BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Player FM - Internet Radio Done Right
Checked 5d ago
four 年前已添加!
内容由YusufOnSecurity.Com提供。所有播客内容(包括剧集、图形和播客描述)均由 YusufOnSecurity.Com 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
类似 YusufOnSecurity.com 的节目
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
What is the internet doing to us? The Times tech columnist Kevin Roose discovers what happens when our lives move online. Unlock full access to New York Times podcasts and explore everything from politics to pop culture. Subscribe today at nytimes.com/podcasts or on Apple Podcasts and Spotify.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
…
continue reading
We help founders make something people want.
…
continue reading
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
))
167 - Preparing for and responding to ransomeware attack
Manage episode 413375978 series 2872461
内容由YusufOnSecurity.Com提供。所有播客内容(包括剧集、图形和播客描述)均由 YusufOnSecurity.Com 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Enjoying the content? Let us know your feedback!
Ransomware is a threat that will be around us for the foreseeable future.
In this week's episode we will look at the history of ransomware, the common TTPs in use by threat actors such as Turla, how to align our incident response to that threat and others, and finally how to contain, eradicate, and recover from it.
In addition we will answer the following pertinent question that are top of minds for the SOC team. Questions such as:
- What are the best methods to inhibiter Threat actor's lateral movement?
- What are the critical components that drive ransomware?
etc...
But before we dig into these gems, lets touch one important top trending piece of news. And that is:
- CISA makes its malware analysis system publicly available
- https://www.cisa.gov: CISA Announces Malware Next-Gen Analysis
- https://attack.mitre.org: Turla
- https://www.chainalysis.com: ransomware 2024
- https://www.cohesity.com: Ransomware Recovery
Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.
217集单集
分享
Manage episode 413375978 series 2872461
内容由YusufOnSecurity.Com提供。所有播客内容(包括剧集、图形和播客描述)均由 YusufOnSecurity.Com 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Enjoying the content? Let us know your feedback!
Ransomware is a threat that will be around us for the foreseeable future.
In this week's episode we will look at the history of ransomware, the common TTPs in use by threat actors such as Turla, how to align our incident response to that threat and others, and finally how to contain, eradicate, and recover from it.
In addition we will answer the following pertinent question that are top of minds for the SOC team. Questions such as:
- What are the best methods to inhibiter Threat actor's lateral movement?
- What are the critical components that drive ransomware?
etc...
But before we dig into these gems, lets touch one important top trending piece of news. And that is:
- CISA makes its malware analysis system publicly available
- https://www.cisa.gov: CISA Announces Malware Next-Gen Analysis
- https://attack.mitre.org: Turla
- https://www.chainalysis.com: ransomware 2024
- https://www.cohesity.com: Ransomware Recovery
Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.
217集单集
所有剧集
×
Enjoying the content? Let us know your feedback! This week's episode is continuation of Troy Hunt's cautionary tale , the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll continue to break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end where we bust our myth of the week! We will also look at this week's cyber security news which is Ubuntu Linux security bypasses - https://blog.qualys.co m: Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions - https://www.troyhunt.com : A sneaky phish just grabbed my Mailchimp mailing list Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! In this week's episode we have a fascinating and cautionary tale about none other than Troy Hunt, the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end for tips on how to stay vigilant against phishing attacks and our myth of the week! we will also look at the cyber security news. Here is what caught my attention this week. - PSTools dll injection vulnerability - https://www.foto-video-it.de : Disclosure Sysinternals (You will need to translate to English if you are not a German speaker) - https://learn.microsoft.com : PSTool - https://www.troyhunt.com : A sneaky phish just grabbed my Mailchimp mailing list Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! In this episode, we’ll look into a cybersecurity assessment method that mimics real-world attacks to test an organization's security defenses and response capabilities: Threat emulation. It is one of the strategies to keep you ahead of the game. Threat emulation aims to identify and mitigate security gaps before attackers exploit them, providing a more comprehensive evaluation than traditional assessments. Before we dive into the main topic, lets glance what is happening on the security front: March Microsoft Patch Tuesday has landed! - https://msrc.microsoft.com : March 2025 Security Updates - https://detect-respond.blogspot.com : Pyramid Of Pain - https://www.atomicredteam.io : Atomic Read Team - https://www.ecb.europa.eu /paym/cyber-resilience/tiber-eu/html/index.en.html Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! In this episode, we’ll be exploring a particularly intriguing file types: polyglot files. These digital shapeshifters have become a powerful tool in the arsenal of cyber attackers, capable of bypassing security measures, confusing systems, and delivering malicious payloads in ways that are both creative and devastating. Over the next 20 to 30 minutes or so, we’ll break down what polyglot files are, how they work, and why they’re so dangerous. We’ll also examine some real-world examples where polyglot files were used in cyberattacks. We will reference the MITRE ATT&CK framework to understand how these techniques fit into the broader landscape of adversarial tactics. Finally, we’ll discuss mitigation strategies and close with a cybersecurity myth that needs busting Before we dive into the main topic, lets glance what is happening on the security front: UEFI Secure Boot bypass vulnerability - https://en.wikipedia.org : Polyglot - https://attack.mitre.org : Masquerading - https://arxiv.org : Where the Polyglots Are: How Polyglot Files Enable Cyber Attack Chains and Methods for Detection & Disarmament - https://medium.com : Polyglot Files A Hackers Best Friend - https://www.bleepingcomputer.com : New polyglot malware hits aviation, satellite communication firms Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
1 213 - Stealing Data in Plain Sight -How Cybercriminals Exfiltrate Your Secrets and How to Stop Them 50:53
Enjoying the content? Let us know your feedback! In today's episode, we're diving deep into Data Exfiltration; one of the most serious threats facing organizations today. We'll break down exactly what data exfiltration is, where it fits in the MITRE ATT&CK framework, the tools and techniques attackers use, and, most importantly, how organizations can defend themselves. We’ll also cover real-world examples, including publicly known cases that had major consequences. So, whether you're a seasoned security professional or just starting out in the field, stick around as we unravel the methods attackers use and how to stop them. First lets look at one of the trending security news this week, and that is: News: Caldera Vulnerability - https://github.com/mitre/caldera : Security Notice - https://nvd.nist.gov : CVE-2025-27364 - https://medium.com : MITRE Caldera Security Advisory — Remote Code Execution (CVE-2025–27364) - https://www.mitre.org : Caldera Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! We are continuing with part 2 of "Behind the Login Screen - Understanding OS Authentication." If you missed our first episode, I highly recommend giving it a listen before diving into today's content. In part one, we started to explore the fascinating world of operating system authentications, focusing on Windows, Linux/Unix, and Mac OS. We discussed how hashes are used in authentication, the concept of salt in passwords, rainbow table attacks. In today's episode, we'll build on that foundation and delve even deeper into the topic of OS authentication mechanisms. So again, if you haven't already, make sure to catch up on part one to get the full picture. Now, let's get started with part two of our journey into the world of OS authentication! lets look at one of the trending security news this week, and that is: - Newly discovered OpenSSH vulnerabilities. - https://blog.qualys.com : Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 - https://learn.microsoft.com : Kerberos Authentication Overview Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! In today's episode, we're going to explore the fascinating topic of operating systems authentications. We all use it but how many of us wondered how the behind the curtains machinery work. We'll be focusing on Windows, Linux/Unix, and Mac OS. We'll discuss how hashes are used in authentication, the concept of salt in passwords, rainbow table attacks and their countermeasures, the benefits of password-less authentication using hardware keys, password cracking, the shadow file in Unix/Linux, and the mechanics of how each OS protects passwords and how attackers try to circumvent these protections. Scareware blocker, now available in Microsoft Edge - https://blogs.windows.com : Stand Up To Scareware With Scareware Blocker - https://learn.microsoft.com : Kerberos Authentication Overview - https://www.microsoft.com : Scareware Blocker Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! As AI-generated content becomes more advanced, the risk of adversarial misuse—where bad actors manipulate AI for malicious purposes—has skyrocketed. But what does this mean in practical terms? What risks do we face, and how one of the big players is addressing them? Stick around as we break Google’s Adversarial Misuse of Generative AI report, explain the key jargon, and bust a cybersecurity myth at the end of the show. Before we get into the main topic, lets have a look at one important news update, and that is: Microsoft has expanded its Windows 11 administrator protection tests - https://cloud.google.com : Adversarial Misuse of Generative AI - https://deepmind.google : Mapping the misuse of generative AI - https://learn.microsoft.com : User Account Control overview - https://learn.microsoft.com : How User Account Control works Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! Today, we’ve got something really exciting for you. If you’ve been following the world of artificial intelligence lately, you’ve probably heard a lot about a new player in town: DeepSeek. Now, let me tell you, DeepSeek is shaking things up. They’re doing something completely different that’s not only disrupting the AI space but could also be a game-changer in how we approach cost, performance, and security in the future of AI technology. So, grab a seat on a solid ground and buckle up—this week, we’re diving into how **DeepSeek** is leveling the playing field for AI vendors everywhere, cutting costs, and leveraging some really smart techniques that are turning heads in the industry. And, of course, at the end of today’s episode, we’ll be busting a big cybersecurity myth that might surprise you. But first, let’s talk all things DeepSeek. Before we dive into the main, we will also bring you update todate on the news front: - Deepseek date breach. Yes they were hit already! - https://www.technologyreview.com : How DeepSeek ripped up the AI playbook—and why everyone’s going to follow its lead - https://www.digitaltrends.com : Microsoft is letting anyone use ChatGPT’s $200 reasoning model for free - https://www.wiz.io : Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! In this episode we will detail the significant announcement from Let’s Encrypt – the trusted nonprofit Certificate Authority that has been at the forefront of making the web more secure. Let’s Encrypt has revealed its plans to drastically reduce the lifetime of its TLS certificates from 90 days to just 6 days. This decision, outlined in their 2024 annual report, is aimed at strengthening the security of online communications by minimizing the risks associated with compromised keys. But what does this mean for website owners, IT administrators, and the broader cybersecurity landscape? That’s what we’ll explore in detail today. - https://community.letsencrypt.org : 2024 ISRG Annual Report - https://www.malwarebytes.com : 7-zip bug could allow a bypass of a windows security feature update now - https://digital.nhs.uk : Proof-of-Concept Exploit Released for CVE-2025-0411 in 7-Zip Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! This episode is one for you system admins out there! Today we’re discussing three actively exploited vulnerabilities you absolutely need to know about—CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. These vulnerabilities have been making headlines, and understanding them could mean the difference between staying secure and falling victim to a breach. We’ll explore what these vulnerabilities are, how they’re being exploited, the adversaries leveraging them, and what organizations and individuals can do to protect themselves. And, as always, we’ll break down the jargon and bust a popular cybersecurity myth towards the end of the show. Before we get into the main topic, lets recap the top security news this week Microsoft dropped the January Patch Tuesday and boy was it a whopper! We will dig into the details in more ways than one! - https://isc.sans.edu : Microsoft January 2025 Patch Tuesday - https://www.theregister.com : Microsoft fixes under-attack privilege-escalation holes in Hyper-V Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! This is the podcast where we explore the ever-evolving world of cybersecurity and provide practical advice for staying ahead of threats. I’m your host, Yusuf, and today’s episode is all about starting the new year with a solid plan. We’re diving into _Cybersecurity Resolutions for 2025: Best Practices for Individuals and Organizations._ As we step into a new year, it’s the perfect time to reflect on how we protect our digital lives—whether at home or in the workplace. From bolstering personal security habits to implementing stronger organizational policies, this episode will cover actionable resolutions you can adopt today. Along the way, we’ll explain key jargon, explore real-life examples, and, as always, bust a common cybersecurity myth at the end. - https://nypost.com : Apple users warned of hi-tech Mac malware that steals personal data, goes undetected for months— here’s how to stay safe - https://www.youtube.com : When Do We Get to Play On Easy Mode? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! Today, we’re tackling a fundamental yet often misunderstood tool in every cybersecurity professional's arsenal—vulnerability scanners. What role do they play in protecting our organizations? Where do they shine, and where do they fall short? As always, we’ll cut through the jargon and break things down for everyone—from seasoned professionals to those just beginning their journey in cybersecurity. And stick around until the end for this week’s myth-busting segment, where we debunk a misconception about cyber security in general that many people still believe. So grab your favorite beverage, get set, and let’s dive right in! Tenable Scanner Agent went offline globally All that coming up next, in this week episode. - https://docs.tenable.com : Tenable Nessus Agent 2025 Release Notes - https://www.splunk.com : Vulnerability Scanners Primer Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! This final episode of 2024, we recap the best the most listened to episodes of the year. And this year we have a great four back to back of the greatest of them all. Lets start with the first eisode 191 - Is The Browser The New Operating System? released on the 28th of September. Next is episode 172 - SSL VPN versus IPsec VPN - Part 1 and part 2 released 18th of May and 25 of May respectively. And finally Episode 191 - APIs and Webhooks released on the the 5th October. Enjoy and see you in the new year! Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! It is a topical episode we’re diving into a high-stakes challenge every organization faces: It is holiday season, how do you manage threats when most of the security team is off duty. Imagine a holiday season, a long weekend, or even an unexpected emergency. With key team members unavailable, how do we keep our defenses strong? This episode will provide actionable strategies, backed by real-world examples, to help you stay prepared. Stick around until the end, where we’ll also bust a common cybersecurity myth. - https://www.bleepingcomputer.com : CISA Urges Switch To Signal Like-Encrypted Messaging Apps After Telecom Hacks Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。
Daily Deals
Daily Deals
类似 YusufOnSecurity.com 的节目
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
What is the internet doing to us? The Times tech columnist Kevin Roose discovers what happens when our lives move online. Unlock full access to New York Times podcasts and explore everything from politics to pop culture. Subscribe today at nytimes.com/podcasts or on Apple Podcasts and Spotify.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
…
continue reading
We help founders make something people want.
…
continue reading
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
))
