207 - Microsoft Windows Actively Exploited Vulnerabilities

YusufOnSecurity.com

Player FM - Internet Radio Done Right

הוסף לפני four שנים

תוכן מסופק על ידי YusufOnSecurity.Com. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי YusufOnSecurity.Com או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

Our Skin: A Personal Discovery Podcast

1
You Are Your Longest Relationship: Artist DaQuane Cherry on Psoriasis, Art, and Self-Care 32:12

לפני 25 ימים32:12

הפעל מאוחר יותר

רשימות

לייק

אהבתי

32:12

DaQuane Cherry was once the kid who wore a hoodie to hide skin flare-ups in school. Now he’s an artist and advocate helping others feel seen. He reflects on his psoriasis journey, the power of small joys, and why loving yourself first isn’t a cliché—it’s essential. Plus, a deep dive into the history of La Roche-Posay’s legendary spring. See omnystudio.com/listener for privacy information.…

לפני שנה 37:47

MP3•בית הפרקים

Enjoying the content? Let us know your feedback!

This episode is one for you system admins out there! Today we’re discussing three actively exploited vulnerabilities you absolutely need to know about—CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. These vulnerabilities have been making headlines, and understanding them could mean the difference between staying secure and falling victim to a breach.
We’ll explore what these vulnerabilities are, how they’re being exploited, the adversaries leveraging them, and what organizations and individuals can do to protect themselves. And, as always, we’ll break down the jargon and bust a popular cybersecurity myth towards the end of the show.
Before we get into the main topic, lets recap the top security news this week

Microsoft dropped the January Patch Tuesday and boy was it a whopper! We will dig into the details in more ways than one!

- https://isc.sans.edu: Microsoft January 2025 Patch Tuesday
- https://www.theregister.com: Microsoft fixes under-attack privilege-escalation holes in Hyper-V

Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.

231 פרקים

#Tech #YusufOnSecurity.Com #Cyber Security #Security #Threats #Vulnerable #Exploitation #Malware #Viruses #Trojan Horse #Worm #Cve

207 - Microsoft Windows Actively Exploited Vulnerabilities

YusufOnSecurity.com

published לפני שנה

שתפו

MP3•בית הפרקים

Enjoying the content? Let us know your feedback!

Microsoft dropped the January Patch Tuesday and boy was it a whopper! We will dig into the details in more ways than one!

- https://isc.sans.edu: Microsoft January 2025 Patch Tuesday
- https://www.theregister.com: Microsoft fixes under-attack privilege-escalation holes in Hyper-V

Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.

231 פרקים

#Tech #YusufOnSecurity.Com #Cyber Security #Security #Threats #Vulnerable #Exploitation #Malware #Viruses #Trojan Horse #Worm #Cve

כל הפרקים

YusufOnSecurity.com

1
231 - A Crash Course in Vendor Risk, Lessons from the CrowdStrike Outage 29:15

לפני 22 ימים29:15

29:15

Enjoying the content? Let us know your feedback! Today, we’re focusing on the critical lessons from one of the most disruptive IT failures in recent memory: the global outage triggered by a CrowdStrike software update on July 19, 2024. While the headlines focused on grounded flights and downed systems, the real story lies in what this incident revealed about the way we build, secure, and rely on digital infrastructure. This episode isn’t just about a faulty update—it’s about the cascading impact of vendor trust, software architecture, and system design decisions made long before disaster strikes. We’ll explore how over-reliance on a single vendor can introduce hidden points of failure, why resilience must be baked into every layer of our IT stack, and how incident response can make or break reputations in a hyperconnected world. We’ll also look at Microsoft’s rapid response and how this moment might reshape the rules for how security software integrates with Windows. The takeaway? In cybersecurity, it’s not enough to be secure—you also have to be prepared for when your most trusted systems fail. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
230 - Security Of iOT 37:45

לפני 29 ימים37:45

37:45

Enjoying the content? Let us know your feedback! This week on YusufOnSecurity, we’re diving into a topic that’s become increasingly critical as our world grows more connected: the security of the Internet of Things, or IoT. From smart thermostats and wearable fitness trackers to industrial sensors and connected cars, IoT devices are now woven into the fabric of our daily lives and business operations. They promise greater convenience, efficiency, and innovation—but they also introduce new risks and vulnerabilities that many organizations and individuals are just beginning to understand. Securing IoT isn’t just about protecting gadgets; it’s about safeguarding the data they collect, the networks they connect to, and ultimately, the people and processes that rely on them. As the number of IoT devices skyrockets, attackers are finding new ways to exploit weak points—sometimes with far-reaching consequences. In this episode, we’ll explore why IoT security matters, the unique challenges it presents, and practical steps you can take to protect your connected world. - https://www.cisco.com : What is iOT? - https://www.iiconsortium.org : Security Maturity Model Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
229 - What is FIPS 140-3 22:55

לפני 5 weeks22:55

22:55

Enjoying the content? Let us know your feedback! In today’s interconnected world, the security of our digital infrastructure relies heavily on cryptography—the science of protecting information by transforming it into unreadable formats for unauthorized users. But how do we know the cryptographic solutions we use are truly secure? That’s where standards like FIPS 140-3 come in. - https://csrc.nist.gov : FIPS-140-40-3 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
228 - How the Emergence of AI-Powered Malware works 26:19

לפני 6 weeks26:19

26:19

Enjoying the content? Let us know your feedback! In today’s episode is about a seismic shift in the world of cyber threats. The emergence of AI-powered malware. We’ll unpack how this new breed of malware works, the science behind it, real-world incidents, and what the latest academic research reveals. We will also look at the latest news that some are calling "The mother of all breaches". We have all that coming up next, in this week's podcast! - https://www.bleepingcomputer.com : No, the 16 billion credentials leak is not a new data breach Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
227 - Is UTM Still Relevant? 44:36

לפני 7 weeks44:36

44:36

Enjoying the content? Let us know your feedback! Today, we’ll answer a pressing question in cybersecurity: Is UTM still relevant in 2025? We’ll trace the origins of UTM, explain why it was created, break down its core features, compare it to newer technologies, and finish by busting a common cybersecurity myth. Before we dive into our main topic, let’s take a quick look at a major tech update making headlines: The emergence of AI powered malware is becoming more real - https://en.wikipedia.org : UTM - https://perception-point.io : AI Malware: Types, Real Life Examples, and Defensive Measures Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
226 - Inside A Stealthy Malware Powering Modern Cyber Attacks 47:28

לפני 8 weeks47:28

47:28

Enjoying the content? Let us know your feedback! In this week's episode, we get into some detailed exploration of an up and coming malware. Looking at it closer, it is one of the most advanced post-exploitation code families shaping the cybersecurity landscape in 2025. Over the time we have together, we’ll unravel what this malware is, how it works, why it’s so dangerous, and most importantly what businesses can do to defend themselves. Along the way, we’ll break down technical terms and processes, to make the topic less complex as I need it to be accessible and engaging to everyone. Before we dive into our main topic, let’s take a quick look at a major tech update making headlines: Microsoft Authenticator Now Warns To Export Passwords Before July Cut Off - https://www.bleepingcomputer.com : Ransomware gangs increasingly use Skitnet post-exploitation malware - https://otx.alienvault.com : Skitnet IOCs Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
225 - What Is a Content Delivery Network—And Do They Really Protect Businesses? 24:29

לפני 9 weeks24:29

24:29

Enjoying the content? Let us know your feedback! This week we are exploring what Content Delivery Networks —commonly known as CDNs— are and whether they protect modern businesses. We’ll dive deep into the mechanics of how CDNs work, the technologies behind them, and whether they defend organizations from threats or just deliver content at blazing speeds. Along the way, we’ll highlight two of the world’s leading CDN providers. - https://en.wikipedia.org : Content Delivery Network - https://www.cloudflare.com : What Is CDN? - https://www.akamai.com : What Is CDN? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
224 - Cisco Talos Year 2024 In Review 34:38

לפני 10 weeks34:38

34:38

Enjoying the content? Let us know your feedback! In this week's episode, we are looking at the latest Cisco Talos’ 2024 report. In this comprehensive report, we will delve into the major cybersecurity trends and threats observed over the past year. Cisco Talos team, has compiled this report to provide valuable insights and guidance for organizations to enhance their security postures. But before we get in to the main topic, I have one security news for you and that is: - The European Union launches a new vulnerability Database - EUVD - https://euvd.enisa.europa.eu : EUVD - https://euvd.enisa.europa.eu/faq : EUVD FAQ - https://blog.talosintelligence.com : 2024 Year In Review Report - https://www.forbes.com : Why Quantum Computers Will Work Alongside Classical Systems Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
223 - RSAC 2025 - Part 2 21:55

לפני 11 weeks21:55

21:55

Enjoying the content? Let us know your feedback! This is the part 2 of RSAC 2025 episode. If you have not listened to episode 1 (that episode 222), I would suggest you listen to episode 1 before you listen this episode. Before you we get into part 2, lets review what has been happening last week on the news front. - UK shares security tips after major retail cyberattacks - https://www.bleepingcomputer.com : UK NCSC Cyber Attack A Wake Up call - https://www.ncsc.gov.uk :NCSC statement - Incident impacting retailers Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
222 - RSAC 2025 - Part 1 35:54

לפני 12 weeks35:54

35:54

Enjoying the content? Let us know your feedback! It was RSAC week and it would be remiss of me if I did not give you a highlight on what went on this year, 2025. After all, RSAC has a critical role in security. We will be reviewing the top key announcements from this year's event, including some exciting news from the major security players in the industry. Whether you're a cybersecurity professional, a tech enthusiast, or just curious about the latest in the world of cyber security, this episode is definitely for you. So, let's get started! Before we dive into the main segment, we will also add one more topic that I think is of major importance on top of everything else and that is from Microsoft. Microsoft makes All new Account Passwordless by default - https://techcommunity.microsoft.com : New User Experience - https://www.rsaconference.com : RSA Conference 2025 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
221 - FBI’s 2024 Annual Internet Crime Report 32:16

לפני 13 weeks32:16

32:16

Enjoying the content? Let us know your feedback! This week's episode looks at the FBI’s 2024 Annual Internet Crime Report -an analysis that not only highlights the scale of cybercrime but also reveals the evolving tactics of cybercriminals and the staggering financial impact on individuals and businesses alike. This of course relates to US but it is an indicative what might be happening elsewhere. - https://www.ic3.gov : Federal Bureau Of Investigation - Internet Crime Report 2024 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
220 - Watering Hole Attacks-The Hidden Danger of Trusted Spaces 32:41

לפני 14 weeks32:41

32:41

Enjoying the content? Let us know your feedback! Imagine visiting your favorite website-one you trust, one you’ve browsed a hundred times before-only to discover it’s become a silent gateway for cybercriminals. What if the real danger wasn’t in suspicious emails or obvious scams, but lurking in the very places you feel safest online? In today’s episode, we’ll unravel a cunning technique that preys on trust and routine, catching even the most vigilant users off guard. Stay tuned as we explore the origins, methods, and real-world impact of one of the most deceptive cyber threats in existence. But before we get to the main topic, lets cover the top security news first Lazarus hackers breach multiple organisation in a not so new attack method. We will find out what the technique is. - https://attack.mitre.org : Lazarus - https://attack.mitre.org : Drive by compromise Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
219 - What Is Agentic AI? 33:36

לפני 15 weeks33:36

33:36

Enjoying the content? Let us know your feedback! In this week's episode we are touching an intriguing topic. We're going to explore Agentic AI, a fascinating area within artificial intelligence that focuses on autonomous systems capable of making decisions and performing tasks without human intervention. We'll break it down for those new to cybersecurity, delve into some technical details, and use analogies to make it all clear But we before we dive into the topic, lets recap the top security news this week: Microsoft defender will isolate undiscovered endpoing to block attacks - https://learn.microsoft.com : Whatsbnew in Microsoft Defender Endpoint - Apri 2025 - https://en.wikipedia.org : Alan Turing - https://www.nvidia.com : Agentic AI Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
218 - Fast Flux-The Cybercriminal's Hide and Seek 26:49

לפני 16 weeks26:49

26:49

Enjoying the content? Let us know your feedback! This week, we re going to explore what Fast Flux is, a sophisticated technique used by cybercriminals to evade detection and maintain their malicious activities. We'll break it down for those new to cybersecurity, delve into some technical details, and use analogies to make it all clear. So without further ado, grab your coffee, or keep your eyes on the road if you are driving, sit back, and let's get started!" HellCat Ransomware - https://therecord.media: Schneider Electric Hackers Accessed Internal Project Tracking Platform - https://www.infosecurity-magazine.com: Hellcat Ransomware Humiliation - https://attack.mitre.org : Dynamic Resolution: Fast Flux DNS - https://www.cisa.gov : Fasst Flux, A National Security Threat Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
217 - Phishing the Expert-The Unexpected Cybersecurity Breach - Part 2 28:32

לפני 17 weeks28:32

28:32

Enjoying the content? Let us know your feedback! This week's episode is continuation of Troy Hunt's cautionary tale , the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll continue to break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end where we bust our myth of the week! We will also look at this week's cyber security news which is Ubuntu Linux security bypasses - https://blog.qualys.co m: Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions - https://www.troyhunt.com : A sneaky phish just grabbed my Mailchimp mailing list Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
216 - Phishing The Expert-The Unexpected Cybersecurity Breach - Part 1 32:15

לפני 18 weeks32:15

32:15

Enjoying the content? Let us know your feedback! In this week's episode we have a fascinating and cautionary tale about none other than Troy Hunt, the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end for tips on how to stay vigilant against phishing attacks and our myth of the week! we will also look at the cyber security news. Here is what caught my attention this week. - PSTools dll injection vulnerability - https://www.foto-video-it.de : Disclosure Sysinternals (You will need to translate to English if you are not a German speaker) - https://learn.microsoft.com : PSTool - https://www.troyhunt.com : A sneaky phish just grabbed my Mailchimp mailing list Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
215 - Cyber Threat Emulation - Strategies for Staying Ahead Of Cyber Attacks 37:04

לפני 19 weeks37:04

37:04

Enjoying the content? Let us know your feedback! In this episode, we’ll look into a cybersecurity assessment method that mimics real-world attacks to test an organization's security defenses and response capabilities: Threat emulation. It is one of the strategies to keep you ahead of the game. Threat emulation aims to identify and mitigate security gaps before attackers exploit them, providing a more comprehensive evaluation than traditional assessments. Before we dive into the main topic, lets glance what is happening on the security front: March Microsoft Patch Tuesday has landed! - https://msrc.microsoft.com : March 2025 Security Updates - https://detect-respond.blogspot.com : Pyramid Of Pain - https://www.atomicredteam.io : Atomic Read Team - https://www.ecb.europa.eu /paym/cyber-resilience/tiber-eu/html/index.en.html Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
214 - What are polyglot files and how bad are they? 31:58

לפני 20 weeks31:58

31:58

Enjoying the content? Let us know your feedback! In this episode, we’ll be exploring a particularly intriguing file types: polyglot files. These digital shapeshifters have become a powerful tool in the arsenal of cyber attackers, capable of bypassing security measures, confusing systems, and delivering malicious payloads in ways that are both creative and devastating. Over the next 20 to 30 minutes or so, we’ll break down what polyglot files are, how they work, and why they’re so dangerous. We’ll also examine some real-world examples where polyglot files were used in cyberattacks. We will reference the MITRE ATT&CK framework to understand how these techniques fit into the broader landscape of adversarial tactics. Finally, we’ll discuss mitigation strategies and close with a cybersecurity myth that needs busting Before we dive into the main topic, lets glance what is happening on the security front: UEFI Secure Boot bypass vulnerability - https://en.wikipedia.org : Polyglot - https://attack.mitre.org : Masquerading - https://arxiv.org : Where the Polyglots Are: How Polyglot Files Enable Cyber Attack Chains and Methods for Detection & Disarmament - https://medium.com : Polyglot Files A Hackers Best Friend - https://www.bleepingcomputer.com : New polyglot malware hits aviation, satellite communication firms Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
213 - Stealing Data in Plain Sight -How Cybercriminals Exfiltrate Your Secrets and How to Stop Them 50:53

לפני 21 weeks50:53

50:53

Enjoying the content? Let us know your feedback! In today's episode, we're diving deep into Data Exfiltration; one of the most serious threats facing organizations today. We'll break down exactly what data exfiltration is, where it fits in the MITRE ATT&CK framework, the tools and techniques attackers use, and, most importantly, how organizations can defend themselves. We’ll also cover real-world examples, including publicly known cases that had major consequences. So, whether you're a seasoned security professional or just starting out in the field, stick around as we unravel the methods attackers use and how to stop them. First lets look at one of the trending security news this week, and that is: News: Caldera Vulnerability - https://github.com/mitre/caldera : Security Notice - https://nvd.nist.gov : CVE-2025-27364 - https://medium.com : MITRE Caldera Security Advisory — Remote Code Execution (CVE-2025–27364) - https://www.mitre.org : Caldera Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
212 - Behind the login Screen - Understanding OS Authentication - Part 2 49:05

לפני 22 weeks49:05

49:05

Enjoying the content? Let us know your feedback! We are continuing with part 2 of "Behind the Login Screen - Understanding OS Authentication." If you missed our first episode, I highly recommend giving it a listen before diving into today's content. In part one, we started to explore the fascinating world of operating system authentications, focusing on Windows, Linux/Unix, and Mac OS. We discussed how hashes are used in authentication, the concept of salt in passwords, rainbow table attacks. In today's episode, we'll build on that foundation and delve even deeper into the topic of OS authentication mechanisms. So again, if you haven't already, make sure to catch up on part one to get the full picture. Now, let's get started with part two of our journey into the world of OS authentication! lets look at one of the trending security news this week, and that is: - Newly discovered OpenSSH vulnerabilities. - https://blog.qualys.com : Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 - https://learn.microsoft.com : Kerberos Authentication Overview Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
211 - Behind the login Screen: Understanding OS Authentication - Part 2 35:22

לפני 23 weeks35:22

35:22

Enjoying the content? Let us know your feedback! In today's episode, we're going to explore the fascinating topic of operating systems authentications. We all use it but how many of us wondered how the behind the curtains machinery work. We'll be focusing on Windows, Linux/Unix, and Mac OS. We'll discuss how hashes are used in authentication, the concept of salt in passwords, rainbow table attacks and their countermeasures, the benefits of password-less authentication using hardware keys, password cracking, the shadow file in Unix/Linux, and the mechanics of how each OS protects passwords and how attackers try to circumvent these protections. Scareware blocker, now available in Microsoft Edge - https://blogs.windows.com : Stand Up To Scareware With Scareware Blocker - https://learn.microsoft.com : Kerberos Authentication Overview - https://www.microsoft.com : Scareware Blocker Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
210 - Adversarial Misuse of Generative AI 50:21

לפני 24 weeks50:21

50:21

Enjoying the content? Let us know your feedback! As AI-generated content becomes more advanced, the risk of adversarial misuse—where bad actors manipulate AI for malicious purposes—has skyrocketed. But what does this mean in practical terms? What risks do we face, and how one of the big players is addressing them? Stick around as we break Google’s Adversarial Misuse of Generative AI report, explain the key jargon, and bust a cybersecurity myth at the end of the show. Before we get into the main topic, lets have a look at one important news update, and that is: Microsoft has expanded its Windows 11 administrator protection tests - https://cloud.google.com : Adversarial Misuse of Generative AI - https://deepmind.google : Mapping the misuse of generative AI - https://learn.microsoft.com : User Account Control overview - https://learn.microsoft.com : How User Account Control works Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
209 - DeepSeek 28:51

לפני 25 weeks28:51

28:51

Enjoying the content? Let us know your feedback! Today, we’ve got something really exciting for you. If you’ve been following the world of artificial intelligence lately, you’ve probably heard a lot about a new player in town: DeepSeek. Now, let me tell you, DeepSeek is shaking things up. They’re doing something completely different that’s not only disrupting the AI space but could also be a game-changer in how we approach cost, performance, and security in the future of AI technology. So, grab a seat on a solid ground and buckle up—this week, we’re diving into how **DeepSeek** is leveling the playing field for AI vendors everywhere, cutting costs, and leveraging some really smart techniques that are turning heads in the industry. And, of course, at the end of today’s episode, we’ll be busting a big cybersecurity myth that might surprise you. But first, let’s talk all things DeepSeek. Before we dive into the main, we will also bring you update todate on the news front: - Deepseek date breach. Yes they were hit already! - https://www.technologyreview.com : How DeepSeek ripped up the AI playbook—and why everyone’s going to follow its lead - https://www.digitaltrends.com : Microsoft is letting anyone use ChatGPT’s $200 reasoning model for free - https://www.wiz.io : Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
208 - Lets Encrypt on shortening certification lifetime to just 6 days! 32:38

לפני 26 weeks32:38

32:38

Enjoying the content? Let us know your feedback! In this episode we will detail the significant announcement from Let’s Encrypt – the trusted nonprofit Certificate Authority that has been at the forefront of making the web more secure. Let’s Encrypt has revealed its plans to drastically reduce the lifetime of its TLS certificates from 90 days to just 6 days. This decision, outlined in their 2024 annual report, is aimed at strengthening the security of online communications by minimizing the risks associated with compromised keys. But what does this mean for website owners, IT administrators, and the broader cybersecurity landscape? That’s what we’ll explore in detail today. - https://community.letsencrypt.org : 2024 ISRG Annual Report - https://www.malwarebytes.com : 7-zip bug could allow a bypass of a windows security feature update now - https://digital.nhs.uk : Proof-of-Concept Exploit Released for CVE-2025-0411 in 7-Zip Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
207 - Microsoft Windows Actively Exploited Vulnerabilities 37:47

לפני 27 weeks37:47

37:47

Enjoying the content? Let us know your feedback! This episode is one for you system admins out there! Today we’re discussing three actively exploited vulnerabilities you absolutely need to know about—CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. These vulnerabilities have been making headlines, and understanding them could mean the difference between staying secure and falling victim to a breach. We’ll explore what these vulnerabilities are, how they’re being exploited, the adversaries leveraging them, and what organizations and individuals can do to protect themselves. And, as always, we’ll break down the jargon and bust a popular cybersecurity myth towards the end of the show. Before we get into the main topic, lets recap the top security news this week Microsoft dropped the January Patch Tuesday and boy was it a whopper! We will dig into the details in more ways than one! - https://isc.sans.edu : Microsoft January 2025 Patch Tuesday - https://www.theregister.com : Microsoft fixes under-attack privilege-escalation holes in Hyper-V Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
206 - Cybersecurity Resolutions for 2025 - Best Practices for Individuals and Organizations 32:56

לפני 28 weeks32:56

32:56

Enjoying the content? Let us know your feedback! This is the podcast where we explore the ever-evolving world of cybersecurity and provide practical advice for staying ahead of threats. I’m your host, Yusuf, and today’s episode is all about starting the new year with a solid plan. We’re diving into _Cybersecurity Resolutions for 2025: Best Practices for Individuals and Organizations._ As we step into a new year, it’s the perfect time to reflect on how we protect our digital lives—whether at home or in the workplace. From bolstering personal security habits to implementing stronger organizational policies, this episode will cover actionable resolutions you can adopt today. Along the way, we’ll explain key jargon, explore real-life examples, and, as always, bust a common cybersecurity myth at the end. - https://nypost.com : Apple users warned of hi-tech Mac malware that steals personal data, goes undetected for months— here’s how to stay safe - https://www.youtube.com : When Do We Get to Play On Easy Mode? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
205 - Vulnerability Scanners-The Heroes and Hidden Limits of Cybersecurity 28:48

לפני 29 weeks28:48

28:48

Enjoying the content? Let us know your feedback! Today, we’re tackling a fundamental yet often misunderstood tool in every cybersecurity professional's arsenal—vulnerability scanners. What role do they play in protecting our organizations? Where do they shine, and where do they fall short? As always, we’ll cut through the jargon and break things down for everyone—from seasoned professionals to those just beginning their journey in cybersecurity. And stick around until the end for this week’s myth-busting segment, where we debunk a misconception about cyber security in general that many people still believe. So grab your favorite beverage, get set, and let’s dive right in! Tenable Scanner Agent went offline globally All that coming up next, in this week episode. - https://docs.tenable.com : Tenable Nessus Agent 2025 Release Notes - https://www.splunk.com : Vulnerability Scanners Primer Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
204 - Recap of the best episodes of 2024 1:31:38

לפני 30 weeks1:31:38

1:31:38

Enjoying the content? Let us know your feedback! This final episode of 2024, we recap the best the most listened to episodes of the year. And this year we have a great four back to back of the greatest of them all. Lets start with the first eisode 191 - Is The Browser The New Operating System? released on the 28th of September. Next is episode 172 - SSL VPN versus IPsec VPN - Part 1 and part 2 released 18th of May and 25 of May respectively. And finally Episode 191 - APIs and Webhooks released on the the 5th October. Enjoy and see you in the new year! Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
203 - Tips In Securing Your Organization - When the Security Team is Away 22:04

לפני 31 weeks22:04

22:04

Enjoying the content? Let us know your feedback! It is a topical episode we’re diving into a high-stakes challenge every organization faces: It is holiday season, how do you manage threats when most of the security team is off duty. Imagine a holiday season, a long weekend, or even an unexpected emergency. With key team members unavailable, how do we keep our defenses strong? This episode will provide actionable strategies, backed by real-world examples, to help you stay prepared. Stick around until the end, where we’ll also bust a common cybersecurity myth. - https://www.bleepingcomputer.com : CISA Urges Switch To Signal Like-Encrypted Messaging Apps After Telecom Hacks Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
202 - Volt Typhoon 36:15

לפני 32 weeks36:15

36:15

Enjoying the content? Let us know your feedback! In this week's episode, we’re diving into a concerning and highly consequential topic: the Volt Typhoon espionage campaign—an advanced persistent threat that has sent shockwaves through the cybersecurity and telecommunications industries. Volt Typhoon, a state-backed APT group, has been making headlines for its stealthy and highly sophisticated attacks on telecom networks. In this episode, we’ll dissect the technical details of this malware campaign, the vulnerabilities it exploited, and the regulatory loopholes that attackers took advantage of. We’ll also explore lessons the industry can learn to bolster defenses and, as always, bust a common cybersecurity myth along the way. As always, we will break down all the jargon so that anyone can understand. Whatever you are doing, settle in or keep your eyes on the road, and let’s get started. Before we get into the main topic, we will start with a recap of top trending security news this week...and that is: The Last Patch Tuesday - https://msrc.microsoft.com : Microsoft - December 2024 Security Updates - https://www.cisa.gov : CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity - https://www.cisco.com : China APT’s, Volt Typhoon, and what to do! - https://www.fcc.gov : Communications Assistance for Law Enforcement Act Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
201 - Digital Breadcrumbs - Tracing the Hidden Trails for Evidence 30:20

לפני 33 weeks30:20

30:20

Enjoying the content? Let us know your feedback! This week episode, we dive into one of the most fascinating aspects of digital investigations: Windows forensic artifacts. It does not matter who you are: a security professional, an aspiring investigator, or simply curious about how experts uncover the digital breadcrumbs left on your computer, this episode will walk you through the essential pieces of evidence, known as _forensic artifacts_. We’ll dip our hand into that Shellbags...wait what bags? I heard you say, Don't worry we will break down those complex terms, discuss real-world cases, and provide you with an in-depth understanding of artifacts like Shellbags, Prefetch files, and more. Before we go any futher, we will review one top trending security news, this week... and that is: Microsoft NTLM Zero Won't get fixed until April 2025! - https://blog.0patch.com : NTLM Hash Disclosure Vulnerability (0day) - https://www.splunk.com : Cyber Forensics - https://www.coursera.org : Digital Forensics Concepts Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
200 - Incident Response Playbook- Turning Chaos into Control 34:09

לפני 34 weeks34:09

34:09

Enjoying the content? Let us know your feedback! Today, we’re tackling a topic that every organization, big or small, absolutely must take seriously: Incident Response Playbook Imagine this: It’s 3 a.m., and your phone buzzes with an alert. A possible ransomware attack has been detected in your network. Do you panic, or do you execute a clear, structured plan? That’s the difference an Incident Response (IR) playbook can make—it turns chaos into control. Today, we’ll break down what an IR playbook is, why it’s crucial, and how to implement one effectively. We’ll demystify technical jargon and provide actionable insights that you can apply right away. Stick around for the final section, where we’ll bust a common cybersecurity myth that everyone should know about. Before we go ahead with the show, lets review the top trending security news this week: https://www.bleepingcomputer.com : Microsoft TPM is non-negotiable https://learn.microsoft.com : Windows 11 Hardware and Software Requirements Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
199 - FBI-CISA-NSA's list of the most exploited vulnerabilities of 2023 35:37

לפני 35 weeks35:37

35:37

Enjoying the content? Let us know your feedback! This week, we’re diving into a hot-off-the-presses report from the FBI, CISA, and NSA —a breakdown of the most exploited vulnerabilities of 2023. Think of this as the hackers' “most wanted” list: the weaknesses in software and systems that bad actors love to exploit because they’re effective and widely available. Before we get into that, lets review the top security news this week. Pygmy Goat: The Sophisticated Linux Backdoor Targeting Network Devices - https://www.ncsc.gov.uk : Pygmy Goat Analysis - https://www.cisa.gov : 2023 Top Routinely Exploited Vulnerabilities Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
198 - Browser Engines Security 24:57

לפני 36 weeks24:57

24:57

Enjoying the content? Let us know your feedback! Today, we’ll dive into what browser engines are, how they power your online experiences, and the security efforts shaping the modern web. We’ll also unpack extension security, with a spotlight on Google’s Manifest v3, and see how Safari and Firefox approach these challenges. Whether you’re a casual browser user or a budding tech enthusiast, this episode is designed to give you insight into a part of your digital life that you might not even realize exists—the browser engine. So If phrases like “browser engines” and “Manifest v3” sound daunting, don’t worry! I’ll break it all down so it’s as simple as possible. By the end, you’ll not only understand these terms but also appreciate why they’re crucial for a safer internet. Before we get started, lets review a top trending piece of news this week....and that is: iOS 18.1 Forcing Reboots - https://www.macrumors.com : iOS 18.1 Forcing Reboots - https://en.wikipedia.org : Browser_engine, what they are - https://en.wikipedia.org : Comparison OF Browser Engines Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
197 - Advanced Malware evasion Techniques And Their Counter Measures 27:34

לפני 37 weeks27:34

27:34

Enjoying the content? Let us know your feedback! It is another week and another podcast shaw on YusufOnSecurity where we deep dive into the complex world of cybersecurity that concerns both professionals and anyone interested in how attackers continue to evolve their methods. This week we will be covering advanced malware evasion techniques—strategies used by malicious software to avoid detection—and, crucially, the countermeasures that can help protect against these threats. Before we get started, lets review a top trending piece of news this week....and that is: SANS' Holiday Hack Challenge 2024 is Up - https://www.sans.org : SANS' Holiday Hack Challenge 2024 - https://redcanary.com : Defense- Evasion Why Is It So Prominent How Can You Detect It? - https://attack.mitre.org/tactics/TA0005/ Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
196 - What are Shared Fate Model and Trust Anchors? 28:46

לפני 38 weeks28:46

28:46

Enjoying the content? Let us know your feedback! In this week's episode I will unpack the complexities of the cybersecurity world and help you stay informed and secure. Today, we’re going to dig into some intriguing concepts shaping the cybersecurity landscape: the Shared Fate Model and Trust Anchors. Some say these concepts are becoming so vital in modern IT security, their pros and cons, and how they compare with traditional security models that, quite frankly, aren’t cutting it anymore. Before we get started, lets review a top trending piece of news this week....and that is: Australia looks at setting a minimum for social media use - https://edition.cnn.com : Australia Minimum Age Limit on Social Media - https://cloud.google.com : Shared Fate Model - https://csrc.nist.gov : Trust Anchor Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
195 - Top Common Password Attacks and How to Defend Against Them 38:15

לפני 39 weeks38:15

38:15

Enjoying the content? Let us know your feedback! Lets face it, the cyber crooks are always lurking aroud waiting for an opportunity to come in. They choose the path of least resistant and password is often their way in. Unfortunately password is still with us and for sometime to come too. In today episode, we’re digging deep into top common types of password attacks—and, most importantly, I’ll walk you through effective ways to stop them. Passwords are often the first line of defense, but they’re also a favorite target for hackers. Understanding these attack methods can empower you to protect your data better, avoid common pitfalls, and even educate those around you. So, let’s get into it! A newly discovered ransomware serves a wake up all for Mac Users. - https://xkcd.com : How To Create A Strong Password - https://haveibeenpwned.com : Have I Been Pawned - https://pages.nist.gov : Password - https://www.infosecurity-magazine.com : NIST Scraps Passwords Complexity and Mandatory Changes in New Guidelines Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
194 - Interview With Red Sift 33:55

לפני 40 weeks33:55

33:55

Enjoying the content? Let us know your feedback! This week's episode is an interview with Nadim Lahoud from Red Sift at GITEX the Global IT Expo that is held yearly in Dubai. It is the largest tech startup gathering in the world. Redsift is a company that provides a cloud-based DMARC, DKIM and SPF configuration and management platform called OnDMARC. They also provide: -Continuous certificate discovery and monitoring as well as -Brand Trust through AI-driven brand impersonation discovery and monitoring. Before we get into that we will recap the top trending security this week. That is: FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms - https://fidoalliance.org : Specifications Credential Exchange Specifications - https://redsift.com : About Red Sift Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
193 - Microsoft Windows Architecture 39:38

לפני 41 weeks39:38

39:38

Enjoying the content? Let us know your feedback! Today we’re going to peel back the layers of Microsoft Windows architecture. For many of us, Windows has been a part of our computing lives for decades, whether at work or at home. But how much do we really know about how it works under the hood? In this episode, we’ll take a closer look at what makes Windows tick, compare it with Unix/Linux systems, and explore how it has evolved over the years. Before we get into the topic, lets review this week's top trending security news: Criminals Are Testing Their Ransomware Campaigns in Africa - https://www.performanta.com : Africa A testing Ground - https://en.wikipedia.org : Architecture Of Windows NT - https://techcommunity.microsoft.com : Windows Architecture The Basics - https://learn.microsoft.com : Explore Windows Architecture/ Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
192 - APIs and Webhooks 38:10

לפני 42 weeks38:10

38:10

Enjoying the content? Let us know your feedback! In today's episode, we’re diving into the world of APIs and Webhooks—two key technologies that power much of the automation and interaction between services online. Whether you’re a developer, security expert, or someone just curious about how data flows through the internet, this episode will give you valuable insights into how these tools work, their history, and, most importantly, how to keep them secure. We’ll also look at real-world examples of API-based attacks on major brands and break down what went wrong. By the end of this episode, you’ll have a full understanding of both APIs and Webhooks, and you’ll be armed with the must-know security measures for each. So, stick around and by keep listening! Having said that, lets have a look at the top trending news this week. Mitre launches AI Incident Sharing Initiative. Awsome move! - https://owasp.org : OWASP API Security Top 10 - https://ai-incidents.mitre.org : Mitre ATLAS Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
191 - Is The Browser The New Operating System? 26:27

לפני 43 weeks26:27

26:27

Enjoying the content? Let us know your feedback! Today we’re discussing an exciting trend in the world of technology—the browser is no longer just a window to the web. So we asked is it becoming the operating system itself? From the early days of Mosaic and Netscape Navigator to today’s cloud-powered Chromebooks, the browser has evolved dramatically. In this episode, we’ll explore the security implication, the history of browsers, the famous browser wars, and how today’s browsers are blurring the lines between web interfaces and operating systems. Having said that, lets recap a top trending security news shall we? Exploiting CUPS: How Recent Vulnerabilities Could Compromise Linux Security - https://www.evilsocket.net : Attacking On UNIX Systems Via CUPS Part I - https://en.wikipedia.org : History of The Web Browsers - https://en.wikipedia.org : Browser Wars Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
190 - DevSecOps 26:13

לפני 44 weeks26:13

26:13

Enjoying the content? Let us know your feedback! In this episode lets look at the world of DevSecOps—a vital practice in modern software development that has implication on security. We’ll trace the history of software development, discuss the evolution of methodologies, and examine the challenges that have led to the emergence of DevSecOps. So, whether you’re a seasoned developer who is curious about the cyber security world, or a veteran security practitioner, this is an episode you would not want to miss.. As always, lets review what is trending in the news front first. Microsoft officially deprecates Windows Server Update Service aka WSUS. - https://techcommunity.microsoft.com : Windows Server Update Services WSUS Deprecation - https://www.cisco.com : Addressing Security Challenges in a Fast Evolving Landscape White Paper Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
189 - The Risks of Rushing LLM Implementation and Sensitive Data Leakage on the Open Web 32:19

לפני 45 weeks32:19

32:19

Enjoying the content? Let us know your feedback! Today’s topic is one that mixes the marvel of modern technology with some very real concerns. We’re talking about the rise of Large Language Models, or LLMs, how they’re rapidly being adopted across industries, and the potential for sensitive data leakage on the open web. It’s a thrilling time for AI technologies, but as with all new frontiers, there are risks if we're not careful. News: MSHTML platform spoofing vulnerability. And yes, It is a big one. - https://blogs.cisco.com : Securing The LLM Stack - https://msrc.microsoft.com : CVE-2024-43461 - https://msrc.microsoft.com : CVE-2024-38112 - https://www.trendmicro.com : CVE-2024-38112 Void-Banshee Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
188 - Yubikey Vulnerability 26:05

לפני 46 weeks26:05

26:05

Enjoying the content? Let us know your feedback! In this episode we’re diving into an important topic that concerns one of the most trusted hardware security tokens on the market—the YubiKey 5 series. We’ll discuss a recently discovered vulnerability affecting YubiKeys and go over what it means for the broader world of authentication and cryptographic security. To help you fully understand the issue, I’ll also provide a quick primer on key concepts like digital signatures, elliptic curves, and the cryptographic algorithm known as ECDSA. With that said, this episode is an update as well as a main topic and all in all it will give you the tools you need to stay informed and protected. - https://www.yubico.com: Yubico Advisories - https://ninjalab.io : The research Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
187 - File Integrity Monitoring or EDR? 29:34

לפני 47 weeks29:34

29:34

Enjoying the content? Let us know your feedback! Today, we will look into two essential cybersecurity solutions: File Integrity Monitoring or FIM and Endpoint Detection and Response, commonly known as EDR. Both of these technologies are crucial for protecting systems, but they work in very different ways. We’ll be comparing and contrasting their capabilities, benefits, and use cases. Before we get into the main topic, lets review a top trending piece of security news: SANS Institute released a Critical Infrastructure Strategy Guide - https://www.sans.org : SANS Institute released a Critical Infrastructure Strategy Guide - https://en.wikipedia.org : File Integrity Monitoring - https://www.cisco.com : What is an EDR? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
186 - The New NIST Framework 2.0 35:54

לפני 48 weeks35:54

35:54

Enjoying the content? Let us know your feedback! In today episode we’re diving into something that’s been making waves in the cybersecurity community—NIST Cybersecurity Framework 2.0. The NIST Cybersecurity Framework has long been a cornerstone for building robust security practices, and with the release of version 2.0, there are some exciting new developments that are relevant given todays threat landscape. As always, lets review what is trending in the news front. CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet - https://www.akamai.com : Mirai Botnet Infects CCTV Used in Critical Infrastructures - https://www.nist.gov : IST Cybersecurity Framework 2.0. - https://nvlpubs.nist.gov : NIST Cybersecurity Framework 2.0. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
185 - Cybersecurity Capability Maturity Model 33:03

לפני 49 weeks33:03

33:03

Enjoying the content? Let us know your feedback! In this week's episode we will dig in exploring a critical framework that’s reshaping how organizations approach cybersecurity—especially in the energy sector—known as the Cybersecurity Capability Maturity Model. This is also refer to C2M2. We’ll unpack what C2M2 is, why it’s so important, and how it helps organizations assess and improve their cybersecurity practices. So, grab a coffee, sit back, and let’s dive in. But wait, lets first review this week's trending news. A ransomware group launched an EDR process killer utility - https://www.theregister.com : RnsomHub EDRKilling Malware/ - https://c2m2.doe.gov : Cybersecurity Capability Maturity Model Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
184 - Why Hackers Target Stolen Credentials 37:23

לפני 50 weeks37:23

37:23

Enjoying the content? Let us know your feedback! In this week's episode, we’re unpacking a topic that’s crucial for anyone connected to the digital world: _Why Hackers Target Stolen Credentials_. From understanding the value behind those stolen usernames and passwords to exploring the dark web marketplaces where they’re traded, we’ll break it all down and look at what this means for your security. Before we get into the topic, lets review this week's top trending security news: A UK IT provide faces hefty fines for ransomware breach - https://ico.org.uk : Provisional decision to impose £6m fine on software provider following 2022 ransomware attack that disrupted NHS and social care services - https://en.wikipedia.org: Credential Stuffing Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
183 - The Malware Information Sharing Platform 30:00

לפני 51 weeks30:00

30:00

Enjoying the content? Let us know your feedback! In this week's episode, we're diving into the Malware Information Sharing Platform, or MISP. We'll explore how MISP helps organizations share and leverage threat intelligence, enhancing their defense against cyber threats. Stay tuned as we unpack its features, benefits, challenges, and practical tips for implementation. Before we get into the main topic, lets touch a top trending piece of news this week. And that is: Ransomware is on the rise, while technology becomes most targeted section - https://blog.talosintelligence.com : IR Trends: Ransomware on the rise, while technology becomes most targeted sector - https://www.misp-project.org : MISP Project - https://www.misp-project.org : Documentation - https://github.com : MISP GitHub Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
82 - Weighting The Risk Benefit Of Kernel Level Access By 3rd Party Apps 29:44

לפני 1 year29:44

29:44

Enjoying the content? Let us know your feedback! In this week's episode, we will dig into the risk benefit analysis of allowing kernel level access to third party application. We will look into the inherent risks this brings into the operating system and the benefit thereof. We will also compare the approach the two major operatic system makers took i.e. Microsoft and Apple. We will include snippet of what Microsoft says post CrowStrike outage. - https://www.microsoft.com : Windows Security Best Practices For Integrating And Managing Security Tools - https://support.apple.com : System And Kernel Extensions In MacOS - https://www.theverge.com : Microsoft Windows Changes Crowdstrike Kernel Driver - https://learn.microsoft.com : Support Policy Third Party Kernel Level Attestation Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
181 - The Crowdstrike IT Outage 47:34

לפני 1 year47:34

47:34

Enjoying the content? Let us know your feedback! This week's episode needs very little introduction: The CrowdStrike IT Outage. We will delve into the unprecedented IT outage caused by a corrupt update from CrowdStrike, which led to widespread Blue Screen of Death (BSOD) errors on Windows systems across globe. Join us as we explore how this incident became the largest IT outage in history and what lessons can be learned from it. - https://www.crowdstrike.com : Falcon Update For Windows Hosts Technical Details - https://www.crowdstrike.com : Falcon Content Update Remediation And Guidance Hub Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
180 - Unmasking Data Breaches - Understanding the Surge and Examining Recent Major Incidents - Part 2 35:32

לפני 1 year35:32

35:32

Enjoying the content? Let us know your feedback! As I said in part of this two part series episode, It's easy to feel like nothing is secure these days, with constant reports of data breaches and exploits occurring everywhere you look. From major corporations to small businesses, no one seems immune to these pervasive cyber threats. The frequency and scale of these incidents can make it seem like our digital world is under continuous siege. In today's episode, we will be diving into the reasons behind the surge in data breaches and exploits, and how these incidents are becoming more frequent and damaging. Join us as we explore the fundamental factors contributing to this trend and examine some major breaches from the past few years. Please listen to part 1, beforehand. Lets now turn to our top trending news this week and that is: There is a critical Exim Mail Server Vulnerability - https://informationisbeautiful.net/visualizations : Worlds Biggest Data Breaches Hacks - https://bugs.exim.org : Incorrect parsing of multiline rfc2231 header filename - https://nvd.nist.gov : CVE-2024-39929 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
179 -Unmasking Data Breaches - Understanding the Surge and Examining Recent Major Incidents - Part 1 28:43

לפני 1 year28:43

28:43

Enjoying the content? Let us know your feedback! It's easy to feel like nothing is secure these days, with constant reports of data breaches and exploits occurring everywhere you look. From major corporations to small businesses, no one seems immune to these pervasive cyber threats. The frequency and scale of these incidents can make it seem like our digital world is under continuous siege. In today's episode, we will be diving into the reasons behind the surge in data breaches and exploits, and how these incidents are becoming more frequent and damaging. Join us as we explore the fundamental factors contributing to this trend and examine some major breaches from the past few years. Having said that, lets turn to a couple of top trending news this week and they are Who are behind the Brain Cipher ransomware? - https://media.inti.asia : Understanding the Brain Cipher Ransomware Attack - https://informationisbeautiful.net/visualizations : Worlds Biggest Data Breaches Hacks Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
178 - Trusted Relationship Attacks 42:49

לפני 1 year42:49

42:49

Enjoying the content? Let us know your feedback! In this episode, we’re focusing on the rising trend of IT outsourcing and its implications for cybersecurity. As more businesses delegate non-core tasks to third-party providers, they inadvertently open doors to trust relationship attacks. We'll explore how attackers exploit the trust between companies and their service providers, leading to potentially devastating breaches. Join us as we delve into the mechanisms, real-world examples, and strategies to defend against these insidious threats. And before we get into the meant of the matter, lets catch up on what has been trending this week: A large number of companies are potentially exposed in SnowFlake's related attacks. - https://cyberscoop.com : Snowflake related attacks - https://attack.mitre.org/techniques : Trust Relationship Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
177 - The Importance Of Automation And Orchestration In Cyber Security - Part 2 41:01

לפני 1 year41:01

41:01

Enjoying the content? Let us know your feedback! This week's episode will continue with part 2 of "The Importance of Automation and Orchestration in Cyber Security." As I said in the episode one, the need for efficient and effective security measures has never been more critical. I suggest you listen to E1, before you dive into this one. Without further ado, lets first get what is trending this week in term of news and updates. Hundreds of personal computer as well as Server Models could be Affected by a serious UEFI Vulnerability - https://eclypsium.com : UEFICanHazBufferOverflow Widespread Impact From Vulnerability In Popular PC And Server Firmware - https://eclypsium.com : How Eclypsium Automates Binary Analysis At Scale - https://en.wikipedia.org : Orchestration (computing) Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
176 - The importance Of Automation And Orchestration In Cyber Security - Part 1 36:37

לפני 1 year36:37

36:37

Enjoying the content? Let us know your feedback! In this week's episode of the podcast we dissect "The Importance of Automation and Orchestration in Cyber Security." As you are well aware cyber threats are becoming increasingly sophisticated and frequent. The need for efficient and effective security measures has never been more critical. Equally, automation and orchestration have never more important for organizations to defend themselves and to streamlining processes, reducing response times, and enhancing overall security posture. In my view this is an important way of tipping the balance in favor of the defenders. Having said that and before we get into the main topic, lets touch a trending piece of news this week. And that is: Phishing Email Abuses Windows Search Protocol - https://www.trustwave.com : Search Spoof Abuse O Windows Search T Redirect To Malware - https://learn.microsoft.com : Using the search Protocol - https://benjamin-altpeter.de : An Analysis of the State of Electron Security in the Wild - https://en.wikipedia.org : Orchestration (computing) Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
175 - The Dangers Of Remote Workers 47:38

לפני 1 year47:38

47:38

Enjoying the content? Let us know your feedback! In this week's episode, we're tackling a topic that has become increasingly relevant in our post-pandemic world: the hidden dangers posed by remote work. As more companies embrace flexible work arrangements, the convenience and efficiency of working from home bring new set of challenges. From cybersecurity threats to data privacy concerns, remote work introduces vulnerabilities that many organizations are not fully prepared to handle. In this episode, we'll explore the risks associated with remote work, share real-world examples of security breaches, and discuss practical steps that businesses and employees can take to safeguard sensitive information. Before we get into the main topic, lets touch a trending piece of news this week. And that is: More backlash about Microsoft's Recall technology. - https://www.computing.co.uk : Microsoft overhauls Recall, makes it opt-in - https://www.ciscolive.com : Protecting Remote Workers, the Right Way Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
174 - Digital Twin Technology And Its Application In Security 38:27

לפני 1 year38:27

38:27

Enjoying the content? Let us know your feedback! In this week's episode we're exploring an exciting and transformative innovation: Digital Twins technology and its groundbreaking application in cybersecurity. Imagine having a virtual replica of your entire digital infrastructure—a detailed, dynamic model that mirrors every aspect of your environment. In particular, we will look at how this cutting-edge technology enhances our ability to test, patch and update our environment and therefore anticipate, detect, and respond to cyber threats with unmatched precision and agility. Before we get into the main topic, lets touch a top trending piece of news this week. And that is: Kaspersky releases free tool that scans Linux for known threats - https://www.bleepingcomputer.com : Kaspersky Releases Free Tool That Scans Linux For Known Threats - https://en.wikipedia.org : Digital-Twin - https://blogs.cisco.com/securit : Cisco HyperShield Reimagining Security Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
173 - SSL VPN versus IPsec VPN - Part 2 30:22

לפני 1 year30:22

30:22

Enjoying the content? Let us know your feedback! In this episode we continue with part 2 on comparing SSL VPN and IPsec VPN, two popular technologies used for secure remote access. As I said last week, understanding the nuances of these technologies is therefore crucial. We'll explore how each VPN works, their security features, performance differences, and the scenarios where each excels. Please listen to episode 172 before you listen to this episode. With that said, lets turn to a top trending news this week: - Microsoft's "Recall" feature raises privacy concern. - https://www.wired.com : Microsoft Recall AI May Be A Privacy Nightmare - https://en.wikipedia.org : Virtual_private_network - https://en.wikipedia.org : Transport Layer Security https://www.bleepingcomputer.com : Norway Recommends Replacing SSL VPN To Prevent Breaches Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
172 - SSL VPN versus IPsec VPN - Part 1 35:17

לפני 1 year35:17

35:17

Enjoying the content? Let us know your feedback! In this week's episode we're diving into the world of VPNs, Specifically we will compare SSL VPN and IPsec VPN, two popular technologies used for secure remote access. In the post pandemic area, remote work become part of the new normal post. Understanding the nuances of these technologies is therefore crucial. We'll explore how each VPN works, their security features, performance differences, and the scenarios where each excels. Having said that and before we get into VPN, lets turn to a top trending news this week and they are: Recap of RSA Conference. The biggest security conference in the US. - https://en.wikipedia.org : Virtual_private_network - https://en.wikipedia.org : Transport Layer Security https://www.bleepingcomputer.com : Norway Recommends Replacing SSL VPN To Prevent Breaches Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.