Deception, influence, and social engineering in the world of cyber crime.
…
continue reading
Security Management Podcasts
Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, Sean Metcalf.
…
continue reading
Defense in Depth promises clear talk on cybersecurity's most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community's insights to lead our discussion.
…
continue reading
Security Management Highlights brings the security professional expert interviews and information on the most critical industry topics. Join host Brendan Howard as he interviews thought leaders and industry professionals, as well as editors from the magazine.
…
continue reading
Security Confidential provides weekly interviews and insights into the world of cybersecurity. Produced entirely in-house by MSSP & global risk management firm Dark Rhiino Security.
…
continue reading
Explore the life of a security leader with NetSPI Field Chief Information Security Officer (CISO) Nabil Hannan. Hear how CISOs with diverse expertise tackle the challenges and opportunities that come with life on the frontlines of cybersecurity.
…
continue reading
An IFPOD production for IFPO the very first security podcast called Security Circle. IFPO is the International Foundation for Protection Officers, and is an international security membership body that supports front line security professionals with learning and development, mental Health and wellbeing initiatives.
…
continue reading
Security DNA is a podcast brought to you by SecurityInfoWatch.com, covering subjects of interest to security stakeholders in the industry. Topics range from security industry news, trends and analysis to technology solutions, policy risk analysis and management, and more. Our editorial team, along with industry experts and consultants, fill each podcast episode with information that is of value to security professionals.
…
continue reading
Podcast by Alex Wood & Robb Reck
…
continue reading
Hosted by Product School Founder & CEO Carlos Gonzalez de Villaumbrosia, The Product Podcast features candid conversations with product management executives from the world's best tech companies like Google, Meta, Netflix, Airbnb, and Amazon. New episodes release weekly, unveiling actionable frameworks, unconventional best practices, and real-world examples you can implement immediately. Perfect for senior product managers, directors, and VPs hungry to build better products, stronger teams, ...
…
continue reading
Cyber Security, data breaches, Hackers, Chief Information Security Officers, Talking Cyber Security (formerly 'The Australian CISO') is a podcast for anyone interested in Cyber Security. Hear about data breaches, cyber news, how security personnel 'tick', how to answer questions at an interview, lessons learnt while doing the security role, how security people network, how they succeed etc. Use the email address [email protected] to make comments, pose questions or even ask to be on ...
…
continue reading
Soterion’s SAP Security & GRC podcast with host Dudley Cartwright, helping you on your journey to effective access risk management in SAP.
…
continue reading
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
…
continue reading
The Virtual CISO Moment dives into the stories of information security, information technology, and risk management pros; what drives them and what makes them successful while helping small and midsized business (SMB) security needs. No frills, no glamour, no transparent whiteboard text, no complex graphics, and no script - just honest discussion of SMB information security risk issues. Brought to you by vCISO Services, LLC, a leading provider of vCISO and information security risk managemen ...
…
continue reading
The ISF Podcast brings you cutting-edge conversation, tailored to CISOs, CTOs, CROs, and other global security pros. In every episode of the ISF Podcast, Chief Executive, Steve Durbin speaks with rule-breakers, collaborators, culture builders, and business creatives who manage their enterprise with vision, transparency, authenticity, and integrity. From the Information Security Forum, the leading authority on cyber, information security, and risk management.
…
continue reading
Two CISOs and a security-minded friend discuss and debate topics of security and privacy, with a focus on looking at the topic from various angles, both that they support and those they don't. Sign up for our newsletter to be notified when new episodes drop, or when new projects are announced https://newsletter.greatsecuritydebate.net
…
continue reading
Guard Street is a leading holistic cybersecurity provider, specializing in world-class proactive and emergency solutions. As a boutique, we are dedicated to assisting clients with information security risk management which includes risk quantification, compliance across many frameworks, penetration tests and the ability to predict, prevent, detect and respond to security incidents in a fast-moving, distributed landscape.
…
continue reading
Stay ahead of cyberthreats with expert insights and practical security . Led by an ensemble cast of industry thought leaderss offering in-depth analysis and practical advice to fortify your organization's defenses.
…
continue reading
Welcome to The Lockdown. Privacy doesn’t have to be all-or-nothing. The inability to attain extreme levels of privacy shouldn’t deter one from taking any protective measures at all. The show is hosted by Ray Heffer, an expert in the field of privacy and cybersecurity, with each episode touching on a range of topics such as data privacy, password management, and secure browsing habits. Tin-foil hats are optional!
…
continue reading
CyberSound™ is a podcast built by and for business owners and professionals. Tune in as our cybersecurity experts cover the latest news regarding IT security, the most recent and relevant threats organizations are facing today, and provide tips to keep your business safe.
…
continue reading
Each episode we discuss industry trends, talk about new technologies, and speak to industry experts. All so that you, The Modern Hotelier, can succeed in a new age of hospitality.
…
continue reading
Welcome to the Ontic Connected Intelligence Podcast, the show for corporate security professionals who are elevating the practice and perception of security. Whether you’re a seasoned professional or new to the field, our podcast offers valuable insights and practical advice to help you navigate the complexities of modern corporate security. Hosted by Fred Burton and Manish Mehta, our episodes are packed with real-world examples and forward-thinking solutions to help you secure your organiza ...
…
continue reading
How today’s top organizations navigate the complex world of governance, risk, and compliance (GRC).Security & GRC Decoded brings you actionable strategies, expert insights, and real-world stories that help professionals elevate their security and compliance programs. Hosted by Raj Krishnamurthy.It’s for security professionals, compliance teams, and business leaders responsible security GRC and ensuring their organizations’ are safe, secure and adhere to regulatory mandates.Security & GRC Dec ...
…
continue reading
News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, Sean Metcalf.
…
continue reading
Cyber Security can be a difficult field to not only understand but to also navigate. Joe South is here to help with over a decade of experience across several domains of security. With this podcast I hope to help more people get into IT and Cyber Security as well as discussing modern day Cyber Security topics you may find in the daily news. Come join us as we learn and grow together!
…
continue reading
Welcome to the Dirty South Security Podcast! 🌍🔒 Join us as we dive into the hottest takes and latest trends in cybersecurity from around the globe. Whether you're a seasoned professional or just curious about the digital world's inner workings, our podcast offers insightful discussions, expert interviews, and thought-provoking analysis on the most pressing security issues today. Stay ahead of the curve with our no-nonsense approach to all things cybersecurity. Subscribe now and never miss an ...
…
continue reading
The Logistics of Logistics is a podcast hosted by industry expert Joe Lynch. Joe interviews founders, executives, and innovators who are shaping the future of logistics and supply chain. Topics include transportation, logistics, warehousing, technology, supply chain, and ecommerce. The Logistics of Logistics audience expects an inside perspective of what's next in logistics and supply chain delivered via podcasts, videos, and articles. Topics include: Transportation Topics Small package, Sma ...
…
continue reading
ClearanceJobs is the largest career networking site for individuals with active federal clearances. Get security clearance, intelligence community, espionage, national security and defense contracting updates in our exclusive interviews with IC and government leaders. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge. Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends. Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals commit ...
…
continue reading
Dive deep into AI's accelerating role in securing cloud environments to protect applications and data. In each episode, we showcase its potential to transform our approach to security in the face of an increasingly complex threat landscape. Tune in as we illuminate the complexities at the intersection of AI and security, a space where innovation meets continuous vigilance.
…
continue reading
A regular conversation with those at the convergence of data privacy, data security, data regulation, records, and governance.
…
continue reading
RunAs Radio is a weekly Internet Audio Talk Show for IT Professionals working with Microsoft products.
…
continue reading
For many of us, the workplace is more than a single building or facility. That’s what makes workforce IAM so powerful. By managing security through something we all take wherever we go — our identities — it gives users the flexibility they need to stay productive and enables administrators to quickly detect and address risks. HID’s robust, flexible workforce identity and access management solutions provide your workforce with seamless access to the resources they need — no matter where they are.
…
continue reading
Device management is complex. Security threats are constant. Apple ecosystems are evolving fast. Who's managing these challenges? What does it actually take? And most importantly, how do you stay ahead? Welcome to Jamf After Dark, where IT leaders, security professionals and Apple experts tackle the real issues facing organisations today. Join our hosts as they uncover what works, what doesn't, and how to build technology strategies that actually stick. Hear honest conversations about managi ...
…
continue reading
Managing Manhattan takes a deep dive on all topics related to property management in Manhattan (and Brooklyn). Hosted by Dylan Pichulik, CEO of premiere property management firm XL Real Property Management, this podcast provides a behind-the-curtain view of NYC's real estate market through the lens of a landlord.
…
continue reading
CDW Canada Tech Talks: Discussing the Latest Technology Innovations Experts from CDW and our partners tackle hot topics including generative AI, FinOps, the new cybersecurity landscape and more.
…
continue reading
Technology continues to advance at an increasingly rapid pace, so how can you stay on top of it? Learn from those who are pioneering new technologies and promoting entrepreneurial spirit! The Connect podcast encourages people to join prominent thought leaders as they explore today’s most timely and important topics around technology and network solutions. Connect brings listeners an engaging program featuring luminaries and trailblazers—from private industry, the public sector, and professio ...
…
continue reading
Ken Tumolo and his son Nick Tumolo join you on the Tumolo Financial Radio to offer solutions and strategies for your retirement needs. With decades of financial experience, Ken and Nick offer tax recommendations, Social Security maximization, wealth management, retirement income planning and much more.
…
continue reading
Felicia King is an internationally recognized CISO and considered to be one of the top network layer security strategists in the U.S. Since launching in 2004 on the WGTD network, her Breakfast Bytes podcast has focused on information security risk management and the issues business leaders need to be aware of to benefit from the challenges others have faced. Learn about the most effective approaches, what you can do to mitigate risk, and how to protect your most valuable assets, your data, a ...
…
continue reading
Unlock the future of cybersecurity with the "Dr. Zero Trust Podcast" on all podcasting platforms! Join me as we delve into Zero Trust Security, redefining how we protect data and networks. Explore frameworks, threat prevention, identity management, exclusive interviews, and emerging tech. Whether you're a pro or just curious, trust me– this podcast is where those who value honesty and real insights go for their cybersecurity insights! Tune in on Spotify, Google, or ITunes now. #DrZeroTrustPo ...
…
continue reading
Simple Talks, a Redgate Software podcast, features hosts Steve Jones, Grant Fritchey and Kellyn Gorman as they discuss technology adoption, career stories, industry challenges and more. From database management and DevOps, to data security and programming techniques, it's a must-listen for tech industry professionals and enthusiasts. www.red-gate.com/simple-talk/ www.red-gate.com/simple-talk/podcasts/
…
continue reading
1
SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update;
4:59
4:59
Play later
Play later
Lists
Like
Liked
4:59
Use of CSS stuffing as an obfuscation technique? Phishing sites stuff their HTML with benign CSS code. This is likely supposed to throw of simple detection engines https://isc.sans.edu/diary/Use%20of%20CSS%20stuffing%20as%20an%20obfuscation%20technique%3F/32510 Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Early exploit attem…
…
continue reading
1
SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection. (#)
14:09
14:09
Play later
Play later
Lists
Like
Liked
14:09
SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection. Oracle Identity Manager Exploit Observation from September (CVE-2025-61757) We observed some exploit attempts in September against an Oracle Identity Manager vulnerability that was patched in October, ind…
…
continue reading
On this weeks’ Debate, Brian brings a truckload of acronyms for more single panes of glass to help us consolidate our various single panes of glass, Erik may actually be Brian (or maybe Brian is Erik), and Dan confirms he still (and likely always will) spend the rest of his days living in the house he just built deep in the Trough of Disillusionmen…
…
continue reading
1
AI Compliance Security: How Modular Systems Transform Enterprise Risk Management with Richa Kaul
31:00
31:00
Play later
Play later
Lists
Like
Liked
31:00
AI-Powered Compliance: Transforming Enterprise Security In this episode of Cyber Sentries, John Richards speaks with Richa Kaul, CEO and founder of Complyance. Richa shares insights on using modular AI systems for enterprise security compliance and discusses the critical balance between automation and human oversight in cybersecurity. Why Enterpris…
…
continue reading
1
How Can MSPs Stay Competitive with Managed Detection and Response (MDR)?
28:27
28:27
Play later
Play later
Lists
Like
Liked
28:27
In today’s cybersecurity industry, Managed Service Providers (MSPs) who do not adapt risk falling behind. In the recent episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, talks with Stefanie Hammond, Head Nerd at N-able, and Jim Waggoner, Vice President of Product Management at N-able. They disc…
…
continue reading
1
How to Manage Manipulative and Disruptive Behavior at Work and in Public Spaces
26:55
26:55
Play later
Play later
Lists
Like
Liked
26:55
Have you ever felt manipulated into doubting yourself and your abilities, even though your track record shows that you’re doing well? You might have encountered a gaslighter, says Michael Gips, CPP. These individuals’ manipulative shenanigans can be costly to personnel and productivity unless managers intervene promptly. Also in this episode, disru…
…
continue reading
1
How to Build Trust Between GRC and Engineering ft Tristan Ingold, Security GRC Program Manager at Meta
57:19
57:19
Play later
Play later
Lists
Like
Liked
57:19
How do you build real trust between GRC and engineering? In this episode of Security & GRC Decoded, host Raj Krishnamurthy welcomes Tristan Ingold, Security GRC Program Manager at Meta. Tristan shares how consulting shaped his approach, why “policing” doesn’t work, and how GRC earns influence by acting as a partner to engineering -- not a blocker. …
…
continue reading
1
SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore
6:11
6:11
Play later
Play later
Lists
Like
Liked
6:11
Conflicts between URL mapping and URL based access control. Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication and access control gaps. https://isc.sans.edu/diary/Conflicts%20between%20URL%20mapping%20and%20URL%20based%20access%20control./32518 Sha1-Hulud, The Se…
…
continue reading
1
SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore (#)
6:11
6:11
Play later
Play later
Lists
Like
Liked
6:11
SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore Conflicts between URL mapping and URL based access control. Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication and access control gaps. https://isc.sans.edu/diary/Co…
…
continue reading
1
Department of Know: Overconfidence new zero-day, FCC torches Salt Typhoon rules, AI uninsurable
41:38
41:38
Play later
Play later
Lists
Like
Liked
41:38
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Keith Townsend, Keith Townsend, host CTO Advisor Podcast, founder of The Advisor Bench, and creator of the Virtual CTO Advisor; and Howard Holton, CEO, GigaOm Thanks to our show sponsor, Knowbe4 Cybersecurity isn't just a tech problem—it's a human one. Tha…
…
continue reading
CrowdStrike fires an insider who allegedly shared screenshots with hackers. Google agrees, it wasn’t Salesforce. Cox Enterprises confirms Oracle EBS breach. Alleged Transport for London hackers plead not guilty. Hackers exploit new WSUS bug to deploy ShadowPad backdoor. Iberia discloses breach of customer data. Harvard discloses voice-phishing brea…
…
continue reading
1
Law Practice Shares Insights for Federal Workers
24:18
24:18
Play later
Play later
Lists
Like
Liked
24:18
There are many law practices in the DMV that proudly champion the workplace rights of federal employees, supervisors, and senior executives across agencies nationwide—helping preserve what is often their most valuable asset: their government career. Shehan Legal joins the Security Clearance Careers Podcast to talk about the current state of affiars…
…
continue reading
1
Aligning teams for effective remediation, Anthropic's latest report, and the news - Ravid Circus - ESW #434
1:38:56
1:38:56
Play later
Play later
Lists
Like
Liked
1:38:56
Interview with Ravid Circus Ravid will discuss why security and engineering misalignment is the biggest barrier to fast, effective remediation, using data from Seemplicity's 2025 Remediation Operations Report. This is costing some teams days of unnecessary exposure, which can lead to major security implications for organizations. Segment Resources:…
…
continue reading
1
Aligning teams for effective remediation, Anthropic's latest report, and the news - Ravid Circus - ESW #434
1:38:56
1:38:56
Play later
Play later
Lists
Like
Liked
1:38:56
Interview with Ravid Circus Ravid will discuss why security and engineering misalignment is the biggest barrier to fast, effective remediation, using data from Seemplicity's 2025 Remediation Operations Report. This is costing some teams days of unnecessary exposure, which can lead to major security implications for organizations. Segment Resources:…
…
continue reading
1
CrowdStrike insider catch, Spanish airline breach, AI not insurable
8:15
8:15
Play later
Play later
Lists
Like
Liked
8:15
CrowdStrike catches insider feeding information to hackers Spanish airline Iberia suffers breach and data leak AI is too risky to insure, say insurers Huge thanks to our episode sponsor, KnowBe4 Cybersecurity isn't just a tech problem—it's a human one. That's why KnowBe4's Human Risk Management platform allows you to measure, quantify and actually …
…
continue reading
1
How realistic is A House of Dynamite? [T-Minus Deep Space]
36:03
36:03
Play later
Play later
Lists
Like
Liked
36:03
The new Netflix movie A House of Dynamite, chronicles what happens when the unthinkable unfolds. How realistic is it? We ask the movie’s advisor and expert, Lieutenant General Daniel Karbler (Ret.). Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Want to hear your co…
…
continue reading
1
From Sewers To Subsea: Rethinking Data Centers And Defense
53:30
53:30
Play later
Play later
Lists
Like
Liked
53:30
Send us a text We trace a winding path from offshore rigs to elite red team ops and into subsea data centers, using one sewer-side breach as the spark for a new way to secure and scale compute. Along the way we unpack social engineering basics, the blue vs red culture clash, and whether AI is building features or changing outcomes. • junk folders, …
…
continue reading
SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update; Use of CSS stuffing as an obfuscation technique? Phishing sites stuff their HTML with benign CSS code. This is likely supposed to throw of simple detection engines https://isc.sans.edu/diary/Use%20of%20CSS%20stuffing%20as%20an%20obfuscation%20…
…
continue reading
1
S7E52 - A Conversation with Chuck Anderson
33:01
33:01
Play later
Play later
Lists
Like
Liked
33:01
This Thanksgiving-week episode welcomes back Chuck Anderson, IT consultant at Reliant Managed Services, for a deep dive into some of the biggest shifts in cybersecurity and technology over the past year and a half. Chuck and Greg explore the rapid rise of AI (good and bad), the looming disruption of quantum computing—especially its impact on encryp…
…
continue reading
1
Satya Gupta: Rising to your contribution. [CTO] [Career Notes]
9:55
9:55
Play later
Play later
Lists
Like
Liked
9:55
Please enjoy this encore of Career Notes. Co-founder and CTO of Virsec, Satya Gupta shares his story of how he has over 25 years of expertise in embedded systems, network security and systems architecture. He also talks about how a colleague of his told him something that resinated with him, he said " that was really a remarkable statement that I h…
…
continue reading
1
DataTribe's Cyber Innovation Day: Cyber: The Wake of Tech Innovation. [Special Edition]
47:53
47:53
Play later
Play later
Lists
Like
Liked
47:53
On this Special Edition podcast, we share a panel from DataTribe's Cyber Innovation Day 2025, "Cyber: The Wake of Tech Innovation." The podcast tech host panel included Dave Bittner, host of CyberWire Daily podcast, Maria Varmazis, host of T-Minus Space Daily podcast, and Daniel Whitenack, co-host of Practical AI podcast, sharing a wide-ranging dis…
…
continue reading
1
Two RMMs walk into a phish… [Research Saturday]
24:00
24:00
Play later
Play later
Lists
Like
Liked
24:00
Alex Berninger, Senior Manager of Intelligence at Red Canary, and Mike Wylie, Director, Threat Hunting at Zscaler, join to discuss four phishing lures in campaigns dropping RMM tools. Red Canary and Zscaler uncovered phishing campaigns delivering legitimate remote monitoring and management (RMM) tools—like ITarian, PDQ, SimpleHelp, and Atera—to gai…
…
continue reading
1
Episode 100: Episode 100 - Security knowledge alone is not enough
28:03
28:03
Play later
Play later
Lists
Like
Liked
28:03
In this episode, Richard is of the opinion that security knowledge is just not enough to succeed in this field.
…
continue reading
Cyber Command names a new head of AI. The UK introduces its long-delayed Cyber Security and Resilience Bill. Researchers highlight a critical Oracle Identity Manager flaw. Salesforce warns customers of a third-party data breach. Italy’s state-owned railway operator leaks sensitive information. SonicWall patches firewalls and email security devices.…
…
continue reading
1
Sturnus captures encrypted chats, PowerSchool schools blamed, SEC security bill
8:59
8:59
Play later
Play later
Lists
Like
Liked
8:59
Sturnus Android Trojan captures encrypted chats and hijacks devices Canadian regulators say schools share blame for PowerSchool hack Bill reintroduced to bolster cybersecurity at Securities and Exchange Commission Huge thanks to our episode sponsor, KnowBe4 Your email gateway isn't catching everything — and cybercriminals know it. That's why there'…
…
continue reading
1
Inside Jingle Thief Cloud Fraud Unwrapped [Threat Vector]
36:10
36:10
Play later
Play later
Lists
Like
Liked
36:10
In this special episode of Threat Vector, host David Moulton, Senior Director of Thought Leadership for Unit 42, sits down with Stav Setty, Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco based group kno…
…
continue reading
1
SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection.
14:09
14:09
Play later
Play later
Lists
Like
Liked
14:09
Oracle Identity Manager Exploit Observation from September (CVE-2025-61757) We observed some exploit attempts in September against an Oracle Identity Manager vulnerability that was patched in October, indicating that exploitation may have occurred prior to the patch being released. https://isc.sans.edu/diary/Oracle%20Identity%20Manager%20Exploit%20…
…
continue reading
The US and allies sanction Russian bulletproof hosting providers. The White House looks to sue states over AI regulations. The US Border Patrol flags citizens’ “suspicious” travel patterns. Lawmakers seek to strengthen the SEC’s cybersecurity posture. A new Android banking trojan captures content from end-to-end encrypted apps. A hidden browser API…
…
continue reading
1
Risky Biz Soap Box: Greynoise knows when bad bugs are coming
37:51
37:51
Play later
Play later
Lists
Like
Liked
37:51
In this sponsored Soap Box edition of the podcast, Andrew Morris joins Patrick Gray to talk about how Greynoise can often get a 90 day heads up on serious vulnerabilities. Whether it’s malicious actors doing reconnaissance or the affected vendors trying to understand the scope of the problem, it seems that mass scanning activity lines up pretty nic…
…
continue reading
1
AI: The Double-Edged Sword in Cybersecurity
25:39
25:39
Play later
Play later
Lists
Like
Liked
25:39
In this conversation, I discuss the evolving landscape of cybersecurity, particularly the impact of #ai on #cyberattacks. I highlight a recent AI-driven #cybersecurity campaign, its implications for businesses, and the importance of robust cybersecurity measures. The discussion also covers vendor security in the financial sector, lessons learned fr…
…
continue reading
1
In the Age of Identity, is Network Security Dead?
34:21
34:21
Play later
Play later
Lists
Like
Liked
34:21
All links and images can be found on CISO Series. Check out this post by Ross Haleliuk of Venture in Security for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Davi Ottenheimer, vp, trust and …
…
continue reading
1
Cloudflare blames database, Crypto heist takedown, WhatsApp flaw exposed billions
8:12
8:12
Play later
Play later
Lists
Like
Liked
8:12
Cloudflare blames database Crypto heist takedown WhatsApp flaw exposed billions Huge thanks to our episode sponsor, KnowBe4 Your email gateway isn't catching everything — and cybercriminals know it. That's why there's KnowBe4's Cloud Email Security platform. It's not just another filter—it's a dynamic, AI-powered layer of defense that detects and s…
…
continue reading
This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering s…
…
continue reading
1
Why are enterprises hesitating when it comes to AI? With Jason Tan
37:33
37:33
Play later
Play later
Lists
Like
Liked
37:33
Enterprises have reasons to be cautious about AI, but those who hesitate for too long are going to be left behind. In this episode, Anthony and Kris meet AI strategist, AI ethicist, and founder of Engage AI Jason Tan, who discusses the current state of AI adoption and the cautious stance of enterprises, compared with the proactive approach of start…
…
continue reading
1
SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers
6:34
6:34
Play later
Play later
Lists
Like
Liked
6:34
Unicode: It is more than funny domain names. Unicode can cause a number of issues due to odd features like variance selectors and text direction issues. https://isc.sans.edu/diary/Unicode%3A%20It%20is%20more%20than%20funny%20domain%20names./32472 FortiWeb Multiple OS command injection in API and CLI A second silently patched vulnerability in FortiW…
…
continue reading
1
SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers (#)
6:35
6:35
Play later
Play later
Lists
Like
Liked
6:35
SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers Unicode: It is more than funny domain names. Unicode can cause a number of issues due to odd features like variance selectors and text direction issues. https://isc.sans.edu/diary/Unicode%3A%20It%20is%20more%20tha…
…
continue reading
1
The oversized file that stalled the internet.
29:46
29:46
Play later
Play later
Lists
Like
Liked
29:46
Cloudflare’s outage is rooted in an internal configuration error. The Trump administration is preparing a new national cyber strategy. CISA gives federal agencies a week to secure a new Fortinet flaw. MI5 warns that China is using LinkedIn headhunters and covert operatives to target lawmakers. Experts question the national security risks of TP-Link…
…
continue reading
1
How Can Businesses Address Guardrails for Autonomous AI Agents with Permissions?
24:58
24:58
Play later
Play later
Lists
Like
Liked
24:58
“People love the idea that an agent can go out, learn how to do something, and just do it,” Jeff Hickman, Head of Customer Engineering, Ory, said. “But that means we need to rethink authorization from the ground up. It’s not just about who can log in; it’s about who can act, on whose behalf, and under what circumstances.” In the latest episode of T…
…
continue reading
1
EP 152 90,000 Heartbeats, One Security Chief: Wembley Stadium- Behind the Scenes, with Steve McGrath
54:53
54:53
Play later
Play later
Lists
Like
Liked
54:53
Send us a text In this powerful and engaging episode, YoYo sits down with Steve McGrath, the Head of Security at Wembley Stadium, to explore what it really takes to protect one of the world’s most iconic venues. With a background in counter terrorism policing and years of operational leadership, Steve shares an inside look into managing security fo…
…
continue reading
1
FCC to torch Salt Typhoon rules, Group claims Danish party website hits, MI5 warns Chinese spies are on LinkedIn
7:35
7:35
Play later
Play later
Lists
Like
Liked
7:35
FCC to torch rules from Salt Typhoon Group claims hits on Danish party websites MI5 warns Chinese spies are using LinkedIn Huge thanks to our episode sponsor, KnowBe4 Your email gateway isn't catching everything — and cybercriminals know it. That's why there's KnowBe4's Cloud Email Security platform. It's not just another filter—it's a dynamic, AI-…
…
continue reading
1
SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage
4:38
4:38
Play later
Play later
Lists
Like
Liked
4:38
KongTuke Activity This diary investigates how a recent Kong Tuke infections evolved all the way from starting with a ClickFix attack. https://isc.sans.edu/diary/KongTuke%20activity/32498 Cloudflare Outage Cloudflare suffered a large outage today after an oversized configuration file was loaded into its bot protection service https://x.com/dok2001 G…
…
continue reading
1
SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage (#)
4:39
4:39
Play later
Play later
Lists
Like
Liked
4:39
SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage KongTuke Activity This diary investigates how a recent Kong Tuke infections evolved all the way from starting with a ClickFix attack. https://isc.sans.edu/diary/KongTuke%20activity/32498 Cloudflare Outage Cloudflare suffered a large outage today after an oversized configura…
…
continue reading
1
Risky Business #815 -- Anthropic's AI APT report is a big deal
51:24
51:24
Play later
Play later
Lists
Like
Liked
51:24
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Anthropic says a Chinese APT orchestrated attacks using its AI It’s a day ending in -y, so of course there are shamefully bad Fortinet exploits in the wild Turns out slashing CISA was a bad idea, now it’s time for a hiring spree Researchers brute for…
…
continue reading
