Podcasts about web security

»Uns passiert schon nichts.« Der teuerste Satz der Digitalisierung. In dieser Folge sprechen Franzi Kunz und Cloud-Experte Erik Dommrich über: Die häufigsten Irrtümer rund um Web Security – und warum sie Unternehmen teuer zu stehen kommen. Reale Beispiele von Big Playern wie VW und Google, die zeigen: Niemand ist unverwundbar. Konkrete erste Schritte, wie ihr euer Unternehmen effektiv absichern könnt – einfach und verständlich erklärt. Eine Folge voller Aha-Momente und praxiserprobter Tipps Jetzt reinhören – und Web Security endlich zur Priorität machen! ...KAPITELMARKEN 00:00- Begrüßung | Handelskraft Digital Business Talk mit Erik Dommrich 03:38 Sprint Planning | Sketch the Sound 05:05 Entweder/Oder Fragerunde 05:38 Daily Scrum | Erklär's den Großeltern: Botnetze 07:58 Ransomware 08:56 Fishing 10:26 Die stärksten Bedrohungen für Unternehmen | Zahlen und Fakten 12:05 Die wichtigsten Maßnahmen | Content Delivery Networks 13:34 Beratung 14:47 Penetration Tests | wie funktionieren und helfen 16:07 Die häufigsten Fehler in Unternehmen 17:59 Verantwortliche und Herausforderungen 18:55 Beispiele von betroffenen Unternehmen: Denial-of-Service-Attacke und Honeypots bei Google 21:57 VW und der Chaos Computer Club 23:17 alarmierende Zahlen von bitkom 23:53 Cyber Security ist nicht sexy 24:30 USA, Trump und die europäische Datensicherheit 26:19 Microsoft, Google, AWS | Exit-Strategien für den Ernstfall 30:12 Web Security und KI | Fluch und/ oder Segen? 32:49 Wie fange ich als Unternehmen an? Verantwortlichkeiten klären 33:53 Top 3 Tipps | Bewusstsein, Sichtbarkeit, Schulung 35:49 Verabschiedung 36:07 Retrospektive

DOGE's .gov site lampooned as coders quickly realize it can be edited by anyone

Join us for an insightful conversation with Ceora Ford about the intersection of security, development, and community building. We explore why managing identity security is more complex than simple authentication, examine the trade-offs of Next.js's App Router in enterprise applications, and uncover strategies for effective technical content creation. Ceora shares her experience transitioning from digital marketing to developer advocacy, offering practical advice for building a presence across platforms like TikTok, Twitter, and LinkedIn.SponsorConvex is the backend for founders. Convex is the backend application platform for product-obsessed founders.Chapter Marks00:00 - Intro01:14 - Identity Security Discussion05:25 - Evolution of React and Next.js08:33 - Documentation and Developer Experience15:43 - Sponsor: [Convex](https://convex.dev)16:20 - Authentication in the App Router21:31 - Content Creation and Marketing Strategy27:50 - Social Media Platform Strategy34:51 - Analytics and Tool Discussion41:08 - Picks and PlugsBradPick: His dog Roman (who they had to say goodbye to at age 17)Plug: Social media accountsBrad on TwitterBrad on BlueSkyBrad on YouTubeBekahPick: "The Game" podcast with Alex HormoziPlug: Open Sauce (opensauced.pizza) and her team's upcoming feature launchCeoraPick: "The Good Place" (TV show on Netflix)Plug: Social media accountsCeora on LinkedInCeora on TwitterCeora on BlueSkyCeora on TikTokLinksAuth0 by OktaNext.jsAuth0 documentation for Next.js integrationGatsbyAstroConvexJekyllGraphQLOpen SaucedMark Techson

Simon Wijckmans, founder of c/side -- a company that focuses on monitoring, securing, and optimizing third-party JavaScript -- joins SE Radio host Kanchan Shringi for a conversation about the security risks posed by third-party browser scripts. Through real-world examples and insights drawn from his work in web security, Simon highlights the dangers, including malicious attacks such as the recent Polyfill.io incident. He emphasizes the need for vigilant monitoring, as these third-party scripts remain essential for website functionalities like analytics, chatbots, and ads, despite their potential vulnerabilities. Simon explores the use of self-hosting solutions and content security policies (CSPs) to minimize risks, but he stresses that these measures alone are insufficient to fully safeguard websites.  As the discussion continues, they delve into the importance of layering security approaches. Simon advocates for combining techniques like CSPs, real-time monitoring, and AI-driven analysis, which his company c/side employs to detect and block malicious scripts. He also touches on the complexities of securing single-page applications (SPAs), which allow scripts to persist across pages without full reloads, increasing the attack surface for third-party vulnerabilities. Brought to you by IEEE Computer Society and IEEE Software magazine.

In this interview, I'm talking with Louis Nyffenegger who's been teaching people websecurity since 13 years by creating Pentesterlab - web security learning platform, as well as by giving multiple talks and guiding people through their careers.

Time for another round of our TL;DR conference special! At USENIX 2024 in Philadelphia, we met an old CISPA friend: Dr. Sebastian Roth, Postdoc at TU Vienna. Sebastian did his PhD in the research group of CISPA-Faculty Dr. Ben Stock, where he focussed on web security at the intersection of usable security. In the hallway of the conference hotel, we talk about his time at CISPA, the role of everyday developers in web security and about the importance of security standards in the web. Listening is just like meeting an old friend – enjoy this latest episode of TL;DR!

In this episode, Tom Eston hosts Jeswin Mathai, Chief Architect at SquareX. This episode is part two of a series featuring SquareX, and Jeswin takes a deeper look into their cybersecurity solutions. Jeswin shares his extensive experience in the field and details how SquareX offers innovative protections at the browser level to guard against phishing […] The post How SquareX is Redefining Web Security: An In-Depth Discussion with Chief Architect Jeswin Mathai appeared first on Shared Security Podcast.

This interview was recorded at GOTO Copenhagen for GOTO Unscripted.http://gotopia.techRead the full transcription of this interview hereScott Helme - Security Researcher, Hacker & Founder of Report URI & Security HeadersSebastian Brandes - Senior Principal Product Manager at F5RESOURCESScotthttps://twitter.com/Scott_Helmehttps://linkedin.com/in/scotthelmehttps://scotthelme.co.ukhttps://github.com/ScottHelmeSebastianhttps://twitter.com/br4ndeshttps://www.linkedin.com/in/sebastianbkhttps://github.com/sebastianbkLinksSebastian: https://youtu.be/BX0TVzHOJgQhttps://crawler.ninjahttps://docs.report-uri.com/setup/wizardScott: https://youtu.be/K9MwaSRdA94https://research.checkpoint.com/2019/hacking-fortniteTroy: https://youtu.be/pxPEdUFdayAJim: https://youtu.be/nvzMN5Z8DJIScott pt. 1: https://youtu.be/zvCXUozuI2AScott pt. 2: https://youtu.be/8PlCfYflz_ADESCRIPTIONGet deep into the realm of application security, debunking myths around filters and emphasizing the power of a comprehensive defense strategy. Sebastian Brandes and Scott Helme share practical tips, highlight valuable resources, and underscore the critical role of organizational commitment in securing applications effectively.Watch this interview to revamp your security approach with their actionable insights!RECOMMENDED BOOKSLiz Rice • Container SecurityAndy Greenberg • Tracers in the DarkThomas J. Holt, Adam M. Bossler & Kathryn C. Seigfried-Spellar • Cybercrime and Digital ForensicsAaron Parecki • OAuth 2.0 SimplifiedErdal Ozkaya • Cybersecurity: The Beginner's GuideTwitterInstagramLinkedInFacebookLooking for a unique learning experience?Attend the next GOTO conference near you! Get your ticket: gotopia.techSUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted daily!

The world of cybersecurity never ceases to amaze with its intricacies and challenges. One of the ongoing battles that organizations face is the constant threat posed by bad bots infiltrating the digital landscape. In a recent interview with Sean Martin and Erez Hasson from Imperva, key insights from the 11th edition of the Bad Bot Report were unveiled, shedding light on the evolving nature of automated traffic and the impact it has on various industries.Unraveling the Bad Bot LandscapeThe conversation kicks off with Sean Martin introducing the topic of bad bots and the significance of Imperva's Bad Bot Report in providing insights into the world of automated traffic. Erez Hasson, a senior product marketing manager at Imperva, dives into the details of the 11th edition report, which is based on a staggering 6 trillion blocked bad bot requests processed by the Imperva network over the past year.Delving into Key StatisticsErez Hasson elaborates on the critical statistics highlighted in the report, such as the percentage breakdown of automated traffic into bad bots and good bots. The report categorizes bad bots based on their sophistication levels, ranging from simple to advanced (evasive), emphasizing the need for robust bot management strategies to combat sophisticated attacks.Industry Insights and Use CasesThe conversation shifts towards exploring the impact of bad bots across different industries, with a focus on sectors such as Law, Government, Travel, Airlines, Retail, and Financial Services. Erez emphasizes the need for organizations to understand the sophistication level of bot attacks targeting their industry to effectively mitigate risks and safeguard their digital assets.Transforming Data into ActionSean Martin underscores the importance of translating the insights from the Bad Bot Report into actionable strategies for organizations. By leveraging the educational content provided in the report, companies can enhance their understanding of bot-related challenges and tailor their security programs to address potential threats effectively.AI's Role in Bot EvolutionThe discussion moves into the intersection of artificial intelligence (AI) and bot activity, highlighting the increased use of AI-driven attacks, including credential stuffing attacks orchestrated through AI algorithms. The evolving landscape of automated traffic poses challenges for organizations, necessitating a proactive approach to mitigate risks associated with bot-driven activities.Safeguarding Against Bot AbuseThe conversation touches upon the misuse of bots targeting AI interfaces, leading to increased operational costs for organizations. Additionally, the resurgence of debates around the legality of web scraping underscores the complex nature of combating bot-related activities and protecting proprietary content from illicit scraping practices.ConclusionAs the conversation draws to a close, a call to action is extended to readers to delve into the insights provided by Imperva's Bad Bot Report and equip themselves with the knowledge needed to combat bot threats effectively. The collaboration between security teams, leadership, and practitioners is essential in implementing robust bot management strategies to safeguard against evolving cyber threats.By understanding bad bots and automated traffic, organizations can bolster their cybersecurity defenses and stay ahead of malicious actors looking to exploit digital vulnerabilities. The insights shared in Imperva's 11th edition report serve as the base of awareness, guiding organizations towards a more secure digital future.Learn more about Imperva: https://itspm.ag/imperva277117988Note: This story contains promotional content. Learn more.Guest: Erez Hasson, Product Marketing Manager at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/erezh/ResourcesLearn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/impervaView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The world of cybersecurity never ceases to amaze with its intricacies and challenges. One of the ongoing battles that organizations face is the constant threat posed by bad bots infiltrating the digital landscape. In a recent interview with Sean Martin and Erez Hasson from Imperva, key insights from the 11th edition of the Bad Bot Report were unveiled, shedding light on the evolving nature of automated traffic and the impact it has on various industries.Unraveling the Bad Bot LandscapeThe conversation kicks off with Sean Martin introducing the topic of bad bots and the significance of Imperva's Bad Bot Report in providing insights into the world of automated traffic. Erez Hasson, a senior product marketing manager at Imperva, dives into the details of the 11th edition report, which is based on a staggering 6 trillion blocked bad bot requests processed by the Imperva network over the past year.Delving into Key StatisticsErez Hasson elaborates on the critical statistics highlighted in the report, such as the percentage breakdown of automated traffic into bad bots and good bots. The report categorizes bad bots based on their sophistication levels, ranging from simple to advanced (evasive), emphasizing the need for robust bot management strategies to combat sophisticated attacks.Industry Insights and Use CasesThe conversation shifts towards exploring the impact of bad bots across different industries, with a focus on sectors such as Law, Government, Travel, Airlines, Retail, and Financial Services. Erez emphasizes the need for organizations to understand the sophistication level of bot attacks targeting their industry to effectively mitigate risks and safeguard their digital assets.Transforming Data into ActionSean Martin underscores the importance of translating the insights from the Bad Bot Report into actionable strategies for organizations. By leveraging the educational content provided in the report, companies can enhance their understanding of bot-related challenges and tailor their security programs to address potential threats effectively.AI's Role in Bot EvolutionThe discussion moves into the intersection of artificial intelligence (AI) and bot activity, highlighting the increased use of AI-driven attacks, including credential stuffing attacks orchestrated through AI algorithms. The evolving landscape of automated traffic poses challenges for organizations, necessitating a proactive approach to mitigate risks associated with bot-driven activities.Safeguarding Against Bot AbuseThe conversation touches upon the misuse of bots targeting AI interfaces, leading to increased operational costs for organizations. Additionally, the resurgence of debates around the legality of web scraping underscores the complex nature of combating bot-related activities and protecting proprietary content from illicit scraping practices.ConclusionAs the conversation draws to a close, a call to action is extended to readers to delve into the insights provided by Imperva's Bad Bot Report and equip themselves with the knowledge needed to combat bot threats effectively. The collaboration between security teams, leadership, and practitioners is essential in implementing robust bot management strategies to safeguard against evolving cyber threats.By understanding bad bots and automated traffic, organizations can bolster their cybersecurity defenses and stay ahead of malicious actors looking to exploit digital vulnerabilities. The insights shared in Imperva's 11th edition report serve as the base of awareness, guiding organizations towards a more secure digital future.Learn more about Imperva: https://itspm.ag/imperva277117988Note: This story contains promotional content. Learn more.Guest: Erez Hasson, Product Marketing Manager at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/erezh/ResourcesLearn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/impervaView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

How do you verify and validate the data coming into your Python web application? What tools and security best practices should you consider as a developer? Christopher Trudeau is back on the show this week, bringing another batch of PyCoder's Weekly articles and projects.

Die kürzlich aufgedeckte Backdoor in der XZ/OpenSSH Library steht im Mittelpunkt dieser Folge des INNOQ Security Podcast. Und mit ihr die verbundenen Fragen: Mit welchen technischen Raffinessen wurde die Backdoor versteckt? Welche Sicherheitsrisiken bringt sie mit sich? Stefan Bodewig und Christoph Iserlohn, beide langjährig in Open-Source-Projekten tätig, diskutieren diese Fragen und beleuchten auch, wie Vertrauen und Release-Management in Single-Maintainer-Projekten mit der Backdoor zusammenhängen und warum solche gravierenden Sicherheitsprobleme oft im Verborgenen bleiben.

Today, we explore how Magnet Goblin, a cyber threat actor, exploits 1-day vulnerabilities for financial gain, targeting systems like Ivanti Connect Secure VPN and Magento. Learn about the widespread WordPress plugin vulnerability that left over 3,300 sites compromised with malware. Plus, unravel the complexities of Stored XSS, a persistent cyber threat lurking in databases and forums. Original Articles: For Magnet Goblin's exploits: https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/ WordPress plugin vulnerabilities: https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-flaw-to-infect-3-300-sites-with-malware/ Microsoft's chilly hack: https://www.theverge.com/2024/3/8/24094287/microsoft-hack-russian-security-attack-stolen-source-code Swiss government's ransomware dilemma: https://therecord.media/play-ransomware-leaked-government-files-swiss Duvel Moortgat Brewery's production pause: https://www.vrt.be/vrtnws/en/2024/03/06/cyber-attack-brings-production-at-duvel-moortgat-breweries-to-a/ FINTRAC's cyber incident: https://globalnews.ca/news/10335818/fintrac-cyber-incident/ Hamilton's ransomware attack: https://www.cbc.ca/news/canada/hamilton/ransomware-attack-1.7133457 Music: https://www.jeredjones.com/ Logo Design: https://www.zackgraber.com/ Tags: Magnet Goblin, WordPress Vulnerabilities, Popup Builder Plugin, CVE-2023-6000, Cybersecurity, HGF, 1-Day Vulnerabilities, Cross-Site Scripting, XSS, Malware Infections, Cyber Threat Actors, Web Security, Sucuri, Plugin Security, Website Hacking, Stored XSS, Cyber Attacks, Data Breach Search Phrases: Magnet Goblin cyber attacks WordPress Popup Builder plugin vulnerability Handling 1-Day vulnerabilities in cybersecurity Cross-Site Scripting attacks and prevention Latest malware infections in WordPress sites Cyber threat actors exploiting web vulnerabilities Sucuri reports on WordPress security How to secure websites against XSS vulnerabilities Understanding Stored XSS and its impacts Data breaches involving HGF this week Cybersecurity updates on WordPress plugins Protecting against Popup Builder CVE-2023-6000 Recent cyber attacks on web platforms Transcript: Mar 11 [00:00:00] transition: Welcome to The Daily Decrypt, the go to podcast for all things cyber security. Get ready to decrypt the complexities of cyber safety and stay informed. Stand at the frontier of cyber security news, where every insight is a key to unlocking the mysteries of the digital domain. Your voyage through the cyber news vortex starts now. [00:00:29] offsetkeyz: Welcome back to the daily decrypt. Today we're joined by hot girl farmer. Who's going to. Help recap the breaches from the last week. your favorite segment who's been popped. Then we're going to be talking about the magnet goblins gobbling up one day vulnerabilities. And finally. The word, press pop-up plugin vulnerability persists popping approximately 3,300 sites. [00:00:54] transition: Thanks for [00:01:00] watching! [00:01:00] hgf: first up on our list is a chili tail from the tech giant Microsoft on March 9th. Microsoft announced that Russian hackers, chilly from their previous solar winds attack, decided to warm up by spying on some emails of Microsoft, senior leaders. The hack evolved into a frosty situation with some of Microsoft secure source code stolen. Switching over to Switzerland where things got a bit too neutral for their liking on March 8th, the Swiss government found itself in a knot tighter than a Swiss wristwatch. A ransomware attack leaked 65,000 government documents. It appears the hackers played their cards, right with the play ransomware gang, proving that sometimes neutrality attracts more than just peace. You know, what if only they had some witches watching those Swiss wristwatches, which, which would, which, where, which Swiss watch. There were three witches. And there were three Swiss wristwatches, which witch would watch which Swiss wristwatch. Absolutely not. [00:02:00] Now pour one out for the Duvel Moortgat brewery on March 9th found its production as stale as the beer in a forgotten glass. The brewery known for its spirited, Duvel faced a ransomware attack that halted it's hops. It's a sobering reminder that no industry is immune and perhaps it's time for cyber attackers to barley there. Brew up some better hobbies, maybe. They be brewing up something. Yikes. March six, brought a cold front to Canada's fin track freezing some of it systems or the cyber incident as crisp as the Canadian winter, while their intelligence system stayed snug and warm. It's a stark reminder that even those guarding the treasure need to watch their own chest. Lastly Hamilton, a Canadian city got a taste of digital disruption, but services paralyzed faster than a moose caught in headlights. The ransomware attack confirmed on March 5th has shown that even city services can get frozen over in the cyber blizzard. It's a digital reminder that in the game of cybersecurity, sometimes you go hockey stick and sometimes you're [00:03:00] the puck. Mm. Canadians love hockey. Us too. That's what I hear anyways. [00:03:06] transition: Thanks for watching! [00:03:12] offsetkeyz: All right. So the magnet goblins are gobbling up one day. Vulnerabilities. This. Is coming to you from checkpoint research. Published on March 8th, check the show notes for the URL. But if financially motivated cyber threat actor called magnet goblin. Is getting really good at exploiting one day vulnerabilities. And one day vulnerabilities are essentially vulnerabilities that are announced. And discovered already. But not yet patched. So the one day signifies about how much time attackers have to exploit these vulnerabilities before they get patched. And the magnet goblets have gotten really good at exploiting one day vulnerabilities.. The magnet goblins have targeted such systems as Ivanti connect, secure VPN, Magento ClixSense and. [00:04:00] Potentially Apache active MQ. And they use these vulnerabilities to deploy a variety of malware, including the novel Linux version of nerdy and rat, which is a remote access Trojan and warp wire, a JavaScript credential stealer. Magnet goblins, rapid adoption of one day. Vulnerabilities really just emphasizes the problem we have with patching. And the need for it. There. Operations have historically centered around financial gain. As opposed to some other motivations, like. Political or social or hacktivism. They're all about the money. And they usually use techniques. Revolving around data theft to include ransomware. Really whatever they can use to get their money. There isn't much news here other than the fact that the magnet goblins. Are out there and we really. Are behind. On our practices of updating as well as on our updates. . So as soon as a one day vulnerability comes out, make sure to check. The specifics of [00:05:00] that vulnerability and look for the indicators of compromise surrounding it. [00:05:15] offsetkeyz: Alright, and to wrap up today's stories, We're going to be talking about that. WordPress pop-up plugin. Vulnerability that was announced last November. Recently seen an uptick. In exploits. It's impacting. The plugin version is 4.2 0.3 and older. And involves a cross site, scripting vulnerability. And really highlights the reluctance of WordPress users to update their plugins. So if you're a WordPress administrater or consumer of WordPress websites, which most of us are one of those two things. If not, both. The WordPress plugin must be active and also creating popups on your site. So for example, this plugin is enabled by default. When you. Launch a new WordPress website, which we don't [00:06:00] love. But the good news is that even though it's enabled by default, It must be creating pop-ups in order for it to be. Exploited. My fear when reading this was that, yes, this is a default plugin. And since it's a default plugin, there are what 300,000 WordPress sites out there, all with this plugin, just chilling, probably on updated. And unutilized but luckily it must be utilized as well as enabled. And that's because the attackers inject PHP code into one of the events. That triggers the pop-up. And that PHP code is then stored on the server, alongside the WordPress site, making it a stored cross site, scripting vulnerability. Which means that anyone who accesses the site and sees the pop-up. Is vulnerable. To that malicious PHP code. And that code can do many things. It can try to hijack your session cookie, which. Is the ultimate goal, because then the attacker is you [00:07:00] without actually having to log in. Or it could redirect you to fishing sites or really anything that they want. So if you're a WordPress admin, obviously update or disable. I'm going to lean towards disabled because pop-ups are really annoying. Especially since they're now vulnerable. Go ahead and use a banner. Go ahead and open up a new tab somewhere, but don't. Pop up right. As I'm about to click something on your website, I'm immediately going to navigate away from your website. If there's a, pop-up sorry for the rant. If you're a consumer. Try grabbing a pop-up blocker from Google Chrome app store. I think Google Chrome even comes with a built in app. For blocking pop-ups. And whether or not it blocks the specific pop-up on the site that you're visiting. It will at least alert you that there is a pop-up. And allow you to confirm or deny pop-ups on that site. So better than nothing. But yeah. Totally against pop-ups as a practice, I'm really glad my WordPress site doesn't have any popups for this reason. . And [00:08:00] also for the reason to not annoy the crap out of the few website, visitors that I get. If you'd like to visit a website with no popups, no advertisements. Go ahead and check out. Daily decrypt.news. Just the words, daily decrypt.news, and you will find words and pictures and sounds. But no ads. And no pop-ups. All right. That's all we've got for you today. Quick episode. Huge. Thanks to hot girl farmer for coming on and delivering the hot breaches in who's been popped. We will talk to you some more tomorrow. [00:09:00]

We welcome on Vanessa Villa, Developer Advocate at Pangea, to explain what the secure by design movement is about and how it shifts security to the beginning of the development cycle. Links https://www.linkedin.com/in/vanessa-villa-tech https://twitter.com/vavillaiot https://www.about.pangea.app/blog We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket combines frontend monitoring, product analytics, and session replay to help software teams deliver the ideal product experience. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Vanessa Villa.

The MacVoices Live! holiday party rolls on as the panel discusses Apple's recent test flight data loss and whether it is a significant event given that the data was 10 years old. Shifting focus, Chuck Joiner, David Ginsburg, Brian Flanigan-Arthurs, Jeff Gamet, Ben Roethig, Jim Rea, and Brittany Smith discuss the termination of Adobe's deal with Figma and their fine for difficult-to-cancel subscription policies. That leads to comparisons and frustration with other companies that engage in the same practices.  This edition of MacVoices is supported by the MacVoices Holiday Gift Guides. Holiday conversations and great gear picks by our panelists. Check them out: http://MacVoices.com/HolidayGiftGuides Show Notes: Chapters: 0:02:02 Archiving old software and the accessibility of vintage apps 0:06:22 Concerns about online privacy and data vulnerability 0:08:23 The sensitivity of data and the potential consequences 0:09:22 Beeper Controversy: Privacy Concerns and Speculation 0:10:46 Speculation about software preservation and developer choices 0:13:04 Perspectives on software preservation and personal experiences 0:14:31 Apple's stock market success and Adobe's failed Figma deal 0:17:32 Tech Krampus Strikes Again 0:19:07 Uncertain Future for Figma after Failed Acquisition 0:21:51 The Breakup Fee: Immediate Payment Upon Deal Disclosure 0:22:14 Adobe's $6 Billion Cash and Stock Options Impact 0:23:22 Size Comparison: Canva vs Figma 0:23:55 Canva's Expansion Raises Questions about Figma's Future 0:25:23 Adobe's Difficult Subscription Model 0:26:35 Congress should address companies abusing customer power 0:29:23 Xfinity data breach exposes customer information Links: Apple TestFlight servers from 2012 to 2015 leak, containing terabytes of data  https://www.eurogamer.net/apple-testflight-servers-from-2012-to-2015-leak-containing-terabytes-of-data Apple Hits Record High While Big Tech Stocks Rally  https://www.bloomberg.com/news/articles/2023-12-13/apple-climbs-to-hit-fresh-all-time-high-as-tech-rally-extends Adobe's Figma buy isn't going to happen, and will cost Adobe $1 billion  https://appleinsider.com/articles/23/12/18/adobes-figma-deal-isnt-going-to-happen-and-will-cost-adobe-1-billion?utm_medium=rss Adobe faces big fines from FTC over difficult subscription cancellation  https://appleinsider.com/articles/23/12/14/adobe-faces-big-fines-from-ftc-over-difficult-subscription-cancellation Xfinity data breach revealed: Names, contact info, security Q&As, and more at risk  https://9to5mac.com/2023/12/19/xfinity-data-breach-hack/ Guests: Brian Flanigan-Arthurs is an educator with a passion for providing results-driven, innovative learning strategies for all students, but particularly those who are at-risk. He is also a tech enthusiast who has a particular affinity for Apple since he first used the Apple IIGS as a student. You can contact Brian on twitter as @brian8944. He also recently opened a Mastodon account at @brian8944@mastodon.cloud. Jeff Gamet is a technology blogger, podcaster, author, and public speaker. Previously, he was The Mac Observer's Managing Editor, and the TextExpander Evangelist for Smile. He has presented at Macworld Expo, RSA Conference, several WordCamp events, along with many other conferences. You can find him on several podcasts such as The Mac Show, The Big Show, MacVoices, Mac OS Ken, This Week in iOS, and more. Jeff is easy to find on social media as @jgamet on Twitter and Instagram, jeffgamet on LinkedIn., @jgamet@mastodon.social on Mastodon, and on his YouTube Channel at YouTube.com/jgamet. David Ginsburg is the host of the weekly podcast In Touch With iOS where he discusses all things iOS, iPhone, iPad, Apple TV, Apple Watch, and related technologies. He is an IT professional supporting Mac, iOS and Windows users. Visit his YouTube channel at https://youtube.com/daveg65 and find and follow him on Twitter @daveg65 and on Mastodon at @daveg65@mastodon.cloud Jim Rea built his own computer from scratch in 1975, started programming in 1977, and has been an independent Mac developer continuously since 1984. He is the founder of ProVUE Development, and the author of Panorama X, ProVUE's ultra fast RAM based database software for the macOS platform. He's been a speaker at MacTech, MacWorld Expo and other industry conferences. Follow Jim at provue.com and via @provuejim@techhub.social on Mastodon. Ben Roethig has been in the Apple Ecosystem since the System 7 Days. He is the a former Associate Editor with Geek Beat, Co-Founder of The Tech Hangout and Deconstruct and currently shares his thoughts on RoethigTech. Contact him on  Twitter and Mastodon. Brittany Smith is a trained cognitive neuroscientist who provides ADD/ADHD, technology, and productivity coaching through her business, Devise and Conquer, along with companion video courses for folks with ADHD. She's also the cofounder of The ADHD Guild, a community for nerdy folks with ADHD. She, herself, is a self-designated “well-rounded geek”. She can be found on Twitter as @addliberator, on Mastodon as @addliberator@pdx.social, and on YouTube with tech tips. Support:      Become a MacVoices Patron on Patreon      http://patreon.com/macvoices      Enjoy this episode? Make a one-time donation with PayPal Connect:      Web:      http://macvoices.com      Twitter:      http://www.twitter.com/chuckjoiner      http://www.twitter.com/macvoices      Mastodon:      https://mastodon.cloud/@chuckjoiner      Facebook:      http://www.facebook.com/chuck.joiner      MacVoices Page on Facebook:      http://www.facebook.com/macvoices/      MacVoices Group on Facebook:      http://www.facebook.com/groups/macvoice      LinkedIn:      https://www.linkedin.com/in/chuckjoiner/      Instagram:      https://www.instagram.com/chuckjoiner/ Subscribe:      Audio in iTunes      Video in iTunes      Subscribe manually via iTunes or any podcatcher:      Audio: http://www.macvoices.com/rss/macvoicesrss      Video: http://www.macvoices.com/rss/macvoicesvideorss 00:00:00 Apple's loss of test flight data and Adobe's bad week 00:02:02 Archiving old software and the accessibility of vintage apps 00:06:22 Concerns about online privacy and data vulnerability 00:08:23 The sensitivity of data and the potential consequences 00:09:22 Beeper Controversy: Privacy Concerns and Speculation 00:10:45 Speculation about software preservation and developer choices 00:13:04 Perspectives on software preservation and personal experiences 00:14:31 Apple's stock market success and Adobe's failed Figma deal 00:17:32 Tech Krampus Strikes Again 00:19:06 Uncertain Future for Figma after Failed Acquisition 00:21:50 The Breakup Fee: Immediate Payment Upon Deal Disclosure 00:22:14 Adobe's $6 Billion Cash and Stock Options Impact 00:23:21 Size Comparison: Canva vs Figma 00:23:54 Canva's Expansion Raises Questions about Figma's Future 00:25:23 Adobe's Difficult Subscription Model 00:26:34 Congress should address companies abusing customer power 00:29:23 Xfinity data breach exposes customer information

Es gibt Geschenke

Mit immer größeren Rechenleistungen und komplexen neuronalen Netzen entstehen zunehmend beeindruckende Deepfake-Ergebnisse. Entdeckt hinter Türchen Nummer 23, was genau Deepfakes sind und welche Risiken sie bergen.

Um Schwachstellen und Sicherheitslücken in Softwaresystemen zu finden, muss man in einer Sache wirklich gut sein, dem Reverse Engineering. Was das ist, erfahrt Ihr in der heutigen Folge des Security-Adventskalenders.

Gäbe es eine Sicherheitslücke des Jahres, dann hätte sie bestimmt etwas mit Prompt Hacking zu tun. Was es damit auf sich hat, erfahrt Ihr in dieser Folge des Security-Adventskalenders.

Wir stellen Euch heute VirusTotal vor, den König unter den Anti-Malware-Programmen.

In this episode we talked about website maintenance, site security, and how staying up to date can help your UX and SEO. Learn how to prevent a security breach while boosting your site and your rankings. The Critical Role of Website Maintenance  Join Evan Facinger and Jon Ballard in this episode as they delve into the crucial world of website maintenance, shedding light on the paramount importance of keeping content management systems (CMS) up-to-date. With a spotlight on the risks associated with using outdated platforms like WordPress (/website-development/wordpress), the duo emphasizes the potential security vulnerabilities and their impact on your website's safety. The conversation extends to the vital role of regular maintenance in search engine optimization (SEO) (/online-marketing/seo) and enhancing user experience (UX) (/web-design-ux/ux-analysis). Evan and Jon provide insightful recommendations on initiating discussions with website developers, setting budgetary considerations for ongoing updates, and the potential vulnerabilities within website backups. Tune in for expert advice on the significance of professional management in ensuring the security and seamless functionality of your online presence. Timestamps: 0:00 Intro 0:54 Why You Should Maintain Your Website 2:25 The Target on Wordpress' Back 4:53 Hacking Goes Beyond Wordpress 8:00 Boosting Your Website Performance for SEO and UX 10:23 Frequency and Costs of Website Maintenance 12:32 When to Rely on Backing Up Your Website 14:00 The Panama Papers Horror Story 16:15 Outro Find more marketing insights and show notes here (https://www.foremostmedia.com/resources/blog/posts?category=foremost-podcast)

GitGuardianThe Security Repo PodcastConpagoWhy ChatGPT is a Security Concerndjango-two-factor-authPyCon Italia: Exploiting Leaked Credentials - How python code is leaking millions of secretsGitHub Events APISupport the ShowLearnDjango.comButtonDjango News newsletter

Wir tauchen tief in die Welt der Web-Sicherheit ein, mit einem besonderen Fokus auf die Fehler, die Programmierer:innen unterlaufen und zu Sicherheitslücken führen können. Wir diskutieren, wie solche Fehler vermieden werden können und welche Best Practices es gibt, um die Sicherheit von Webanwendungen zu gewährleisten. Unser Ziel ist es, ein Bewusstsein für die Bedeutung sicherer Programmierung zu schaffen und praktische Tipps für die Umsetzung digitaler Produkte zu schaffen. Und gehackt wird natürlich auch! Hier gibt's den Mitschnitt auf Youtube: https://youtu.be/buSR74Zol-Q Links: ℹ️ https://tech.co/news/data-breaches-updated-list ℹ️ https://threatmap.checkpoint.com/ ℹ️ https://owasp.org/Top10/ ℹ️ https://cve.mitre.org/ ℹ️ https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts ℹ️ https://snyk.io/blog/malicious-packages-found-to-be-typo-squatting-in-pypi/ ℹ️ https://snyk.io/blog/malicious-packages-found-to-be-typo-squatting-in-pypi/ ℹ️ https://learn.snyk.io/lesson/insecure-hash/ ℹ️ https://www.youtube.com/watch?v=jq_LZ1RFPfU&t=1s ℹ️ https://tryhackme.com/ ℹ️ https://www.hackthebox.com/ ℹ️ https://github.com/vavkamil/awesome-vulnerable-apps ℹ️ https://owasp.org/www-project-juice-shop/ EDIT: 16.11.2023 Der Gesetzgeber hat mittlerweile reagiert und schreibt bei vielen Verträgen mit Laufzeit vor, dass diese erst mit der Zustimmung zu einer schriftlichen Zusammenfassung beginnen dürfen. So ist es nicht mehr möglich, mit einem einfachen "Ja" am Telefon einen Laufzeitvertrag abzuschließen. ℹ️ https://www.verbraucherzentrale.de/wissen/digitale-welt/mobilfunk-und-festnetz/abzocke-am-telefon-moeglichst-nicht-ja-sagen-13496

This podcast episode covers the record-breaking DDoS attack Rapid Reset, why it stands out among other DDoS campaigns and whether it will be widely replicated in the future.

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast

In dieser spannenden Folge tauchen wir tief in die Welt der WeAreDevelopers World Congress Konferenz 2023 ein und präsentieren euch unsere persönlichen Highlights und inspirierende Einblicke von dieser riesigen Konferenz. Von Talks über zukunftsweisende Technologien bis hin zu den brillanten Köpfen der Branche – wir haben für euch die Crème de la Crème der Konferenz ausgewählt und besprechen sie in dieser Folge ausführlich! Wir teilen unsere Gedanken zu Sir Tim Berners Lee, dem legendären Pionier des World Wide Web, und diskutieren, ob es tatsächlich so etwas wie zukunftssichere Architektur gibt. Begleitet uns auf eine Reise durch Themen wie Web Security, bei der nicht nur die Frage aufkommt, ob wir vielleicht einen Eid ablegen sollten. Erfahrt mehr über das Skalieren von 0 auf 20 Millionen Nutzer:innen und wir versuchen etwas über die faszinierende Welt von Quantencomputing zu erzählen. Die Abschlussrede von Joel Spolsky über die verschiedenen Äras der Programmierung wird euch zum Nachdenken anregen und AI sowie ML im Kontext von Sicherheit werden bei uns auf dem Prüfstand stehen. Wir beleuchten auch das brisante Thema von Hass in der Spielebranche. Diese Episode steckt voller Inspiration, Wissen und Diskussionen über die neuesten Entwicklungen in der Tech-Welt, direkt vom WeAreDevelopers World Congress 2023. Viel Spaß beim Zuhören! Security Ressourcen: https://owasp.org/www-project-top-ten/ https://ethical.institute/security.html Quantum Computing: https://www.ibm.com/quantum/developers WeAreDevelopers Infos&Videos https://www.wearedevelopers.com/en/videos https://www.wearedevelopers.com/

In this Their Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with Snehal Antani to discuss proactive security and autonomous pentesting. Snehal shares his expertise on the importance of blue teams proactively verifying their security posture and fixing exploitable vulnerabilities on their own terms and timeline. He emphasizes the need for a bias for action and highlights the value of offense informing defense.The conversation digs into how Horizon3.ai's technology helps blue teams automate specific workflows, such as account resets and incident response processes. Snehal explains how the platform can be used to tune security controls and improve overall effectiveness. He discusses the impact of Horizon3.ai on the cybersecurity skills and expertise of its users, allowing them to focus on more challenging and creative aspects of ethical hacking.Snehal also explores the role of storytelling in cybersecurity, particularly when communicating with executive teams and the board. They discuss the importance of framing cybersecurity issues in the language of business continuity and uptime, making the impact tangible and relatable to board members.The discussion provides practical insights and strategies for improving security posture and effectively communicating its importance to executive stakeholders. Snehal emphasizes the need for organizations to be proactive and take immediate action to remediate vulnerabilities. Also highlighted is the value of understanding the art of attack in order to become better defenders.Overall, this episode offers a thought-provoking conversation on proactive security, autonomous pen testing, and the evolving role of security practitioners. It provides practical insights and strategies for improving security posture and effectively communicating its importance to executive stakeholders.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]On LinkedIn | https://www.linkedin.com/in/snehalantani/On Twitter | https://twitter.com/snehalantaniResourcesLearn more about Horizon3.ai and their offering: https://itspm.ag/horizon3ai-bh23For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this Brand Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with David Ratner to discuss the innovative approach of the Adversary Infrastructure Platform to cybersecurity. The platform focuses on understanding and disrupting communication between attackers and their command and control infrastructure, allowing for quicker detection and response to attacks. It can even identify and shut down masked communication attempts.The conversation emphasizes the platform's ease of deployment and integration into existing security architectures, making it accessible for organizations of all sizes. David discusses HYAS's research on the future of malware, including the use of generative AI and polymorphic malware. This research aims to stay ahead of evolving threats, helping organizations build effective defenses.The conversation covers HYAS's research notes on Black Mamba and EyeSpy, which highlight their commitment to understanding attacks and building the right intelligence into the Adversary Infrastructure Platform to detect future threats.The conversation also explores how the platform provides visibility and observability for CISOs, addressing the concerns of not knowing what is happening in real time within their environments.The Adversary Infrastructure Platform allows CISOs to implement a comprehensive strategy for prevention and business resiliency, giving them confidence in their ability to detect and respond to anomalous activity.One of the key strengths of the platform is its flexibility across different devices and network environments. It can be deployed to guard against various operating systems and even IoT and OT devices sending beacons to command and control systems, ensuring comprehensive protection regardless of the devices or connectivity methods being used.Overall, David provides listeners with insights into the Adversary Infrastructure Platform and its role in enhancing cybersecurity. He highlights the platform's effectiveness in detecting and responding to attacks, its ability to provide real-time visibility, and its flexibility in deployment.Listen in to gain a better understanding of how the platform works, its research-driven approach, and its potential to improve an organization's security posture.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: David Ratner, CEO at HYAS [@hyasinc]On LinkedIn | https://www.linkedin.com/in/davidhratner/On Twitter | https://twitter.com/davidhratnerResourcesLearn more about HYAS and their offering: https://itspm.ag/hyasl3siEyeSpy Proof of Concept: https://www.hyas.com/blog/eyespy-proof-of-conceptFor more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this Their Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with Snehal Antani to discuss proactive security and autonomous pentesting. Snehal shares his expertise on the importance of blue teams proactively verifying their security posture and fixing exploitable vulnerabilities on their own terms and timeline. He emphasizes the need for a bias for action and highlights the value of offense informing defense.The conversation digs into how Horizon3.ai's technology helps blue teams automate specific workflows, such as account resets and incident response processes. Snehal explains how the platform can be used to tune security controls and improve overall effectiveness. He discusses the impact of Horizon3.ai on the cybersecurity skills and expertise of its users, allowing them to focus on more challenging and creative aspects of ethical hacking.Snehal also explores the role of storytelling in cybersecurity, particularly when communicating with executive teams and the board. They discuss the importance of framing cybersecurity issues in the language of business continuity and uptime, making the impact tangible and relatable to board members.The discussion provides practical insights and strategies for improving security posture and effectively communicating its importance to executive stakeholders. Snehal emphasizes the need for organizations to be proactive and take immediate action to remediate vulnerabilities. Also highlighted is the value of understanding the art of attack in order to become better defenders.Overall, this episode offers a thought-provoking conversation on proactive security, autonomous pen testing, and the evolving role of security practitioners. It provides practical insights and strategies for improving security posture and effectively communicating its importance to executive stakeholders.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]On LinkedIn | https://www.linkedin.com/in/snehalantani/On Twitter | https://twitter.com/snehalantaniResourcesLearn more about Horizon3.ai and their offering: https://itspm.ag/horizon3ai-bh23For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this Their Story podcast episode, as part of our Black Hat USA conference coverage, hosts Sean Martin and Marco Ciappelli connect with Brian Kenyon, the Chief Strategy Officer at Island, to unpack the intricate world of enterprise browsers. Together, they explore the pressing need for robust web security and the challenges that orbit it. As the conversation unfurls, they navigate the evolution of browsers, their pivotal role in today's work operations, and how modern frameworks like Chromium have replaced relics like Flash and Silverlight, simplifying web backend and significantly enhancing a consistent user experience.The trio brings to light the persistent problem of technical debt within enterprise environments, where the existence of outdated applications and frameworks continues to be a daunting issue. They assert the need for an enterprise browser capable of maintaining compatibility with older systems while simultaneously keeping pace with the advancements of the digital era. In addition, the dialogue expands to include the integration of browser technologies in cloud-based applications like Salesforce and ServiceNow, and the challenges inherent in applying policies and ensuring data security within such environments.The pivotal value of an enterprise browser emerges strongly throughout the discussion, highlighting its ability to augment productivity and provide unique cybersecurity solutions. The conversation orbits around the value of an enterprise browser integrating with an organization's identity and access management systems, yielding granular control over access and actions within applications. Furthermore, Brian draws attention to the deployment flexibility of an enterprise browser, with its ability to be utilized across an entire organization or targeted towards specific departments or teams.In a concluding note, Sean, Marco, and Brian emphasize the pivotal role of end-user experience in enhancing productivity and the transformative role browsers play in this scenario. They discuss the additional functionality that an enterprise browser can offer - such as built-in copy and paste palettes, PDF editors, and password managers — and caution about potential risks tied to browser extensions, underscoring the need for visibility, governance, and control in this area while allowing the end-users to drive the requests to ensure they get their work done.A secure enterprise browser, such as the one offered by Island.io, is pivotal in transforming the business narrative, where security ceases to be a mere protective measure and becomes a business enabler. By ensuring a seamless and secure web browsing experience, it aligns with the company's strategic objectives, directly contributing to desired outcomes and fostering an environment where safety and efficiency coexist, driving the business towards new heights of digital innovation.Ultimately, this episode provides valuable insights into the challenges and benefits of leveraging an enterprise browser within the evolving digital landscape, offering a thought-provoking, informative, and practical discourse for organizations striving to enhance their web security and improve end-user experiences.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Brian Kenyon, Chief Strategy Officer at Island [@island_io]On LinkedIn | https://www.linkedin.com/in/brianmkenyon/ResourcesLearn more about Island.io and their offering: https://itspm.ag/island-io-6b5ffdWhat if the browser was designed for the enterprise? See for yourself at Black Hat - Visit Booth #1474 https://itspm.ag/islandl724For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this Their Story podcast episode, as part of our Black Hat USA conference coverage, hosts Sean Martin and Marco Ciappelli connect with Brian Kenyon, the Chief Strategy Officer at Island, to unpack the intricate world of enterprise browsers. Together, they explore the pressing need for robust web security and the challenges that orbit it. As the conversation unfurls, they navigate the evolution of browsers, their pivotal role in today's work operations, and how modern frameworks like Chromium have replaced relics like Flash and Silverlight, simplifying web backend and significantly enhancing a consistent user experience.The trio brings to light the persistent problem of technical debt within enterprise environments, where the existence of outdated applications and frameworks continues to be a daunting issue. They assert the need for an enterprise browser capable of maintaining compatibility with older systems while simultaneously keeping pace with the advancements of the digital era. In addition, the dialogue expands to include the integration of browser technologies in cloud-based applications like Salesforce and ServiceNow, and the challenges inherent in applying policies and ensuring data security within such environments.The pivotal value of an enterprise browser emerges strongly throughout the discussion, highlighting its ability to augment productivity and provide unique cybersecurity solutions. The conversation orbits around the value of an enterprise browser integrating with an organization's identity and access management systems, yielding granular control over access and actions within applications. Furthermore, Brian draws attention to the deployment flexibility of an enterprise browser, with its ability to be utilized across an entire organization or targeted towards specific departments or teams.In a concluding note, Sean, Marco, and Brian emphasize the pivotal role of end-user experience in enhancing productivity and the transformative role browsers play in this scenario. They discuss the additional functionality that an enterprise browser can offer - such as built-in copy and paste palettes, PDF editors, and password managers — and caution about potential risks tied to browser extensions, underscoring the need for visibility, governance, and control in this area while allowing the end-users to drive the requests to ensure they get their work done.A secure enterprise browser, such as the one offered by Island.io, is pivotal in transforming the business narrative, where security ceases to be a mere protective measure and becomes a business enabler. By ensuring a seamless and secure web browsing experience, it aligns with the company's strategic objectives, directly contributing to desired outcomes and fostering an environment where safety and efficiency coexist, driving the business towards new heights of digital innovation.Ultimately, this episode provides valuable insights into the challenges and benefits of leveraging an enterprise browser within the evolving digital landscape, offering a thought-provoking, informative, and practical discourse for organizations striving to enhance their web security and improve end-user experiences.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Brian Kenyon, Chief Strategy Officer at Island [@island_io]On LinkedIn | https://www.linkedin.com/in/brianmkenyon/ResourcesLearn more about Island.io and their offering: https://itspm.ag/island-io-6b5ffdWhat if the browser was designed for the enterprise? See for yourself at Black Hat - Visit Booth #1474 https://itspm.ag/islandl724For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

This interview was recorded for GOTO Unscripted at GOTO Copenhagen.gotopia.techRead the full transcription of this interview hereBen Sadeghipour - VP of Research at Hadrian SecurityJulian Wood - Developer Advocate at AWS @julian_wood  RESOURCEStryhackme.comhackthebox.compentesterlab.comctfchallenge.combugbountyhunter.comportswigger.net/burpBennahamsec.com@nahamsectwitch.tv/nahamsecinstagram.com/nahamsecJulian@julian_woodwooditwork.comlinkedin.com/in/julianrwoodDESCRIPTIONJoin us for an engaging conversation between Ben Sadegiphour, VP of Research at Hadrian Security, and Julian Wood, Developer Advocate at AWS. In this conversation, we will explore a range of captivating topics, such as: Bug bounties, ethical hacking, Skills, Resources, tips and much more.Whether you're an aspiring ethical hacker or simply interested in the fascinating world of cybersecurity, this video is packed with knowledge and practical advice. Get ready to hack like a pro and join us on this exciting journey!RECOMMENDED BOOKSPeter Yaworski • Real-World Bug HuntingVickie Li • Bug Bounty BootcamCarlos A. Lozano & Shahmeer Amir • Bug Bounty Hunting EssentialSanjib Sinha • Bug Bounty Hunting for Web SecurityJim Manico & August Detlefsen • Iron-Clad JavaLiz Rice • Container SecurityAaron Parecki • OAuth 2.0 SimplifiedAaron Parecki • OAuth 2.0 ServersErdal Ozkaya • Cybersecurity: The Beginner's GuideTwitterLinkedInFacebookLooking for a unique learning experience?Attend the next GOTO conference near you! Get your ticket: gotopia.techSUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted almost daily

Join host Matthias and expert guest Alexei Balaganski in this episode of the KuppingerCole Analyst Chat. They discuss the recently updated Open Web Application Security Project (OWASP) API Security Top 10 guidelines and the shifting landscape of web security, highlighting the critical role of APIs. In addition, they emphasize the importance of Identity and Access Management (IAM) in securing APIs effectively. Tune in for valuable insights into API security, web security, and the significance of IAM. Find the OWASP API Security Top 10 list here: https://owasp.org/API-Security/editions/2023/en/0x11-t10/

Hey, it's 5:05 thanks for joining us on, Friday April 14th, 2023,. From the Sourced Podcast Network in Camp Hill Pennsylvania. This is your host Bob Bannon. Stories in today's episode, come from Trac Bannon in Camp Hill Pennsylvania, Edwin Kwan in Sydney, Australia, Katy Craig in San Diego, California , and Marcel Brown in St. Louis, Missouri. Pokie is going on vacation, I have the controls, Let's get to it.Security Headers to Secure Your Web Application

Urvish (UV) is a Product Leader at Arctic Wolf, the leader in Security Operations. With 18+ years of cloud and web security experience, specializing in product strategy, product portfolio management, cross-functional leadership, and big data Urivsh is adept at leading product teams to execute roadmaps and achieve organizational objectives. Accomplished in building and leading diverse teams of Presales, Post Sales Engineering, Product Managers, and Product Owners, Urvish has built over 5 high-performing teams and led organizations of 45-60 people. Urvish is passionate about reading, skiing, photography, and has a unique talent of quoting “The Office” references in his daily life.   Time Stamped Show NotesStarting out [00:36]Day to day [01:34]Prioritizing projects [02:34]Customers vs competition [05:01]Setting customer expectations [06:48]Hiring approach [12:53]IQ vs EQ [14:41]Supporting teams in hypergrowth [18:29]Advice for aspiring product leaders [26:30]  Product Chats is brought to you by Canny. Over 1,000 teams trust Canny to help them build better products. Capture, organize, and analyze product feedback in one place to inform your product decisions.Get your free Canny account today. Stay Connected!TwitterFacebookLinkedIn

Staying knowledgeable and up to date on the ever-changing web security space is difficult. There are classes, courses, and certifications you can achieve but those are to lay the foundation but it's up to us to keep it going. I found a site that provides so much insight and tools for security it had to be a podcast episode. Source - Offsec.tools Be aware, be safe. Support the show and get access to behind the scenes content as a patron - https://www.patreon.com/SecurityInFive *** Support the podcast with a cup of coffee *** - Ko-Fi Security In Five Mighty Mackenzie - https://www.facebook.com/mightymackie Where you can find Security In Five - https://linktr.ee/binaryblogger Email - bblogger@protonmail.com

Recording date: 12/1/2022John Papa @John_PapaWard Bell @WardBellDan Wahlin @DanWahlinCraig Shoemaker @craigshoemakerFeross Aboukhadijeh @FerossBrought to you byAG GridIdeaBladeResources:Feross Aboukhadijeh's websiteFeross Aboukhadijeh's GitHubLog4jThe Federal Trade Commission's (FTC) note on Log4jSocket – Secure your JavaScript supply chainWhat's really going on in your node_modules folder?Vulnerability scanning isn't enough to protect your appAuditing npm packages for security vulnerabilitiesGitHub DependabotList of package security issues that Socket detectsList of npm packages that have been removed from npm for security reasonsFeross's Web Security class at Stanford UniversityDarknet DiariesDEFCON conferenceHave I Been Pwned?Troy Hunt1% of CMS-Powered Sites Expose Their Database PasswordsTimejumps00:44 World Cup welcome02:08 Security in applications03:20 Guest introduction04:41 Why should you worry about your software supply chain?07:41 Sponsor: Ag Grid08:50 What's the attack vector like and what's the threat?15:54 Depending on dependancies to find security issues22:16 Sponsor: IdeaBlade23:13 Make it easy to do the right thing29:16 What was log4j?33:45 How does Socket work?34:36 Final thoughtsPodcast editing on this episode done by Chris Enns of Lemon Productions.

In this web security walkthrough, Angela Saccone, Community Manager at MetaCTF, discusses cross-site scripting (XSS) and web security methods, such as HMTL entity encoding, using JavaScript to protect websites from cyber-attacks.

Joe Hollier- As 16-year, independent insurance agent veteran, Joe Hollier has learned and seen firsthand the importance of building a community around your business and your brand. Although much of his insurance career has been based in P&C sales and risk management, he has for the last five years strategized on building a new kind of value-driven community for agents. An ecosystem that would celebrate the engagement and provide unique peer and client experiences that do not currently exist in the industry. Unwilling to let this dream go, in 2021 Joe found two like-minded partners and moved forward with launching NIFTY. Coupled with significant advances in virtual reality platforms and web3 technology, NIFTY has been able to quickly establish itself as a community platform that helps insurance agents transition from web2 to web3, or more simply stated - from today's internet to tomorrow's internet. Joe is married to his amazing wife Jenae and has four children: Vivienne 18, Joe 11, Emy Bea 5 and Harry 2. They currently reside in Mandeville, LA, just north of Greater New Orleans.Heath Shearon- A 2nd Generation insurance Professional, with nearly 20 years of experience in the industry in sales and marketing. Heath's experience is incredibly versatile. He has been an agency owner, marketing rep, producer, and podcast host. Heath has a love and passion for the insurance industry and for people and for helping agents and the like to find their voice, their unique value proposition, to find their own brand, to be the best professional that they can be, and to be successful.Insurance Town PodcastNifty 

As Angular developers, we have a lot to be thankful for, including the built-in web security. Web Security is a topic that we could not do justice to in a matter of a single podcast episode. With that said, we welcome Alisa Duncan, a Senior Developer Advocate at Okta, and Google Developer Expert. Alisa loves learning and sharing with the community. In this episode, we dive into the OWASP top 10 list from 2021 that shows the most common vulnerabilities that are exposed in web applications, and then we break down how Angular helps us to avoid these vulnerabilities in our applications. Join us as we learn more about web security with Angular.https://owasp.org/Top10/https://angular.io/guide/security@AlisaDuncan

In this episode we speak to Feross Aboukhadijeh, CEO of Socket.dev, a software supply chain security company. We discuss the risks of using third party dependencies, how JS and NPM could improve their approach to security, whether trust in open source is eroding, and how to improve the overall security posture of your application. About Feross AboukhadijehFeross is the founder and CEO of Socket, where he's working on a new approach to open source supply chain security. Feross is the author and maintainer of WebTorrent, StandardJS, and 100s of other open source projects which are downloaded 500+ million times per month. Feross is a lecturer at Stanford University where he teaches CS 253 Web Security. Socket, the company Feross started, is auditing every package on npm to detect suspicious changes and block software supply chain attacks. Hundreds of companies use Socket to protect their software applications and critical services from malware and security threats originating in open source code.Other things mentioned:SocketWebTorrentStandard JSnpmJSTypescriptPrettierDependabotMacBook Pro M1Studio displayLogitech mouseLet us know what you think on Twitter:https://twitter.com/consoledotdevhttps://twitter.com/davidmyttonhttps://twitter.com/ferossOr by email: hello@console.devAbout ConsoleConsole is the place developers go to find the best tools. Our weekly newsletter picks out the most interesting tools and new releases. We keep track of everything - dev tools, devops, cloud, and APIs - so you don't have to. Sign up for free at: https://console.devRecorded: 2022-04-06.

In part 2 of "Things You Need To Know About Financial Services Websites" covers website hosting and security. This should help you make the right decision in which hosting package and company you use to ensure your site loads quickly and doesn't get hacked!

Topics: - Carl's newest project — Boxen, alternative to vrnetlab, which allows to package a network operating system VM in a container - Vendors publishing native containers with their network operating system - Using web framework to power network automation - Central network automation controller vs security team Recorded live on 2021-09-16 Bi-weekly recordings with the community on Thursdays at 6 PM CET / 12 PM ET / 9 AM PT

35. RIP Guru of Web Security, Chemlabs, Prostitution, Prez Runs, & Paranoia, John McAwesome aka John Mcafee Streamed Live on Anthony Hanratty makes his Weaving Spiders Welcome debut and we here at the Order of the Arachnid couldn't be happier to welcome If you enjoy the show and wish to help us continue asking questions whilst sharing a laugh please consider donating any amount if you're able. We rely on you to keep the show free from the corporate overlords of the cryptechnocracy. Paypal: Weavingspiders@icloud.com Cashapp: $Weavingspiders Venmo: @weavingspiders Crypto wallet addresses $BTC 36EqucfpVizaSQthVpAbqMTzdw5RhBwnmu $ETH 0xe8616e737B6d19be08ac40D4b5988Fbe1C28A6e6 $LTC MMBroc8NDwPqd2STWewQ5dBbrrZgoNMeJ8 $Dash XawxY2DM9a516m5TcsudjB8D81TWprC5cj $ZEC t1NdxpxGGb6hTeZ3PAydu2NikpUCS1BWa6g $ADA addr1v863qyp7q5z72e4ynqt73nlhsqlzzutrrda0sq0sqm6dsfg0z9t0u Streamed Live on Youtube June 25 2021 --- Send in a voice message: https://anchor.fm/weavingspiders/message