Episodi
-
Enjoying the content? Let us know your feedback!
In this week's episode I will unpack the complexities of the cybersecurity world and help you stay informed and secure. Today, we’re going to dig into some intriguing concepts shaping the cybersecurity landscape: the Shared Fate Model and Trust Anchors. Some say these concepts are becoming so vital in modern IT security, their pros and cons, and how they compare with traditional security models that, quite frankly, aren’t cutting it anymore.
https://edition.cnn.com: Australia Minimum Age Limit on Social Media- https://cloud.google.com: Shared Fate Model
- https://csrc.nist.gov: Trust AnchorBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
Lets face it, the cyber crooks are always lurking aroud waiting for an opportunity to come in. They choose the path of least resistant and password is often their way in. Unfortunately password is still with us and for sometime to come too.
A newly discovered ransomware serves a wake up all for Mac Users.
In today episode, we’re digging deep into top common types of password attacks—and, most importantly, I’ll walk you through effective ways to stop them. Passwords are often the first line of defense, but they’re also a favorite target for hackers. Understanding these attack methods can empower you to protect your data better, avoid common pitfalls, and even educate those around you. So, let’s get into it!- https://xkcd.com: How To Create A Strong Password
- https://haveibeenpwned.com: Have I Been Pawned
- https://pages.nist.gov: Password
- https://www.infosecurity-magazine.com: NIST Scraps Passwords Complexity and Mandatory Changes in New GuidelinesBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Episodi mancanti?
-
Enjoying the content? Let us know your feedback!
This week's episode is an interview with Nadim Lahoud from Red Sift at GITEX the Global IT Expo that is held yearly in Dubai. It is the largest tech startup gathering in the world.
FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms
Redsift is a company that provides a cloud-based DMARC, DKIM and SPF configuration and management platform called OnDMARC. They also provide:
-Continuous certificate discovery and monitoring as well as
-Brand Trust through AI-driven brand impersonation discovery and monitoring.
Before we get into that we will recap the top trending security this week. That is:
- https://fidoalliance.org: Specifications Credential Exchange Specifications
- https://redsift.com: About Red SiftBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
Today we’re going to peel back the layers of Microsoft Windows architecture. For many of us, Windows has been a part of our computing lives for decades, whether at work or at home. But how much do we really know about how it works under the hood? In this episode, we’ll take a closer look at what makes Windows tick, compare it with Unix/Linux systems, and explore how it has evolved over the years.
Criminals Are Testing Their Ransomware Campaigns in Africa
Before we get into the topic, lets review this week's top trending security news:- https://www.performanta.com: Africa A testing Ground
- https://en.wikipedia.org: Architecture Of Windows NT
- https://techcommunity.microsoft.com: Windows Architecture The Basics
- https://learn.microsoft.com: Explore Windows Architecture/Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In today's episode, we’re diving into the world of APIs and Webhooks—two key technologies that power much of the automation and interaction between services online. Whether you’re a developer, security expert, or someone just curious about how data flows through the internet, this episode will give you valuable insights into how these tools work, their history, and, most importantly, how to keep them secure.
Mitre launches AI Incident Sharing Initiative. Awsome move!
We’ll also look at real-world examples of API-based attacks on major brands and break down what went wrong. By the end of this episode, you’ll have a full understanding of both APIs and Webhooks, and you’ll be armed with the must-know security measures for each. So, stick around and by keep listening!
Having said that, lets have a look at the top trending news this week.- https://owasp.org: OWASP API Security Top 10
- https://ai-incidents.mitre.org: Mitre ATLASBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
Today we’re discussing an exciting trend in the world of technology—the browser is no longer just a window to the web. So we asked is it becoming the operating system itself?
Exploiting CUPS: How Recent Vulnerabilities Could Compromise Linux Security
From the early days of Mosaic and Netscape Navigator to today’s cloud-powered Chromebooks, the browser has evolved dramatically. In this episode, we’ll explore the security implication, the history of browsers, the famous browser wars, and how today’s browsers are blurring the lines between web interfaces and operating systems.
Having said that, lets recap a top trending security news shall we?- https://www.evilsocket.net: Attacking On UNIX Systems Via CUPS Part I
-https://en.wikipedia.org: History of The Web Browsers
- https://en.wikipedia.org: Browser WarsBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this episode lets look at the world of DevSecOps—a vital practice in modern software development that has implication on security. We’ll trace the history of software development, discuss the evolution of methodologies, and examine the challenges that have led to the emergence of DevSecOps. So, whether you’re a seasoned developer who is curious about the cyber security world, or a veteran security practitioner, this is an episode you would not want to miss..
Microsoft officially deprecates Windows Server Update Service aka WSUS.
As always, lets review what is trending in the news front first.- https://techcommunity.microsoft.com: Windows Server Update Services WSUS Deprecation
- https://www.cisco.com: Addressing Security Challenges in a Fast Evolving Landscape White PaperBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
Today’s topic is one that mixes the marvel of modern technology with some very real concerns. We’re talking about the rise of Large Language Models, or LLMs, how they’re rapidly being adopted across industries, and the potential for sensitive data leakage on the open web. It’s a thrilling time for AI technologies, but as with all new frontiers, there are risks if we're not careful.
News: MSHTML platform spoofing vulnerability. And yes, It is a big one.- https://blogs.cisco.com: Securing The LLM Stack
- https://msrc.microsoft.com: CVE-2024-43461
- https://msrc.microsoft.com: CVE-2024-38112
- https://www.trendmicro.com: CVE-2024-38112 Void-BansheeBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this episode we’re diving into an important topic that concerns one of the most trusted hardware security tokens on the market—the YubiKey 5 series.
We’ll discuss a recently discovered vulnerability affecting YubiKeys and go over what it means for the broader world of authentication and cryptographic security. To help you fully understand the issue, I’ll also provide a quick primer on key concepts like digital signatures, elliptic curves, and the cryptographic algorithm known as ECDSA.
With that said, this episode is an update as well as a main topic and all in all it will give you the tools you need to stay informed and protected.
- https://www.yubico.com: Yubico Advisories
- https://ninjalab.io: The researchBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
Today, we will look into two essential cybersecurity solutions: File Integrity Monitoring or FIM and Endpoint Detection and Response, commonly known as EDR.
SANS Institute released a Critical Infrastructure Strategy Guide
Both of these technologies are crucial for protecting systems, but they work in very different ways. We’ll be comparing and contrasting their capabilities, benefits, and use cases.
Before we get into the main topic, lets review a top trending piece of security news:- https://www.sans.org: SANS Institute released a Critical Infrastructure Strategy Guide
- https://en.wikipedia.org: File Integrity Monitoring
- https://www.cisco.com: What is an EDR?Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In today episode we’re diving into something that’s been making waves in the cybersecurity community—NIST Cybersecurity Framework 2.0.
CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet
The NIST Cybersecurity Framework has long been a cornerstone for building robust security practices, and with the release of version 2.0, there are some exciting new developments that are relevant given todays threat landscape.
As always, lets review what is trending in the news front.- https://www.akamai.com: Mirai Botnet Infects CCTV Used in Critical Infrastructures
- https://www.nist.gov: IST Cybersecurity Framework 2.0.
- https://nvlpubs.nist.gov: NIST Cybersecurity Framework 2.0.Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode we will dig in exploring a critical framework that’s reshaping how organizations approach cybersecurity—especially in the energy sector—known as the Cybersecurity Capability Maturity Model. This is also refer to C2M2.
A ransomware group launched an EDR process killer utility
We’ll unpack what C2M2 is, why it’s so important, and how it helps organizations assess and improve their cybersecurity practices. So, grab a coffee, sit back, and let’s dive in.
But wait, lets first review this week's trending news.-https://www.theregister.com: RnsomHub EDRKilling Malware/
- https://c2m2.doe.gov: Cybersecurity Capability Maturity ModelBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode, we’re unpacking a topic that’s crucial for anyone connected to the digital world: _Why Hackers Target Stolen Credentials_. From understanding the value behind those stolen usernames and passwords to exploring the dark web marketplaces where they’re traded, we’ll break it all down and look at what this means for your security.
A UK IT provide faces hefty fines for ransomware breach
Before we get into the topic, lets review this week's top trending security news:- https://ico.org.uk: Provisional decision to impose £6m fine on software provider following 2022 ransomware attack that disrupted NHS and social care services
- https://en.wikipedia.org: Credential StuffingBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode, we're diving into the Malware Information Sharing Platform, or MISP. We'll explore how MISP helps organizations share and leverage threat intelligence, enhancing their defense against cyber threats. Stay tuned as we unpack its features, benefits, challenges, and practical tips for implementation.
Ransomware is on the rise, while technology becomes most targeted section
Before we get into the main topic, lets touch a top trending piece of news this week. And that is:
- https://blog.talosintelligence.com: IR Trends: Ransomware on the rise, while technology becomes most targeted sector- https://www.misp-project.org: MISP Project
- https://www.misp-project.org: Documentation
- https://github.com: MISP GitHubBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
In this week's episode, we will dig into the risk benefit analysis of allowing kernel level access to third party application. We will look into the inherent risks this brings into the operating system and the benefit thereof.
We will also compare the approach the two major operatic system makers took i.e. Microsoft and Apple. We will include snippet of what Microsoft says post CrowStrike outage.
- https://www.microsoft.com: Windows Security Best Practices For Integrating And Managing Security Tools
- https://support.apple.com: System And Kernel Extensions In MacOS
- https://www.theverge.com: Microsoft Windows Changes Crowdstrike Kernel Driver
- https://learn.microsoft.com: Support Policy Third Party Kernel Level AttestationBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
This week's episode needs very little introduction: The CrowdStrike IT Outage.
We will delve into the unprecedented IT outage caused by a corrupt update from CrowdStrike, which led to widespread Blue Screen of Death (BSOD) errors on Windows systems across globe. Join us as we explore how this incident became the largest IT outage in history and what lessons can be learned from it.
- https://www.crowdstrike.com: Falcon Update For Windows Hosts Technical Details
- https://www.crowdstrike.com: Falcon Content Update Remediation And Guidance HubBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
As I said in part of this two part series episode, It's easy to feel like nothing is secure these days, with constant reports of data breaches and exploits occurring everywhere you look. From major corporations to small businesses, no one seems immune to these pervasive cyber threats. The frequency and scale of these incidents can make it seem like our digital world is under continuous siege. In today's episode, we will be diving into the reasons behind the surge in data breaches and exploits, and how these incidents are becoming more frequent and damaging. Join us as we explore the fundamental factors contributing to this trend and examine some major breaches from the past few years. Please listen to part 1, beforehand.
There is a critical Exim Mail Server Vulnerability
Lets now turn to our top trending news this week and that is:- https://informationisbeautiful.net/visualizations: Worlds Biggest Data Breaches Hacks
- https://bugs.exim.org: Incorrect parsing of multiline rfc2231 header filename
- https://nvd.nist.gov: CVE-2024-39929Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
It's easy to feel like nothing is secure these days, with constant reports of data breaches and exploits occurring everywhere you look. From major corporations to small businesses, no one seems immune to these pervasive cyber threats. The frequency and scale of these incidents can make it seem like our digital world is under continuous siege. In today's episode, we will be diving into the reasons behind the surge in data breaches and exploits, and how these incidents are becoming more frequent and damaging. Join us as we explore the fundamental factors contributing to this trend and examine some major breaches from the past few years.
Who are behind the Brain Cipher ransomware?
Having said that, lets turn to a couple of top trending news this week and they are- https://media.inti.asia: Understanding the Brain Cipher Ransomware Attack
- https://informationisbeautiful.net/visualizations: Worlds Biggest Data Breaches HacksBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
A large number of companies are potentially exposed in SnowFlake's related attacks.
In this episode, we’re focusing on the rising trend of IT outsourcing and its implications for cybersecurity. As more businesses delegate non-core tasks to third-party providers, they inadvertently open doors to trust relationship attacks. We'll explore how attackers exploit the trust between companies and their service providers, leading to potentially devastating breaches. Join us as we delve into the mechanisms, real-world examples, and strategies to defend against these insidious threats.
And before we get into the meant of the matter, lets catch up on what has been trending this week:- https://cyberscoop.com: Snowflake related attacks
- https://attack.mitre.org/techniques: Trust RelationshipBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Enjoying the content? Let us know your feedback!
This week's episode will continue with part 2 of "The Importance of Automation and Orchestration in Cyber Security."
Hundreds of personal computer as well as Server Models could be Affected by a serious UEFI Vulnerability
As I said in the episode one, the need for efficient and effective security measures has never been more critical.
I suggest you listen to E1, before you dive into this one.
Without further ado, lets first get what is trending this week in term of news and updates.- https://eclypsium.com: UEFICanHazBufferOverflow Widespread Impact From Vulnerability In Popular PC And Server Firmware
- https://eclypsium.com: How Eclypsium Automates Binary Analysis At Scale
- https://en.wikipedia.org: Orchestration (computing)Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. - Mostra di più