

¿Te gustaría conocer dos small caps que pueden ser una buena OPORTUNIDAD de INVERSIÓN? Edgar Fernández y Albert Millán te analizan los resultados de dos compañías que pueden ser una oportunidad de inversión: Georgia Capital y Valaris Y recuerda la noticia del sanedrín: LANZAMOS LA 3ª EDICIÓN DEL CURSO DE INVERTIR EN MATERIAS PRIMAS Y ENERGÍA. Apúntate a PRECIO REDUCIDO. https://locosdewallstreet.com/producto/curso-de-inversion-en-materias-primas-y-energia-3-edicion-2024/ ⛏️ MINERAS EN ÁFRICA ¿Peligro u Oportunidad? (WAF, ORE, PRU, Montage Gold, PDI, WIA, IVN, AFM, GLO...). Un megaprograma sobre lo que implica invertir en áfrica y hablar sobre todas esas empresas dedicándole 5-10 minutos a cada una. ⏰ Miércoles 8 de mayo a las 20:00 https://streamyard.com/watch/NNQDdKTTKFEs ️ ¿Estás suscrito a nuestra newsletter? No te pierdas la MEJOR INFORMACIÓN para invertir con seguridad ➡️ https://lwsfinancialresearch.substack.com/ ¿TE GUSTARÍA PERTENECER A NUESTRA COMUNIDAD GRATUITA? Discord: https://discord.gg/y6pVwHYFf9 Telegram: https://t.me/+Sbartxtu6rHwC9EJ ¿TE GUSTARÍA ESCUCHARNOS EN CUALQUIER LUGAR? Ivoox: https://www.ivoox.com/podcast-locos-wall-street_sq_f11368192_1.html Spotify: https://open.spotify.com/show/6kWkLnitQPqp5YfP5SE9p2?si=8637165e46d24f8e Apple Podcasts: https://podcasts.apple.com/podcast/id1587942949?ign-itscg=30200&ign-itsct=lt_p SÍGUENOS en: https://linktr.ee/locosdewallstreet (Todos nuestros enlaces en un solo sitio) ✅ Youtube ➡️https://www.youtube.com/c/LoslocosdeWallStreet?sub_confirmation=1 ✅ Discord ➡️ https://discord.gg/y6pVwHYFf9 ✅ WEB ➡️ https://locosdewallstreet.com ✅ Twitch ➡️ https://www.twitch.tv/locosdewallstreet ✅ Twitter ➡️ https://twitter.com/LocosWallStreet @LocosWallStreet ✅ Telegram ➡️ https://t.me/+Sbartxtu6rHwC9EJ ✅ Instagram ➡️ https://www.instagram.com/locosdewall... ✅ Linkedin ➡️ https://linkedin.com/company/82410497 ✅ Facebook ➡️ https://www.facebook.com/loslocosdewallstreet/ ✅ Tiktok ➡️ https://www.tiktok.com/@locoswallstreet ✅ Ivoox ➡️ https://www.ivoox.com/podcast-locos-wall-street_sq_f11368192_1.html ✅ Spotify ➡️ https://open.spotify.com/show/6kWkLnitQPqp5YfP5SE9p2?si=8637165e46d24f8e ✅ Apple Podcasts ➡️https://podcasts.apple.com/podcast/id1587942949?ign-itscg=30200&ign-itsct=lt_p FÓRMATE con LWS en: CURSO DE VALORACIÓN Y MODELIZACIÓN DE EMPRESAS ➡️ https://locosdewallstreet.com/producto/modelizacion-de-empresas/ CURSO DE ANÁLISIS DE ESTADOS FINANCIEROS ➡️ https://locosdewallstreet.com/producto/analisis-de-estados-financieros/ ("Actualmente en lista de espera para iniciar una nueva edición. APÚNTATE a la lista de espera. PLAZAS LIMITADAS") ⛏️CURSO DE INVERSIÓN EN MATERIAS PRIMAS Y ENERGÍA ➡️ https://locosdewallstreet.com/producto/inversion-en-materias-primas/ ("Actualmente en lista de espera para iniciar una nueva edición. APÚNTATE a la lista de espera. PLAZAS LIMITADAS") CURSO DE INVERTIR CON OPCIONES FINANCIERAS ➡️ https://locosdewallstreet.com/producto/opciones-financieras/ ("Actualmente en lista de espera para iniciar una nueva edición. APÚNTATE a la lista de espera. PLAZAS LIMITADAS") Locos de Wall Street. Locos por la EDUCACIÓN FINANCIERA #Invertir #SmallCaps #GeorgiaCapital #Valoris #OportunidadesDeInversion #MercadoBursátil #Inversiones #Finanzas #Diversificación #ÉxitoFinanciero

Eyal Solomon, CEO and Co-Founder of Lunar.dev, talks about integrating, controlling, and observability into 3rd party APIs and services. We discuss the trade-offs of integrating a 3rd party API and how it impacts simplicity and potential loss of insight.SHOW: 803CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:CloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spendSHOW NOTES:Lunar.dev (homepage)Lunar.dev blogLunar.dev on TechCrunchTopic 1 - Welcome to the show. Before diving into today's discussion, tell us a little about your background.Topic 2 - Controlling 3rd party APIs is increasingly becoming an issue for many organizations. As the world gets built on APIs, consumption of another company's APIs to ingest services is critical. But, this leads to all sorts of control and potentially cost issues. Please give everyone an introduction to the problem.Topic 3 - Does this mean 3rd Party APIs are a tradeoff? Yes, you might be able to integrate APIs for a payment system for instance quickly, or maybe the latest AI SaaS service, but in doing so won't an organization potentially lose oversight? Where do most organizations run into problems first? This reminds me of the early days of cloud and people leaving instances running and then getting huge bills and not knowing until it was too late. Is this similar?Topic 4 - We've seen a lot of products and companies tackling the issue of internal company APIs, but not 3rd party APIs. Once an organization determines they have a problem, maybe an observability problem, perhaps a cost problem, maybe a compliance issue, etc. how would they get started gaining API observability and control in their org? Topic 5 - Is this a solution that sits in traffic flow? Does this potentially introduce latency? Is this almost like a WAF for 3rd party APIs? What kinds of policies or restrictions can be put in place?Topic 6 - What are some of the most common use cases you've seen and how do you solve them? What business decisions have to be made if they decide to restrict access in some way?FEEDBACK?Email: show at the cloudcast dot netTwitter: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod

Ora Banda's (OBM) got the ball rolling today with exploration results, a company update then bang! Capital raise. Next cab off the rank was West African (WAF) with an update on Kiaka, then Core Lithium (CXO) cancelling their mining services contract followed by a deep dive into two diverging mining services plays, Dynamic (DDB) and Vysarn (VYS). Sandfire (SFR) received good news for their Black Butte project, whilst Strike Energy's (STX) management looked to reassure shareholders and Azure (AZS) got another tick of approval.All Money of Mine episodes are for informational purposes only and may contain forward-looking statements that may not eventuate. The co-hosts are not financial advisers and any views expressed are their opinion only. Please do your own research before making any investment decision or alternatively seek advice from a registered financial professional. Podcast Partners: VRIFY – Communicate in 3Dgrant@vrify.com InvestorHub – The Digital Platform shaking up the Investor Relations industryrhori@investorhub.com DSI Underground – Ground Support gurushttps://www.dsiunderground.com/contact SMEC Power & Technology – Electrical expertssales@smelectrical.com.au McMahon Mining Title Services (MMTS) – Australia-wide tenement serviceshttps://www.mmts.net.au/#contact Anytime Exploration Services – Exploration workers, equipment, core cutting/storage + much moreseamus@anytimees.com KCA Site Services – Underground mining machineadmin@kcasiteservices.com.au Brooks Airways – Perth's leading charter flight operatorsops@brooksairways.com K-Drill – Safe, reliable, and productive surface RC drilling ryan@k-drill.com.au Buy your Money of Mine MERCH here Join our exclusive Facebook Group for the Money Miners and request access to the Hooteroo chat group. Subscribe to our weekly newsletter HOOTEROO HERALD Money of Mine on YouTube Money of Mine on Twitter Money of Mine on LinkedIn Money of Mine on Instagram(0:00:00)Ora Banda: Drill results, company update…capital raise!(0:13:07)WAF narrow Kiaka start date(0:16:35)Core Lithium pay up to end contract(0:19:32)A tale of two companies - Dynamic (DDB) & Vysarn (VYS)(0:31:31)Sandfire get the all clear at Black Butte (0:34:13)Strike Energy management try to calm the market(0:45:22)Azure Minerals check another box for takeover

This week: Market and portfolio updates; Nick Scali and Myer jump on profit results; the pitfalls of passive investing; the cracks deepen beneath the market's surface; Woodside Santos merger collapsed; pulled pork on MME. Also in the Club edition: Lithium execs goolies; McDonald's records first sales miss; Stock tips are for patsies; Matt Walker's regression testing system; Three Men Make a Tiger; NWS shares in Stock Doctor; WAF's forecast earnings.

The global community confronts spyware. Canon patches critical vulnerabilities in printers. Barracuda recommends mitigations for Web Application Firewall issues. Group-IB warns of ResumeLooters. Millions are at risk after a data breach in France. Research from the UK reveals contradictory approaches to cybersecurity. Meta's Oversight Board recommends updates to Facebook's Manipulated Media policy. We've got a special segment from the Threat Vector podcast examining Ivanti's Connect Secure and Policy Secure products. And it's time to brush up on IOT security.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In a special segment from Palo Alto Networks' Threat Vector podcast, host David Moulton, Director of Thought Leadership at Unit 42, along with guests Sam Rubin, VP, Global Head of Operations, and Ingrid Parker, Senior Manager of the Intel Response Unit, dives deep into the critical vulnerabilities found in Ivanti's Connect Secure and Policy Secure products. You can check out the full conversation here.  Selected Reading US to restrict visas for those who misuse commercial spyware (Reuters) Britain and France assemble diplomats for international agreement on spyware (The Record) Israeli government absent from London spyware conference and pledge (The Record) Government hackers targeted iPhones owners with zero-days, Google says (TechCrunch) Google agrees to pay $350 million settlement in security lapse case (Washington Post) Canon Patches 7 Critical Vulnerabilities in Small Office Printers  (SecurityWeek) Barracuda Disclosed Critical Vulnerabilities in WAF, Affecting File Upload and JSON Protection (SOCRadar) ResumeLooters target job search sites in extensive data heist (Help Net Security) Millions at risk of fraud after massive health data hack in France (The Connexion) Fragmented cybersecurity vendor landscape is exacerbating risks and compounding skills shortages, SenseOn research reveals (IT Security Guru) Meta's Oversight Board Urges a Policy Change After a Fake Biden Video (InfoSecurity Magazine) Toothbrushes are a cybersecurity risk, too: millions participate in DDoS attacks (Cybernews) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Fun and Dangers of Top Level Domains (TLDs) https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608 Ivanti Releases Patches and New Vulnerabilities https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US glibc syslog() vulnerablity https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt modsecurity WAF bypass https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30

The Fun and Dangers of Top Level Domains (TLDs) https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608 Ivanti Releases Patches and New Vulnerabilities https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US glibc syslog() vulnerablity https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt modsecurity WAF bypass https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30

In this conversation, Daniel Corbett shares his journey into IT and cybersecurity, starting from being self-taught and working in data entry to becoming a Linux system administrator. He recounts discovering a backdoor password in an SSHD binary and how it led him to transition into a security role. Daniel discusses the benefits and challenges of working with Linux and the importance of passion and continuous learning in technology. He also explains his role as a product manager at Fastly, focusing on the next-gen WAF and its unique approach to web application security. The conversation highlights the flexibility and ease of deployment offered by Fastly's WAF, as well as the importance of balancing information and overwhelm in security solutions. The conversation with Daniel Corbett from Fastly focused on the challenges of alert fatigue, Fastly's approach to evolving threats, simplifying product usage, and the future direction of Fastly.Fastly: https://www.fastly.com/LinkedIn: https://www.linkedin.com/in/djcorbett/AI InsiderImagine a world where robots roam the streets, self-driving cars ferry us to work, and...Listen on: Apple Podcasts SpotifySupport the showAffiliate Links:NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902 Follow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today

Cloud Security Podcast just got back from AWS re:invent 2023, there was a lot of chat around, you guessed it - GenAI but along with that there were plenty of security updates and announcement. Shilpi and Ashish broke them all down for you and what it all actually means for all security practitioners. Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠ Questions asked: (00:00) Introduction (04:49) GenAI at AWS re:Invent (06:01) No new security service announced (06:48) Updates from CEO and CTO Keynotes (11:29) What is Amazon Inspector? (12:10) Amazon Inspector Security Updates (15:09) What is AWS Security Hub? (15:52) AWS Security Hub Security Updates (18:52) What is Amazon GuardDuty? (20:10) Amazon GuardDuty Security Updates (22:49) What is Amazon Detective? (23:45) Amazon Detective Security Updates (26:22) What is IAM Access Analyser? (28:06) IAM Access Analyser Security Updates (30:33) What is AWS Config? (31:25) AWS Config Security Updates (32:35) Other Security Updates (33:46) 3 Layers of AI (35:21) What is Amazon CodeWhisperer? (36:36) Amazon Application Composer (37:34) Guardrails for Bedrock (38:13) Amazon Q (41:17) Zero Trust (41:45) Ransomware (44:29) Security Talks (45:54) Input filtering and validation for WAF (50:31) Enterprise IAM and data perimeter (53:00) Conclusion and find out more! You can check out the Top announcements of AWS re:Invent 2023 + AWS re:Invent 2023 - Security Compliance & Identity

Last week in security news: Copilot and CodeWhisperer can in fact leak real secrets, an interesting teardown of a cloud cryptocurrency miner, the tool of the week, and more!Links: Copilot and CodeWhisperer can in fact leak real secrets.  An interesting teardown of a cloud cryptocurrency miner.  How to create an AMI hardening pipeline and automate updates to your ECS instance fleet  How to improve your security incident response processes with Jupyter notebooks Tool of the week: If you've gotta use a WAF, aws-firewall-factory is a good pit stop for you.

Wins Above Fantasy – Van Burnett (@Van_Verified) and Steve Gesuele (@stav8818) record during their Underdog 7th Inning Stretch draft with some WAF listeners. Join Underdog Fantasy today with promo code PITCHERLIST and receive a 100% deposit match up to $100. Once you're signed up, check out Underdog Fantasy's 7th Inning Stretch Tournament, where you can build your dream team and compete against your friends for the $30,000 grand prize! Must be 18+ (21+ in MA & AZ, 19+ in AL & NE) and present in a state where Underdog Fantasy operates. Terms apply. Concerned with your play? Call 1-800-GAMBLER or visit www.ncpgambling.org AZ: 1-800-NEXT-STEP (1-800-639-8783) or text NEXT-STEP to 53342 NY: Call the 24/7 HOPEline at 1-877-8-HOPENY or Text HOPENY (467369) TN: Call/text TN REDLINE at 1-800-889-9789 Learn more about your ad choices. Visit podcastchoices.com/adchoices