Monday, September 25, 2023
The CyberWire Podcast

Threat intelligence discussion with Chris Krebs. [Special Edition]

In this extended interview, Simone Petrella sits down with Chris Krebs of the Krebs Stamos Group at the mWise 2023 Cybersecurity Conference to discuss threat intelligence . Learn more about your...
The Shared Security Podcast

Content Creation, Mental Health in Cyber, The MGM Ransomware Attack

In this episode Matt Johansen, Security Architect at Reddit and Vulnerable U newsletter and YouTube content creator, joins host Tom Eston to discuss Matt’s background as one of the original “Security Twits”, his career journey, his passion for mental...

ISC StormCast for Monday, September 25th, 2023

Scanning for Laravel - a PHP Framework for Web Artisants
Open Source Security Podcast

Episode 394 – The lie anyone can contribute to open source

Josh and Kurt talk about filing bugs for software. There's the old saying that anyone can file bugs and submit patches for open source, but the reality is most people can't. Filing bugs for both closed and open source...
The CyberWire Podcast

Merritt Baer: No one has to go down for you to go up. [CISO] [Career Notes]

This week our guest is Merritt Baer, a Field CISO from Lacework, and a cloud security unicorn, sits down to share her incredible story working through the ranks to get to...
The CyberWire Podcast

Behind the Google shopping ad masks. [Research Saturday]

Maxim Zavodchik from Akamai joins Dave to discuss their research on "Xurum: New Magento Campaign Discovered." Akamai researchers have discovered an ongoing server-side template injection campaign that is exploiting digital commerce...

NIcole Sundin – CPO at Axio – SEC compliance, usable security, setting up risk mgmt programs

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time,...
Security Weekly

2024 Security Planning, Better Tabletop Exercises – Merritt Maxim, Ryan Fried – ESW #332

Forrester Research releases a few annual reoccurring cybersecurity reports, but one of the biggest that covers the most ground is the Security Risk Planning Guide, which was recently released for 2024. One of the report's 17 authors, and research...
The CyberWire Podcast

Enter the Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.

A new APT is found: enter Sandman. Tracking an initial access broker called Gold Melody. Iran’s OilRig group is active against Israeli targets. Cyber ops as an instrument of soft power....
Security Weekly

Passkeys, bots, hotels, conning the con, TrendMicro, Pizza & Aaran Leyland – SWN #327

This week on the Security Weekly News: Passkeys, bots, hotels, conning the con, TrendMicro, Pizza, Aaran Leyland, & more! Visit for all the latest episodes! Follow us on Twitter: Like us on Facebook: Visit for...
7 minute security

7MS #590: Hacking Billy Madison – Part 2 Today my Paul and I continued hacking Billy Madison (see part one here) and learned some interesting things: You can fuzz a URL with a specific file type using a format like this: wfuzz -c -z file,/root/Desktop/wordlist.txt --hc 404 http://x.x.x.x/FUZZ.cap To...

Weekly Update 366

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSiteWell that's it, Europe is done! I've spent the week in Prague with highlights including catching up with Josef Prusa,...

ISC StormCast for Friday, September 22nd, 2023

Apple Patches Three 0-Days WebP Vulnerability MOVEit Transfer

Snake Oilers: Sublime Security, Vulncheck and Devicie

In this edition of Snake Oilers you’ll hear product pitches from: ...
Security Weekly

AI Attacks and LLM Security Matters – Nathan Hamiel – PSW #799

Nathan comes on the show to discuss LLMs, such as ChatGPT, the issues we face today and in the future. Learn about prompt injection attacks, jailbreaking, LLMs for threat actors, and more! In the Security News: LVFS is not...
The CyberWire Podcast

Don’t get snatched. Trends in phishing, cyber insurance claims, and threats to academic institutions. Hacktivism in the hybrid war. Updates on the ICC attack. MGM says its casinos are back.

CISA and the FBI warn of Snatch ransomware. A look at phishing trends. Ransomware is increasingly cited in cyber insurance claims. Trends in cyber threats to academic institutions. A Russian hacktivist...

ISC StormCast for Thursday, September 21st, 2023

What's Normal: DNS TTL Values's%20Normal%3F%20DNS%20TTL%20Values/30234/ CISA Highlights Snatch Ransomware
Smashing Security

Heated seats, car privacy, and Graham’s porn video

Do you know what data your car is collecting about you? Do you think it's right for a car manufacturer to collect a subscription to keep your bottom warm? And just why has YouPorn sent an email...
The CyberWire Podcast

Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.

The International Criminal Court reports a "cybersecurity incident." ShroudedSnooper intrusion activity is both novel and simple. Criminal malware targets Chinese-speaking victims. The costs of insider risk. More on the casino attacks...

ISC StormCast for Wednesday, September 20th, 2023

Obfuscated Scans For Older Adobe Experience Manager Vulnerabilities Trend

In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover

A critical vulnerability in the TeamCity CI/CD server could allow unauthenticated attackers to execute code and take over vulnerable servers. The post In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover appeared first on SecurityWeek.

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks

Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks.  The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek.
Infosecurity Magazine

BEC Scammer Pleads Guilty to Part in $6m Scheme

Nigerian was extradited to the US from Canada
Infosecurity Magazine

Researchers Spot Novel “Deadglyph” Backdoor

Malware is linked to UAE-backed spies
Infosecurity Magazine

Almost US 900 Schools Breached Via MOVEit

National Student Clearinghouse reveals more details of incident