This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - Internet Radio Done Right
Checked 4d ago
הוסף לפני four שנים
תוכן מסופק על ידי YusufOnSecurity.Com. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי YusufOnSecurity.Com או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לYusufOnSecurity.com
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Flash Forward is a show about possible (and not so possible) future scenarios. What would the warranty on a sex robot look like? How would diplomacy work if we couldn’t lie? Could there ever be a fecal transplant black market? (Complicated, it wouldn’t, and yes, respectively, in case you’re curious.) Hosted and produced by award winning science journalist Rose Eveleth, each episode combines audio drama and journalism to go deep on potential tomorrows, and uncovers what those futures might re ...
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
Daily Deals
פודקאסטים ששווה להאזין
בחסות
In 1910, Dorothy Arnold—a wealthy, educated socialite from New York City—left her home for a shopping trip and never returned.
191 - Is The Browser The New Operating System?
Manage episode 443379882 series 2872461
תוכן מסופק על ידי YusufOnSecurity.Com. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי YusufOnSecurity.Com או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Enjoying the content? Let us know your feedback!
Today we’re discussing an exciting trend in the world of technology—the browser is no longer just a window to the web. So we asked is it becoming the operating system itself?
From the early days of Mosaic and Netscape Navigator to today’s cloud-powered Chromebooks, the browser has evolved dramatically. In this episode, we’ll explore the security implication, the history of browsers, the famous browser wars, and how today’s browsers are blurring the lines between web interfaces and operating systems.
Having said that, lets recap a top trending security news shall we?
- Exploiting CUPS: How Recent Vulnerabilities Could Compromise Linux Security
- https://www.evilsocket.net: Attacking On UNIX Systems Via CUPS Part I
-https://en.wikipedia.org: History of The Web Browsers
- https://en.wikipedia.org: Browser Wars
Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.
229 פרקים
שתפוManage episode 443379882 series 2872461
תוכן מסופק על ידי YusufOnSecurity.Com. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי YusufOnSecurity.Com או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Enjoying the content? Let us know your feedback!
Today we’re discussing an exciting trend in the world of technology—the browser is no longer just a window to the web. So we asked is it becoming the operating system itself?
From the early days of Mosaic and Netscape Navigator to today’s cloud-powered Chromebooks, the browser has evolved dramatically. In this episode, we’ll explore the security implication, the history of browsers, the famous browser wars, and how today’s browsers are blurring the lines between web interfaces and operating systems.
Having said that, lets recap a top trending security news shall we?
- Exploiting CUPS: How Recent Vulnerabilities Could Compromise Linux Security
- https://www.evilsocket.net: Attacking On UNIX Systems Via CUPS Part I
-https://en.wikipedia.org: History of The Web Browsers
- https://en.wikipedia.org: Browser Wars
Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.
229 פרקים
כל הפרקים
×
Enjoying the content? Let us know your feedback! In today’s interconnected world, the security of our digital infrastructure relies heavily on cryptography—the science of protecting information by transforming it into unreadable formats for unauthorized users. But how do we know the cryptographic solutions we use are truly secure? That’s where standards like FIPS 140-3 come in. - https://csrc.nist.gov : FIPS-140-40-3 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 228 - How the Emergence of AI-Powered Malware works 26:19
26:19 
הפעל מאוחר יותר 
הפעל מאוחר יותר 
רשימות 
לייק 
אהבתי26:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In today’s episode is about a seismic shift in the world of cyber threats. The emergence of AI-powered malware. We’ll unpack how this new breed of malware works, the science behind it, real-world incidents, and what the latest academic research reveals. We will also look at the latest news that some are calling "The mother of all breaches". We have all that coming up next, in this week's podcast! - https://www.bleepingcomputer.com : No, the 16 billion credentials leak is not a new data breach Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! Today, we’ll answer a pressing question in cybersecurity: Is UTM still relevant in 2025? We’ll trace the origins of UTM, explain why it was created, break down its core features, compare it to newer technologies, and finish by busting a common cybersecurity myth. Before we dive into our main topic, let’s take a quick look at a major tech update making headlines: The emergence of AI powered malware is becoming more real - https://en.wikipedia.org : UTM - https://perception-point.io : AI Malware: Types, Real Life Examples, and Defensive Measures Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 226 - Inside A Stealthy Malware Powering Modern Cyber Attacks 47:28
47:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי47:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode, we get into some detailed exploration of an up and coming malware. Looking at it closer, it is one of the most advanced post-exploitation code families shaping the cybersecurity landscape in 2025. Over the time we have together, we’ll unravel what this malware is, how it works, why it’s so dangerous, and most importantly what businesses can do to defend themselves. Along the way, we’ll break down technical terms and processes, to make the topic less complex as I need it to be accessible and engaging to everyone. Before we dive into our main topic, let’s take a quick look at a major tech update making headlines: Microsoft Authenticator Now Warns To Export Passwords Before July Cut Off - https://www.bleepingcomputer.com : Ransomware gangs increasingly use Skitnet post-exploitation malware - https://otx.alienvault.com : Skitnet IOCs Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 225 - What Is a Content Delivery Network—And Do They Really Protect Businesses? 24:29
24:29 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:29
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This week we are exploring what Content Delivery Networks —commonly known as CDNs— are and whether they protect modern businesses. We’ll dive deep into the mechanics of how CDNs work, the technologies behind them, and whether they defend organizations from threats or just deliver content at blazing speeds. Along the way, we’ll highlight two of the world’s leading CDN providers. - https://en.wikipedia.org : Content Delivery Network - https://www.cloudflare.com : What Is CDN? - https://www.akamai.com : What Is CDN? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 224 - Cisco Talos Year 2024 In Review 34:38
34:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode, we are looking at the latest Cisco Talos’ 2024 report. In this comprehensive report, we will delve into the major cybersecurity trends and threats observed over the past year. Cisco Talos team, has compiled this report to provide valuable insights and guidance for organizations to enhance their security postures. But before we get in to the main topic, I have one security news for you and that is: - The European Union launches a new vulnerability Database - EUVD - https://euvd.enisa.europa.eu : EUVD - https://euvd.enisa.europa.eu/faq : EUVD FAQ - https://blog.talosintelligence.com : 2024 Year In Review Report - https://www.forbes.com : Why Quantum Computers Will Work Alongside Classical Systems Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! This is the part 2 of RSAC 2025 episode. If you have not listened to episode 1 (that episode 222), I would suggest you listen to episode 1 before you listen this episode. Before you we get into part 2, lets review what has been happening last week on the news front. - UK shares security tips after major retail cyberattacks - https://www.bleepingcomputer.com : UK NCSC Cyber Attack A Wake Up call - https://www.ncsc.gov.uk :NCSC statement - Incident impacting retailers Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! It was RSAC week and it would be remiss of me if I did not give you a highlight on what went on this year, 2025. After all, RSAC has a critical role in security. We will be reviewing the top key announcements from this year's event, including some exciting news from the major security players in the industry. Whether you're a cybersecurity professional, a tech enthusiast, or just curious about the latest in the world of cyber security, this episode is definitely for you. So, let's get started! Before we dive into the main segment, we will also add one more topic that I think is of major importance on top of everything else and that is from Microsoft. Microsoft makes All new Account Passwordless by default - https://techcommunity.microsoft.com : New User Experience - https://www.rsaconference.com : RSA Conference 2025 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 221 - FBI’s 2024 Annual Internet Crime Report 32:16
32:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This week's episode looks at the FBI’s 2024 Annual Internet Crime Report -an analysis that not only highlights the scale of cybercrime but also reveals the evolving tactics of cybercriminals and the staggering financial impact on individuals and businesses alike. This of course relates to US but it is an indicative what might be happening elsewhere. - https://www.ic3.gov : Federal Bureau Of Investigation - Internet Crime Report 2024 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 220 - Watering Hole Attacks-The Hidden Danger of Trusted Spaces 32:41
32:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Imagine visiting your favorite website-one you trust, one you’ve browsed a hundred times before-only to discover it’s become a silent gateway for cybercriminals. What if the real danger wasn’t in suspicious emails or obvious scams, but lurking in the very places you feel safest online? In today’s episode, we’ll unravel a cunning technique that preys on trust and routine, catching even the most vigilant users off guard. Stay tuned as we explore the origins, methods, and real-world impact of one of the most deceptive cyber threats in existence. But before we get to the main topic, lets cover the top security news first Lazarus hackers breach multiple organisation in a not so new attack method. We will find out what the technique is. - https://attack.mitre.org : Lazarus - https://attack.mitre.org : Drive by compromise Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! In this week's episode we are touching an intriguing topic. We're going to explore Agentic AI, a fascinating area within artificial intelligence that focuses on autonomous systems capable of making decisions and performing tasks without human intervention. We'll break it down for those new to cybersecurity, delve into some technical details, and use analogies to make it all clear But we before we dive into the topic, lets recap the top security news this week: Microsoft defender will isolate undiscovered endpoing to block attacks - https://learn.microsoft.com : Whatsbnew in Microsoft Defender Endpoint - Apri 2025 - https://en.wikipedia.org : Alan Turing - https://www.nvidia.com : Agentic AI Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 218 - Fast Flux-The Cybercriminal's Hide and Seek 26:49
26:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This week, we re going to explore what Fast Flux is, a sophisticated technique used by cybercriminals to evade detection and maintain their malicious activities. We'll break it down for those new to cybersecurity, delve into some technical details, and use analogies to make it all clear. So without further ado, grab your coffee, or keep your eyes on the road if you are driving, sit back, and let's get started!" HellCat Ransomware - https://therecord.media: Schneider Electric Hackers Accessed Internal Project Tracking Platform - https://www.infosecurity-magazine.com: Hellcat Ransomware Humiliation - https://attack.mitre.org : Dynamic Resolution: Fast Flux DNS - https://www.cisa.gov : Fasst Flux, A National Security Threat Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 217 - Phishing the Expert-The Unexpected Cybersecurity Breach - Part 2 28:32
28:32 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:32
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This week's episode is continuation of Troy Hunt's cautionary tale , the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll continue to break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end where we bust our myth of the week! We will also look at this week's cyber security news which is Ubuntu Linux security bypasses - https://blog.qualys.co m: Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions - https://www.troyhunt.com : A sneaky phish just grabbed my Mailchimp mailing list Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 216 - Phishing The Expert-The Unexpected Cybersecurity Breach - Part 1 32:15
32:15 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:15
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode we have a fascinating and cautionary tale about none other than Troy Hunt, the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end for tips on how to stay vigilant against phishing attacks and our myth of the week! we will also look at the cyber security news. Here is what caught my attention this week. - PSTools dll injection vulnerability - https://www.foto-video-it.de : Disclosure Sysinternals (You will need to translate to English if you are not a German speaker) - https://learn.microsoft.com : PSTool - https://www.troyhunt.com : A sneaky phish just grabbed my Mailchimp mailing list Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 215 - Cyber Threat Emulation - Strategies for Staying Ahead Of Cyber Attacks 37:04
37:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this episode, we’ll look into a cybersecurity assessment method that mimics real-world attacks to test an organization's security defenses and response capabilities: Threat emulation. It is one of the strategies to keep you ahead of the game. Threat emulation aims to identify and mitigate security gaps before attackers exploit them, providing a more comprehensive evaluation than traditional assessments. Before we dive into the main topic, lets glance what is happening on the security front: March Microsoft Patch Tuesday has landed! - https://msrc.microsoft.com : March 2025 Security Updates - https://detect-respond.blogspot.com : Pyramid Of Pain - https://www.atomicredteam.io : Atomic Read Team - https://www.ecb.europa.eu /paym/cyber-resilience/tiber-eu/html/index.en.html Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 214 - What are polyglot files and how bad are they? 31:58
31:58 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:58
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this episode, we’ll be exploring a particularly intriguing file types: polyglot files. These digital shapeshifters have become a powerful tool in the arsenal of cyber attackers, capable of bypassing security measures, confusing systems, and delivering malicious payloads in ways that are both creative and devastating. Over the next 20 to 30 minutes or so, we’ll break down what polyglot files are, how they work, and why they’re so dangerous. We’ll also examine some real-world examples where polyglot files were used in cyberattacks. We will reference the MITRE ATT&CK framework to understand how these techniques fit into the broader landscape of adversarial tactics. Finally, we’ll discuss mitigation strategies and close with a cybersecurity myth that needs busting Before we dive into the main topic, lets glance what is happening on the security front: UEFI Secure Boot bypass vulnerability - https://en.wikipedia.org : Polyglot - https://attack.mitre.org : Masquerading - https://arxiv.org : Where the Polyglots Are: How Polyglot Files Enable Cyber Attack Chains and Methods for Detection & Disarmament - https://medium.com : Polyglot Files A Hackers Best Friend - https://www.bleepingcomputer.com : New polyglot malware hits aviation, satellite communication firms Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 213 - Stealing Data in Plain Sight -How Cybercriminals Exfiltrate Your Secrets and How to Stop Them 50:53
50:53 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי50:53
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In today's episode, we're diving deep into Data Exfiltration; one of the most serious threats facing organizations today. We'll break down exactly what data exfiltration is, where it fits in the MITRE ATT&CK framework, the tools and techniques attackers use, and, most importantly, how organizations can defend themselves. We’ll also cover real-world examples, including publicly known cases that had major consequences. So, whether you're a seasoned security professional or just starting out in the field, stick around as we unravel the methods attackers use and how to stop them. First lets look at one of the trending security news this week, and that is: News: Caldera Vulnerability - https://github.com/mitre/caldera : Security Notice - https://nvd.nist.gov : CVE-2025-27364 - https://medium.com : MITRE Caldera Security Advisory — Remote Code Execution (CVE-2025–27364) - https://www.mitre.org : Caldera Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 212 - Behind the login Screen - Understanding OS Authentication - Part 2 49:05
49:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי49:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! We are continuing with part 2 of "Behind the Login Screen - Understanding OS Authentication." If you missed our first episode, I highly recommend giving it a listen before diving into today's content. In part one, we started to explore the fascinating world of operating system authentications, focusing on Windows, Linux/Unix, and Mac OS. We discussed how hashes are used in authentication, the concept of salt in passwords, rainbow table attacks. In today's episode, we'll build on that foundation and delve even deeper into the topic of OS authentication mechanisms. So again, if you haven't already, make sure to catch up on part one to get the full picture. Now, let's get started with part two of our journey into the world of OS authentication! lets look at one of the trending security news this week, and that is: - Newly discovered OpenSSH vulnerabilities. - https://blog.qualys.com : Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 - https://learn.microsoft.com : Kerberos Authentication Overview Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 211 - Behind the login Screen: Understanding OS Authentication - Part 2 35:22
35:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In today's episode, we're going to explore the fascinating topic of operating systems authentications. We all use it but how many of us wondered how the behind the curtains machinery work. We'll be focusing on Windows, Linux/Unix, and Mac OS. We'll discuss how hashes are used in authentication, the concept of salt in passwords, rainbow table attacks and their countermeasures, the benefits of password-less authentication using hardware keys, password cracking, the shadow file in Unix/Linux, and the mechanics of how each OS protects passwords and how attackers try to circumvent these protections. Scareware blocker, now available in Microsoft Edge - https://blogs.windows.com : Stand Up To Scareware With Scareware Blocker - https://learn.microsoft.com : Kerberos Authentication Overview - https://www.microsoft.com : Scareware Blocker Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 210 - Adversarial Misuse of Generative AI 50:21
50:21 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי50:21
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! As AI-generated content becomes more advanced, the risk of adversarial misuse—where bad actors manipulate AI for malicious purposes—has skyrocketed. But what does this mean in practical terms? What risks do we face, and how one of the big players is addressing them? Stick around as we break Google’s Adversarial Misuse of Generative AI report, explain the key jargon, and bust a cybersecurity myth at the end of the show. Before we get into the main topic, lets have a look at one important news update, and that is: Microsoft has expanded its Windows 11 administrator protection tests - https://cloud.google.com : Adversarial Misuse of Generative AI - https://deepmind.google : Mapping the misuse of generative AI - https://learn.microsoft.com : User Account Control overview - https://learn.microsoft.com : How User Account Control works Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! Today, we’ve got something really exciting for you. If you’ve been following the world of artificial intelligence lately, you’ve probably heard a lot about a new player in town: DeepSeek. Now, let me tell you, DeepSeek is shaking things up. They’re doing something completely different that’s not only disrupting the AI space but could also be a game-changer in how we approach cost, performance, and security in the future of AI technology. So, grab a seat on a solid ground and buckle up—this week, we’re diving into how **DeepSeek** is leveling the playing field for AI vendors everywhere, cutting costs, and leveraging some really smart techniques that are turning heads in the industry. And, of course, at the end of today’s episode, we’ll be busting a big cybersecurity myth that might surprise you. But first, let’s talk all things DeepSeek. Before we dive into the main, we will also bring you update todate on the news front: - Deepseek date breach. Yes they were hit already! - https://www.technologyreview.com : How DeepSeek ripped up the AI playbook—and why everyone’s going to follow its lead - https://www.digitaltrends.com : Microsoft is letting anyone use ChatGPT’s $200 reasoning model for free - https://www.wiz.io : Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 208 - Lets Encrypt on shortening certification lifetime to just 6 days! 32:38
32:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this episode we will detail the significant announcement from Let’s Encrypt – the trusted nonprofit Certificate Authority that has been at the forefront of making the web more secure. Let’s Encrypt has revealed its plans to drastically reduce the lifetime of its TLS certificates from 90 days to just 6 days. This decision, outlined in their 2024 annual report, is aimed at strengthening the security of online communications by minimizing the risks associated with compromised keys. But what does this mean for website owners, IT administrators, and the broader cybersecurity landscape? That’s what we’ll explore in detail today. - https://community.letsencrypt.org : 2024 ISRG Annual Report - https://www.malwarebytes.com : 7-zip bug could allow a bypass of a windows security feature update now - https://digital.nhs.uk : Proof-of-Concept Exploit Released for CVE-2025-0411 in 7-Zip Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 207 - Microsoft Windows Actively Exploited Vulnerabilities 37:47
37:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This episode is one for you system admins out there! Today we’re discussing three actively exploited vulnerabilities you absolutely need to know about—CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. These vulnerabilities have been making headlines, and understanding them could mean the difference between staying secure and falling victim to a breach. We’ll explore what these vulnerabilities are, how they’re being exploited, the adversaries leveraging them, and what organizations and individuals can do to protect themselves. And, as always, we’ll break down the jargon and bust a popular cybersecurity myth towards the end of the show. Before we get into the main topic, lets recap the top security news this week Microsoft dropped the January Patch Tuesday and boy was it a whopper! We will dig into the details in more ways than one! - https://isc.sans.edu : Microsoft January 2025 Patch Tuesday - https://www.theregister.com : Microsoft fixes under-attack privilege-escalation holes in Hyper-V Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 206 - Cybersecurity Resolutions for 2025 - Best Practices for Individuals and Organizations 32:56
32:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This is the podcast where we explore the ever-evolving world of cybersecurity and provide practical advice for staying ahead of threats. I’m your host, Yusuf, and today’s episode is all about starting the new year with a solid plan. We’re diving into _Cybersecurity Resolutions for 2025: Best Practices for Individuals and Organizations._ As we step into a new year, it’s the perfect time to reflect on how we protect our digital lives—whether at home or in the workplace. From bolstering personal security habits to implementing stronger organizational policies, this episode will cover actionable resolutions you can adopt today. Along the way, we’ll explain key jargon, explore real-life examples, and, as always, bust a common cybersecurity myth at the end. - https://nypost.com : Apple users warned of hi-tech Mac malware that steals personal data, goes undetected for months— here’s how to stay safe - https://www.youtube.com : When Do We Get to Play On Easy Mode? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 205 - Vulnerability Scanners-The Heroes and Hidden Limits of Cybersecurity 28:48
28:48 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:48
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Today, we’re tackling a fundamental yet often misunderstood tool in every cybersecurity professional's arsenal—vulnerability scanners. What role do they play in protecting our organizations? Where do they shine, and where do they fall short? As always, we’ll cut through the jargon and break things down for everyone—from seasoned professionals to those just beginning their journey in cybersecurity. And stick around until the end for this week’s myth-busting segment, where we debunk a misconception about cyber security in general that many people still believe. So grab your favorite beverage, get set, and let’s dive right in! Tenable Scanner Agent went offline globally All that coming up next, in this week episode. - https://docs.tenable.com : Tenable Nessus Agent 2025 Release Notes - https://www.splunk.com : Vulnerability Scanners Primer Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 204 - Recap of the best episodes of 2024 1:31:38
1:31:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:31:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This final episode of 2024, we recap the best the most listened to episodes of the year. And this year we have a great four back to back of the greatest of them all. Lets start with the first eisode 191 - Is The Browser The New Operating System? released on the 28th of September. Next is episode 172 - SSL VPN versus IPsec VPN - Part 1 and part 2 released 18th of May and 25 of May respectively. And finally Episode 191 - APIs and Webhooks released on the the 5th October. Enjoy and see you in the new year! Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 203 - Tips In Securing Your Organization - When the Security Team is Away 22:04
22:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! It is a topical episode we’re diving into a high-stakes challenge every organization faces: It is holiday season, how do you manage threats when most of the security team is off duty. Imagine a holiday season, a long weekend, or even an unexpected emergency. With key team members unavailable, how do we keep our defenses strong? This episode will provide actionable strategies, backed by real-world examples, to help you stay prepared. Stick around until the end, where we’ll also bust a common cybersecurity myth. - https://www.bleepingcomputer.com : CISA Urges Switch To Signal Like-Encrypted Messaging Apps After Telecom Hacks Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! In this week's episode, we’re diving into a concerning and highly consequential topic: the Volt Typhoon espionage campaign—an advanced persistent threat that has sent shockwaves through the cybersecurity and telecommunications industries. Volt Typhoon, a state-backed APT group, has been making headlines for its stealthy and highly sophisticated attacks on telecom networks. In this episode, we’ll dissect the technical details of this malware campaign, the vulnerabilities it exploited, and the regulatory loopholes that attackers took advantage of. We’ll also explore lessons the industry can learn to bolster defenses and, as always, bust a common cybersecurity myth along the way. As always, we will break down all the jargon so that anyone can understand. Whatever you are doing, settle in or keep your eyes on the road, and let’s get started. Before we get into the main topic, we will start with a recap of top trending security news this week...and that is: The Last Patch Tuesday - https://msrc.microsoft.com : Microsoft - December 2024 Security Updates - https://www.cisa.gov : CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity - https://www.cisco.com : China APT’s, Volt Typhoon, and what to do! - https://www.fcc.gov : Communications Assistance for Law Enforcement Act Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 201 - Digital Breadcrumbs - Tracing the Hidden Trails for Evidence 30:20
30:20 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:20
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This week episode, we dive into one of the most fascinating aspects of digital investigations: Windows forensic artifacts. It does not matter who you are: a security professional, an aspiring investigator, or simply curious about how experts uncover the digital breadcrumbs left on your computer, this episode will walk you through the essential pieces of evidence, known as _forensic artifacts_. We’ll dip our hand into that Shellbags...wait what bags? I heard you say, Don't worry we will break down those complex terms, discuss real-world cases, and provide you with an in-depth understanding of artifacts like Shellbags, Prefetch files, and more. Before we go any futher, we will review one top trending security news, this week... and that is: Microsoft NTLM Zero Won't get fixed until April 2025! - https://blog.0patch.com : NTLM Hash Disclosure Vulnerability (0day) - https://www.splunk.com : Cyber Forensics - https://www.coursera.org : Digital Forensics Concepts Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 200 - Incident Response Playbook- Turning Chaos into Control 34:09
34:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Today, we’re tackling a topic that every organization, big or small, absolutely must take seriously: Incident Response Playbook Imagine this: It’s 3 a.m., and your phone buzzes with an alert. A possible ransomware attack has been detected in your network. Do you panic, or do you execute a clear, structured plan? That’s the difference an Incident Response (IR) playbook can make—it turns chaos into control. Today, we’ll break down what an IR playbook is, why it’s crucial, and how to implement one effectively. We’ll demystify technical jargon and provide actionable insights that you can apply right away. Stick around for the final section, where we’ll bust a common cybersecurity myth that everyone should know about. Before we go ahead with the show, lets review the top trending security news this week: https://www.bleepingcomputer.com : Microsoft TPM is non-negotiable https://learn.microsoft.com : Windows 11 Hardware and Software Requirements Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 199 - FBI-CISA-NSA's list of the most exploited vulnerabilities of 2023 35:37
35:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This week, we’re diving into a hot-off-the-presses report from the FBI, CISA, and NSA —a breakdown of the most exploited vulnerabilities of 2023. Think of this as the hackers' “most wanted” list: the weaknesses in software and systems that bad actors love to exploit because they’re effective and widely available. Before we get into that, lets review the top security news this week. Pygmy Goat: The Sophisticated Linux Backdoor Targeting Network Devices - https://www.ncsc.gov.uk : Pygmy Goat Analysis - https://www.cisa.gov : 2023 Top Routinely Exploited Vulnerabilities Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! Today, we’ll dive into what browser engines are, how they power your online experiences, and the security efforts shaping the modern web. We’ll also unpack extension security, with a spotlight on Google’s Manifest v3, and see how Safari and Firefox approach these challenges. Whether you’re a casual browser user or a budding tech enthusiast, this episode is designed to give you insight into a part of your digital life that you might not even realize exists—the browser engine. So If phrases like “browser engines” and “Manifest v3” sound daunting, don’t worry! I’ll break it all down so it’s as simple as possible. By the end, you’ll not only understand these terms but also appreciate why they’re crucial for a safer internet. Before we get started, lets review a top trending piece of news this week....and that is: iOS 18.1 Forcing Reboots - https://www.macrumors.com : iOS 18.1 Forcing Reboots - https://en.wikipedia.org : Browser_engine, what they are - https://en.wikipedia.org : Comparison OF Browser Engines Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 197 - Advanced Malware evasion Techniques And Their Counter Measures 27:34
27:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! It is another week and another podcast shaw on YusufOnSecurity where we deep dive into the complex world of cybersecurity that concerns both professionals and anyone interested in how attackers continue to evolve their methods. This week we will be covering advanced malware evasion techniques—strategies used by malicious software to avoid detection—and, crucially, the countermeasures that can help protect against these threats. Before we get started, lets review a top trending piece of news this week....and that is: SANS' Holiday Hack Challenge 2024 is Up - https://www.sans.org : SANS' Holiday Hack Challenge 2024 - https://redcanary.com : Defense- Evasion Why Is It So Prominent How Can You Detect It? - https://attack.mitre.org/tactics/TA0005/ Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 196 - What are Shared Fate Model and Trust Anchors? 28:46
28:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode I will unpack the complexities of the cybersecurity world and help you stay informed and secure. Today, we’re going to dig into some intriguing concepts shaping the cybersecurity landscape: the Shared Fate Model and Trust Anchors. Some say these concepts are becoming so vital in modern IT security, their pros and cons, and how they compare with traditional security models that, quite frankly, aren’t cutting it anymore. Before we get started, lets review a top trending piece of news this week....and that is: Australia looks at setting a minimum for social media use - https://edition.cnn.com : Australia Minimum Age Limit on Social Media - https://cloud.google.com : Shared Fate Model - https://csrc.nist.gov : Trust Anchor Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 195 - Top Common Password Attacks and How to Defend Against Them 38:15
38:15 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:15
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Lets face it, the cyber crooks are always lurking aroud waiting for an opportunity to come in. They choose the path of least resistant and password is often their way in. Unfortunately password is still with us and for sometime to come too. In today episode, we’re digging deep into top common types of password attacks—and, most importantly, I’ll walk you through effective ways to stop them. Passwords are often the first line of defense, but they’re also a favorite target for hackers. Understanding these attack methods can empower you to protect your data better, avoid common pitfalls, and even educate those around you. So, let’s get into it! A newly discovered ransomware serves a wake up all for Mac Users. - https://xkcd.com : How To Create A Strong Password - https://haveibeenpwned.com : Have I Been Pawned - https://pages.nist.gov : Password - https://www.infosecurity-magazine.com : NIST Scraps Passwords Complexity and Mandatory Changes in New Guidelines Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! This week's episode is an interview with Nadim Lahoud from Red Sift at GITEX the Global IT Expo that is held yearly in Dubai. It is the largest tech startup gathering in the world. Redsift is a company that provides a cloud-based DMARC, DKIM and SPF configuration and management platform called OnDMARC. They also provide: -Continuous certificate discovery and monitoring as well as -Brand Trust through AI-driven brand impersonation discovery and monitoring. Before we get into that we will recap the top trending security this week. That is: FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms - https://fidoalliance.org : Specifications Credential Exchange Specifications - https://redsift.com : About Red Sift Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 193 - Microsoft Windows Architecture 39:38
39:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Today we’re going to peel back the layers of Microsoft Windows architecture. For many of us, Windows has been a part of our computing lives for decades, whether at work or at home. But how much do we really know about how it works under the hood? In this episode, we’ll take a closer look at what makes Windows tick, compare it with Unix/Linux systems, and explore how it has evolved over the years. Before we get into the topic, lets review this week's top trending security news: Criminals Are Testing Their Ransomware Campaigns in Africa - https://www.performanta.com : Africa A testing Ground - https://en.wikipedia.org : Architecture Of Windows NT - https://techcommunity.microsoft.com : Windows Architecture The Basics - https://learn.microsoft.com : Explore Windows Architecture/ Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In today's episode, we’re diving into the world of APIs and Webhooks—two key technologies that power much of the automation and interaction between services online. Whether you’re a developer, security expert, or someone just curious about how data flows through the internet, this episode will give you valuable insights into how these tools work, their history, and, most importantly, how to keep them secure. We’ll also look at real-world examples of API-based attacks on major brands and break down what went wrong. By the end of this episode, you’ll have a full understanding of both APIs and Webhooks, and you’ll be armed with the must-know security measures for each. So, stick around and by keep listening! Having said that, lets have a look at the top trending news this week. Mitre launches AI Incident Sharing Initiative. Awsome move! - https://owasp.org : OWASP API Security Top 10 - https://ai-incidents.mitre.org : Mitre ATLAS Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 191 - Is The Browser The New Operating System? 26:27
26:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Today we’re discussing an exciting trend in the world of technology—the browser is no longer just a window to the web. So we asked is it becoming the operating system itself? From the early days of Mosaic and Netscape Navigator to today’s cloud-powered Chromebooks, the browser has evolved dramatically. In this episode, we’ll explore the security implication, the history of browsers, the famous browser wars, and how today’s browsers are blurring the lines between web interfaces and operating systems. Having said that, lets recap a top trending security news shall we? Exploiting CUPS: How Recent Vulnerabilities Could Compromise Linux Security - https://www.evilsocket.net : Attacking On UNIX Systems Via CUPS Part I - https://en.wikipedia.org : History of The Web Browsers - https://en.wikipedia.org : Browser Wars Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this episode lets look at the world of DevSecOps—a vital practice in modern software development that has implication on security. We’ll trace the history of software development, discuss the evolution of methodologies, and examine the challenges that have led to the emergence of DevSecOps. So, whether you’re a seasoned developer who is curious about the cyber security world, or a veteran security practitioner, this is an episode you would not want to miss.. As always, lets review what is trending in the news front first. Microsoft officially deprecates Windows Server Update Service aka WSUS. - https://techcommunity.microsoft.com : Windows Server Update Services WSUS Deprecation - https://www.cisco.com : Addressing Security Challenges in a Fast Evolving Landscape White Paper Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 189 - The Risks of Rushing LLM Implementation and Sensitive Data Leakage on the Open Web 32:19
32:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Today’s topic is one that mixes the marvel of modern technology with some very real concerns. We’re talking about the rise of Large Language Models, or LLMs, how they’re rapidly being adopted across industries, and the potential for sensitive data leakage on the open web. It’s a thrilling time for AI technologies, but as with all new frontiers, there are risks if we're not careful. News: MSHTML platform spoofing vulnerability. And yes, It is a big one. - https://blogs.cisco.com : Securing The LLM Stack - https://msrc.microsoft.com : CVE-2024-43461 - https://msrc.microsoft.com : CVE-2024-38112 - https://www.trendmicro.com : CVE-2024-38112 Void-Banshee Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this episode we’re diving into an important topic that concerns one of the most trusted hardware security tokens on the market—the YubiKey 5 series. We’ll discuss a recently discovered vulnerability affecting YubiKeys and go over what it means for the broader world of authentication and cryptographic security. To help you fully understand the issue, I’ll also provide a quick primer on key concepts like digital signatures, elliptic curves, and the cryptographic algorithm known as ECDSA. With that said, this episode is an update as well as a main topic and all in all it will give you the tools you need to stay informed and protected. - https://www.yubico.com: Yubico Advisories - https://ninjalab.io : The research Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 187 - File Integrity Monitoring or EDR? 29:34
29:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Today, we will look into two essential cybersecurity solutions: File Integrity Monitoring or FIM and Endpoint Detection and Response, commonly known as EDR. Both of these technologies are crucial for protecting systems, but they work in very different ways. We’ll be comparing and contrasting their capabilities, benefits, and use cases. Before we get into the main topic, lets review a top trending piece of security news: SANS Institute released a Critical Infrastructure Strategy Guide - https://www.sans.org : SANS Institute released a Critical Infrastructure Strategy Guide - https://en.wikipedia.org : File Integrity Monitoring - https://www.cisco.com : What is an EDR? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 186 - The New NIST Framework 2.0 35:54
35:54 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:54
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In today episode we’re diving into something that’s been making waves in the cybersecurity community—NIST Cybersecurity Framework 2.0. The NIST Cybersecurity Framework has long been a cornerstone for building robust security practices, and with the release of version 2.0, there are some exciting new developments that are relevant given todays threat landscape. As always, lets review what is trending in the news front. CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet - https://www.akamai.com : Mirai Botnet Infects CCTV Used in Critical Infrastructures - https://www.nist.gov : IST Cybersecurity Framework 2.0. - https://nvlpubs.nist.gov : NIST Cybersecurity Framework 2.0. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 185 - Cybersecurity Capability Maturity Model 33:03
33:03 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:03
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode we will dig in exploring a critical framework that’s reshaping how organizations approach cybersecurity—especially in the energy sector—known as the Cybersecurity Capability Maturity Model. This is also refer to C2M2. We’ll unpack what C2M2 is, why it’s so important, and how it helps organizations assess and improve their cybersecurity practices. So, grab a coffee, sit back, and let’s dive in. But wait, lets first review this week's trending news. A ransomware group launched an EDR process killer utility - https://www.theregister.com : RnsomHub EDRKilling Malware/ - https://c2m2.doe.gov : Cybersecurity Capability Maturity Model Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 184 - Why Hackers Target Stolen Credentials 37:23
37:23 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:23
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode, we’re unpacking a topic that’s crucial for anyone connected to the digital world: _Why Hackers Target Stolen Credentials_. From understanding the value behind those stolen usernames and passwords to exploring the dark web marketplaces where they’re traded, we’ll break it all down and look at what this means for your security. Before we get into the topic, lets review this week's top trending security news: A UK IT provide faces hefty fines for ransomware breach - https://ico.org.uk : Provisional decision to impose £6m fine on software provider following 2022 ransomware attack that disrupted NHS and social care services - https://en.wikipedia.org: Credential Stuffing Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 183 - The Malware Information Sharing Platform 30:00
30:00 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:00
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode, we're diving into the Malware Information Sharing Platform, or MISP. We'll explore how MISP helps organizations share and leverage threat intelligence, enhancing their defense against cyber threats. Stay tuned as we unpack its features, benefits, challenges, and practical tips for implementation. Before we get into the main topic, lets touch a top trending piece of news this week. And that is: Ransomware is on the rise, while technology becomes most targeted section - https://blog.talosintelligence.com : IR Trends: Ransomware on the rise, while technology becomes most targeted sector - https://www.misp-project.org : MISP Project - https://www.misp-project.org : Documentation - https://github.com : MISP GitHub Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 82 - Weighting The Risk Benefit Of Kernel Level Access By 3rd Party Apps 29:44
29:44 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:44
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode, we will dig into the risk benefit analysis of allowing kernel level access to third party application. We will look into the inherent risks this brings into the operating system and the benefit thereof. We will also compare the approach the two major operatic system makers took i.e. Microsoft and Apple. We will include snippet of what Microsoft says post CrowStrike outage. - https://www.microsoft.com : Windows Security Best Practices For Integrating And Managing Security Tools - https://support.apple.com : System And Kernel Extensions In MacOS - https://www.theverge.com : Microsoft Windows Changes Crowdstrike Kernel Driver - https://learn.microsoft.com : Support Policy Third Party Kernel Level Attestation Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! This week's episode needs very little introduction: The CrowdStrike IT Outage. We will delve into the unprecedented IT outage caused by a corrupt update from CrowdStrike, which led to widespread Blue Screen of Death (BSOD) errors on Windows systems across globe. Join us as we explore how this incident became the largest IT outage in history and what lessons can be learned from it. - https://www.crowdstrike.com : Falcon Update For Windows Hosts Technical Details - https://www.crowdstrike.com : Falcon Content Update Remediation And Guidance Hub Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 180 - Unmasking Data Breaches - Understanding the Surge and Examining Recent Major Incidents - Part 2 35:32
35:32 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:32
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! As I said in part of this two part series episode, It's easy to feel like nothing is secure these days, with constant reports of data breaches and exploits occurring everywhere you look. From major corporations to small businesses, no one seems immune to these pervasive cyber threats. The frequency and scale of these incidents can make it seem like our digital world is under continuous siege. In today's episode, we will be diving into the reasons behind the surge in data breaches and exploits, and how these incidents are becoming more frequent and damaging. Join us as we explore the fundamental factors contributing to this trend and examine some major breaches from the past few years. Please listen to part 1, beforehand. Lets now turn to our top trending news this week and that is: There is a critical Exim Mail Server Vulnerability - https://informationisbeautiful.net/visualizations : Worlds Biggest Data Breaches Hacks - https://bugs.exim.org : Incorrect parsing of multiline rfc2231 header filename - https://nvd.nist.gov : CVE-2024-39929 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 179 -Unmasking Data Breaches - Understanding the Surge and Examining Recent Major Incidents - Part 1 28:43
28:43 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:43
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! It's easy to feel like nothing is secure these days, with constant reports of data breaches and exploits occurring everywhere you look. From major corporations to small businesses, no one seems immune to these pervasive cyber threats. The frequency and scale of these incidents can make it seem like our digital world is under continuous siege. In today's episode, we will be diving into the reasons behind the surge in data breaches and exploits, and how these incidents are becoming more frequent and damaging. Join us as we explore the fundamental factors contributing to this trend and examine some major breaches from the past few years. Having said that, lets turn to a couple of top trending news this week and they are Who are behind the Brain Cipher ransomware? - https://media.inti.asia : Understanding the Brain Cipher Ransomware Attack - https://informationisbeautiful.net/visualizations : Worlds Biggest Data Breaches Hacks Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 178 - Trusted Relationship Attacks 42:49
42:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי42:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this episode, we’re focusing on the rising trend of IT outsourcing and its implications for cybersecurity. As more businesses delegate non-core tasks to third-party providers, they inadvertently open doors to trust relationship attacks. We'll explore how attackers exploit the trust between companies and their service providers, leading to potentially devastating breaches. Join us as we delve into the mechanisms, real-world examples, and strategies to defend against these insidious threats. And before we get into the meant of the matter, lets catch up on what has been trending this week: A large number of companies are potentially exposed in SnowFlake's related attacks. - https://cyberscoop.com : Snowflake related attacks - https://attack.mitre.org/techniques : Trust Relationship Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 177 - The Importance Of Automation And Orchestration In Cyber Security - Part 2 41:01
41:01 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי41:01
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This week's episode will continue with part 2 of "The Importance of Automation and Orchestration in Cyber Security." As I said in the episode one, the need for efficient and effective security measures has never been more critical. I suggest you listen to E1, before you dive into this one. Without further ado, lets first get what is trending this week in term of news and updates. Hundreds of personal computer as well as Server Models could be Affected by a serious UEFI Vulnerability - https://eclypsium.com : UEFICanHazBufferOverflow Widespread Impact From Vulnerability In Popular PC And Server Firmware - https://eclypsium.com : How Eclypsium Automates Binary Analysis At Scale - https://en.wikipedia.org : Orchestration (computing) Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 176 - The importance Of Automation And Orchestration In Cyber Security - Part 1 36:37
36:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי36:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode of the podcast we dissect "The Importance of Automation and Orchestration in Cyber Security." As you are well aware cyber threats are becoming increasingly sophisticated and frequent. The need for efficient and effective security measures has never been more critical. Equally, automation and orchestration have never more important for organizations to defend themselves and to streamlining processes, reducing response times, and enhancing overall security posture. In my view this is an important way of tipping the balance in favor of the defenders. Having said that and before we get into the main topic, lets touch a trending piece of news this week. And that is: Phishing Email Abuses Windows Search Protocol - https://www.trustwave.com : Search Spoof Abuse O Windows Search T Redirect To Malware - https://learn.microsoft.com : Using the search Protocol - https://benjamin-altpeter.de : An Analysis of the State of Electron Security in the Wild - https://en.wikipedia.org : Orchestration (computing) Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 175 - The Dangers Of Remote Workers 47:38
47:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי47:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode, we're tackling a topic that has become increasingly relevant in our post-pandemic world: the hidden dangers posed by remote work. As more companies embrace flexible work arrangements, the convenience and efficiency of working from home bring new set of challenges. From cybersecurity threats to data privacy concerns, remote work introduces vulnerabilities that many organizations are not fully prepared to handle. In this episode, we'll explore the risks associated with remote work, share real-world examples of security breaches, and discuss practical steps that businesses and employees can take to safeguard sensitive information. Before we get into the main topic, lets touch a trending piece of news this week. And that is: More backlash about Microsoft's Recall technology. - https://www.computing.co.uk : Microsoft overhauls Recall, makes it opt-in - https://www.ciscolive.com : Protecting Remote Workers, the Right Way Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 174 - Digital Twin Technology And Its Application In Security 38:27
38:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode we're exploring an exciting and transformative innovation: Digital Twins technology and its groundbreaking application in cybersecurity. Imagine having a virtual replica of your entire digital infrastructure—a detailed, dynamic model that mirrors every aspect of your environment. In particular, we will look at how this cutting-edge technology enhances our ability to test, patch and update our environment and therefore anticipate, detect, and respond to cyber threats with unmatched precision and agility. Before we get into the main topic, lets touch a top trending piece of news this week. And that is: Kaspersky releases free tool that scans Linux for known threats - https://www.bleepingcomputer.com : Kaspersky Releases Free Tool That Scans Linux For Known Threats - https://en.wikipedia.org : Digital-Twin - https://blogs.cisco.com/securit : Cisco HyperShield Reimagining Security Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 173 - SSL VPN versus IPsec VPN - Part 2 30:22
30:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this episode we continue with part 2 on comparing SSL VPN and IPsec VPN, two popular technologies used for secure remote access. As I said last week, understanding the nuances of these technologies is therefore crucial. We'll explore how each VPN works, their security features, performance differences, and the scenarios where each excels. Please listen to episode 172 before you listen to this episode. With that said, lets turn to a top trending news this week: - Microsoft's "Recall" feature raises privacy concern. - https://www.wired.com : Microsoft Recall AI May Be A Privacy Nightmare - https://en.wikipedia.org : Virtual_private_network - https://en.wikipedia.org : Transport Layer Security https://www.bleepingcomputer.com : Norway Recommends Replacing SSL VPN To Prevent Breaches Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 172 - SSL VPN versus IPsec VPN - Part 1 35:17
35:17 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:17
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode we're diving into the world of VPNs, Specifically we will compare SSL VPN and IPsec VPN, two popular technologies used for secure remote access. In the post pandemic area, remote work become part of the new normal post. Understanding the nuances of these technologies is therefore crucial. We'll explore how each VPN works, their security features, performance differences, and the scenarios where each excels. Having said that and before we get into VPN, lets turn to a top trending news this week and they are: Recap of RSA Conference. The biggest security conference in the US. - https://en.wikipedia.org : Virtual_private_network - https://en.wikipedia.org : Transport Layer Security https://www.bleepingcomputer.com : Norway Recommends Replacing SSL VPN To Prevent Breaches Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this week's episode, we will be exploring the fascinating world of remote browser isolation technology or RBI as it appreciated. We will delve into what remote browser isolation is, how it works, and the limitations it faces. Join us as we uncover the complexities of this innovative cybersecurity approach, shedding light on its benefits and challenges. Whether you are new to the concept or a seasoned professional, there is something here for everyone. Having said that and before we get into RBI, lets turn to a couple of top trending news this week and they are: Dell data breach, 49 million customer records stolen - https://techcrunch.com : Threat Actor Scraped- 49M Dell customer Addresses Before The Company Found Out - https://www.w3.org : Introduction to DOM - https://en.wikipedia.org : Browser Isolation Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In part 2 on eBPF we continue demystifying this promising new technology that is strengthening the cyber space. Please listen to the previous episode i.e. Episode 169 before you to listen to this one. Having said that, lets recap a top trending security news, shall we? New UK Law: No Default Passwords on Smart Devices from April 2024 - https://www.ncsc.gov.uk : Smart Devices Law - https://www.ncsc.gov.uk : Leaflet To Consumer On Security Law Smart Devices - https://ebpf.foundation : eBPF - https://cloudblogs.microsoft.com : Making eBPF work on Windows - https://en.wikipedia.org : Protection ring - https://cilium.io : Cilium - https://blogs.cisco.com : Cisco HyperShield Reimagining Security - https://www.linkedin.com : Skyfall eBPF Agent For Infrastructure Observability Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this episode, we're diving deep to demystif a groundbreaking technology that's gathering pace on the security front. It is not something most people are aware of. This technology is bringing enhanced visibility, increased performance to enabling powerful security measures. Hang around as we unravel the potential of eBPF in bolstering cybersecurity defenses, from real-time threat detection to proactive mitigation strategies, and explore how this revolutionary tool is reshaping the landscape of security. Before we get into that, lets recap a top trending security news: and that is Threat Actors Were Exploiting an Antivirus Update Mechanism to Spread Malware - https://decoded.avast.io : Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - https://ebpf.foundation : eBPF - https://cloudblogs.microsoft.com : Making eBPF work on Windows - https://en.wikipedia.org : Protection ring - https://cilium.io : Cilium - https://blogs.cisco.com : Cisco HyperShield Reimagining Security - https://www.linkedin.com : Skyfall eBPF Agent For Infrastructure Observability Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 168 - Preparing for and responding to ransomeware attack - Part 2 33:31
33:31 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:31
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode, we will continue with part 2 on "Preparing for and responding to ransomeware attack" As I said last week, ransomware is a threat that will be around us for the foreseeable future. Do listen to part 1 before you listen to this episode. With that out of the way, lets have a look a top trending piece of update for you. There is large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials https://blog.talosintelligence.com : Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials - https://attack.mitre.org : Turla - https://www.chainalysis.com : ransomware 2024 - https://www.cohesity.com : Ransomware Recovery Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 167 - Preparing for and responding to ransomeware attack 34:53
34:53 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:53
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Ransomware is a threat that will be around us for the foreseeable future. In this week's episode we will look at the history of ransomware, the common TTPs in use by threat actors such as Turla, how to align our incident response to that threat and others, and finally how to contain, eradicate, and recover from it. In addition we will answer the following pertinent question that are top of minds for the SOC team. Questions such as: - What are the best methods to inhibiter Threat actor's lateral movement? - What are the critical components that drive ransomware? etc... But before we dig into these gems, lets touch one important top trending piece of news. And that is: - CISA makes its malware analysis system publicly available - https://www.cisa.gov : CISA Announces Malware Next-Gen Analysis - https://attack.mitre.org : Turla - https://www.chainalysis.com : ransomware 2024 - https://www.cohesity.com : Ransomware Recovery Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! This week we will dive into a collection of powerful system utilities and tools designed to help users diagnose, troubleshoot, and monitor Windows operating system. These utilities provide advanced functionality beyond what is typically available in Windows, as they offer insights into system internals, processes, file systems, networking, and more. But before we dig into these gems, lets touch one important top trending piece of news. And that is: There is a Post Authentication Stack Overflow on a NetGear Router. - https://blog.talosintelligence.com : Netgear wireless router open to code execution after buffer overflow vulnerability https://www.talosintelligence.com : Netgear RAX30 JSON Parsing getblockschedule() stack-based buffer overflow vulnerability - https://kb.netgear.com : Security Advisory for Post Authentication Stack-Overflow on the RAX30 - https://learn.microsoft.com : PSTools - https://learn.microsoft.com : SysInternals - https://en.wikipedia.org/wiki : Mark Russinovich Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 165 - How AI is helping Incident Responders 35:02
35:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! AI is getting into all sorts of places but no less than in cybersecurity in both a good way and bad ways. In a good way with bolstering Incident response live cycle but unfortunately in a bad way with generating convincing phishing email or assisting with script and coding etc. In this week's episode we will focus on how AI is helping IR in getting to the bottom of what might have happened. Before we get into the main topic, lets touch one important top trending piece of news. And that is: RedHat warns of a backdoor in a tool used in most of Linux distributions. - https://www.redhat.com : Urgent security alert Fedora 41 and rawhide users - https://www.cisa.gov : Reported supply chain compromise affecting XZ Utils data compression library CVE-2024-3094 - https://www.ciscolive.com : AI Assistance (page 52) Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 164 - What Is Platform Approach To Security? - Part 2 32:41
32:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In our second episode, we continue exploring the concept of adopting a platform security. In this second part we will continue where we left off from last week and will encourage you to listed to the first episode if you have not done so. Before we get into the main topic, lets touch one important top trending piece of news this week. And that is: - Github added AI powered vulnerability auto-fix feature - https://www.cisco.com : XDR- Platform approach to security - https://github.blog : Introducing Code Ccanning Auto-Fix Powered By Ggithub Copilot And CodeQL Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 163 - What Is Platform Approach To Security? - Part 1 34:41
34:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In this episode, we explore the recently much talked about concept of adopting a platform security. As technology advances, cyber criminals continually adapt their tactics. Engaged in a constant cat-and-mouse game, staying ahead is crucial. It begins with a deep understanding of which strategies best align with your objectives, safeguarding not only your digital assets but also your bottom line. Before we get into the main topic, lets touch a top trending piece of news this week. And that is: The United States lost record $12.5 billion to online crime in 2023 - https://www.ic3.gov :2023 IC3 Report - https://www.cisco.com : XDR- Platform approach to security Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! It was the LEAP event this past week. LEAP is a technology event in Saudi Arabia, Riyadh and it attracts every technology company imaginable especially in the cyber security domain. This is year was no different. At LEAP, I met with Port53, a firm that helps from SMB to enterprise businesses with their cyber security mission by delivering enterprise-grade solutions to deploy and management effortlessly. Before we get into that lets turn to a top trending news this week which New email scam that targets NTLM hashes - https://port53.com : Port53 - https://www.bleepingcomputer.com : Hackers steal Windows NTLM authentication hashes in phishing attacks - https://learn.microsoft.com : NTLM Overview Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! This week I attended Qatar Web Summit. This is a technology and start-up summit held yearly in Doha, Qatar. There were a lot going on and I am lucky to have spent time with the Ken Fee, the CEO of Business Technology Architect shorten as BTA where we talked about security, network optimisation and automation. The return of LockBit Ransomware-as-a-Service attacks increase in Middle East & Africa region - https://techcrunch.com : Feds hack LockBit, LockBit springs back. Now what? - https://www.group-ib.com : Hi-Tech crime trends 2023 MEA - https://qatar.websummit.com : Qatar Web Summit Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 160 - The Hidden Risks of Default Configurations - Part 2 45:21
45:21 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי45:21
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this episode, we are continuing with part 2 of the risks paused by default configuration. As I said last week, while default config is convenient for initial setup, these settings are may introduce significant security risks that can leave systems vulnerable to exploitation by malicious actors. Please listen to the first episode before you listen to this episode. That way you will get the background and full context of the topic. Well intended Network Traversal Tool is Being Abused for malicious gain. Where have we seen that beofore Law enforcement from the UK and others disrupt Lockbit Ransomware group infrastructure Having said that, lets turn to a couple of top trending news this week and they are: - https://joshua.hu : SSH-Snake SSH network traversal discover SSH private keys network graph - https://www.nationalcrimeagency.gov.uk / NCA leads international investigation targeting worlds most harmful ransomware group - https://www.chainalysis.com : LockBit takedown sanctions Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 159 - The Hidden Risks of Default Configurations - Part 1 37:19
37:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In today's interconnected world, default configurations are ubiquitous across various systems and devices, from routers to software applications. While convenient for initial setup, these default settings often harbor significant security risks that can leave systems vulnerable to exploitation by malicious actors. In this episode, we delve into the hidden dangers posed by default configurations, exploring real-world examples and discussing strategies to mitigate these risks effectively. Join us as we uncover the critical importance of securing systems against the perils of default settings. Before that, lets recap on what is top of mind on the news front. The toothbrush DDOS that never was Your favorite browser might have a feature that defends your home network - https://www.forbes.com : Surprising 3 million hacked toothbrushes story goes viral is it true? - https://chromestatus.com : Private Network Access - https://owasp.org : Security Misconfiguration/ Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 158 - Is quantum computing a threat to cryptography, really? - Part 2 37:46
37:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This is the second episode of our two part episode on whether quantum computing is a threat to cryptography really. Make sure you listen to episode 1 first as we laid the foundation on what is coming up in this episode. As always lets review this week's top trending security news first. CISA and the FBI release Living of the land technique guidances Google's AI assisted with detection - https://www.computer.org : Quantum Computing - https://thequantuminsider.com : Quantum Research - https://cqn-erc.org/about : The Center for Quantum Networks - https://www.cisa.gov : Joint Guidance Identifying and Mitigating LOTL - http://security.googleblog.com : Scaling security with AI from detection - https://safety.google : Cybersecurity Advancements Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 157 - Is quantum computing a threat to cryptography, really? - Part 1 39:54
39:54 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:54
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Cryptography are the backbone of privacy since time immemorial. Toda is THE foundational block of the connected world without which the Internet will crumble as we know it. There is a feverish discussions happening and fast improving of a new era in computing - Quantum computing, and it is improving year after year taking us ever closer to question the strength of the existing cryptography. So we asked "Is quantum computing a threat to cryptography, really?" - https://blog.cloudflare.com : Thanks-Giving 2023 security incident - https://www.justice.gov : US government disrupts botnet - https://www.computer.org : Quantum Computing - https://thequantuminsider.com : Quantum Research - https://cqn-erc.org/about : The Center for Quantum Networks Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 156 - The risks of exposing Web UI 46:23
46:23 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי46:23
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. Accessing and managing various applications and services remotely is a daily occurrence for a typical administrator. It is often the fastest way to accomplish a quick task while you are on the move or say something urgent is needed while you are still on your way to your desk. While that is nothing new, we see an uptick on the number of successful attack taking advantage on these exposed administrative interfaces. What is causing the recent increase in Web UI initial access? Well, that is the topic our episode this week. I am your host Ibrahim Yusuf Just before we hit the main topic, lets review a couple top of mind recent news: Not long ago, Microsoft's exchange online was breached. They now revealed how this happened. UK and US Water Utilities Hit with Cyberattacks - https://www.microsoft.com : Midnight Blizzard guidance for responders on nation state-attack - https://www.securityweek.com : Major UK and US water companies hit by ransomware https://www.cisa.gov : Water and wastewater sector incident response guide Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 155 - iVanti's widespread exploitation 42:50
42:50 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי42:50
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! When things go wrong, they go wrong fast. This week will dive into the widespread exploitation on iVanti VPN solution that attracted a lot of attention from both the security community as well as from the bad guys. What went wrong? Stay tuned. Just before we get into iVanti, lets review the other top security news this week. Millions of passwords of top brands such as facebook and others were found for sale. SonicWall API attracts attacks that can impacts over 170 thousand firewalls. - https://psirt.global.sonicwall.com : CVE-2022-22274 - https://psirt.global.sonicwall.com : CVE-2023-0656 - https://forums.ivanti.com : CVE-2023-46805 Authentication Bypass and CVE-2024-21887 Command Injection for Ivanti Connect Secure and Ivanti Policy Secure Gateways - https://forums.ivanti.com : Pulse Connect Secure (PCS) Integrity Assurance - https://www.mandiant.com: Suspected APT targets Ivanti zeroday Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! We are continuing demystifying a couple of terms that folks new to the realm of cyber security often mix up. Those are the terms Exfil or DLP. So by the end of the session you will surely understand where you stand the next time you will hear an Exfil has happened to so and so org or a DLP is require here. Make sure you listen to part 1 beforehand. And as alware before we get into the weeds, lets review the recent top trending news this week. These are Babuk variant decryption key made available Mandiant X account hacked - https://www.bleepingcomputer.com : Decryptor for Babuk ransomware variant released after hacker arrested - https://grahamcluley.com : Security firm Mandiant says it did not have 2FA enabled on its hacked Twitter account - https://www.nomoreransom.org : No-More-Ransom site Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! We will kick off the year with demystifying a couple of terms that folks new to the realm of cyber security often mix up. Those are the terms Exfil or DLP. So by the end of the session you will surely understand where you stand the next time you will hear an Exfil has happened to so and so org or a DLP is require here. Before we get into the weeds, lets review the recent top trending news this week. These are A new threat abusing the good old SMTP protocol We'll talk about Terrapin and what protocol that is abusing as well. - https://sec-consult.com : SMTP Smuggling, spoofing e-mails worldwide - https://www.postfix.org : SMTP Smuggling - https://arstechnica.com : Millions still haven't patched Terrapin SSH protocol vulnerability - https://terrapin-attack.com : Terrapin Attack - https://attack.mitre.org : ATT&CK Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 152 - Recap of most popular episodes of 2023 1:42:39
1:42:39 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:42:39
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Welcome back and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain English. Well 2023 came and is is now gone, in this final episode we are unwinding the tape to go back to our most popular episodes. If you ever wondered hey what are the most listened to episode. This is the answer. I am sure you will find them beneficial as our listeners did. We won't cover the latest news this time to give room to the content and it is mostly quiet this time of year and nothing has flared up like some recent years. Enjoy the recap and the year end! Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 151 - Cyber Security Review Of 2023 47:38
47:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי47:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Welcome back and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain English. In our penultimate episode, we will review the twist and turn of 2023. We will go over the trend that stood out the most and both the trends and players behind them throughout he course of year. Before that, lets review the top security news of this past week: Chrome now scans for compromised password, finally! International authorities disrupts a major adversary infrastructure - https://blog.google : New performance and safety features are coming to Chrome - https://www.justice.gov : Justice Department disrupts prolific ALPHV/Backcat ransomware variant Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! Digital inter-connectivity define our era. One of the primary challenges facing supply chain cyber security is the expanding attack surface. In this week's episode we will turn to Supply Chain Security, how attackers carry out such attacks. We will also look at previous examples and what mitigations can be mounted to prevent these do not happen again. But before that and as always ahead of the main topic we stop and reflect on the trending news and this week we have two notable security pieces including: CISA urges to get rid of default passwords Microsoft's December 2023 Patch Tuesday - https://www.cisa.gov : CISA secure design alert urges manufacturers eliminate default passwords - https://www.cisa.gov : Secure Design alert how manufacturers can protect customers eliminating default passwords - https://www.cisa.gov : Secure by design - https://msrc.microsoft.com : Release Note 2023 Dec - https://isc.sans.edu/diary :Microsoft Patch Tuesday December 2023 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 149 - Be cyber vigilant this holiday 45:54
45:54 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי45:54
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! The holiday season is when most of us let our guard down. For the cyber criminal though, it is their hunting season. In this episode we will give you practical advise on how to stay one step ahead of the miscreants and avoid getting their hands on your sensitive data or cash or both. To get started, lets review top trending security news this: Privilege elevation exploits used in over 50% of insider attacks New Flaws in Fingerprint Sensors Let Attackers Bypass Login - https://www.crowdstrike.com : How malicious insiders use known vulnerabilities against organizations - https://blackwinghq.com : A touch of pwn part https://blog.talosintelligence.com : Cybersecurity considerations to have when shopping for holiday gifts Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In episode 148 we look inside the mysterious world of the Dark Web. The Dark Web is a hidden area of the internet that is often obscured by mystery and intrigue to many, and it is unlike standard search engines and browsing destination. I will try to deconstruct this covert network and make you aware of what makes it different from the surface web and how it functions. By doing so, we will shed light on its importance and the consequences it bears for today's digital world. Exploit for critical Windows defender by-pass goes public Memory Tagging Extension (MTE) technology by google and partners - https://msrc.microsoft.com : Windows SmartScreen Security Feature Bypass Vulnerability - https://nvd.nist.gov : CVE-2023-36025 details - https://security.googleblog.com : MTE - The promising path forward for memory safety - https://blog.talosintelligence.com : What is the Dark Web - https://en.wikipedia.org : The Dark Web Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 147 - Web shells - Understanding Their Role in Cyber Attacks 41:02
41:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי41:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! One of the go tools for attackers are Web shells. In this episode we will explore what these are, their background, how they are used and how you can avoid be turned against you. These deceptive tools bring immense power to the hands of hackers, acting as covert entry door to infiltrate and control the machines that power the Internet, web servers. Before we get into that, lets review top of mind security news. Europe's Network Information Security Directives revision 2 Critical bug in OwnCloud file sharing - https://www.enisa.europa.eu : NIS visual tool - https://www.enisa.europa.eu :New NIS directive https://www.bleepingcomputer.com : Critical bug in OwnCloud file sharing app exposes admin passwords - https://blog.talosintelligence.com : What is a web shell? - https://www.nsa.gov : Detect prevent cyber attackers from exploiting web servers via web shell malware Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 146 - Symbolic Language in cyber security 35:30
35:30 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:30
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! During Gitex Global in Dubai I sat down with the leaders and founders of Source Technology an organisation based in Swizerland that developed a tool called Source Security. This is ...quote... "technology to integrate behavioral analytics with Symbolic Language that can significantly enhance cybersecurity by providing a deeper understanding of user actions, intentions, emotions, and potential threats. It also adds a human-centric dimension to threat detection and prevention. It enables organizations to not only analyze patterns of behavior but also understand the emotional context, making it a powerful tool for staying ahead of cyber threats and protecting sensitive data." unquote. FBI and CISA publish a detailed report on Scattered-Spider Saudi Arabi arms public sector with Google Cloud services - https://therecord.media : CISA-FBI warn of Scattered-Spider cybercrime group - https://www.intelligentciso.com : Google-Cloud and Haboob partner to strengthen Saudi Arabias nationwide cyberdefence - https://sctfoundation.org : What is Symbolic Language? - https://sctfoundation.org : Source security Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 145 - Indication of compromise best practice 51:13
51:13 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי51:13
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Welcome back and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. I'm your your host Ibrahim Yusuf In today's episode, we're shedding light on a critical yet often overlooked aspect of cybersecurity - Indications of Compromise, also known as IOCs. These vital pieces of forensic data can be the canary in the coal mine, alerting us to potential network intrusions before they wreak havoc on our systems. We'll discuss what IOCs are, why they are essential, and how you can use them proactively to enhance your cybersecurity strategy. But first, a quick look on what is top of mind in the security news this week. NCSC releases more details designed to help organisations how to migrate to post-quantum crypto The source of Okta breach....no price for guessing - https://www.ncsc.gov.uk : Next steps preparing for post quantum cryptography - https://www.linkedin.com : Okta data breach lesson browser security - https://www.scmagazine.com : Okta breach linked to workers personal google account - https://www.attackiq.com : Pyramid of pain - https://github.com/Cisco-Talos : IOCs - https://sec.cloudapps.cisco.com : Indication Of Compromise Reference Guide Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 144 - The New Common Vulnerability Scoring System 44:37
44:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי44:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Today, we're diving into the world of cybersecurity with an eye to vulnerability scoring system. C We've got a topic that's on the mind of anyone with interest in risk management, one that's of paramount importance to anyone concerned with the safety and integrity of their assets. That's right, today we're talking about the brand-new version of the Common Vulnerability Scoring System, or CVSS v4! The cybersecurity landscape is constantly evolving, and as threats become more sophisticated, it's essential for the tools and methodologies we use to keep pace. In this episode, we'll explore the latest iteration of CVSS, its key updates, and what it means for security professionals, organizations. Whether you're a seasoned cybersecurity expert or just someone with a keen interest in staying safe online, you won't want to miss this. Boeing confirms system compromise alerting customers Arid-Viper mobile spyware - https://techcrunch.com Boeing cyber incident ransomware gang claims data theft - https://www.darkreading.com : Boeing confirms system compromise alerting customers - https://blog.talosintelligence.com : Arid-Viper mobile spyware - https://www.first.org : CVSS v4 specification document Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 143 - Smart Homes - Discussion with Floris Grandvarlet EMEA Innovation and Sustainability CTO at Cisco 29:45
29:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! And in today's episode we ponder over how technology continues to reach every aspect of our lives and now the places we call our castles...our homes. The other week at GITEX I also sat down with Floris Grandvarlet, EMEA Innovation, Sustainability, CTO at CISCO. More that later, but first..... we look at at recent breach and mishaps that left multiple giants in the tech and security industry affected. CCleaner compromise through MOVEit Cisco IOS X Web UI Vulnerabilities - https://cybernews.com : Ccleaner confirms data breach - https://sec.cloudapps.cisco.com : Cisco Security Advisory - https://www.cisco.com : What is a smart building Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 142 - Discussion With Eric Vedel Directory CISO Advisory at Cisco 31:13
31:13 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:13
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This was GITEX 2023 Dubai week. GITEX, short for the "Gulf Information Technology Exhibition," is a prominent annual technology event and trade show held in Dubai, United Arab Emirates. It is one of the largest and most influential technology exhibitions in the Middle East, attracting participants and visitors from around the world. At GITEX I sat down with Eric Vedel Directory of CISO Advisory at Cisco. It is an insightful conversation that you will find practical as it it is filled much needed advise. Having said that, lets have a look at the top security news this week: Critical RCE flaws found in SolarWinds access audit solution Advancing Cybersecurity: Google's AI-Powered Access Control System - https://www.gitex.com : GITEX 2023 - https://www.bleepingcomputer.com : Critical RCE flaws found in Solarwinds access audit solution - https://security.googleblog.com : SpeakACL Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! This is the second part of our Threat Modeling episode. Please listen to last week week's episode, that is episode 140 before you dive into this one. Having said that, lets have a look at the top security news this week: - https://blog.google : New Gmail protections for a safer, less spammy inbox - https://blog.postmaster.yahooinc.com : More Secure, Less Spam: Enforcing Email Standards for a Better Experience - https://www.nist.gov : Cybersecurity Awareness Month - https://arstechnica.com : Critical Vulnerabilities in EXIM threaten over 250k email servers worldwide - https://owasp.org : Threat Modeling Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this week's episode I step through what Threat Modeling is. And yes it a crucial aspect of cybersecurity that is often overlooked. Join us as we explain this concept by carefully examining its definition, and, more importantly, highlighting its effectiveness as a powerful tool in the ever-changing threat, defenses and mitigation. But before that here are the topics of what is trending this week: SMS is still with us despite its weaknesses The push to catch up with DMARC - https://blog.google : New Gmail protections for a safer, less spammy inbox - https://blog.postmaster.yahooinc.com : More Secure, Less Spam: Enforcing Email Standards for a Better Experience - https://owasp.org : Threat Modeling Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 139 - Initial Access - When the Rubber Hits the Road During the Attack Phases - Part 2 42:00
42:00 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי42:00
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Today's episode is a continuation of what we've started last week: Initial Access. This is part 2. And as I said, it truly is the point where the rubber hits the road when it comes to the important stages to look out for during an attack. Thoroughly investigation the Initial Access stage allows us finding how an attacker made their way into our environment. But before that here are the topics of what is trending this week: Microsoft brings in Passkey UK's NCSA nudging governments on setting their similar organisation - https://www.europol.europa.eu : Cyber-attacks: the apex of crime-as-a-service (IOCTA 2023) - https://www.reuters.com : Power influence notoriety Gen-Z hackers who struckM-Caesars - https://www.lockheedmartin.com /: Cyber-Kill-Chain - https://attack.mitre.org : ATT&CK - https://www.darkreading.com : UK ambassador on creating new cybersecurity agencies around the world - https://blogs.windows.com :The most personal Windows 11 experience begins-rolling-out-today Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 138 - Initial Access - When the Rubber Hits the Road During the Attack Phases 46:11
46:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי46:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In today's episode, we're peeling back the layers of cybersecurity to delve into a critical phase of the attack lifecycle: Initial Access. It's the point where the rubber truly hits the road during a cyberattack. We will uncover the strategies, tactics, and technologies involved in gaining that crucial foothold in target systems for both attackers and defenders. But before that and as always ahead of the main topic we stop and reflect on the trending news and this week we have two notable security pieces including: Europol publishes report on malware-based cyber attacks. MGM and Caesar's response to their ransomware attack. - https://www.europol.europa.eu : Cyber-attacks: the apex of crime-as-a-service (IOCTA 2023) - https://www.reuters.com : Power influence notoriety Gen-Z hackers who struckM-Caesars - https://www.lockheedmartin.com /: Cyber-Kill-Chain - https://attack.mitre.org : ATT&CK Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 137 - Introduction to Cybersecurity - Part 2 40:38
40:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי40:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Today we will step back and talk about the fundamentals to understanding this ever-evolving field: cyber security. And what better way than to cover "Introduction to Cyber Security" in this episode. But before that, we will recap other trending security news including: The stolen LastPass vaults may have been cracked - https://securitylab.github.com : Notepad++ pushes out fixes for four security vulnerabilities - https://blog.qualys.com : Qualys' top 20 exploited vulnerabilities - https://skillsforall.com : Introduction to cybersecurity - https://learn.cisco.com : Learning and development Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 136 - Introduction to Cybersecurity - Part 1 37:38
37:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Today we will step back and talk about the fundamentals to understanding this ever-evolving field: cyber security. And what better way than to cover "Introduction to Cyber Security" in this episode. But before that, we will recap other trending security news including: Notepad++ 8.5.7 released with fixes for four security vulnerabilities Years-old Microsoft security holes still hot targets for cyber-crooks - https://securitylab.github.com : Notepad++ pushes out fixes for four security vulnerabilities - https://blog.qualys.com : Qualys' top 20 exploited vulnerabilities - https://skillsforall.com : Introduction to cybersecurity - https://learn.cisco.com : Learning and development Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 135 - Cybersecurity's Key - Choosing the Right Tools 36:41
36:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי36:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In the ever-evolving landscape of digital threats and vulnerabilities, the importance of selecting the right tools for the job cannot be overstated. Just like a skilled craftsman relies on the right tools to create a masterpiece, cybersecurity professionals must carefully choose their tools to safeguard digital asset effectively. Join us as we delve into the world of cyber tool selection and explore how each tool plays a crucial role in fortifying our digital defenses. - https://techcommunity.microsoft.com : Enabling Extended Protection on Exchange Server by Default - https://www.cisa.gov : Infamous Chisel Analysis report Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 134 - How does Generative AI help in Cybersecurity 40:34
40:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי40:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. I'm Ibrahim Yusuf, your host, and in today's episode, we're exploring an exciting intersection between generative AI and cybersecurity. In particular we will look into whether cyber security can benefit from generative AI such as ChatGPT? What about the cyber-crooks, is this helping them too? All that and more in today's episode. - www.group-ib.com : Traders' Dollars in Danger: CVE-2023-38831 Zero-Day vulnerability in WinRAR exploited by cybercriminals to target traders - https://blog.google : Introducing Googles Secure AI Framework - https://services.google.com : Google AI Red Team Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 133- Interview with Cohaesus Group - Part 2 24:21
24:21 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:21
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. I had the pleasure of sitting down with Cohaesus Group. We touched various areas of cyber security. I split the talk into two parts as it went on a bit. Without further ado, here is the second part. Enjoy - https://group.cohaesus.co.uk : Cohaesus Group Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 132 - Interview with Cohaesus Group - Part 1 23:30
23:30 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:30
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. I had the pleasure of sitting down with Cohaesus Group. We touched various areas of cyber security. I split the talk into two parts as it went on a bit. Without further ado, here is the first part. Enjoy - https://group.cohaesus.co.uk : Cohaesus Group Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 131 - How do ransomeware rollback features actually work? 54:39
54:39 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי54:39
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In today's episode, we'll explore a critical aspect of endpoint security – the ransomware rollback feature. Ransomware is still a prevailing threat, targeting individuals and organizations alike. To fight back, many endpoint security solutions offer a rollback feature, to mitigate data lost in the first place. By the end of this episode you will understand its inner working and how it keeps cybercriminals at bay sometimes. But before that, we will recap other trending security news including: CISA releases its Cybersecurity Strategic Plan, FY2024-2026 What is the most exploited vulnerabilities? We will have a look at what the industry's major cyber security agencies agreed? - https://www.hsdl.org : CISA releases its Cybersecurity Strategic Plan, FY2024-2026 - https://www.cisa.gov/news-event : CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 130 - What is the difference between Incidence Response and Threat Hunting? 39:13
39:13 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:13
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Listen to this very insightful episode on differentiating two important cybersecurity domains that are both intriguing and essential: Threat Hunting and Incident Response. We all agree that staying one step ahead of cybercrooks is paramount. But what sets these two critical practices apart, and how do they work together to safeguard businesses? While we at it, we will demystify the key differences between these two cybersecurity corner stones. We'll explore the core principles, methodologies, and objectives that distinguish these two powerful approaches . But before that, we will recap other trending security news including: Cybersecurity firm Sophos impersonated by a ransomware tool A particular ransomware gangs are taking the usual steps to leak their victim's data on the clearweb sites. - https://news.sophos.com : Sophos discovers ransomware abusing Sophos' name - https://cisoseries.com : Clop leaks on clearweb - https://www.computing.co.uk : Clop clearweb publish Moveit - https://nvlpubs.nist.gov : NIST.SP.800-61r2 - https://www.stickmancyber.com :: Incident Response Frameworks NIST-SANS Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 129 - What is new in PCI DSS v4.0? 40:01
40:01 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי40:01
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. This is another exciting episode of our cybersecurity podcast! Today, we've got a topic that's hot off the press—the newly released Payment Card Industry Data Security Standard version 4, or PCI DSS v4. If you're in the world of payments, data security, or simply curious about the latest in safeguarding your customers' sensitive information, this episode is a must-listen. In this edition, we'll explore the key updates and changes in PCI DSS v4, the reasons behind its release, and what it means for businesses processing credit card transactions. From enhanced authentication measures to the latest encryption protocols, the new standard promises to fortify data protection and combat emerging cyber threats. So, get ready to dive into the cutting-edge world of PCI DSS v4 as we unravel the advancements that'll shape the future of secure payment processing. Let's jump right in with the start of this week's top trending news. Accidental VirusTotal upload is a valuable reminder to double check what you share Microsoft allows logging access to all their license tiers like E3 https://support.virustotal.com :How it works https://www.virustotal.com : Upload https://www.bleepingcomputer.com : Stolen Microsoft key offered widespread access to Microsoft cloud services https://www.bleepingcomputer.com : Microsoft expands access to cloud logging data for free after Exchange hacks https://listings.pcisecuritystandards.org : PCI-DSS-v3-2-1 to v4-0 Summary of Changes Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 128 - How to Achieve Cyber Resilience - Best Practices for Effective Incident Response - Part 2 44:48
44:48 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי44:48
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. Today, we continue with part 2 the critical aspect of cybersecurity: incident response best practices. Given the unforgiving threat landscape, organizations face an ever-increasing number of cyber threats. Whether it's a data breach, a malware attack, or a network intrusion, incidents can disrupt operations, compromise sensitive information, and damage reputation. That's why having an effective incident response strategy is crucial. In this episode, we'll explore the key principles and strategies behind incident response best practices. We'll discuss the steps organizations should take to prepare, detect, respond, and recover from security incidents. But before that, we will recap other trending security news including: https://the-decoder.com : ChatGPT with no ethical boundaries WormGPT fuels AI generated scams https://www.group-ib.com : Digital Risk Report 2023 - https://www.sans.org/tools/ : The Pyramid Of Pain - https://support.microsoft.com :Microsoft edge secure network to protect your browsing - https://www.theverge.com : Meta Instagram threads - https://talosintelligence.com : Incident Response Plans - https://www.sans.org : Incident Response Cycle - https://www.cisco.co : Incident Response Services Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 127 - How to Achieve Cyber Resilience: Best Practices for Effective Incident Response - Part 1 47:47
47:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי47:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. Today, we delve into a critical aspect of cybersecurity: incident response best practices. Given the unforgiving threat landscape, organizations face an ever-increasing number of cyber threats. Whether it's a data breach, a malware attack, or a network intrusion, incidents can disrupt operations, compromise sensitive information, and damage reputation. That's why having an effective incident response strategy is crucial. In this episode, we'll explore the key principles and strategies behind incident response best practices. We'll discuss the steps organizations should take to prepare, detect, respond, and recover from security incidents. But before that, we will recap other trending security news including: Microsoft Edge free built-in VPN Meta's twitter alternative - https://www.sans.org/tools/ : The Pyramid Of Pain - https://support.microsoft.com :Microsoft edge secure network to protect your browsing - https://www.theverge.com : Meta Instagram threads - https://talosintelligence.com : Incident Response Plans - https://www.sans.org : Incident Response Cycle - https://www.cisco.co : Incident Response Services Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 126 - Unmasking cyber threats - The power of cyber threat intel 50:15
50:15 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי50:15
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this week's episode, we'll explore the fundamental purpose of cyber threat intelligence and why it has become an essential pillar of modern cybersecurity. Cybercriminals are constantly adapting their tactics, making it crucial for organizations and individuals to stay one step ahead. That's where cyber threat intelligence comes in. Whether you're a cybersecurity professional looking to deepen your knowledge or an individual seeking to protect yourself in an increasingly connected world, this episode will provide you with valuable insights and practical strategies. But before that, we will recap other trending security news including: MITRE Announces Most Dangerous Software Weaknesses Who is dominating the ransomeware landscape? - https://www.cisa.gov : 2023 CWE Top 25 most dangerous software weaknesses - https://www.acronis.com : Acronis mid-year cyberthreats report 2023 - https://www.cisco.com : What ciscyber threat intelligence Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 125 - Verizon Data breach Investigation Report - Key Takeaways 32:29
32:29 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:29
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. Today we dive deep into the key takeaways of the highly anticipated Version Data Breach Investigation Report. In a world where data breaches have become all too common, understanding the intricacies and lessons from these incidents is more important than ever. The Verizon Data Breach Investigation Report (DBIR), compiled by a team of expert analysts, provides invaluable insights into the causes, impacts, and preventive measures surrounding a significant breach that rocked the tech industry. Fortinet fixes critical REC vulnerability in FortiNAC Vendor contractor account abuse https://www.fortiguard.com : FortiNAC - Argument injection in XML interface on port tcp/5555 - https://cve.report : CVE-2023-33299 - https://blog.talosintelligence.com : Vendor contractor account abuse- https://www.verizon.com : DBIR Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 124 - Comparing data lake and data warehouse 47:33
47:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי47:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In today's episode, we cover two important data models and their applicability to security. I am talking about data lake and data warehouse. I will look into their similarity, differences and practical considerations surrounding these two popular data storage and analytics approaches. In doing so I will leave you with a clarity on which option if not both are used when combating cyber attack. But before that, we will recap other trending security news including: Decade old critical vulnerability in JetPack Wordpress plugin Microsoft June 2023 Patch Tuesday https://jetpack.com : J etPack Critical Security Update https://krebsonsecurity.com : Microsoft Patch Tuesday June 2023 Edition https://www.splunk.com : Data warehouse vs. Data Lake Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 123-Inside the Cyber Underworld - How Cybercriminals Join Forces for Profit - Part 2 47:40
47:40 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי47:40
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. This is episode 2 of on how how exactly cybercriminals join forces for profit. Make sure you caught up with episode 1 first before you listen to this episode. Lets continue demystifying their collaborative nature. But before that, we will recap other trending security news including: Zero-day Vulnerability in MOVEit Transfer is Being Actively Exploited Cisco Releases Updates to Fix AnyConnect Privilege Elevation Vulnerability - https://community.progress.com : MOVEit Transfer Critical Vulnerability - https://abcnews.go.com : BBC, British airways big victims MoveIt software hack - https://www.e ropol.europa.eu : Joint Cybercrime action Task force - https://www.darkreading.com : PostalFurious sms attacks target UAE Citizens data theft - https://blogs.windows.com : Announcing Windows 11 insider preview build-25381/ - https://techcommunity.microsoft.com /How to defend users from interception attacks via SMB client - https://blog.talosintelligence.com :Talos year in review 2022 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 122 - Inside the Cyber Underworld - How Cybercriminals Join Forces for Profit - Part 1 53:57
53:57 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי53:57
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. It is true, there is no loyalty between criminals but there is a profit to be made between them. How exactly cybercriminals join forces for profit? We will answer that question in this week's episode as we uncover the secret collaborations of cybercrime and delve into the intricate web of connections, strategies, and specialized roles in the world of cybercrime. From hackers to phishers and money mules, we'll demystify their collaborative nature. But before that, we will recap other trending security news including: SMB Relay Attack and what Microsoft is doing about it A wave of SMS Phishing Campaign Aimed at a Middle Eastern Country. We'll find out more about this. - https://www.e ropol.europa.eu : Joint Cybercrime action Task force - https://www.darkreading.com : PostalFurious sms attacks target UAE Citizens data theft - https://blogs.windows.com : Announcing Windows 11 insider preview build-25381/ - https://techcommunity.microsoft.com /How to defend users from interception attacks via SMB client - https://blog.talosintelligence.com :Talos year in review 2022 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 121 - The MITRE ATT&CK Navigator 34:20
34:20 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:20
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. The ATT&CK Navigator is a web-based tool created and maintained by the Mitre organisation. The tools is used for annotating and exploring ATT&CK matrices. It is often used to visualize defensive coverage, red/blue team planning, the frequency of detected techniques etc. That is the topic of our show today. In addition, we will recap other trending security news including: CISA Adds Barracuda Vulnerability to KEV Catalog Microsoft secure boot bug - https://arstechnica.com : Microsoft patches secure boot flaw but wont enable fix by default until early 2024 - https://www.cisa.gov : CISA adds one known exploited vulnerability catalog - https://mitre-attack.github.io : ATT&CK Navigator - https://mitre-attack.github.io : ATT&CK Navigator v2 Enterprise Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 120 - Demystifying Digital Certificates- Shedding Light on an Obscure yet Crucial Aspect of Online Security - Part 2 36:47
36:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי36:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In this week's episode we will continue with Part 2 on Demystifying Digital Certificates. To take the most out of this week's episode - If you have not listen to Part 1, I suggest you listen to the first before you listen to this episode. - https://blog.talosintelligence.com : Qakbot levels up with new obfuscation https://www.papercut.com : Vulnerability information https://www.huntress.com : Critical vulnerabilities in Papercut print management software - https://www.ibm.com : Overview of Digital Certificates Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 119 - Demystifying Digital Certificates- Shedding Light on an Obscure yet Crucial Aspect of Online Security - Part 1 42:09
42:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי42:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In this episode, I want to shine a brigt light on an important yet frequently misunderstood part of online security: digital certificates. Certificates are essential in today's digital world for safeguarding communication and confirming identities. Nonetheless, they are frequently obscure to many, resulting to confusion and misunderstandings. Join us as we demistify digital certificates, examine their importance, and explain their role in guaranteeing safe and the ever dependable digital communication. In addition, we will recap other trending security news including: Kali Linux introduces purple team distro Apple Fast Update - https://www.kali.org : Kali-linux-2023-1-release/ - https://support.apple.com: Apple Rapid Security Response - https://www.ibm.com : Overview of Digital Certificates Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 118 - Sealed and delivered - Understanding How Email Protocols Keep You Secure - Part 2 44:16
44:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי44:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In the second part of the podcast, we'll delve further into the different types of email security protocols and explore how they can be implemented to enhance the security of your email communications. We'll discuss the benefits of end-to-end encryption, which ensures that only the intended recipient can access the content of your emails, as well as the importance of authentication mechanisms. We'll also explore the role of digital signatures in verifying the authenticity and integrity of email messages. By the end of this episode, you'll have a better understanding of how to protect your sensitive information from cyber threats and ensure the confidentiality of your email communications. If you have not listen to episode 1, I suggest you listen to the first before you listen to this episode. In addition, we will recap other trending security news including: Google rolls out passkey login for all accounts Mirai-iot-botnet is exploiting-tp-link-router you need to patch it now - https://users.ece.cmu.edu : PGP intro - https://www.cisco.com : S/MIME - https://www.cisco.com : Registered envelope service - https://security.googleblog.com : So long passwords thanks for all phish - https://duo.com : Mirai botnet attackers exploit TP-Link bug Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 117 - Sealed and delivered - Understanding How Email Protocols Keep You Secure - Part 1 53:27
53:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי53:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In the era of messaging apps such as WhatsApp, Telegram and Twitter, emails are still the primary mode of communication for businesses and goverments alike. However, the convenience and ease of email communication also come with significant risks such as phishing, malware attacks, and unauthorized access. This show aims to provide insights into various email security protocols such as encryption, authentication, and digital signatures, and how they work together to protect your email data from cyber threats. Join me as I explain the intricacies of email security and uncover the best practices for safeguarding your online communications. In addition, we will recap other trending security news including: It was RSA Conference week. We will look into the the hot topics this year. Cisco unveiled a compelling net new product XDR - https://www.bankinfosecurity.com : Final Review RSA Conference 2023 - https://newsroom.cisco.com : Cisco unveils new solution to rapidly detect advanced cyber threats and automate response - https://users.ece.cmu.edu : PGP intro - https://www.cisco.com : S/MIME - https://www.cisco.com : Registered envelope service Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 116 - Classified Chaos - The Persistent Threat of Data Leaks - Part 2 37:10
37:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In this week's episode we will continue with Part 2, by continuing at exploring the complex world of data classification systems and the ongoing difficulty of preventing data leaks. If you have not listening to Part 1, I would encourage you to back to the firest episode before you jump no this one. In addition, we will recap other trending security news including: Microsoft SQl Server Hacked to deploy Tripona Ransomware Open letter to the UK Gov regarding their Online Safe Bill - https://blog.whatsapp.com: An Open letter - https://www.gov.uk : A guide to the online safety bill - https://www.washingtonpost.com : FBI public phone charging stations juice jacking- - https://www.fcc.gov : Juice jacking dangers public USB charging stations - https://blog.google : New initiatives to-reduce the risk of vulnerabilities and protect researchers - https://en.wikipedia.org : Bell LaPadula Model - https://en.wikipedia.org :Biba Model - https://en.wikipedia.org : Clark Wilson Model Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 115 - Classified Chaos: The Persistent Threat of Data Leaks - Part 1 41:21
41:21 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי41:21
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In this week's episode, we will explore the complex world of data classification systems and the ongoing difficulty of preventing data leaks in extremely sensitive settings. Even after putting in place reliable classification protocols, extremely sensitive organisations still have to deal with ongoing threats to their most important data. In this podcast, we'll look at the fundamentals of data classification, their origin and evaluate the systems in use. We will talk about the underlying causes of data leaks, which are still a major issue. In addition, we will recap other trending security news including: Juice Jacking, why charging your devices in public place is a bad thing Google launches a new cybersecurity initial. We will look what that entailes - https://www.washingtonpost.com : FBI public phone charging stations juice jacking- - https://www.fcc.gov : Juice jacking dangers public USB charging stations - https://blog.google : New initiatives to-reduce the risk of vulnerabilities and protect researchers - https://en.wikipedia.org : Bell LaPadula Model - https://en.wikipedia.org :Biba Model - https://en.wikipedia.org : Clark Wilson Model Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 114 - Ensuring Business Continuity Through Strong Security Measures 45:26
45:26 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי45:26
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In today's digital world, businesses face an increasing number of cyber threats that can disrupt their operations and affect their bottom line. That's why it's more important than ever to have strong security measures in place to protect your organization In this episodee, we'll discuss how strong security measures can not only protect your business from cyber threats but also enable continuity and resilience. In addition, we will recap other trending security news including: - https://www.techtarget.com : Microsoft and Fortra get court order to disrupt Cobalt Strike - https://cloud7.news : WinRAR SFX archives can run PowerShell without being detected - https://partners.wsj.com : How does cybersecurity need to change to become a business enabler - https://blogs.cisco.com/Security : How cybersecurity is enabling not defeating business innovation Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 113 - Navigating Cloud Security: A Look at Public, Hybrid, and Private Cloud 42:53
42:53 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי42:53
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. Cloud computing has become a ubiquitous part of business, but it presents unique security challenges. In this podcast, we'll take a closer look at public, private, and hybrid clouds, discussing the benefits and risks of each so that you are well informed on securing your data and applications in the cloud. This is going to be engaging as it is informative session on navigating cloud security. ChatGPT expose user's private data The United Kingdom’s National Crime Agency (NCA) sets up a fake DDOS for hire service - https://www.cisco.com : What is cloud security - https://www.cisco.com : Safe secure cloud architecture guide Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In this podcast, we will continue exploring the technical details of the OAuth protocol - a widely adopted framework for user authentication and authorization on the internet. **I would suggest you listen to last week episode first before you listen to this session.** In addition, we will recap other trending security news including: - https://msrc.microsoft.com : Update guide CVE-2023-23397 - https://www.theregister.com : Pwn2Own Wraps - https://en.wikipedia.org : Pwn2Own - https://oauth.net : OAuth - https://auth0.com : What is 0Auth-2 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In this podcast, we will explore the technical intricacies of the OAuth protocol - a widely adopted framework for user authentication and authorization on the internet. OAuth stands for "Open Authorization". It is an open standard for authorization that allows users to grant access to their resources, without sharing their credentials (such as username and password) with third-party applications. OAuth is commonly used by social media platforms, APIs, and other web services to allow users to log in or grant access to their accounts without the need for the application to store their sensitive login information. Whether you're an experienced cybersecurity professional or a curious learner, join me in this two parts series as we analyze the underlying principles of OAuth, its different implementations, and its role in shaping the future of online security. In addition, we will recap other trending security news includes: https://gisec.ae : GISEC 2023 https://www.linkedin.com : My interview with event organiser - https://oauth.net : OAuth - https://auth0.com : What is 0Auth-2 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 110 - Know Your Enemy: Why Threat Intelligence Matters 37:08
37:08 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:08
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. Threat intelligence is crucial in today's cyber landscape to identify and mitigate potential risks before they can cause damage. It involves gathering and analyzing information about potential threats and attackers, allowing organizations to stay one step ahead of cyber threats. Join us on "Know Your Enemy: Why Threat Intelligence Matters" to learn more about the importance of threat intelligence in keeping your data and systems secure. In addition, we will recap other trending security news includes: Microsoft enables LSA protection by default in Windows GitHub Rolling Out Mandatory Multifactor-Factor Authentication for Developers - https://blogs.windows.com : Introducing LSA Protection Enablement on Upgrade - https://www.cisco.com : The importance of Threat Intelligence and how Cisco Talos uses intelligence to protect customers - https://blogs.cisco.com : Threat intelligence SecureX API Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 109 - Finding malware in encrypted traffic 1:00:00
1:00:00 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:00:00
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. Remember when the Internet was unencrypted? Yes, there was a time when security was the exception rather than the default. That is to say the majority of the Internet traffic was served over HTTP rather than HTTPS. Fastfoward to today and it is unconceivable to access any website without the lock sign on the browser url field. That is because privacy by way of using encryption became a thing to protect us from prying eyes ready to steal your private information. Unfortunately, the same tool -encryption that is, provide a cloak for the the crooks to hide their malware and other navarious artifacts inside the encrypted traffic. How do you find these malware in an encrypted traffic without decrypting it? That is the topic of the today's episode. In addition, we will recap other trending security news includes Lastpass's latest Update Google's gmail client side encryption is now publicly available - https://support.lastpass.com/help : Incident 2 additional details of the attack - https://workspace.google.com/blog : Gmail and calendar client side encryption - https://www.cisco.com : Encrypted Traffic Analytics - https://www.ciscolive.com : Operationalizing Encrypted Traffic Analytics Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 108 - Securing your home network 46:50
46:50 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי46:50
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. In today's hybrid world it is important to take your home network security seriously. After all what happens at home can crawl its way to to the corporate network. In today's episode we look at some measure you should take to mitigate most of the risks introduced by lax or non-existing security hygiene. In addition, we will recap other trending security news includes: - https://techcommunity.microsoft.com : Update on the exchange server antivirus exclusions - https://www.fortiguard.com : FG-IR-22-398 - https://media.defense.gov : CSI best practice for securing your home network - https://www.cisco.com : 5 simple ways to secure your network Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 107 - Understanding CVSS Scoring System 42:19
42:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי42:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. When a vulnerability is discovered, reported ang assigned a score called a CVE its impacts must be understood beyond the CVE number. A common method information security specialists use for this process is the [Common Vulnerability Scoring System (CVSS)](https://www.first.org/cvss/). That is the topic of this week episode. In addition, we will recap other trending security news includes: Atlasian data leak was caused by an employee's stolen credential Cisco issued a fix for ClamAV - https://sec.cloudapps.cisco.com : ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023 - https://cve.mitre.org : CVE-2023-20032 - https://www.first.org : CVSS Specification Document Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 106 - Optimise your last line of defense 54:25
54:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי54:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Ensuring an optimum setup of your toolsets is a critical part of the your ongoing mitigation effort. Is this episode we will look at the do's and don't of setting up your endpoint detection and response: ESXiArgs ransomware puts the heat on NIST selects a lightweight cryptography. - www.nist.gov : NIST Selects ‘Lightweight Cryptography’ Algorithms to Protect Small Devices - csrc.nist.gov : Lightweight Cryptography - www.theregister.com : Uncle Sam wants to strip the IoS out of IoT with light crypto - www.zdnet.com : Tiny IoT devices are getting their own special encryption algorithms - www.cisa.gov : ESXiArgs Ransomware Virtual Machine Recovery Guidance - github.com : ESXiArgs-Recover - www.theregister.com : Among the thousands of ESXiArgs ransomware victims? FBI and CISA to the rescue - https://blogs.cisco.com : An easier way to secure your endpoints Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 105 - Be prepared for the next password manager breach 38:09
38:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. Password security is an essential aspect of online safety. You and I know, remembering all the passwords can be overwhelming. This is where password managers come in, providing a convenient and secure means keep your password in one place. However, with the recent breach at LastPass, it's important to understand the potential risks and take the necessary steps now in the event of a password manager breach. Why, because once it is breached it is too late. In this article, we will explore the measures you can take to prepare yourself for a password manager breach and keep your online accounts secure. In addition, we will recap other trending security news includes: Microsoft is urging organisation with Exchange on premise to patch sooner rather than later - techcommunity.microsoft.com : Protect Your Exchange Servers - www.bleepingcomputer.com : Microsoft urges admins to patch on-premises Exchange servers - https://microsoft.github.io : Microsoft Exchange Health Checker - https://www.grc.com : How strong is your password - https://haveibeenpwned.com : Have I been Pawne? - https://www.itsasap.com: NIST passwordguidelines Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 104 - What is NetFlow Protocol used for? - Part 2 41:30
41:30 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי41:30
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. We will continue last week's topic on "What is Netflow Protocol used for". This is part 2. If you have not listen to last week's show, I suggest you listen to Part 1 first. In addition, we will recap other trending security news including: Could Pakistan's nationwide power outage been caused by a cyber attack? GoTo, the parent company of LastPass was also breached. - https://therecord.media : Pakistani authorities investigating if cyberattack caused nationwide-blackout - https://www.goto.com/blog : Our response to a recent security incident - https://ipcisco.com : Netflow and Netflow Configuration Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 103 - What is NetFlow Protocol used for? - Part 1 32:28
32:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. This week, lets have look at one of those protocols that often under-used by analyst. It is a way to look at the data that traverse your network to pinpoint what might be lurking beneath the surface. We will cover this in two parts. This is part 1. More on that later. In addition, we will recap other trending security news includes: Microsoft is knocking on the door to see if you are sitting on an unsupported uninstalling Old Cisco Routers susceptible to RCE attack - https://sec.cloudapps.cisco.com : Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities - https://support.microsoft.com : Update for Office 2013 Office 2010 and Office 2007 - https://ipcisco.com : Netflow and Netflow Configuration Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. As a security analyst, you investigate. You want to query devices as part of your investigation of security incidents or maybe you are working to determine the effectiveness of a security control. So you always need real-time, granular inventory data about the systems you want to look at. In this week's episode we touch one of those tools that makes a security analyst's life a lot less painful: OSQuery. In addition, we will recap other trending security news, including: UK Royal Mail Ransomware Attack ChatGPT-Written Malware - https://personal.help.royalmail.com : Service Update - https://www.telegraph.co.uk Parcels letters stuck limbo royal mail hit suspected hack - https://arstechnica.com/information-technology : ChatGPT is enabling script kiddies to write functional malware - https://openai.com : ChatGPT - https://www.osquery.io : OSQuery Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english. I hope you had a good start with 2023! Our first episode of the year is all about the Red Teaming tools. We will look at an open source testing and validation library call Atomic Read Team. In addition, we will recap other trending security news includes: Apple's iCloud encryption Amazon S3 will now encrypt all new data - https://aws.amazon.com : Amazon S3 encrypts new objects by default - https://www.apple.com : Apple new data encryption - https://github.com : Atomic Red Team github - https://github.com : Atomic Red Team getting started - https://github.com : Atomic Red Team FAQs Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! Welcome to YusufOnSecurity episode 100! Perfect timing to finish off the year with the 100th episode! As it is customary and being the end of the year, we will go back to the best of 2021 episodes. There are quite a few popular ones. Enjoy! Just last like last year the YusufOnSecurity podcast kept me in cadence on this fast evolving threat landscape. I learned a great deal of stuff while researching and putting the past 52 episode together. I hope it help you some ways too. On to another year! Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 99 - Revisiting the impactful major 2022 cybersecurity events 24:59
24:59 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:59
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! 2022, what a year it has been! in our 99th episode which nicely coincides the year end we are look back at the rear view mirror to revisit the big cybersecurity events. so bacle up because it will be an eventfull listening! - https://blog.talosintelligence.com : Talos-year in review 2022 - https://cybersecurityventures.com : Cybersecurity Almanac 2022 (included this for you to review the prediction that was made then) Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! It is often said, attacks are when and not if they will happen at all. However, when they happen what matters is how hard you fall, scope and recover. In this week's episode, I will talk about the steps taken by attackers when they successfully breach organisations so that you can limit the damage and recover faster. In addition, we will recap other trending security news includes: - https://www.redhat.com : RedHat started to sign its zip files - https://www.sans.org : Holiday Hack Challenge - https://attack.mitre.org : Techniques - https://attack.mitre.org : TA0042 - https://www.cisa.gov/uscert : CISA Hunt and Incident Response Program (CHIRP) tool Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 97 - Privilege Escalation 101 and how to mitigate it 51:08
51:08 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי51:08
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Welcome to YusufOnSecurity episode 97. Yes we are nearly at the grand number of 100! This week I am talking about privilege escalation. It is the critical step during an attack and it is vital to understand how the bad guys pull this off. By understand their the methods and some the tool used, you will hopefully minimise their success on using this technique and limit the damage that may ensue otherwise. In addition, we will recap other trending security news includes: MuddyWater Hackers Target Asian and Middle East Countries Leaked Signing Keys Are Being Used to Sign Malware - https://attack.mitre.org : MuddyWater - https://blog.talosintelligence.com : Muddy Water targets turkey - https://bugs.chromium.org : Platform certificates used to sign malware Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 96 - Are containers more secure? 52:05
52:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי52:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Welcome to YusufOnSecurity. Making use of what resources you have is an import aspect of technology use whether that is virtualisation or containarisation. But it is important to understand the impact the choices you make have on security. Are containers more secure? That is the questions of this week's episode. In addition, we will recap other trending security news and this week we look at: - https://blog.talosintelligence.com : Vulnerability spotlight lansweeper directory traversal and cross site scripting vulnerabilities - https://blog.lastpass.com : Notice of recent security incident - https://www.veritis.com/blog : Containers vs VMs glance at security pros and cons - https://cloud.google.com/learn : What are containers Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 95 - Benefits of RestAPI and why should you care? 42:10
42:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי42:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! It is time for YusufOnSecurity, welcome back once again! Complexity is the greatest challenge in cyber security. With millions of software applications, services, and systems in use today, each one has its own features and use cases independently: It is called the silo dilemma. With exchanging information, they can never hope to have meaningful common use cases or act as a coherent solution. So, in the face of increasing complexity and a lack of universal vendor to vendor integration, what can you do? For many organizations, the answer is to use a REST API. But what exactly is a REST API, and why do you need care. In addition, we will recap other trending security news includes: RansomExx Malware Moves to Rust, Evading Anti-Virus scan engines Zeppelin Ransomware Decryptor - https://securityintelligence.com: Ransomexx upgrades Rust - https://krebsonsecurity.com : Researchers quietly cracked zeppelin ransomware keys Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 79 - How machine learning helps the cybersecurity industry - Part 1 36:59
36:59 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי36:59
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! As the adage we grew up with goes, "you cannot predict the future but you can be prepared for it". Predicting the future is exactly what we do everyday to stay one step ahead of malware attack. For instance the industry has put a great deal of work on taking advantage of Machine Learning, but what is Machine Learning anyway and how does it help us in everyday situation? This is the topic of this week's episode. In addition, we will recap other trending security news includes: A study on the top most impersonated software Top Malware Strains of 2021 - https://blog.virustotal.com : Deception at scale - https://www.cisa.gov : Top malware strains of 2021 - https://cset.georgetown.edu : Mmachine learning and cybersecurity - https://discover.cisco.com : AI whitepaper Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! Welcome to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites. In plain english. Malware can hide but it must run. Yes, in the cat and mouse game between cyber crimal and defenders, the threat landscape is constantly shifting. Malware's tactics to evade detection tools include the topic of this week's episode, going fileless. We will cover what file-less malware is, how different it is from other typical malware that you might be aware. In addition, we will recap other trending security news, including: Apple Lockdown mode Qakbot attack hijacking old email threads - https://www.apple.com/newsroom : Apple expands commitment to protect users from mercenary spyware - https://blog.talosintelligence.com : What Talos incident response learned Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 77 - Tools and methodologies to apply to your defense strategy 42:55
42:55 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי42:55
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! As a craftsperson, you would not excel in your chosen trade without the right tools. Even better, you need to carefully select those tools, sharpen them when they become blunt and upgrade them when new ones come around that will improve your work. Cyber security is no different, we need well calibrated machinery to use in our defensive strategy. In this week's episode, we will look at some of the right tools and methodology to protect your bottom line. In addition, we will recap other trending security news, including: SonicWall urges to patch a critical SQL injection bug Be aware of the callback phishing campaign that is making the round. All that, coming up next, on YusufOnSecurity! - https://www.sonicwall.com : Security notice Sonicwall GMS SQL injection vulnerability - https://www.redpacketsecurity.com : Sonicwall Global Management System GMS and analytics SQL injection CVE - https://www.cisa.gov/shields-up : Shields Up - https://threatpost.com : Callback phishing campaign impersonate security firms Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 76 - NIST’s Quantum-Resistant Algorithms 25:44
25:44 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:44
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This week's episode is about what is giving us privacy at the heart of security, that is encryption algorithm. As computer power and speed improves so is the danger of these algorithm being broken. We need alternatives that can withstand them being compromised. We need resistant algorithms. In addition, we will recap a couple of top of mind security news and then get into the meat of the matter on how to approach this pressing issue. - https://www.microsoft.com : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud - arstechnica.com : Ongoing phishing campaign can hack you even when you’re protected with MFA - support.lenovo.com : Lenovo Notebook BIOS Vulnerabilities - www.bleepingcomputer.com : New UEFI firmware flaws impact over 70 Lenovo laptop models - https://www.nist.gov/news-events : NIST announces first four quantum resistant cryptographic algorithms - https://www.pqsecurity.com : Post Quantum Standardization Discussion paper Be sure to subscribe! If you like the content. Follow me on twitter @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 75 - Solution Approach to Security 42:05
42:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי42:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Companies come in different sizes and complexity and they face different challenges but also demand various level of mitigations that meets their obligation. In this week's episode, lets take a step back and look at how we approach security and how can this be improved. In addition, we will recap a couple of top of mind security news and then get into the meat of the matter on how to approach to security. - https://en.wikipedia.org : OpenSSL - https://www.cvedetails.com : CVE-2022-2274 - https://thehackernews.com : OpenSSL releases patch for high - https://www.nationwidesecuritycorp.com : Benefits integrated security Be sure to subscribe! If you like the content. Follow me on twitter @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this week's episode, I will continue with PowerShell and dwell a bit more on logging. If you have not listen to to last week's episode, I would suggest you do that first. Before that though, let's recap few topics that worth your attention. They might help you mitigate more risk to your business. Up next! Google Chrome 0Day. Update Now ZuoRAT malware is targeting routers - https://chromereleases.googleblog.com : Google Chrome 0-Day https://duo.com/decipher/zuorat-malware-found-hitting-home-routers - https://blog.talosintelligence.com : VPN Filter - https://docs.microsoft.com : PowerShell loggings Be sure to subscribe! If you like the content. Follow me on twitter @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! It is time for YusufOnSecurity, welcome back once again! The bad guys love using legitimate tools to circumvent security monitoring and controls. One tool in particular stands head and shoulder above other programs and operating system components to attack Microsoft Windows users: That is PowerShell. In addition, we will recap other trending security news includes: - https://www.bbc.com : Loosing removable drives with sensitive data - www.bleepingcomputer.com : NSA shares tips on securing Windows devices with PowerShell - www.theregister.com : Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ - media.defense.gov : Keeping PowerShell: Security Measures to Use and Embrace (PDF) - https://blog.talosintelligence.com : Hunting for LOLbins - https://www.cisa.gov : Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems Be sure to subscribe! If you like the content. Follow me on twitter @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 72 - Beating cyber threats with an efficient security team 41:36
41:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי41:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Often times, organisation focus on technology, procuring the next shinny things in the market or the leading products according to analyst, peer review or testing labs. Although there is not thing wrong with, there is one important ingredient that are mostly overlooked: a well structure, efficient security team. This is what we will cover this week. In addition, we will recap other trending security news includes: Internet Explorer says goodbye for the last time In cybersecurity, what you can’t see can hurt you All that, coming up next, on YusufOnSecurity! - https://blogs.windows.com : Internet explorer 11 has retired and is officially out of support what you need to know - https://www.gigamon.com : Network visibility what is network visibility - https://www.cisco.com : The suspicious seven - https://www.microsoft.com : Organize security team evolution cybersecurity roles responsibilities Be sure to subscribe! If you like the content. Follow me on twitter @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! The one constant them of this ever expanding threat landscpare is the creativity of the cybercrooks and their ability of improvising existing tools and techology. One case in point is the use of a combination of HTML5 and JavaScript to avade existing business defenses. Other top top trending security news include: GDPR turns 4 Follina is Being Actively Exploited to Spread Malware - www.securityweek.com : 'Follina' Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware - www.theregister.com : Now Windows Follina zero-day exploited to infect PCs with Qbot- https://gdpr.eu/tag/gdpr : GDPR - https://www.onetrust.com : How four years of GDPR has changed the privacy landscape - https://info.menlosecurity.com : Evaluating evasive threats in todays cyber landscape report - https://microsoft.com : HTML smuggling surges highly evasive loader technique increasingly used in banking malware targeted attacks Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! Most business rely on an old fashioned approach to security. A hard on the outside and soft on the inside. In this episode we will look at why that can be dangerous in today pervasive connectivity and work from anywhere concept. Additionally, we will recap other top trending security news that are most pertinent today: - www.expressvpn.com : Rejecting data demands, ExpressVPN removes VPN servers in India - www.theregister.com : ExpressVPN moves servers out of India to escape customer data retention law - https://cloudsek.com : Cybercriminals exploit reverse tunnel services and URL shorteners - https://www.cisco.com : What is network segmentation - https://techtarget.com : Network segmentation - https://nvlpubs.nist.gov : NIST SP800-207 Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 69 - Key takeways in Verison 2022's Data Breach Investigations Report 38:06
38:06 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:06
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! The more we learn, the more we know how less we know. In this episode we will cover important takeaways of the recently release Virison Data Breach Investigations Report. There are key points to be mindful of. In addition, we will recap other top trending security news, including RCE on Microsoft Diagnostic Tool (MSDT) CISA adds more exploited vulnerabilities to the Catalog - https://msrc-blog.microsoft.com : Guidance for CVE-2022-30190 Microsoft-support-diagnostic tool vulnerability - www.verizon.com : Ransomware threat rises: Verizon 2022 Data Breach Investigations Report - www.theregister.com : Verizon: Ransomware sees biggest jump in five years - www.cisa.gov : Known Exploited Vulnerabilities Catalog Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 68 - How to keep your email safe from prying eyes? 28:36
28:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In a world where everyone...well most, wants to snoop into your privacy, we asked how one sends and receives ones email in an encrypted format. After all email is not build fro privacy. Click send and, and it is as you posted a postcard! With some effort a dedication, a privacy hungry miscreants can watch your messages go by in clear text. Also coming up, a couple of pertinent recent security news: these are - iPhones are Never Fully Powered Down - Microsoft Released an Out-of-Band Update - docs.microsoft.com : Windows 11 known issues and notifications - https://www.zdnet.com : Microsofts out of band patch fixes Windows AD authentication failures - www.theregister.com : Your snoozing iOS 15 iPhone may actually be sleeping with one antenna open - arstechnica.com : Researchers devise iPhone malware that runs even when device is turned off Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 67 - Reducing your attack surface 37:41
37:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Attack Surface is talked about a lot but it means different things to different people. This is what we will step through this week. Also coming up, a couple of pertinent recent security news: these are - South Asian Governments Targeted by Bitter APT Group - Apple Mail Now Blocks Email Trackers - https://blog.talosintelligence.com : Bitter APT adds Bangladesh to their targets - https://www.wired.com : Apple mail blocks email tracking - https://www.kaseya.com : Attack surface Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! It is time for YusufOnSecurity, welcome back. Given the prevalence of security holes in software and the constant shifting of the threat landscape, it is paramount that organisation carry out periodic exercises that test their security preparedness. And that is exactly what we will dive into this week. Also coming up, few pertinent security news this week: - https://www.nozominetworks.com/blog : Nozomi networks discovers unpatched DNS bugin popular C standard library putting IoT at risk - www.zdnet.com : Google, Apple, Microsoft make a new commitment for a "passwordless future" - www.bleepingcomputer.com : Microsoft, Apple, and Google to support FIDO passwordless logins - https://csrc.nist.gov : Security assessment Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 65 - Top software errors leading to vulnerabilities 35:33
35:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Welcome to YusufOnSecuriy, a weekly cyber security podcast where we look at the most relevant security news of the week and follow up with a deeper look at a carefully selected cyber security domain. In this week's episode we will continue digging into the software errors and their consequences, vulnerabilities and exploitation. I said it is part of life but it does not has to stay that way. Also coming up, are a number of security updates this week. These are: Cloudflare blocked huge DDoS attack You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results - www.google.com : New options for removing your personally identifiable information from Google Search - www.cloudflare.com : Cloudflare blocks 15M rps HTTPS DDoS attack - www.sans.org : SANS top 25 dangerous software errors of 2021 - https://cwe.mitre.org : 2021 CWE Top 25 Most Dangerous Software Weaknesses Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 64 - What are the different types of vulnerabilities? 38:10
38:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! Vulnerabilities is part of life. It is even more so in the cyber world. This week we will look in to the type of vulnerabilities that are there. Once thing is for sure, they are not all exploited equally. Some are more damaging, others take time, resources and perseverance to pull them off. Simply put they are part of the firebrick of modern technology. Also coming up, a number of security updates, including this week -Google Project Zero tracked a record exploited in the wild -Microsoft Windows Autopatch - https://googleprojectzero.blogpost.com : Google Project Zero tracked a record exploited-in-the-wild - https://docs.google.com : 0day "In the Wild" sheet - https://thehackernews.com : Google project zero detects record Zero-Day exploits in 2021 - https://techcommunity.microsoft.com : Get current and stay current with Windows Autopatch - https://www.sans.org : Top 25 software errors Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 63 - How can everyday person protect themself from cyber attack? 41:21
41:21 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי41:21
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! It is time for YusufOnSecurity, I welcome you to the show in this fine April day. I talk a lot about cyber security for businesses and enterprises at large but about the individuals; they too suffer the consequence of cyber attacks aren't they? Well that is what I will cover this week: how do you go about your day to day usage of technology and the internet in particular while staying safe from the cyber crooks? Also coming up, a couple of top of mind security updates: - Ransomware gangs operate just like a business - A new versatile malware toolkit against Industrial Control System emerged - https://zdnet.com : Ransomware gang operate just like a real business - www.hub.dragos.com : PIPEDREAM - www.wired.com : Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems - https://duo.com : Two Factor Authentication - https://haveibeenpwned.com : Check if you email appeared in a data breach - https://www.cisa.gov : Things you can do keep yourself cyber safe Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 62 - Digital Forensics 101 - Part 2 55:53
55:53 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי55:53
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! It is time for YusufOnSecurity, welcome back. Often it is not about what came in but rather what has been left behind. This week we willl continue our introduction to digital forensics and what is involved when carrying out this painstaking process. In this episode, we will go one level down into the details. So bucle up! Also coming up, a couple of pertinent security news that you might find relevant, including: First malware targeting AWS Lambda Serverless Platform. The cyber crooks are using fake police data requests against tech companies - https://thehackernews.com : First malware targeting AWS Lambda Serverless Platform discovered - https://krebsonsecurity.com : Hackers are obtaining sensitive data through fake emergency requests - https://www.volatilityfoundation.org : Open Source Forensics tools - https://kroll.com : KAPE - Artifact parser extractor - https://www.sans.org : The forensic course from SANS - DFIR508 - https://coursera.org : Introduction to digital forensics Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 61 - Digital Forensics 101 - Part 1 32:20
32:20 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:20
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! It is time for YusufOnSecurity, welcome onboard to this week's show. Often it is not about what came in but rather what has been left behind. This week we will look at introducing digital forensics and what is involved when carrying out this painstaking process. Also coming up, a couple of pertinent security news that you might find relevant, including MITTRE Evaluation round 4 is out. Gitlab vuln that might need your attention. - https://www.cynet.com : 2022 MITRE ATT&CK Evaluation Results Overview - https://attack.mitre.org : ATT&CK - https://about.gitlab.com : Critical security release GitLab 14-9-2 released - https://en.wikipedia.org : Digital forensics - https://trustwave.com : 2019 Trustwave global security report. Please review this within the context of today more recent version. - https://www.verizon.com : Data Breach Investigations Report - https://www.cisco.com : Security outcomes study report - https://talosintelligence.com : Incident Response Emergency Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this week's episode, I am bring you coverage from Gulf Information Security Expo & Conference (GISEC) 2022 Dubai. GISEC is a security focus version of GITEX the "Gulf Information Technology Exhibition" that is held in October each in Dubai where thousands of exhibitors and ten of thousands of visitors decent each year in October. Also coming up, a couple of top of mind security news that caught the eyes of many: - https://www.vice.com : Microsoft Investigating Lapsus$ Hacking Claims - https://media.fidoalliance.org : FIDO Alliance’s Vision for Passwordless Authentication - https://www.gisec.ae : GISEC 2022 Dubai Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! It is time for you yet another YusufOnSecurity episode. Welcome back. This week I will have a look at the important topic of remote access. I think you will agree that this is top of mind for CISO and any C-suite that cares about the bottom line of their business. Also comping up: Microsoft Releases Scanner to Detect TrickBot-Infected Devices Internet Explorer 11 is Being Retired in June - www.microsoft.com : Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure - www.theregister.com : Has Trickbot gang hijacked your router? This scanner may have an answer - docs.microsoft.com : Internet Explorer 11 desktop app retires June 15, 2022 - techcommunity.microsoft.com : Internet Explorer 11 desktop app retirement FAQ - www.cisco.com : Secure Access Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this weeks' show, lets turn our attention to an ever increasing army of small things which are becoming more pervasive: Internet Of Things. Also coming up, a number of updates including: A couple of leaks and this time from the good side unfortunately - Nvidia and Samsung A firefox emergency update. Browsers are the windows to the internet for many. So it is important that they get the attention they deserve. - www.theregister.com : Leaked stolen Nvidia cert can sign Windows malware - www.scmagazine.com : Samsung confirms Galaxy device source code leaked after breach - www.blogs.cisco.com : iOT Security - https://www.gartner.com : iOT security primer challenges and emerging practices Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this weeks' episode I will look into demystifying the concept of XDR. I will try to do just to compare and contrast with other technology that came before it: SIEM and SOAR in particular. But before that, and as always I have a few update for you this week on what to keep an eye on. Canti ransomware leaked a treasure trove of chat communication Hive Ransomware encryption succumb to academic analysis http://krebsonsecurity.com : Conti ransomware group diaries https://cyberintelmag.com : Hive ransomware master key recovered http://www.cisco.com : What is XDR? Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this episode lets have a look at an important aspect of security, one that is becoming a battle ground lately: identity and authentication. As always I have a fews update for you this week on what is churning lately including: - https://blog.talosintelligence.com : Threat Advisory Cyclops blink - www.wired.com : Russia’s Sandworm Hackers Have Built a Botnet of Firewalls - https://www.euronews.com : Is Russia using cyberattacks in the war with Ukraine and could sanctions provoke more of them? Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 55 -Lessons from the Irish Health Services Executive Hack - Part 2 33:56
33:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This is part 2 of a two parts episode where I am covering Lessons from the Irish Health Services Executive Hack. If you have not listen to part 1, please do so. In part 1, I gave the introduction to the incident and other related background details. As always I have a fews update for you on what is in news this week. This including: -U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services -Google’s Project Zero 2021 Metrics - https://www.cisa.gov : Free tools from CIS for the public and private sector - googleprojectzero.blogspot.com : A walk through Project Zero metrics - https://www.hse.ie : Conti cyber attack on the HSE full report Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 54 - Lessons from the Irish Health Services Executive Hack - Part 1 28:38
28:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! This is a two part episode and my goodness is it loaded with useful technical details. Additionally I'll look at at two particular security updates pertaining to the most popular platform when it comes to operating systems: Windows! Microsoft took important steps forward in reducing the surface of attack. All that before we get into the meat of the matter for today: lessons learned from the Irish HSE - https://docs.microsoft.com : WMIC - https://docs.microsoft.com : Internet macros blocked - https://docs.microsoft.com : Windows10 deprecated features - https://www.hse.ie : Conti cyber attack on the HSE full report Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 53 - Common Vulnerability Scoring System (CVSS) 32:38
32:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! In this episode I will delve into the vulnerability measuring and scoring metrics, the subsets of those and the why and how these are used. An important knowledge to be had if you are responsible of security pertaining to a SOC/RISK or Security teams. In addition, we will recap other top trending security news including: -ESET antivirus bug leads to system privilege gain. -O365 and Azure AD were target of billions of brute-force attacks Here are useful resources related to this episode: - https://support.eset.com : Local privilege escalation vulnerability fixed in ESET products for windows - https://www.bleepingcomputer.com : ESET antivirus bug let attackers gain windows system privileges - https://news.microsoft.com : Cyber Signal - https://www.zdnet.com : Strong authentication protects against phishing so why aren't more people using it - https://www.kennasecurity.com/blog: Vulnerability scores and risk scores - https://www.first.org: CVSS - https://www.recordedfuture.com : CVSS scoresguide Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 52 - Linux Malware Increased in 2021 36:05
36:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי36:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnjoying the content? Let us know your feedback! The episode before last, we've looked at the Malware targetting the Mac world, this time we will look at the other side of the fense, the Linux echo systems. The linux platform is the one operating system business rely on for their mission critical applications regardless whether they are on-premise, cloud native or somewhere in between i.e. hybrid. Yusuf on Security is 1 year old! Time flies when you are talking security every week for 52 weeks consecutively. And in doing you are informing the people. https://www.centos.org : CentOS end of life https://thehackernews.com: Patching the CentOS Encryption is urgent... - arstechnica.com : Google drops FLoC after widespread opposition, pivots to “Topics API” plan - blog.google : Get to know the new Topics API for Privacy Sandbox Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! Attackers are resorting to way to cut corners. In doing so they cleverly are increasing their ROI while at the same time keeping pace with technology advancement With a new finding by Cisco Talos, we will look into a new campaign employing remote access trojans (RAT), not one or two but three variants of RAT! - https://www.cisa.gov : Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats - https://thehackernews.com : Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine - https://blog.talosintelligence.com : Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure - https://blog.talosintelligence.com: WhisperGate Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this show I will have a look at the recent feature to Apple's ecosystem and in particular the Private Relay. In addition, we will recap other top trending security news which includes poisoned USB drives are sent to businesses and REvil ransomware gangs allegedly arrested by Russian agents. - https://therecord.media : FBI - FIN7 Hackers target US companies with BadUS- devices to install ransomware - https://en.wikipedia.org : REvil - https://thehackernews.com : Russia arrests REvil ransomware gang - https://www.macworld.com : icloud plus private relay Safari vpn encryption privacy - https://support.apple.com: About iCloud Private Relay - https://developer.apple.com : Technical presentation video on Private Relay sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/) You will find a list of all previous episodes in there too. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
Daily Deals
דומה לYusufOnSecurity.com
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Flash Forward is a show about possible (and not so possible) future scenarios. What would the warranty on a sex robot look like? How would diplomacy work if we couldn’t lie? Could there ever be a fecal transplant black market? (Complicated, it wouldn’t, and yes, respectively, in case you’re curious.) Hosted and produced by award winning science journalist Rose Eveleth, each episode combines audio drama and journalism to go deep on potential tomorrows, and uncovers what those futures might re ...
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
