))
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday. Gain expert insights on what you need to takeaway from each story, and why. Learn and laugh at the same time with #TeamSC. Join us live at 8 AM Eastern every weekday morning at https://simplycyber.io/streams. I’m Gerald Auger, Ph.D., a cybersecurity professional, college professor, and content creator with over two decades of expertise in GRC cybersecurity. This field is collabor ...
…
continue reading
The DailyCyber Podcast and New Live Stream every Wednesday at 6:00 pm EDT is focused on providing the truth into the Cyber Security industry. Discussions on Cyber Security trends, technologies, solutions, news, education, certifications, careers and interviews with leading Cyber Security experts on various Cyber Security topics. Subscribe today to make sure you don't miss an episode. IMPORTANT: The views, information and/or opinions expressed on this podcast/stream are solely those of Brando ...
…
continue reading
1
SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance
7:49
In today's episode, we start by talking about the PFSYNC protocol used to synchronize firewall states to support failover. Oracle released it's quarterly critical patch update. ESET is reporting about a critical VPN supply chain attack and CISA released guidance for victims of recent Ivanti related attacks. Catching CARP: Fishing for Firewall State…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.hopp.to/antisyphontraining…
…
continue reading
1
SANS ISC Stormcast, Jan 22, 2025: Geolocation via Starlink and Cloudflare; AI Prompt Risks; Homebrew Phishing
9:16
This episodes covers how Starlink users can be geolocated and how Cloudflare may help deanonymize users. The increased use of AI helpers leads to leaking data via careless prompts. Geolocation and Starlink https://isc.sans.edu/diary/Geolocation%20and%20Starlink/31612 Discover the potential geolocation risks associated with Starlink and how they mig…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.hopp.to/antisyphontraining…
…
continue reading
1
SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF
6:20
In this episode, we talk about downloading and analyzing partial ZIP files, how legitimate remote access tools are used in recent compromises and how a research found an SSRF vulnerability in Azure DevOps Partial ZIP File Downloads A closer look at how attackers are leveraging partial ZIP file downloads to bypass file verification systems and plant…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.hopp.to/antisyphontraining…
…
continue reading
1
SANS ISC Stormcast, Jan 20, 2025: Honeypots for Offense; SimpleHelp and UEFI Secure Boot Vulnerabilities
3:24
In this episode, we cover how to use honeypot data to keep your offensive infrastructure alive longer, three critical vulnerabilities in SimpleHelp that must be patched now, and an interesting vulnerability affecting many systems allowing UEFI Secure Boot bypass. Leveraging Honeypot Data for Offensive Security Operations [Guest Diary] A recent gues…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance https://barricadecyber.com. Take control of your data and keep your private life private by signing up for DeleteMe. Go to ht…
…
continue reading
1
SANS ISC Stormcast, Jan 17, 2025: Analyzing Complex Datasets, Citrix Update Issues, Ivanti's Security Advisory, and the Future of Passkeys (@sans_edu)
12:50
In this episode, we explore the efficient storage of honeypot logs in databases, issues with Citrix's Session Recording Agent and Windows Update. Ivanti is having another interesting security event and our SANS.edu graduate student Rich Green talks about his research on Passkeys. Extracting Practical Observations from Impractical Datasets: A SANS I…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance https://barricadecyber.com. Take control of your data and keep your private life private by signing up for DeleteMe. Go to ht…
…
continue reading
1
SANS ISC Stormcast, Jan 16, 2025: Critical Vulnerabilities and Cybersecurity Updates You Need to Know
9:02
Today's episode covers an odd 12 year old Netgear vulnerability that only received a proper CVE number last year. Learn about how to properly identify OpenID connect users and avoid domain name resue. Good old rsync turns out to be in need of patching and Fortinet: Not sure if it needs patching. Probably it does. Go ahead and patch it. The Curious …
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance https://barricadecyber.com. Take control of your data and keep your private life private by signing up for DeleteMe. Go to ht…
…
continue reading
1
SANS ISC Stormcast, Jan 14 2025: Microsoft Patch Tuesday, FortiOS and FortiProxy Patches; Paessler PRTG Patches
7:48
Today, Microsoft Patch Tuesday headlines our news with Microsoft patching 209 vulnerabilities, some of which have already been exploited. Fortinet suspects a so far unpatched Node.js authentication bypass to be behind some recent exploits of FortiOS and FortiProxy devices. Microsoft January 2025 Patch Tuesday This month's Microsoft patch update add…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance https://barricadecyber.com. Take control of your data and keep your private life private by signing up for DeleteMe. Go to ht…
…
continue reading
1
SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics
7:51
Episode Summary: This episode covers brute-force attacks on the password reset functionality of Hikvision devices, a macOS SIP bypass vulnerability, Linux rootkit malware, and a novel ransomware campaign targeting AWS S3 buckets. Topics Covered: Hikvision Password Reset Brute Forcing URL: https://isc.sans.edu/diary/Hikvision%20Password%20Reset%20Br…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance https://barricadecyber.com. Take control of your data and keep your private life private by signing up for DeleteMe. Go to ht…
…
continue reading
In today's episode, we cover the latest updates in cybersecurity: Windows Defender Enhances Chrome Extension Detection Microsoft's Defender now catalogs Chrome extensions to identify malicious ones. Learn how this improves enterprise security. https://isc.sans.edu/diary/Windows%20Defender%20Chrome%20Extension%20Detection/31574 Multi-OLE Analysis in…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.hopp.to/antisyphontraining…
…
continue reading
1
SANS ISC Stormcast: Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities. Jan 9th 2024
7:19
In this episode, we explore the following stories: "Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics" Overview of Redtail's multi-architecture cryptomining malware exploiting vulnerabilities and deploying persistence techniques. URL: Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its …
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.hopp.to/antisyphontraining…
…
continue reading
1
SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised Systems
6:04
In this episode, we discuss critical vulnerabilities in Ivanti Connect Secure and Policy Secure, command injection risks in Aviatrix Network Controllers, and the risks posed by hijacked abandoned backdoors. Episode Links and Topics: More Governments Backdoors in Your Backdoors https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.hopp.to/antisyphontraining…
…
continue reading
1
SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark
6:39
In this episode, we dive into active exploitation of a zero-day in SonicWall SSL-VPN, privilege escalation vulnerabilities in Moxa devices, and a BitLocker bypass in Windows 11. We also cover cryptocurrency mining malware hitting PHP servers and the White House's launch of the U.S. Cyber Trust Mark to secure connected devices. Episode Links and Top…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.com Check out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.hopp.to/antisyphontraining…
…
continue reading
In this episode of the SANS Internet Storm Center's Stormcast, we cover critical vulnerabilities affecting OpenSSH, BeyondTrust, and Nuclei, including the newly discovered "RegreSSHion" flaw and a bypass vulnerability in Nuclei. We also discuss how malware evasion techniques can impact analysis environments and highlight the dangers of fake exploit…
…
continue reading
由Simply Cyber Media Group
…
continue reading
In this episode of the SANS Internet Storm Center's Stormcast, we cover the latest cybersecurity threats and defenses, including Python-delivered malware, goodware hash sets, SSL/TLS protocol updates, and critical vulnerabilities in ASUS routers and Paessler PRTG. Stay informed and secure your systems! Full details and links to all stories: SwaetRA…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance https://barricadecyber.com. Take control of your data and keep your private life private by signing up for DeleteMe. Go to ht…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance https://barricadecyber.com. Take control of your data and keep your private life private by signing up for DeleteMe. Go to ht…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance https://barricadecyber.com. Take control of your data and keep your private life private by signing up for DeleteMe. Go to ht…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance https://barricadecyber.com. Take control of your data and keep your private life private by signing up for DeleteMe. Go to ht…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday. 💥 Get the GRC Analyst Master Class, packed with practical skills and no prerequisites from Simply Cyber Academy. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance at barri…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday. 💥 Get the GRC Analyst Master Class, packed with practical skills and no prerequisites from Simply Cyber Academy. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance at barri…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday. 💥 Get the GRC Analyst Master Class, packed with practical skills and no prerequisites from Simply Cyber Academy. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance at barri…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday. 💥 Get the GRC Analyst Master Class, packed with practical skills and no prerequisites from Simply Cyber Academy. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance at barri…
…
continue reading
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day. Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance https://barricadecyber.com. Take control of your data and keep your private life private by signing up for DeleteMe. Go to ht…
…
continue reading
