Episodios
-
Enjoying the content? Let us know your feedback!
Today’s topic is one that mixes the marvel of modern technology with some very real concerns. We’re talking about the rise of Large Language Models, or LLMs, how they’re rapidly being adopted across industries, and the potential for sensitive data leakage on the open web. It’s a thrilling time for AI technologies, but as with all new frontiers, there are risks if we're not careful.
News: MSHTML platform spoofing vulnerability. And yes, It is a big one.- https://blogs.cisco.com: Securing The LLM Stack
- https://msrc.microsoft.com: CVE-2024-43461
- https://msrc.microsoft.com: CVE-2024-38112
- https://www.trendmicro.com: CVE-2024-38112 Void-BansheeBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this episode we’re diving into an important topic that concerns one of the most trusted hardware security tokens on the market—the YubiKey 5 series.
We’ll discuss a recently discovered vulnerability affecting YubiKeys and go over what it means for the broader world of authentication and cryptographic security. To help you fully understand the issue, I’ll also provide a quick primer on key concepts like digital signatures, elliptic curves, and the cryptographic algorithm known as ECDSA.
With that said, this episode is an update as well as a main topic and all in all it will give you the tools you need to stay informed and protected.
- https://www.yubico.com: Yubico Advisories
- https://ninjalab.io: The researchBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
¿Faltan episodios?
-
Enjoying the content? Let us know your feedback!
Today, we will look into two essential cybersecurity solutions: File Integrity Monitoring or FIM and Endpoint Detection and Response, commonly known as EDR.
SANS Institute released a Critical Infrastructure Strategy Guide
Both of these technologies are crucial for protecting systems, but they work in very different ways. We’ll be comparing and contrasting their capabilities, benefits, and use cases.
Before we get into the main topic, lets review a top trending piece of security news:- https://www.sans.org: SANS Institute released a Critical Infrastructure Strategy Guide
- https://en.wikipedia.org: File Integrity Monitoring
- https://www.cisco.com: What is an EDR?Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In today episode we’re diving into something that’s been making waves in the cybersecurity community—NIST Cybersecurity Framework 2.0.
CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet
The NIST Cybersecurity Framework has long been a cornerstone for building robust security practices, and with the release of version 2.0, there are some exciting new developments that are relevant given todays threat landscape.
As always, lets review what is trending in the news front.- https://www.akamai.com: Mirai Botnet Infects CCTV Used in Critical Infrastructures
- https://www.nist.gov: IST Cybersecurity Framework 2.0.
- https://nvlpubs.nist.gov: NIST Cybersecurity Framework 2.0.Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode we will dig in exploring a critical framework that’s reshaping how organizations approach cybersecurity—especially in the energy sector—known as the Cybersecurity Capability Maturity Model. This is also refer to C2M2.
A ransomware group launched an EDR process killer utility
We’ll unpack what C2M2 is, why it’s so important, and how it helps organizations assess and improve their cybersecurity practices. So, grab a coffee, sit back, and let’s dive in.
But wait, lets first review this week's trending news.-https://www.theregister.com: RnsomHub EDRKilling Malware/
- https://c2m2.doe.gov: Cybersecurity Capability Maturity ModelBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode, we’re unpacking a topic that’s crucial for anyone connected to the digital world: _Why Hackers Target Stolen Credentials_. From understanding the value behind those stolen usernames and passwords to exploring the dark web marketplaces where they’re traded, we’ll break it all down and look at what this means for your security.
A UK IT provide faces hefty fines for ransomware breach
Before we get into the topic, lets review this week's top trending security news:- https://ico.org.uk: Provisional decision to impose £6m fine on software provider following 2022 ransomware attack that disrupted NHS and social care services
- https://en.wikipedia.org: Credential StuffingBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode, we're diving into the Malware Information Sharing Platform, or MISP. We'll explore how MISP helps organizations share and leverage threat intelligence, enhancing their defense against cyber threats. Stay tuned as we unpack its features, benefits, challenges, and practical tips for implementation.
Ransomware is on the rise, while technology becomes most targeted section
Before we get into the main topic, lets touch a top trending piece of news this week. And that is:
- https://blog.talosintelligence.com: IR Trends: Ransomware on the rise, while technology becomes most targeted sector- https://www.misp-project.org: MISP Project
- https://www.misp-project.org: Documentation
- https://github.com: MISP GitHubBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode, we will dig into the risk benefit analysis of allowing kernel level access to third party application. We will look into the inherent risks this brings into the operating system and the benefit thereof.
We will also compare the approach the two major operatic system makers took i.e. Microsoft and Apple. We will include snippet of what Microsoft says post CrowStrike outage.
- https://www.microsoft.com: Windows Security Best Practices For Integrating And Managing Security Tools
- https://support.apple.com: System And Kernel Extensions In MacOS
- https://www.theverge.com: Microsoft Windows Changes Crowdstrike Kernel Driver
- https://learn.microsoft.com: Support Policy Third Party Kernel Level AttestationBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
This week's episode needs very little introduction: The CrowdStrike IT Outage.
We will delve into the unprecedented IT outage caused by a corrupt update from CrowdStrike, which led to widespread Blue Screen of Death (BSOD) errors on Windows systems across globe. Join us as we explore how this incident became the largest IT outage in history and what lessons can be learned from it.
- https://www.crowdstrike.com: Falcon Update For Windows Hosts Technical Details
- https://www.crowdstrike.com: Falcon Content Update Remediation And Guidance HubBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
As I said in part of this two part series episode, It's easy to feel like nothing is secure these days, with constant reports of data breaches and exploits occurring everywhere you look. From major corporations to small businesses, no one seems immune to these pervasive cyber threats. The frequency and scale of these incidents can make it seem like our digital world is under continuous siege. In today's episode, we will be diving into the reasons behind the surge in data breaches and exploits, and how these incidents are becoming more frequent and damaging. Join us as we explore the fundamental factors contributing to this trend and examine some major breaches from the past few years. Please listen to part 1, beforehand.
There is a critical Exim Mail Server Vulnerability
Lets now turn to our top trending news this week and that is:- https://informationisbeautiful.net/visualizations: Worlds Biggest Data Breaches Hacks
- https://bugs.exim.org: Incorrect parsing of multiline rfc2231 header filename
- https://nvd.nist.gov: CVE-2024-39929Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
It's easy to feel like nothing is secure these days, with constant reports of data breaches and exploits occurring everywhere you look. From major corporations to small businesses, no one seems immune to these pervasive cyber threats. The frequency and scale of these incidents can make it seem like our digital world is under continuous siege. In today's episode, we will be diving into the reasons behind the surge in data breaches and exploits, and how these incidents are becoming more frequent and damaging. Join us as we explore the fundamental factors contributing to this trend and examine some major breaches from the past few years.
Who are behind the Brain Cipher ransomware?
Having said that, lets turn to a couple of top trending news this week and they are- https://media.inti.asia: Understanding the Brain Cipher Ransomware Attack
- https://informationisbeautiful.net/visualizations: Worlds Biggest Data Breaches HacksBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
A large number of companies are potentially exposed in SnowFlake's related attacks.
In this episode, we’re focusing on the rising trend of IT outsourcing and its implications for cybersecurity. As more businesses delegate non-core tasks to third-party providers, they inadvertently open doors to trust relationship attacks. We'll explore how attackers exploit the trust between companies and their service providers, leading to potentially devastating breaches. Join us as we delve into the mechanisms, real-world examples, and strategies to defend against these insidious threats.
And before we get into the meant of the matter, lets catch up on what has been trending this week:- https://cyberscoop.com: Snowflake related attacks
- https://attack.mitre.org/techniques: Trust RelationshipBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
This week's episode will continue with part 2 of "The Importance of Automation and Orchestration in Cyber Security."
Hundreds of personal computer as well as Server Models could be Affected by a serious UEFI Vulnerability
As I said in the episode one, the need for efficient and effective security measures has never been more critical.
I suggest you listen to E1, before you dive into this one.
Without further ado, lets first get what is trending this week in term of news and updates.- https://eclypsium.com: UEFICanHazBufferOverflow Widespread Impact From Vulnerability In Popular PC And Server Firmware
- https://eclypsium.com: How Eclypsium Automates Binary Analysis At Scale
- https://en.wikipedia.org: Orchestration (computing)Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode of the podcast we dissect "The Importance of Automation and Orchestration in Cyber Security."
Phishing Email Abuses Windows Search Protocol
As you are well aware cyber threats are becoming increasingly sophisticated and frequent.
The need for efficient and effective security measures has never been more critical. Equally, automation and orchestration have never more important for organizations to defend themselves and to streamlining processes, reducing response times, and enhancing overall security posture.
In my view this is an important way of tipping the balance in favor of the defenders.
Having said that and before we get into the main topic, lets touch a trending piece of news this week. And that is:- https://www.trustwave.com: Search Spoof Abuse O Windows Search T Redirect To Malware
- https://learn.microsoft.com: Using the search Protocol
- https://benjamin-altpeter.de: An Analysis of the State of Electron Security in the Wild
- https://en.wikipedia.org: Orchestration (computing)Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode, we're tackling a topic that has become increasingly relevant in our post-pandemic world: the hidden dangers posed by remote work.
More backlash about Microsoft's Recall technology.
As more companies embrace flexible work arrangements, the convenience and efficiency of working from home bring new set of challenges.
From cybersecurity threats to data privacy concerns, remote work introduces vulnerabilities that many organizations are not fully prepared to handle.
In this episode, we'll explore the risks associated with remote work, share real-world examples of security breaches, and discuss practical steps that businesses and employees can take to safeguard sensitive information.
Before we get into the main topic, lets touch a trending piece of news this week. And that is:- https://www.computing.co.uk: Microsoft overhauls Recall, makes it opt-in
- https://www.ciscolive.com: Protecting Remote Workers,
the Right WayBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode we're exploring an exciting and transformative innovation: Digital Twins technology and its groundbreaking application in cybersecurity.
Kaspersky releases free tool that scans Linux for known threats
Imagine having a virtual replica of your entire digital infrastructure—a detailed, dynamic model that mirrors every aspect of your environment.
In particular, we will look at how this cutting-edge technology enhances our ability to test, patch and update our environment and therefore anticipate, detect, and respond to cyber threats with unmatched precision and agility.
Before we get into the main topic, lets touch a top trending piece of news this week. And that is:- https://www.bleepingcomputer.com: Kaspersky Releases Free Tool That Scans Linux For Known Threats
- https://en.wikipedia.org: Digital-Twin
- https://blogs.cisco.com/securit: Cisco HyperShield Reimagining SecurityBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this episode we continue with part 2 on comparing SSL VPN and IPsec VPN, two popular technologies used for secure remote access.
As I said last week, understanding the nuances of these technologies is therefore crucial. We'll explore how each VPN works, their security features, performance differences, and the scenarios where each excels. Please listen to episode 172 before you listen to this episode.
With that said, lets turn to a top trending news this week:
- Microsoft's "Recall" feature raises privacy concern.
- https://www.wired.com: Microsoft Recall AI May Be A Privacy Nightmare
- https://en.wikipedia.org: Virtual_private_network
- https://en.wikipedia.org: Transport Layer Security
https://www.bleepingcomputer.com: Norway Recommends Replacing SSL VPN To Prevent BreachesBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode we're diving into the world of VPNs, Specifically we will compare SSL VPN and IPsec VPN, two popular technologies used for secure remote access. In the post pandemic area, remote work become part of the new normal post. Understanding the nuances of these technologies is therefore crucial. We'll explore how each VPN works, their security features, performance differences, and the scenarios where each excels.
Recap of RSA Conference. The biggest security conference in the US.
Having said that and before we get into VPN, lets turn to a top trending news this week and they are:- https://en.wikipedia.org: Virtual_private_network
- https://en.wikipedia.org: Transport Layer Security
https://www.bleepingcomputer.com: Norway Recommends Replacing SSL VPN To Prevent BreachesBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode, we will be exploring the fascinating world of remote browser isolation technology or RBI as it appreciated. We will delve into what remote browser isolation is, how it works, and the limitations it faces. Join us as we uncover the complexities of this innovative cybersecurity approach, shedding light on its benefits and challenges. Whether you are new to the concept or a seasoned professional, there is something here for everyone.
Dell data breach, 49 million customer records stolen
Having said that and before we get into RBI, lets turn to a couple of top trending news this week and they are:- https://techcrunch.com: Threat Actor Scraped- 49M Dell customer Addresses Before The Company Found Out
- https://www.w3.org: Introduction to DOM
- https://en.wikipedia.org: Browser IsolationBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In part 2 on eBPF we continue demystifying this promising new technology that is strengthening the cyber space. Please listen to the previous episode i.e. Episode 169 before you to listen to this one.
New UK Law: No Default Passwords on Smart Devices from April 2024
Having said that, lets recap a top trending security news, shall we?- https://www.ncsc.gov.uk: Smart Devices Law
- https://www.ncsc.gov.uk: Leaflet To Consumer On Security Law Smart Devices
- https://ebpf.foundation: eBPF
- https://cloudblogs.microsoft.com: Making eBPF work on Windows
- https://en.wikipedia.org: Protection ring
- https://cilium.io: Cilium
- https://blogs.cisco.com: Cisco HyperShield Reimagining Security
- https://www.linkedin.com: Skyfall eBPF Agent For Infrastructure ObservabilityBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. - Mostrar más