73 - PowerShell - Use it wisely

YusufOnSecurity.com

Player FM - Internet Radio Done Right

הוסף לפני five שנים

תוכן מסופק על ידי YusufOnSecurity.Com. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי YusufOnSecurity.Com או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

For Good

1
Dreka Gates: 60 Acres, a 7-Figure Wellness Empire, and the Moment She Reclaimed Her Power 36:12

לפני 21 ימים36:12

הפעל מאוחר יותר

רשימות

לייק

אהבתי

36:12

Dreka Gates didn't set out to build a wellness empire — it found her. When COVID forced her into isolation on 60 acres of Mississippi land, just miles from where her great-grandmother once farmed, everything shifted. One day, while working the soil, she fell to her knees in tears — not because she bought the land, but because she realized: "This really belongs to me." In this powerful conversation at Black Week, Dreka sits down with Joseph "JoJo" Simmons to share how she transformed her healing journey into a seven-figure empire — from Love's Harvest, her cannabis company, and the first Black woman-owned dispensary in Mississippi (built with a $2 million investment into a 100-year-old building), to Dreka Rose emotional wellness eyewear, a 60-acre regenerative farm, and even an AI avatar that connects with people one-on-one. But this episode isn't just about success — it's about the spiritual, emotional, and mental work it takes to sustain it all. Dreka opens up about the practices that keep her grounded, from burning negative energy each morning to breaking generational cycles while building generational wealth. What You'll Hear: Why self-mastery is the foundation of every business move she makes The $2M lesson she learned investing in experience, not just space Why cannabis could've been a trillion-dollar industry for Black and Brown communities The "sandwich method" she uses for tough negotiations — firm, but rooted in love How she uses AI and gaming to meet people where they are Why she left the church at 13 to find her own spiritual path Her healing journey to the Amazon jungle with shamans What she'd tell her 13-year-old self who bet on herself before she had proof This is a story of alignment, ownership, and audacity — and what it means to truly build For Good. 🔌 Subscribe to the For Good Podcast on Spotify, Apple, or wherever you get your podcasts.…

לפני 3 שנים 43:04

MP3•בית הפרקים

Enjoying the content? Let us know your feedback!

It is time for YusufOnSecurity, welcome back once again!
The bad guys love using legitimate tools to circumvent security monitoring and controls. One tool in particular stands head and shoulder above other programs and operating system components to attack Microsoft Windows users: That is PowerShell.

In addition, we will recap other trending security news includes:

- https://www.bbc.com: Loosing removable drives with sensitive data
- www.bleepingcomputer.com: NSA shares tips on securing Windows devices with PowerShell
- www.theregister.com: Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ
- media.defense.gov: Keeping PowerShell: Security Measures to Use and Embrace (PDF)
- https://blog.talosintelligence.com: Hunting for LOLbins
-https://www.cisa.gov: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

Be sure to subscribe!
If you like the content. Follow me on twitter @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too

Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.

248 פרקים

#Tech #YusufOnSecurity.Com #Cyber Security #Security #Threats #Vulnerable #Exploitation #Malware #Viruses #Trojan Horse #Worm #Cve

73 - PowerShell - Use it wisely

YusufOnSecurity.com

published לפני 3 שנים

שתפו

MP3•בית הפרקים

Enjoying the content? Let us know your feedback!

In addition, we will recap other trending security news includes:

Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.

248 פרקים

#Tech #YusufOnSecurity.Com #Cyber Security #Security #Threats #Vulnerable #Exploitation #Malware #Viruses #Trojan Horse #Worm #Cve

כל הפרקים

1
248 - The Truth About Security Awareness Training- Why 95% of Programs Don't Work 29:11

לפני 24 ימים29:11

29:11

Enjoying the content? Let us know your feedback! Today we're diving into something that keeps cybersecurity professionals up at night, and no, it's not the latest ransomware attack or data breach. It's something much more frustrating: the fact that despite spending billions of dollars on security awareness training every year, employees keep clicking on phishing emails, using weak passwords, and falling for social engineering attack. - https://www.sans.org : Security Awareness Training - https://www.verizon.com : 2025 Data Breach Investigations Report - https://ebbinghausmuseum.org : The Forgetting Curve Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

1
247 - AI-Powered Browsers-The Privacy and Security Risks No One Talks About 23:48

לפני 4 weeks23:48

23:48

Enjoying the content? Let us know your feedback! Something fundamental changed in how we browse the internet in October 2025, and most people have no idea. In just 48 hours, OpenAI launched ChatGPT Atlas, Microsoft fired back with a revamped Edge, and suddenly every major tech company was racing to release AI-powered browsers that don't just load web pages—they can read your emails, book your travel, and access every logged-in account you have, all autonomously. The marketing promises unprecedented productivity, but security researchers found critical vulnerabilities within days—attacks where a single Reddit comment could drain your bank account or a malicious website could steal all your emails without you knowing. Today, we're breaking down what it means for your security, asking the question that actually matters: Are AI browsers a productivity breakthrough or a security disaster? Let's dive in. - https://openai.com : Introducing ChatGPT Atlas - https://www.perplexity.ai : Introducing Comet - https://blogs.windows.com : Your AI Browser Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

1
246 - Is AI-Generated Code Safe-The Hidden Dangers of Vibe Coding 21:32

לפני 5 weeks21:32

21:32

Enjoying the content? Let us know your feedback! So today, we're unpacking what vibe coding is, why it's creating serious security risks, and what you can do about it. Because whether you love it or hate it, vibe coding isn't going anywhere. The question is: are we shipping features, or are we shipping vulnerabilities? All that coming up next in today's episode. - https://cloud.google.com : What Is Vibe Coding?- https://learningnetwork.cisco.com : Escaping Abstraction: Why AI-Generated Code Demands More Than Just Trust - https://claude.ai : Vibe Code Best Practice Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

1
245 - 50 Documents Can Poison AI Models - CISA KEV Adds 12 Decade-Old Vulnerabilities and Salesforce Ransomware 30:38

לפני 6 weeks30:38

30:38

Enjoying the content? Let us know your feedback! This week, we've got three stories that really caught my attention, and honestly, they're all pretty alarming in their own ways. If you're new here, welcome to the show where we break down the latest cybersecurity news and help you understand what's really happening in the cyber security domains. We're going to talk about a shocking discovery about AI security - turns out it takes way fewer malicious documents than anyone thought to completely poison an AI model. Then we'll discuss something that should make every security professional cringe - CISA just added a dozen vulnerabilities to their Known Exploited Vulnerabilities catalog, and half of them are over a decade old. And finally, we'll cover Salesforce's bold decision not to pay ransom to hackers who claim to have stolen data from dozens of major companies. - https://www.anthropic.com : Small Samples Poison - https://www.turing.ac.uk : LLMS May Be More Vulnerable Data Poisoning W Thought - https://www.theregister.com : Salesforce Refuses To Pay Ransomware - https://www.sans.org : CISA Adds 12 CVEs to KEV; Half are a Decade or More Old Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

1
244 - The Recent Cyberattacks on European Airports - A Wake-Up Call for Critical Infrastructure 43:18

לפני 7 weeks43:18

43:18

Enjoying the content? Let us know your feedback! Picture this: You're at London Heathrow, Europe's busiest airport, ready to check in for your flight. But the kiosks aren't working. The screens are blank. Airport staff are scrambling with iPads and even pen and paper to manually check passengers in. Your flight is delayed, maybe canceled. And you're stuck in a long line with thousands of other frustrated travelers. Today we're diving into something that disrupted the travel plans of thousands of people just a few weeks ago - a massive cyberattack that brought some of Europe's busiest airports to a grinding halt. This wasn't a scene from the 1970s - this happened in September 2025. And it wasn't just Heathrow. Brussels, Berlin, Dublin - major airports across Europe were hit simultaneously. Over the next 30 mins or so, we're going to unpack what happened, who was behind it, how the attack unfolded, and what this means for the future of critical infrastructure security. We'll also look back at other major airport attacks from recent years to understand the bigger picture. So whether you're a security analyst, a CISO, or just someone who travels and wants to understand these threats, stick around. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

1
243 - Are Web Application Firewalls (WAFs) Obsolete in 2025? Pros, Cons, and Future of Application Security - Part 2 28:38

לפני 8 weeks28:38

28:38

Enjoying the content? Let us know your feedback! Welcome back and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain English. I am your host Ibrahim Yusuf... This is part 2 of where we will continue covering the debate that's been heating up in security circles: Are Web Application Firewalls obsolete? Now, if you've been in the security game for a while, you've probably heard the whispers. Some people are saying WAFs are dead weight, legacy technology from a bygone era. Others swear by them as the cornerstone of application security. So which is it? Well, listen to these two part episode. I suggest you start with episode 1 first then come back to this one. In episode 1, we covered all the foundational parts and background. In our second part, we will kick off with modern attacks. Enjoy. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

1
242 - Are Web Application Firewalls (WAFs) Obsolete in 2025? Pros, Cons, and Future of Application Security - Part 1 23:11

לפני 9 weeks23:11

23:11

1
241 - AI vs. Cybersecurity-How LLMs Are Reshaping the Defender-Attacker Battle 55:17

לפני 10 weeks55:17

55:17

1
240 - The Great OAuth Heist: How Salesloft's Breach Exposed Major Cybersecurity Firms 37:25

לפני 11 weeks37:25

37:25

Enjoying the content? Let us know your feedback! Today we're unpacking one of the most significant supply chain attacks of 2025 - the Salesloft-Drift OAuth breach that sent shockwaves through the enterprise software world. We'll explore how a compromise at one marketing company led to data theft at some of the biggest names in cybersecurity and technology. We'll break down the technology at the heart of it all - i.e. those digital keys that let applications talk to each other - and examine how threat actors turned them into free passes for corporate data theft. https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift - https://krebsonsecurity.com : The Ongoing Fallout From- A Breach At AI Chatbot-Maker Salesloft Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

1
239 - Volt Typhoon Report-How Critical Infrastructure Was Targeted and Compromised 25:38

לפני 12 weeks25:38

25:38

Enjoying the content? Let us know your feedback! Today’s episode is all about Volt Typhoon, a Chinese state-sponsored hacking group whose stealthy techniques and strategic missions have caused significant concern for defenders worldwide. We’ll break down who Volt Typhoon is, analyze the recent major report covering their activities, walk through real examples of the organizations they targeted, and explain every bit of technical jargon so everyone can follow along. By the end, you’ll understand why this group is considered one of the top cyber threats facing critical infrastructure today—globally and in the West. - https://www.cyber.nj.gov : VOLT TYPHOON APT A Strategic Threat Assessment - https://www.cisa.gov : PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

1
238 - Patchwork and Transparency -Microsoft’s August Security Updates & Google's Project Zero Redefined 15:21

לפני 13 weeks15:21

15:21

Enjoying the content? Let us know your feedback! This week, the cybersecurity landscape delivers two major stories that demand attention. Microsoft’s August Patch Tuesday brought a wave of critical updates and exposed gaps, challenging defenders to reassess their priorities and protections. Meanwhile, Google’s Project Zero team is changing the rules on how and when the world learns about new vulnerabilities—speeding up transparency and raising fresh questions for vendors and users alike. - https://thehackernews.com : Microsoft August-= 2025 Patch Tuesday - https://www.infosecurity-magazine.com : Google to Publicly Report New Vulnerabilities Within One Week of Vendor Disclosure Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

1
237 - Generative AI Security-How Companies Protect Against Attacks and Data Risks 22:35

לפני 14 weeks22:35

22:35

Enjoying the content? Let us know your feedback! In this episode, we’re diving into how companies are working to secure Generative AI—the technology behind chatbots, image creators, and code-writing assistants. We’ll break down how it’s different from traditional enterprise security, look at real-world attack examples, bust some myths, and explore what the future holds. - https://owaspai.org : AI Security Overview - https://artificialintelligenceact.eu: The EU AI Act Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

1
236 - The Hidden Danger in Your Cloud-Why Misconfiguration Is the Real Vulnerability 30:31

לפני 15 weeks30:31

30:31

Enjoying the content? Let us know your feedback! Today we’re tackling a critical subject that causes countless data breaches yet often gets misunderstood: misconfiguration — what it is, why it’s different from a software vulnerability, and why it remains one of the biggest security risks organizations face. One quick reminder before we dive into the main topic:Microsoft reminds of Windows 10 support ending in two months Windows 10 Sunset Alert: What You Need to Know Before October 2025 - https://learn.microsoft.com : Windows 10 End Of Service Reminder - https://owasp.org : Security Misconfiguration Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

1
235 - The Microsoft SharePoint vulnerability 27:51

לפני 16 weeks27:51

27:51

Enjoying the content? Let us know your feedback! Today, we focus on a critical and rapidly evolving Microsoft SharePoint vulnerability that’s rocked the security world in July 2025. We’ll walk you through what it is, why it matters, how attackers exploit it, and most importantly, what you and your organization can do to defend against it. For those new to cybersecurity, we’ll also explain the tricky technical jargon around this vulnerability, so you can follow along confidently, whether you’re an entry-level analyst or someone keen to learn more. - https://www.sans.org : Critical SharePoint Zero-Day Exploited: What You Need to Know About CVE-2025-53770 - https://msrc.microsoft.com : Update Guide Vulnerability CVE-2025-53770 - https://msrc.microsoft.com : Guidance For Sharepoint Vulnerability CVE 2025-53770/ - https://www.bleepingcomputer.com : US nuclear weapons agency hacked in Microsoft SharePoint attacks Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

1
234 - Protecting the Invisible-How to Secure Infrastructure without Agents 27:49

לפני 17 weeks27:49

27:49

Enjoying the content? Let us know your feedback! The world of cybersecurity isn’t just about defending laptops and servers—it’s also about safeguarding the “invisible” corners of our networks: those printers, cameras, routers, and dozens of other devices that quietly power our organizations. But what do you do when you can’t install security software or agents on these endpoints? In this episode of YusufOnSecurity, we’re digging into the art and science of protecting infrastructure you can’t easily touch or monitor from within. From game-changing network tactics to clever monitoring tricks, we’ll explore the evolving landscape of agentless security—and why protecting these overlooked devices just might be the next frontier in building a truly resilient environment. Stay with me as we unlock the secrets of securing the unmanageable. - https://www.techtarget.com : Agent vs Agentless Security Learn The Differences Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
233 - CI-CD Pipelines and Associated Security Risks 27:33

לפני 18 weeks27:33

27:33

Enjoying the content? Let us know your feedback! In this week's episode, we talk through the technical details of CI/CD (Continuous Integration/Continuous Development) pipelines: what they are, how they work, the jargon around them, and the potential security risks organizations need to be aware of. Finally, we’ll bust a persistent myth in software development that you might find surprising. - https://www.cisco.com : What is CI/CD? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
232 - Catching up with security 32:29

לפני 19 weeks32:29

32:29

Enjoying the content? Let us know your feedback! Today’s episode takes you through three intersecting stories revealing how technology shapes both our vulnerabilities and our digital identity—from the sprawling and adaptable threat of AsyncRAT malware, to critical Bluetooth vulnerabilities threatening millions of vehicles globally, and finally to a thought-provoking glimpse into how AI models create intimate profiles of their users. - https://simonwillison.ne t/2025: Simon's ChatGPT dossier - https://blog.talosintelligence.com /AsyncRAT - https://www.bankinfosecurity.com : PerfektBlue Bug Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
231 - A Crash Course in Vendor Risk, Lessons from the CrowdStrike Outage 29:15

לפני 20 weeks29:15

29:15

Enjoying the content? Let us know your feedback! Today, we’re focusing on the critical lessons from one of the most disruptive IT failures in recent memory: the global outage triggered by a CrowdStrike software update on July 19, 2024. While the headlines focused on grounded flights and downed systems, the real story lies in what this incident revealed about the way we build, secure, and rely on digital infrastructure. This episode isn’t just about a faulty update—it’s about the cascading impact of vendor trust, software architecture, and system design decisions made long before disaster strikes. We’ll explore how over-reliance on a single vendor can introduce hidden points of failure, why resilience must be baked into every layer of our IT stack, and how incident response can make or break reputations in a hyperconnected world. We’ll also look at Microsoft’s rapid response and how this moment might reshape the rules for how security software integrates with Windows. The takeaway? In cybersecurity, it’s not enough to be secure—you also have to be prepared for when your most trusted systems fail. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
230 - Security Of iOT 37:45

לפני 21 weeks37:45

37:45

Enjoying the content? Let us know your feedback! This week on YusufOnSecurity, we’re diving into a topic that’s become increasingly critical as our world grows more connected: the security of the Internet of Things, or IoT. From smart thermostats and wearable fitness trackers to industrial sensors and connected cars, IoT devices are now woven into the fabric of our daily lives and business operations. They promise greater convenience, efficiency, and innovation—but they also introduce new risks and vulnerabilities that many organizations and individuals are just beginning to understand. Securing IoT isn’t just about protecting gadgets; it’s about safeguarding the data they collect, the networks they connect to, and ultimately, the people and processes that rely on them. As the number of IoT devices skyrockets, attackers are finding new ways to exploit weak points—sometimes with far-reaching consequences. In this episode, we’ll explore why IoT security matters, the unique challenges it presents, and practical steps you can take to protect your connected world. - https://www.cisco.com : What is iOT? - https://www.iiconsortium.org : Security Maturity Model Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
229 - What is FIPS 140-3 22:55

לפני 22 weeks22:55

22:55

Enjoying the content? Let us know your feedback! In today’s interconnected world, the security of our digital infrastructure relies heavily on cryptography—the science of protecting information by transforming it into unreadable formats for unauthorized users. But how do we know the cryptographic solutions we use are truly secure? That’s where standards like FIPS 140-3 come in. - https://csrc.nist.gov : FIPS-140-40-3 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
228 - How the Emergence of AI-Powered Malware works 26:19

לפני 23 weeks26:19

26:19

Enjoying the content? Let us know your feedback! In today’s episode is about a seismic shift in the world of cyber threats. The emergence of AI-powered malware. We’ll unpack how this new breed of malware works, the science behind it, real-world incidents, and what the latest academic research reveals. We will also look at the latest news that some are calling "The mother of all breaches". We have all that coming up next, in this week's podcast! - https://www.bleepingcomputer.com : No, the 16 billion credentials leak is not a new data breach Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
227 - Is UTM Still Relevant? 44:36

לפני 24 weeks44:36

44:36

Enjoying the content? Let us know your feedback! Today, we’ll answer a pressing question in cybersecurity: Is UTM still relevant in 2025? We’ll trace the origins of UTM, explain why it was created, break down its core features, compare it to newer technologies, and finish by busting a common cybersecurity myth. Before we dive into our main topic, let’s take a quick look at a major tech update making headlines: The emergence of AI powered malware is becoming more real - https://en.wikipedia.org : UTM - https://perception-point.io : AI Malware: Types, Real Life Examples, and Defensive Measures Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
226 - Inside A Stealthy Malware Powering Modern Cyber Attacks 47:28

לפני 25 weeks47:28

47:28

Enjoying the content? Let us know your feedback! In this week's episode, we get into some detailed exploration of an up and coming malware. Looking at it closer, it is one of the most advanced post-exploitation code families shaping the cybersecurity landscape in 2025. Over the time we have together, we’ll unravel what this malware is, how it works, why it’s so dangerous, and most importantly what businesses can do to defend themselves. Along the way, we’ll break down technical terms and processes, to make the topic less complex as I need it to be accessible and engaging to everyone. Before we dive into our main topic, let’s take a quick look at a major tech update making headlines: Microsoft Authenticator Now Warns To Export Passwords Before July Cut Off - https://www.bleepingcomputer.com : Ransomware gangs increasingly use Skitnet post-exploitation malware - https://otx.alienvault.com : Skitnet IOCs Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
225 - What Is a Content Delivery Network—And Do They Really Protect Businesses? 24:29

לפני 26 weeks24:29

24:29

Enjoying the content? Let us know your feedback! This week we are exploring what Content Delivery Networks —commonly known as CDNs— are and whether they protect modern businesses. We’ll dive deep into the mechanics of how CDNs work, the technologies behind them, and whether they defend organizations from threats or just deliver content at blazing speeds. Along the way, we’ll highlight two of the world’s leading CDN providers. - https://en.wikipedia.org : Content Delivery Network - https://www.cloudflare.com : What Is CDN? - https://www.akamai.com : What Is CDN? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
224 - Cisco Talos Year 2024 In Review 34:38

לפני 27 weeks34:38

34:38

Enjoying the content? Let us know your feedback! In this week's episode, we are looking at the latest Cisco Talos’ 2024 report. In this comprehensive report, we will delve into the major cybersecurity trends and threats observed over the past year. Cisco Talos team, has compiled this report to provide valuable insights and guidance for organizations to enhance their security postures. But before we get in to the main topic, I have one security news for you and that is: - The European Union launches a new vulnerability Database - EUVD - https://euvd.enisa.europa.eu : EUVD - https://euvd.enisa.europa.eu/faq : EUVD FAQ - https://blog.talosintelligence.com : 2024 Year In Review Report - https://www.forbes.com : Why Quantum Computers Will Work Alongside Classical Systems Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
223 - RSAC 2025 - Part 2 21:55

לפני 28 weeks21:55

21:55

Enjoying the content? Let us know your feedback! This is the part 2 of RSAC 2025 episode. If you have not listened to episode 1 (that episode 222), I would suggest you listen to episode 1 before you listen this episode. Before you we get into part 2, lets review what has been happening last week on the news front. - UK shares security tips after major retail cyberattacks - https://www.bleepingcomputer.com : UK NCSC Cyber Attack A Wake Up call - https://www.ncsc.gov.uk :NCSC statement - Incident impacting retailers Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
222 - RSAC 2025 - Part 1 35:54

לפני 29 weeks35:54

35:54

Enjoying the content? Let us know your feedback! It was RSAC week and it would be remiss of me if I did not give you a highlight on what went on this year, 2025. After all, RSAC has a critical role in security. We will be reviewing the top key announcements from this year's event, including some exciting news from the major security players in the industry. Whether you're a cybersecurity professional, a tech enthusiast, or just curious about the latest in the world of cyber security, this episode is definitely for you. So, let's get started! Before we dive into the main segment, we will also add one more topic that I think is of major importance on top of everything else and that is from Microsoft. Microsoft makes All new Account Passwordless by default - https://techcommunity.microsoft.com : New User Experience - https://www.rsaconference.com : RSA Conference 2025 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
221 - FBI’s 2024 Annual Internet Crime Report 32:16

לפני 30 weeks32:16

32:16

Enjoying the content? Let us know your feedback! This week's episode looks at the FBI’s 2024 Annual Internet Crime Report -an analysis that not only highlights the scale of cybercrime but also reveals the evolving tactics of cybercriminals and the staggering financial impact on individuals and businesses alike. This of course relates to US but it is an indicative what might be happening elsewhere. - https://www.ic3.gov : Federal Bureau Of Investigation - Internet Crime Report 2024 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
220 - Watering Hole Attacks-The Hidden Danger of Trusted Spaces 32:41

לפני 31 weeks32:41

32:41

Enjoying the content? Let us know your feedback! Imagine visiting your favorite website-one you trust, one you’ve browsed a hundred times before-only to discover it’s become a silent gateway for cybercriminals. What if the real danger wasn’t in suspicious emails or obvious scams, but lurking in the very places you feel safest online? In today’s episode, we’ll unravel a cunning technique that preys on trust and routine, catching even the most vigilant users off guard. Stay tuned as we explore the origins, methods, and real-world impact of one of the most deceptive cyber threats in existence. But before we get to the main topic, lets cover the top security news first Lazarus hackers breach multiple organisation in a not so new attack method. We will find out what the technique is. - https://attack.mitre.org : Lazarus - https://attack.mitre.org : Drive by compromise Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
219 - What Is Agentic AI? 33:36

לפני 32 weeks33:36

33:36

Enjoying the content? Let us know your feedback! In this week's episode we are touching an intriguing topic. We're going to explore Agentic AI, a fascinating area within artificial intelligence that focuses on autonomous systems capable of making decisions and performing tasks without human intervention. We'll break it down for those new to cybersecurity, delve into some technical details, and use analogies to make it all clear But we before we dive into the topic, lets recap the top security news this week: Microsoft defender will isolate undiscovered endpoing to block attacks - https://learn.microsoft.com : Whatsbnew in Microsoft Defender Endpoint - Apri 2025 - https://en.wikipedia.org : Alan Turing - https://www.nvidia.com : Agentic AI Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
218 - Fast Flux-The Cybercriminal's Hide and Seek 26:49

לפני 33 weeks26:49

26:49

Enjoying the content? Let us know your feedback! This week, we re going to explore what Fast Flux is, a sophisticated technique used by cybercriminals to evade detection and maintain their malicious activities. We'll break it down for those new to cybersecurity, delve into some technical details, and use analogies to make it all clear. So without further ado, grab your coffee, or keep your eyes on the road if you are driving, sit back, and let's get started!" HellCat Ransomware - https://therecord.media: Schneider Electric Hackers Accessed Internal Project Tracking Platform - https://www.infosecurity-magazine.com: Hellcat Ransomware Humiliation - https://attack.mitre.org : Dynamic Resolution: Fast Flux DNS - https://www.cisa.gov : Fasst Flux, A National Security Threat Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
217 - Phishing the Expert-The Unexpected Cybersecurity Breach - Part 2 28:32

לפני 34 weeks28:32

28:32

Enjoying the content? Let us know your feedback! This week's episode is continuation of Troy Hunt's cautionary tale , the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll continue to break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end where we bust our myth of the week! We will also look at this week's cyber security news which is Ubuntu Linux security bypasses - https://blog.qualys.co m: Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions - https://www.troyhunt.com : A sneaky phish just grabbed my Mailchimp mailing list Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
216 - Phishing The Expert-The Unexpected Cybersecurity Breach - Part 1 32:15

לפני 35 weeks32:15

32:15

Enjoying the content? Let us know your feedback! In this week's episode we have a fascinating and cautionary tale about none other than Troy Hunt, the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end for tips on how to stay vigilant against phishing attacks and our myth of the week! we will also look at the cyber security news. Here is what caught my attention this week. - PSTools dll injection vulnerability - https://www.foto-video-it.de : Disclosure Sysinternals (You will need to translate to English if you are not a German speaker) - https://learn.microsoft.com : PSTool - https://www.troyhunt.com : A sneaky phish just grabbed my Mailchimp mailing list Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
215 - Cyber Threat Emulation - Strategies for Staying Ahead Of Cyber Attacks 37:04

לפני 36 weeks37:04

37:04

Enjoying the content? Let us know your feedback! In this episode, we’ll look into a cybersecurity assessment method that mimics real-world attacks to test an organization's security defenses and response capabilities: Threat emulation. It is one of the strategies to keep you ahead of the game. Threat emulation aims to identify and mitigate security gaps before attackers exploit them, providing a more comprehensive evaluation than traditional assessments. Before we dive into the main topic, lets glance what is happening on the security front: March Microsoft Patch Tuesday has landed! - https://msrc.microsoft.com : March 2025 Security Updates - https://detect-respond.blogspot.com : Pyramid Of Pain - https://www.atomicredteam.io : Atomic Read Team - https://www.ecb.europa.eu /paym/cyber-resilience/tiber-eu/html/index.en.html Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
214 - What are polyglot files and how bad are they? 31:58

לפני 37 weeks31:58

31:58

Enjoying the content? Let us know your feedback! In this episode, we’ll be exploring a particularly intriguing file types: polyglot files. These digital shapeshifters have become a powerful tool in the arsenal of cyber attackers, capable of bypassing security measures, confusing systems, and delivering malicious payloads in ways that are both creative and devastating. Over the next 20 to 30 minutes or so, we’ll break down what polyglot files are, how they work, and why they’re so dangerous. We’ll also examine some real-world examples where polyglot files were used in cyberattacks. We will reference the MITRE ATT&CK framework to understand how these techniques fit into the broader landscape of adversarial tactics. Finally, we’ll discuss mitigation strategies and close with a cybersecurity myth that needs busting Before we dive into the main topic, lets glance what is happening on the security front: UEFI Secure Boot bypass vulnerability - https://en.wikipedia.org : Polyglot - https://attack.mitre.org : Masquerading - https://arxiv.org : Where the Polyglots Are: How Polyglot Files Enable Cyber Attack Chains and Methods for Detection & Disarmament - https://medium.com : Polyglot Files A Hackers Best Friend - https://www.bleepingcomputer.com : New polyglot malware hits aviation, satellite communication firms Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
213 - Stealing Data in Plain Sight -How Cybercriminals Exfiltrate Your Secrets and How to Stop Them 50:53

לפני 38 weeks50:53

50:53

Enjoying the content? Let us know your feedback! In today's episode, we're diving deep into Data Exfiltration; one of the most serious threats facing organizations today. We'll break down exactly what data exfiltration is, where it fits in the MITRE ATT&CK framework, the tools and techniques attackers use, and, most importantly, how organizations can defend themselves. We’ll also cover real-world examples, including publicly known cases that had major consequences. So, whether you're a seasoned security professional or just starting out in the field, stick around as we unravel the methods attackers use and how to stop them. First lets look at one of the trending security news this week, and that is: News: Caldera Vulnerability - https://github.com/mitre/caldera : Security Notice - https://nvd.nist.gov : CVE-2025-27364 - https://medium.com : MITRE Caldera Security Advisory — Remote Code Execution (CVE-2025–27364) - https://www.mitre.org : Caldera Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
212 - Behind the login Screen - Understanding OS Authentication - Part 2 49:05

לפני 39 weeks49:05

49:05

Enjoying the content? Let us know your feedback! We are continuing with part 2 of "Behind the Login Screen - Understanding OS Authentication." If you missed our first episode, I highly recommend giving it a listen before diving into today's content. In part one, we started to explore the fascinating world of operating system authentications, focusing on Windows, Linux/Unix, and Mac OS. We discussed how hashes are used in authentication, the concept of salt in passwords, rainbow table attacks. In today's episode, we'll build on that foundation and delve even deeper into the topic of OS authentication mechanisms. So again, if you haven't already, make sure to catch up on part one to get the full picture. Now, let's get started with part two of our journey into the world of OS authentication! lets look at one of the trending security news this week, and that is: - Newly discovered OpenSSH vulnerabilities. - https://blog.qualys.com : Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 - https://learn.microsoft.com : Kerberos Authentication Overview Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
211 - Behind the login Screen: Understanding OS Authentication - Part 2 35:22

לפני 40 weeks35:22

35:22

Enjoying the content? Let us know your feedback! In today's episode, we're going to explore the fascinating topic of operating systems authentications. We all use it but how many of us wondered how the behind the curtains machinery work. We'll be focusing on Windows, Linux/Unix, and Mac OS. We'll discuss how hashes are used in authentication, the concept of salt in passwords, rainbow table attacks and their countermeasures, the benefits of password-less authentication using hardware keys, password cracking, the shadow file in Unix/Linux, and the mechanics of how each OS protects passwords and how attackers try to circumvent these protections. Scareware blocker, now available in Microsoft Edge - https://blogs.windows.com : Stand Up To Scareware With Scareware Blocker - https://learn.microsoft.com : Kerberos Authentication Overview - https://www.microsoft.com : Scareware Blocker Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
210 - Adversarial Misuse of Generative AI 50:21

לפני 41 weeks50:21

50:21

Enjoying the content? Let us know your feedback! As AI-generated content becomes more advanced, the risk of adversarial misuse—where bad actors manipulate AI for malicious purposes—has skyrocketed. But what does this mean in practical terms? What risks do we face, and how one of the big players is addressing them? Stick around as we break Google’s Adversarial Misuse of Generative AI report, explain the key jargon, and bust a cybersecurity myth at the end of the show. Before we get into the main topic, lets have a look at one important news update, and that is: Microsoft has expanded its Windows 11 administrator protection tests - https://cloud.google.com : Adversarial Misuse of Generative AI - https://deepmind.google : Mapping the misuse of generative AI - https://learn.microsoft.com : User Account Control overview - https://learn.microsoft.com : How User Account Control works Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
209 - DeepSeek 28:51

לפני 42 weeks28:51

28:51

Enjoying the content? Let us know your feedback! Today, we’ve got something really exciting for you. If you’ve been following the world of artificial intelligence lately, you’ve probably heard a lot about a new player in town: DeepSeek. Now, let me tell you, DeepSeek is shaking things up. They’re doing something completely different that’s not only disrupting the AI space but could also be a game-changer in how we approach cost, performance, and security in the future of AI technology. So, grab a seat on a solid ground and buckle up—this week, we’re diving into how **DeepSeek** is leveling the playing field for AI vendors everywhere, cutting costs, and leveraging some really smart techniques that are turning heads in the industry. And, of course, at the end of today’s episode, we’ll be busting a big cybersecurity myth that might surprise you. But first, let’s talk all things DeepSeek. Before we dive into the main, we will also bring you update todate on the news front: - Deepseek date breach. Yes they were hit already! - https://www.technologyreview.com : How DeepSeek ripped up the AI playbook—and why everyone’s going to follow its lead - https://www.digitaltrends.com : Microsoft is letting anyone use ChatGPT’s $200 reasoning model for free - https://www.wiz.io : Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
208 - Lets Encrypt on shortening certification lifetime to just 6 days! 32:38

לפני 43 weeks32:38

32:38

Enjoying the content? Let us know your feedback! In this episode we will detail the significant announcement from Let’s Encrypt – the trusted nonprofit Certificate Authority that has been at the forefront of making the web more secure. Let’s Encrypt has revealed its plans to drastically reduce the lifetime of its TLS certificates from 90 days to just 6 days. This decision, outlined in their 2024 annual report, is aimed at strengthening the security of online communications by minimizing the risks associated with compromised keys. But what does this mean for website owners, IT administrators, and the broader cybersecurity landscape? That’s what we’ll explore in detail today. - https://community.letsencrypt.org : 2024 ISRG Annual Report - https://www.malwarebytes.com : 7-zip bug could allow a bypass of a windows security feature update now - https://digital.nhs.uk : Proof-of-Concept Exploit Released for CVE-2025-0411 in 7-Zip Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
207 - Microsoft Windows Actively Exploited Vulnerabilities 37:47

לפני 44 weeks37:47

37:47

Enjoying the content? Let us know your feedback! This episode is one for you system admins out there! Today we’re discussing three actively exploited vulnerabilities you absolutely need to know about—CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. These vulnerabilities have been making headlines, and understanding them could mean the difference between staying secure and falling victim to a breach. We’ll explore what these vulnerabilities are, how they’re being exploited, the adversaries leveraging them, and what organizations and individuals can do to protect themselves. And, as always, we’ll break down the jargon and bust a popular cybersecurity myth towards the end of the show. Before we get into the main topic, lets recap the top security news this week Microsoft dropped the January Patch Tuesday and boy was it a whopper! We will dig into the details in more ways than one! - https://isc.sans.edu : Microsoft January 2025 Patch Tuesday - https://www.theregister.com : Microsoft fixes under-attack privilege-escalation holes in Hyper-V Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
206 - Cybersecurity Resolutions for 2025 - Best Practices for Individuals and Organizations 32:56

לפני 45 weeks32:56

32:56

Enjoying the content? Let us know your feedback! This is the podcast where we explore the ever-evolving world of cybersecurity and provide practical advice for staying ahead of threats. I’m your host, Yusuf, and today’s episode is all about starting the new year with a solid plan. We’re diving into _Cybersecurity Resolutions for 2025: Best Practices for Individuals and Organizations._ As we step into a new year, it’s the perfect time to reflect on how we protect our digital lives—whether at home or in the workplace. From bolstering personal security habits to implementing stronger organizational policies, this episode will cover actionable resolutions you can adopt today. Along the way, we’ll explain key jargon, explore real-life examples, and, as always, bust a common cybersecurity myth at the end. - https://nypost.com : Apple users warned of hi-tech Mac malware that steals personal data, goes undetected for months— here’s how to stay safe - https://www.youtube.com : When Do We Get to Play On Easy Mode? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
205 - Vulnerability Scanners-The Heroes and Hidden Limits of Cybersecurity 28:48

לפני 46 weeks28:48

28:48

Enjoying the content? Let us know your feedback! Today, we’re tackling a fundamental yet often misunderstood tool in every cybersecurity professional's arsenal—vulnerability scanners. What role do they play in protecting our organizations? Where do they shine, and where do they fall short? As always, we’ll cut through the jargon and break things down for everyone—from seasoned professionals to those just beginning their journey in cybersecurity. And stick around until the end for this week’s myth-busting segment, where we debunk a misconception about cyber security in general that many people still believe. So grab your favorite beverage, get set, and let’s dive right in! Tenable Scanner Agent went offline globally All that coming up next, in this week episode. - https://docs.tenable.com : Tenable Nessus Agent 2025 Release Notes - https://www.splunk.com : Vulnerability Scanners Primer Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

YusufOnSecurity.com

1
204 - Recap of the best episodes of 2024 1:31:38

לפני 47 weeks1:31:38

1:31:38

Enjoying the content? Let us know your feedback! This final episode of 2024, we recap the best the most listened to episodes of the year. And this year we have a great four back to back of the greatest of them all. Lets start with the first eisode 191 - Is The Browser The New Operating System? released on the 28th of September. Next is episode 172 - SSL VPN versus IPsec VPN - Part 1 and part 2 released 18th of May and 25 of May respectively. And finally Episode 191 - APIs and Webhooks released on the the 5th October. Enjoy and see you in the new year! Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.

תקשיבו ל-500+ נושאים

דומה לYusufOnSecurity.com

פודקאסטים ששווה להאזין

YusufOnSecurity.com « » 73 - PowerShell - Use it wisely

73 - PowerShell - Use it wisely

פודקאסטים ששווה להאזין

ברוכים הבאים אל Player FM!

דומה לYusufOnSecurity.com

מדריך עזר מהיר

YusufOnSecurity.com « »
73 - PowerShell - Use it wisely