This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - Internet Radio Done Right
Checked 4d ago
הוסף לפני five שנים
תוכן מסופק על ידי YusufOnSecurity.Com. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי YusufOnSecurity.Com או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לYusufOnSecurity.com
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
4k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
Daily Deals
160 - The Hidden Risks of Default Configurations - Part 2
Manage episode 403187171 series 2872461
תוכן מסופק על ידי YusufOnSecurity.Com. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי YusufOnSecurity.Com או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Enjoying the content? Let us know your feedback!
In this episode, we are continuing with part 2 of the risks paused by default configuration. As I said last week, while default config is convenient for initial setup, these settings are may introduce significant security risks that can leave systems vulnerable to exploitation by malicious actors. Please listen to the first episode before you listen to this episode. That way you will get the background and full context of the topic.
- Well intended Network Traversal Tool is Being Abused for malicious gain. Where have we seen that beofore
- Law enforcement from the UK and others disrupt Lockbit Ransomware group infrastructure
Having said that, lets turn to a couple of top trending news this week and they are:
- https://joshua.hu: SSH-Snake SSH network traversal discover SSH private keys network graph
- https://www.nationalcrimeagency.gov.uk/ NCA leads international investigation targeting worlds most harmful ransomware group
- https://www.chainalysis.com: LockBit takedown sanctions
Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.
235 פרקים
שתפוManage episode 403187171 series 2872461
תוכן מסופק על ידי YusufOnSecurity.Com. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי YusufOnSecurity.Com או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Enjoying the content? Let us know your feedback!
In this episode, we are continuing with part 2 of the risks paused by default configuration. As I said last week, while default config is convenient for initial setup, these settings are may introduce significant security risks that can leave systems vulnerable to exploitation by malicious actors. Please listen to the first episode before you listen to this episode. That way you will get the background and full context of the topic.
- Well intended Network Traversal Tool is Being Abused for malicious gain. Where have we seen that beofore
- Law enforcement from the UK and others disrupt Lockbit Ransomware group infrastructure
Having said that, lets turn to a couple of top trending news this week and they are:
- https://joshua.hu: SSH-Snake SSH network traversal discover SSH private keys network graph
- https://www.nationalcrimeagency.gov.uk/ NCA leads international investigation targeting worlds most harmful ransomware group
- https://www.chainalysis.com: LockBit takedown sanctions
Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.
235 פרקים
כל הפרקים
×
Y
YusufOnSecurity.com
1 235 - The Microsoft SharePoint vulnerability 27:51
27:51 
הפעל מאוחר יותר 
הפעל מאוחר יותר 
רשימות 
לייק 
אהבתי27:51
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Today, we focus on a critical and rapidly evolving Microsoft SharePoint vulnerability that’s rocked the security world in July 2025. We’ll walk you through what it is, why it matters, how attackers exploit it, and most importantly, what you and your organization can do to defend against it. For those new to cybersecurity, we’ll also explain the tricky technical jargon around this vulnerability, so you can follow along confidently, whether you’re an entry-level analyst or someone keen to learn more. - https://www.sans.org : Critical SharePoint Zero-Day Exploited: What You Need to Know About CVE-2025-53770 - https://msrc.microsoft.com : Update Guide Vulnerability CVE-2025-53770 - https://msrc.microsoft.com : Guidance For Sharepoint Vulnerability CVE 2025-53770/ - https://www.bleepingcomputer.com : US nuclear weapons agency hacked in Microsoft SharePoint attacks Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 234 - Protecting the Invisible-How to Secure Infrastructure without Agents 27:49
27:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! The world of cybersecurity isn’t just about defending laptops and servers—it’s also about safeguarding the “invisible” corners of our networks: those printers, cameras, routers, and dozens of other devices that quietly power our organizations. But what do you do when you can’t install security software or agents on these endpoints? In this episode of YusufOnSecurity, we’re digging into the art and science of protecting infrastructure you can’t easily touch or monitor from within. From game-changing network tactics to clever monitoring tricks, we’ll explore the evolving landscape of agentless security—and why protecting these overlooked devices just might be the next frontier in building a truly resilient environment. Stay with me as we unlock the secrets of securing the unmanageable. - https://www.techtarget.com : Agent vs Agentless Security Learn The Differences Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 233 - CI-CD Pipelines and Associated Security Risks 27:33
27:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode, we talk through the technical details of CI/CD (Continuous Integration/Continuous Development) pipelines: what they are, how they work, the jargon around them, and the potential security risks organizations need to be aware of. Finally, we’ll bust a persistent myth in software development that you might find surprising. - https://www.cisco.com : What is CI/CD? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! Today’s episode takes you through three intersecting stories revealing how technology shapes both our vulnerabilities and our digital identity—from the sprawling and adaptable threat of AsyncRAT malware, to critical Bluetooth vulnerabilities threatening millions of vehicles globally, and finally to a thought-provoking glimpse into how AI models create intimate profiles of their users. - https://simonwillison.ne t/2025: Simon's ChatGPT dossier - https://blog.talosintelligence.com /AsyncRAT - https://www.bankinfosecurity.com : PerfektBlue Bug Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 231 - A Crash Course in Vendor Risk, Lessons from the CrowdStrike Outage 29:15
29:15 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:15
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Today, we’re focusing on the critical lessons from one of the most disruptive IT failures in recent memory: the global outage triggered by a CrowdStrike software update on July 19, 2024. While the headlines focused on grounded flights and downed systems, the real story lies in what this incident revealed about the way we build, secure, and rely on digital infrastructure. This episode isn’t just about a faulty update—it’s about the cascading impact of vendor trust, software architecture, and system design decisions made long before disaster strikes. We’ll explore how over-reliance on a single vendor can introduce hidden points of failure, why resilience must be baked into every layer of our IT stack, and how incident response can make or break reputations in a hyperconnected world. We’ll also look at Microsoft’s rapid response and how this moment might reshape the rules for how security software integrates with Windows. The takeaway? In cybersecurity, it’s not enough to be secure—you also have to be prepared for when your most trusted systems fail. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! This week on YusufOnSecurity, we’re diving into a topic that’s become increasingly critical as our world grows more connected: the security of the Internet of Things, or IoT. From smart thermostats and wearable fitness trackers to industrial sensors and connected cars, IoT devices are now woven into the fabric of our daily lives and business operations. They promise greater convenience, efficiency, and innovation—but they also introduce new risks and vulnerabilities that many organizations and individuals are just beginning to understand. Securing IoT isn’t just about protecting gadgets; it’s about safeguarding the data they collect, the networks they connect to, and ultimately, the people and processes that rely on them. As the number of IoT devices skyrockets, attackers are finding new ways to exploit weak points—sometimes with far-reaching consequences. In this episode, we’ll explore why IoT security matters, the unique challenges it presents, and practical steps you can take to protect your connected world. - https://www.cisco.com : What is iOT? - https://www.iiconsortium.org : Security Maturity Model Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In today’s interconnected world, the security of our digital infrastructure relies heavily on cryptography—the science of protecting information by transforming it into unreadable formats for unauthorized users. But how do we know the cryptographic solutions we use are truly secure? That’s where standards like FIPS 140-3 come in. - https://csrc.nist.gov : FIPS-140-40-3 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 228 - How the Emergence of AI-Powered Malware works 26:19
26:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In today’s episode is about a seismic shift in the world of cyber threats. The emergence of AI-powered malware. We’ll unpack how this new breed of malware works, the science behind it, real-world incidents, and what the latest academic research reveals. We will also look at the latest news that some are calling "The mother of all breaches". We have all that coming up next, in this week's podcast! - https://www.bleepingcomputer.com : No, the 16 billion credentials leak is not a new data breach Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! Today, we’ll answer a pressing question in cybersecurity: Is UTM still relevant in 2025? We’ll trace the origins of UTM, explain why it was created, break down its core features, compare it to newer technologies, and finish by busting a common cybersecurity myth. Before we dive into our main topic, let’s take a quick look at a major tech update making headlines: The emergence of AI powered malware is becoming more real - https://en.wikipedia.org : UTM - https://perception-point.io : AI Malware: Types, Real Life Examples, and Defensive Measures Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 226 - Inside A Stealthy Malware Powering Modern Cyber Attacks 47:28
47:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי47:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode, we get into some detailed exploration of an up and coming malware. Looking at it closer, it is one of the most advanced post-exploitation code families shaping the cybersecurity landscape in 2025. Over the time we have together, we’ll unravel what this malware is, how it works, why it’s so dangerous, and most importantly what businesses can do to defend themselves. Along the way, we’ll break down technical terms and processes, to make the topic less complex as I need it to be accessible and engaging to everyone. Before we dive into our main topic, let’s take a quick look at a major tech update making headlines: Microsoft Authenticator Now Warns To Export Passwords Before July Cut Off - https://www.bleepingcomputer.com : Ransomware gangs increasingly use Skitnet post-exploitation malware - https://otx.alienvault.com : Skitnet IOCs Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 225 - What Is a Content Delivery Network—And Do They Really Protect Businesses? 24:29
24:29 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:29
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This week we are exploring what Content Delivery Networks —commonly known as CDNs— are and whether they protect modern businesses. We’ll dive deep into the mechanics of how CDNs work, the technologies behind them, and whether they defend organizations from threats or just deliver content at blazing speeds. Along the way, we’ll highlight two of the world’s leading CDN providers. - https://en.wikipedia.org : Content Delivery Network - https://www.cloudflare.com : What Is CDN? - https://www.akamai.com : What Is CDN? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 224 - Cisco Talos Year 2024 In Review 34:38
34:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode, we are looking at the latest Cisco Talos’ 2024 report. In this comprehensive report, we will delve into the major cybersecurity trends and threats observed over the past year. Cisco Talos team, has compiled this report to provide valuable insights and guidance for organizations to enhance their security postures. But before we get in to the main topic, I have one security news for you and that is: - The European Union launches a new vulnerability Database - EUVD - https://euvd.enisa.europa.eu : EUVD - https://euvd.enisa.europa.eu/faq : EUVD FAQ - https://blog.talosintelligence.com : 2024 Year In Review Report - https://www.forbes.com : Why Quantum Computers Will Work Alongside Classical Systems Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! This is the part 2 of RSAC 2025 episode. If you have not listened to episode 1 (that episode 222), I would suggest you listen to episode 1 before you listen this episode. Before you we get into part 2, lets review what has been happening last week on the news front. - UK shares security tips after major retail cyberattacks - https://www.bleepingcomputer.com : UK NCSC Cyber Attack A Wake Up call - https://www.ncsc.gov.uk :NCSC statement - Incident impacting retailers Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! It was RSAC week and it would be remiss of me if I did not give you a highlight on what went on this year, 2025. After all, RSAC has a critical role in security. We will be reviewing the top key announcements from this year's event, including some exciting news from the major security players in the industry. Whether you're a cybersecurity professional, a tech enthusiast, or just curious about the latest in the world of cyber security, this episode is definitely for you. So, let's get started! Before we dive into the main segment, we will also add one more topic that I think is of major importance on top of everything else and that is from Microsoft. Microsoft makes All new Account Passwordless by default - https://techcommunity.microsoft.com : New User Experience - https://www.rsaconference.com : RSA Conference 2025 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 221 - FBI’s 2024 Annual Internet Crime Report 32:16
32:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This week's episode looks at the FBI’s 2024 Annual Internet Crime Report -an analysis that not only highlights the scale of cybercrime but also reveals the evolving tactics of cybercriminals and the staggering financial impact on individuals and businesses alike. This of course relates to US but it is an indicative what might be happening elsewhere. - https://www.ic3.gov : Federal Bureau Of Investigation - Internet Crime Report 2024 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
Daily Deals
Daily Deals
דומה לYusufOnSecurity.com
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
4k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
