This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - Internet Radio Done Right
5,797 subscribers
Checked 4d ago
Đã thêm cách đây tám năm
Nội dung được cung cấp bởi Jerry Bell and Andrew Kalat, Jerry Bell, and Andrew Kalat. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Jerry Bell and Andrew Kalat, Jerry Bell, and Andrew Kalat hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
Tương tự như Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
))
Daily Deals
Podcast đáng để nghe
TÀI TRỢ BỞI
T
This Is Woman's Work with Nicole Kalil
1 Unlocking Your Hidden Genius: How to Harness Your Innate Talents with Betsy Wills & Alex Ellison | Ep. 289 32:08
32:08 
Nghe Sau 
Nghe Sau 
Danh sách 
Thích 
Đã thích32:08
Nghe Sau
Nghe Sau
Danh sách
Thích
Đã thíchDid you know there’s an actual science to uncovering your hidden genius? It’s not about filling out a “dream job” worksheet—it’s about understanding how your brain is wired, identifying your natural aptitudes, and using them to thrive. This isn’t just a self-discovery exercise. It’s a game-changer for your career, your relationships, and how you show up in the world. Betsy Wills and Alex Ellison are redefining how we approach career discovery, proving that finding the right path isn’t just about landing a job—it’s about creating a life that aligns with who you actually are. ✅ Betsy Wills – Cofounder of YouScience, a groundbreaking psychometric assessment platform reshaping how we understand our talents. She’s also the Director of Marketing & Branding at Diversified Trust and a frequent lecturer at Vanderbilt University and NYU’s Stern School of Business. ✅ Alex Ellison – Founder of Throughline Guidance, a global college and career counseling practice. She’s a sought-after writer, speaker, and expert in college readiness and career development. ✅ Together, they co-authored Your Hidden Genius: The Science-Backed Strategy to Uncovering and Harnessing Your Innate Talents. Discovering your hidden genius isn’t just about career success—it’s about tapping into what makes you, you . Connect with Betsy & Alex: Website (Free Downloads): www.yourhiddengenius.com Book: https://www.harpercollins.com/products/your-hidden-genius-elizabeth-m-willsalexandra-ellison Related Podcast Episodes: How To Be You, But Better with Olga Khazan | 288 Finding Purpose Through Human Design with Emma Dunwoody | 228 195 / Finding (And Using) Your Voice with Amy Green Smith Share the Love: If you found this episode insightful, please share it with a friend, tag us on social media, and leave a review on your favorite podcast platform! 🔗 Subscribe & Review: Apple Podcasts | Spotify | Amazon Music…
Defensive Security Podcast Episode 283
Manage episode 446245515 series 1344233
Nội dung được cung cấp bởi Jerry Bell and Andrew Kalat, Jerry Bell, and Andrew Kalat. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Jerry Bell and Andrew Kalat, Jerry Bell, and Andrew Kalat hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
“They Can’t All Be Winners”
In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat explore several pressing cybersecurity topics as of October 2024. The discussion begins by addressing the rapid increase in vulnerability exploitation speeds, with a highlight that 70% of exploitable flaws in 2023 were zero-days, now being exploited within just five days. They stress the importance of effective patch management and prioritization tactics using tools like the CISA KEV list and Tenable’s Viper score. The episode also touches on the evolving nature of automated and targeted exploits, the critical role of timely patching, and the balance between production disruptions and security risks. The conversation broadens to include evolving endpoint security challenges, ransomware trends, and the need for vigilance in adapting to new threats. Additionally, the hosts discuss innovative ways to counter sophisticated attacks, such as leveraging more secure token-based authentication methods over SMS-based MFA. Lastly, the episode delves into how North Korean IT operatives infiltrate companies to steal sensitive data, the implications for remote work, and the importance of robust identity verification processes in hiring. Throughout, the focus remains on adapting to the dynamic threat landscape and continuous reassessment of security strategies.
00:00 Introduction and Casual Banter
00:41 Current Job Market Challenges
02:02 Cybersecurity Landscape Overview
02:20 Google’s Zero-Day Vulnerability Report
04:03 Importance of Patch Management
05:04 Trends in Exploitation Timelines
11:24 Strategies for Mitigating Vulnerabilities
20:03 Red Team Tool: EDR Silencer
26:52 Microsoft’s Ransomware Defense
27:25 Ransomware Attacks: A Decrease Despite the Increase
28:13 The Role of Unmanaged Devices in Cyber Attacks
28:39 Multi-Factor Authentication: Effectiveness and Adaptation
30:07 The Arms Race in Cybersecurity
30:49 The Importance of Phishing-Resistant MFA
32:11 The Rise of SIM Cloning in Ransomware
32:44 Challenges in Adopting Advanced Security Measures
36:46 North Korean IT Workers: A New Threat
40:50 The Future of Remote Hiring and Verification
49:03 Conclusion and Final Thoughts
Links:
- https://www.bleepingcomputer.com/news/security/google-70-percent-of-exploited-flaws-disclosed-in-2023-were-zero-days/
- https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html
- https://www.theregister.com/2024/10/15/microsoft_ransomware_attacks/
- https://www.bleepingcomputer.com/news/security/undercover-north-korean-it-workers-now-steal-data-extort-employers/
283 tập
Defensive Security Podcast Episode 283
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Chia sẻManage episode 446245515 series 1344233
Nội dung được cung cấp bởi Jerry Bell and Andrew Kalat, Jerry Bell, and Andrew Kalat. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Jerry Bell and Andrew Kalat, Jerry Bell, and Andrew Kalat hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
“They Can’t All Be Winners”
In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat explore several pressing cybersecurity topics as of October 2024. The discussion begins by addressing the rapid increase in vulnerability exploitation speeds, with a highlight that 70% of exploitable flaws in 2023 were zero-days, now being exploited within just five days. They stress the importance of effective patch management and prioritization tactics using tools like the CISA KEV list and Tenable’s Viper score. The episode also touches on the evolving nature of automated and targeted exploits, the critical role of timely patching, and the balance between production disruptions and security risks. The conversation broadens to include evolving endpoint security challenges, ransomware trends, and the need for vigilance in adapting to new threats. Additionally, the hosts discuss innovative ways to counter sophisticated attacks, such as leveraging more secure token-based authentication methods over SMS-based MFA. Lastly, the episode delves into how North Korean IT operatives infiltrate companies to steal sensitive data, the implications for remote work, and the importance of robust identity verification processes in hiring. Throughout, the focus remains on adapting to the dynamic threat landscape and continuous reassessment of security strategies.
00:00 Introduction and Casual Banter
00:41 Current Job Market Challenges
02:02 Cybersecurity Landscape Overview
02:20 Google’s Zero-Day Vulnerability Report
04:03 Importance of Patch Management
05:04 Trends in Exploitation Timelines
11:24 Strategies for Mitigating Vulnerabilities
20:03 Red Team Tool: EDR Silencer
26:52 Microsoft’s Ransomware Defense
27:25 Ransomware Attacks: A Decrease Despite the Increase
28:13 The Role of Unmanaged Devices in Cyber Attacks
28:39 Multi-Factor Authentication: Effectiveness and Adaptation
30:07 The Arms Race in Cybersecurity
30:49 The Importance of Phishing-Resistant MFA
32:11 The Rise of SIM Cloning in Ransomware
32:44 Challenges in Adopting Advanced Security Measures
36:46 North Korean IT Workers: A New Threat
40:50 The Future of Remote Hiring and Verification
49:03 Conclusion and Final Thoughts
Links:
- https://www.bleepingcomputer.com/news/security/google-70-percent-of-exploited-flaws-disclosed-in-2023-were-zero-days/
- https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html
- https://www.theregister.com/2024/10/15/microsoft_ransomware_attacks/
- https://www.bleepingcomputer.com/news/security/undercover-north-korean-it-workers-now-steal-data-extort-employers/
283 tập
Semua episode
×
1 Defensive Security Podcast Episode 301 1:09:18
1:09:18 Nghe Sau Nghe Sau Danh sách Thích Đã thích1:09:18
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a range of cybersecurity topics, including the recent Oracle Cloud breach, the challenges of asset management in large environments, and the importance of prioritizing vulnerabilities. They also explore the findings from a pen test report, the implications of emerging threats like Medusa ransomware, and the need for better security practices in organizations. Links: https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/ https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html?m=1 https://www.horizon3.ai/attack-research/attack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/ https://www.forbes.com/sites/daveywinder/2025/03/30/fbi-warns-use-2fa-as-time-traveling-hackers-strike/ https://www.reversinglabs.com/blog/epss-is-not-foolproof-shift-your-appsec-beyond-vulnerabilities Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec…
1 Defensive Security Podcast Episode 300 1:02:00
1:02:00 Nghe Sau Nghe Sau Danh sách Thích Đã thích1:02:00
Nghe Sau Nghe Sau Danh sách Thích Đã thíchSummary In this episode, we celebrate the 300th episode of the Defensive Security Podcast then discuss various cybersecurity topics including the rise of AI-driven threats, the importance of zero trust architecture, best practices for incident response, the impact of human error on security breaches, and the risks associated with collaboration tools. We also cover the dangers of malvertising campaigns exploiting platforms like GitHub. Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec Links: https://venturebeat.com/security/51-seconds-to-breach-how-cisos-are-fighting-back-against-lightning-fast-attacks/ https://www.theregister.com/2025/03/10/incident_response_advice/ https://www.scworld.com/news/95-of-data-breaches-involve-human-error-report-reveals https://www.darkreading.com/cyber-risk/remote-access-infra-remains-riskiest-corp-attack-surface https://www.bleepingcomputer.com/news/security/microsoft-says-malvertising-campaign-impacted-1-million-pcs/…
1 Defensive Security Podcast Episode 299 1:07:40
1:07:40 Nghe Sau Nghe Sau Danh sách Thích Đã thích1:07:40
Nghe Sau Nghe Sau Danh sách Thích Đã thíchSummary In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a Disney employee’s mishap with an AI tool that led to a significant hack, vulnerabilities in VMware ESX hypervisors, and a developer’s sabotage of their ex-employer. They also explore the implications of GitHub repository exposure and the growing risks associated with third-party vendors in cybersecurity. Link to support Andy and Jerry’s work creating the Defensive Security Podcast: https://www.patreon.com/defensivesec Story links: https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931 https://doublepulsar.com/use-one-virtual-machine-to-own-them-all-active-exploitation-of-esxicape-0091ccc5bdfc https://www.theregister.com/2025/03/08/developer_server_kill_switch/ https://arstechnica.com/information-technology/2025/02/copilot-exposes-private-github-pages-some-removed-by-microsoft/ https://www.darkreading.com/cyber-risk/third-party-risk-top-cybersecurity-claims…
1 Defensive Security Podcast Episode 298 1:17:06
1:17:06 Nghe Sau Nghe Sau Danh sách Thích Đã thích1:17:06
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode of the Defense of Security podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a recent incident involving notorious hackers breaching a company network in under an hour, strategies to defend against deepfake attacks, the targeting of freelance developers by North Korean adversaries, vulnerabilities in Palo Alto firewalls, and the emergence of ghost ransomware. The conversation emphasizes the importance of proactive security measures and the evolving landscape of cyber threats. Want to support the Defensive Security Podcast? You can donate here: https://www.patreon.com/defensivesec Takeaways: The speed of cyber attacks is increasing, with breaches occurring in under an hour. Organizations must implement robust processes to defend against deepfake attacks. Freelance developers are at risk of being targeted by sophisticated cybercriminals. Palo Alto firewalls are vulnerable to attacks if management interfaces are exposed to the internet. Ghost ransomware is a growing threat, often using familiar tactics to exploit vulnerabilities. Links: https://arstechnica.com/security/2025/02/notorious-crooks-broke-into-a-company-network-in-48-minutes-heres-how/ https://www.darkreading.com/vulnerabilities-threats/4-low-cost-ways-defend-organization-against-deepfakes https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/ https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/ https://hackread.com/fbi-cisa-ghost-ransomware-threat-to-firms-worldwide/…
1 Defensive Security Podcast Episode 297 1:04:21
1:04:21 Nghe Sau Nghe Sau Danh sách Thích Đã thích1:04:21
Nghe Sau Nghe Sau Danh sách Thích Đã thíchBecome a Patreon supporter of the show here: https://www.patreon.com/defensivesec Links: https://www.cybersecuritydive.com/news/ransomware-gangs–tactics-/739937/ https://www.bleepingcomputer.com/news/security/over-12-000-keriocontrol-firewalls-exposed-to-exploited-rce-flaw/ https://arstechnica.com/information-technology/2025/02/russian-spies-use-device-code-phishing-to-hijack-microsoft-accounts/ https://www.darkreading.com/cyber-risk/open-source-ai-models-pose-risks-of-malicious-code-vulnerabilities https://www.csoonline.com/article/3823429/24-of-vulnerabilities-are-abused-before-a-patch-is-available.html…
1 Defensive Security Podcast Episode 296 1:10:28
1:10:28 Nghe Sau Nghe Sau Danh sách Thích Đã thích1:10:28
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode of the Defense of Security Podcast, Jerry Bell and Andrew Kalat discuss the evolving landscape of cybersecurity threats, focusing on ransomware tactics that exploit insider threats, the hijacking of LLM resources, and the effectiveness of phishing simulations. They explore how adversaries are increasingly targeting employees to gain access to sensitive data and how organizations can better protect themselves against these threats. The conversation also covers the ethical implications of phishing tests and the need for a more supportive approach to security awareness training. In this episode, Jerry and Andrew discuss the challenges faced by cybersecurity teams, the dynamics between security and other business units, and the importance of learning from incidents to improve security practices. They explore the balance between enabling business operations and maintaining security, the implications of generative AI in the workplace, and the need for effective governance around AI usage. The conversation emphasizes the proactive role security professionals must take in navigating these complexities while ensuring organizational safety. Takeaways Ransomware attackers are increasingly using insider threats to gain access. Greed can turn employees into insider threats, especially in tough economic times. LLM hijacking is a new tactic that exploits compromised API keys. Phishing simulations may create a rift between users and IT security teams. Punitive measures for phishing failures can lead to underreporting of actual attacks. Security awareness training should focus on protecting users, not punishing them. Adversaries are finding valid API keys to exploit cloud resources. The effectiveness of phishing simulations is being questioned by experts. Organizations need to do a better job at protecting their secrets and credentials. The cybersecurity landscape is rapidly evolving, requiring constant adaptation. Cybersecurity teams often feel like janitors cleaning up after others. Organizational dynamics can create resentment in security teams. Learning from incidents is crucial for improving security practices. Balancing security needs with business operations is essential. Generative AI presents both risks and opportunities for organizations. Effective governance is needed for AI usage in business. Security professionals must help businesses understand risk management. Building relationships across departments can improve security outcomes. AI tools should be used with proper agreements to protect data. The landscape of AI in business is rapidly evolving and requires adaptation. Links https://www.scworld.com/news/ransomware-attackers-turn-to-workers-for-data-breach-access https://www.darkreading.com/application-security/llm-hijackers-deepseek-api-keys https://www.wsj.com/tech/cybersecurity/phishing-tests-the-bane-of-work-life-are-getting-meaner-76f30173 https://www.securityweek.com/security-teams-pay-the-price-the-unfair-reality-of-cyber-incidents/ https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts…
1 Defensive Security Podcast Episode 295 1:15:57
1:15:57 Nghe Sau Nghe Sau Danh sách Thích Đã thích1:15:57
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the alarming statistics surrounding ransomware attacks, the implications of paying ransoms, and the evolving nature of ransomware as a broader category of cyber threats. They also discuss the consolidation of security tools and the skepticism surrounding it, particularly in light of a recent report by Palo Alto and IBM. The conversation shifts to the risks associated with AI, highlighted by the DeepSeek incident, and concludes with a discussion on the importance of securing management interfaces and the ongoing challenges in the cybersecurity landscape. Links: https://www.infosecurity-magazine.com/news/ransomware-victims-shut-operations/ https://www.cybersecuritydive.com/news/consolidation-security-tools/738912/ https://9to5mac.com/2025/01/31/security-bite-top-macos-threat-found-riding-the-deepseek-wave/ https://www.securityweek.com/sonicwall-confirms-exploitation-of-new-sma-zero-day/ https://www.theregister.com/2025/01/30/deepseek_database_left_open/ Takeaways 58% of ransomware victims had to shut down operations temporarily. Only 13% of victims who paid ransom got all their data back. The ransomware ecosystem relies on the belief that victims will recover their data. Organizations average 83 different security tools, leading to inefficiencies. Speed in deploying AI can compromise security practices. DeepSeek incident highlights risks of using unverified AI models. SonicWall’s zero-day vulnerability emphasizes the need for secure management practices. Security tool consolidation may not always lead to better outcomes. Phishing and RDP compromises are common entry points for ransomware. The evolving nature of ransomware requires a broader understanding of cyber threats.…
1 Defensive Security Podcast Episode 294 1:04:21
1:04:21 Nghe Sau Nghe Sau Danh sách Thích Đã thích1:04:21
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a hidden backdoor in Juniper routers, PayPal’s recent data breach settlement, the exploitation of older Ivanti bugs, the PowerSchool data breach affecting millions, and CISA’s new software security recommendations. The conversation emphasizes the importance of proactive security measures and the evolving landscape of cybersecurity threats. If you find this podcast useful, please consider supporting us here: https://www.patreon.com/defensivesec Takeaways The hidden backdoor in Juniper routers raises concerns about network security. PayPal’s settlement highlights the need for better data protection practices. Older vulnerabilities in Ivanti products continue to be exploited, stressing the importance of timely patching. The PowerSchool data breach underscores the risks of inadequate credential protection. CISA’s recommendations aim to improve software security across critical infrastructure. Links: https://www.theregister.com/2025/01/25/mysterious_backdoor_juniper_routers/ https://www.bleepingcomputer.com/news/security/paypal-to-pay-2-million-settlement-over-2022-data-breach/ https://www.bleepingcomputer.com/news/security/cisa-hackers-still-exploiting-older-ivanti-bugs-to-breach-networks/ https://www.securityweek.com/millions-impacted-by-powerschool-data-breach/ https://www.securityweek.com/cisa-fbi-update-software-security-recommendations/…
“Another day, another data breach.” In this episode of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss a significant data breach affecting hotel reservation data, regulatory actions taken against GoDaddy for poor security practices, and the evolving landscape of cyber attacks. They emphasize the importance of proactive defense strategies and innovative detection techniques to combat these threats effectively. Takeaways Data breaches continue to be a common occurrence in the cybersecurity landscape. Regulatory bodies like the FTC are increasingly involved in enforcing security improvements post-breach. Organizations must prioritize security measures to protect sensitive data from breaches. The importance of multi-factor authentication cannot be overstated in preventing credential theft. Ad blockers are not just for user convenience; they are essential for security. Cybersecurity is a shared responsibility across all departments, including marketing and IT. Proactive detection strategies can help identify malicious activity before significant damage occurs. Understanding the attack vectors used by cybercriminals is crucial for effective defense. Regularly updating and patching systems is vital to prevent exploitation of known vulnerabilities. Innovative detection techniques, such as canary accounts, can enhance security monitoring efforts. Links: https://www.bleepingcomputer.com/news/security/otelier-data-breach-exposes-info-hotel-reservations-of-millions/ https://www.bleepingcomputer.com/news/security/ftc-orders-godaddy-to-fix-poor-web-hosting-security-practices/ https://www.bleepingcomputer.com/news/security/hackers-leak-configs-and-vpn-credentials-for-15-000-fortigate-devices/ https://cybersecuritynews.com/hackers-exploiting-companies-google-ads-accounts/ https://www.blackhillsinfosec.com/one-active-directory-account-can-be-your-best-early-warning/…
In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the dangers of malware disguised as proof of concept code on GitHub, the alarming rise in phishing attacks, the implications of a recent Treasury hack, and the targeted attacks on Ivanti’s security products. The conversation emphasizes the need for skepticism in security research, the importance of creating a safer environment for users, and the ongoing challenges posed by sophisticated threat actors. Links: https://www.bleepingcomputer.com/news/security/fake-ldapnightmware-exploit-on-github-spreads-infostealer-malware/ https://www.forbes.com/sites/daveywinder/2025/01/09/do-not-click-new-gmail-outlook-apple-mail-warning-for-billions/ https://www.bleepingcomputer.com/news/security/treasury-hackers-also-breached-us-foreign-investments-review-office/ https://www.bleepingcomputer.com/news/security/google-chinese-hackers-likely-behind-ivanti-vpn-zero-day-attacks/…
Summary In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a significant incident involving a Tenable plugin update that disrupted Nessus agents worldwide. They delve into the implications of malicious Chrome extensions and sophisticated phishing attacks, particularly focusing on a recent incident involving OAuth trust exploitation. The conversation shifts to new HIPAA cybersecurity rules that aim to enhance security measures in healthcare, followed by a discussion on the rise of AI-generated phishing emails targeting executives. Finally, they explore the challenges of passkey technology in achieving usable security across different platforms. Links: https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/ https://www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/ https://www.darkreading.com/vulnerabilities-threats/hipaa-security-rules-pull-no-punches https://arstechnica.com/security/2025/01/ai-generated-phishing-emails-are-getting-very-good-at-targeting-executives/ https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/…
1 Defensive Security Podcast Episode 290 1:23:40
1:23:40 Nghe Sau Nghe Sau Danh sách Thích Đã thích1:23:40
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the FTC’s order for Marriott and Starwood to enhance their data security measures, a recent hijacking of a Chrome extension, and emerging threats for 2025. They also delve into the implications of AI in cybersecurity, emphasizing the need for governance and risk management as AI technologies become more pervasive in the workplace. Takeaways The FTC has mandated Marriott and Starwood to implement a comprehensive security program for 20 years. Data breaches can lead to significant regulatory actions and long-term consequences for companies. The hijacking of browser extensions poses a serious risk to user data and security. Emerging threats for 2025 include zero-day exploits and supply chain attacks. AI governance is crucial as employees increasingly use AI tools without oversight. Links https://www.bleepingcomputer.com/news/security/ftc-orders-marriott-and-starwood-to-implement-strict-data-security/ https://www.bleepingcomputer.com/news/security/cybersecurity-firms-chrome-extension-hijacked-to-steal-users-data/ https://www.darkreading.com/vulnerabilities-threats/emerging-threats-vulnerabilities-prepare-2025 https://www.securityweek.com/beware-of-shadow-ai-shadow-its-less-well-known-brother/…
1 Defensive Security Podcast Episode 289 1:00:14
1:00:14 Nghe Sau Nghe Sau Danh sách Thích Đã thích1:00:14
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a year-long supply chain attack that compromised 390,000 credentials, the U.S. government’s bounty for information on North Korean IT worker farms, and the alarming number of vulnerabilities found in software containers. They also delve into the implications of the False Claims Act for cybersecurity whistleblowers and the evolving landscape of AI in security.…
In this episode of the Defensive Security Podcast, we discuss the anticipated rise of Mac malware, the economic implications of new top-level domains (TLDs) for phishing, innovative phishing techniques using corrupt documents, and the risks associated with open-source software. We also explore the concept of risk homeostasis in cybersecurity, examining how users’ perceptions of security can influence their behavior and risk-taking. The conversation emphasizes the importance of education, robust security measures, and the need for a deeper understanding of complex systems in the face of evolving threats. If you would like to support this podcast, please consider donating here: https://www.patreon.com/defensivesec Links: https://appleinsider.com/articles/24/12/04/what-a-new-threat-report-says-about-mac-malware-in-2024 https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/ https://www.bleepingcomputer.com/news/security/novel-phishing-campaign-uses-corrupted-word-documents-to-evade-security/ https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/ and https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection…
In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various topics including their holiday plans, updates on their podcast, and significant cybersecurity incidents. They delve into a recent Wi-Fi breach involving Russian hackers, CrowdStrike’s IT outage and its implications for customer retention, and the discovery of malware exploiting vulnerable device drivers. The conversation emphasizes the importance of security practices such as multi-factor authentication and the challenges of managing cybersecurity risks in a rapidly evolving landscape. In this engaging conversation, Andrew Kalat and Jerry Bell explore various themes in cybersecurity, including the shift towards self-service IT solutions, the rise of phishing as a service, and the evolving landscape of multi-factor authentication. They discuss the implications of new threats like BootKitty and the challenges posed by firmware vulnerabilities. The conversation also touches on the future of cloud security and the often-overlooked role of marketing in cybersecurity threats, culminating in a light-hearted discussion about their pets. You can support the Defensive Security Podcast through our Patreon site here: https://patreon.com/defensivesec Links to the stories we discussed in this episode: https://www.bleepingcomputer.com/news/security/hackers-breach-us-firm-over-wi-fi-from-russia-in-nearest-neighbor-attack/ https://www.cybersecuritydive.com/news/crowdstrike-retains-customers/734203/ https://thehackernews.com/2024/11/researchers-uncover-malware-using-byovd.html?m=1 https://securityaffairs.com/171532/cyber-crime/rockstar-2fa-phaas.html https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/…
Chào mừng bạn đến với Player FM!
Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.
Daily Deals
Daily Deals
Daily Deals
Tương tự như Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
