Episoder
-
In this week's episode, we will be exploring the fascinating world of remote browser isolation technology or RBI as it appreciated. We will delve into what remote browser isolation is, how it works, and the limitations it faces. Join us as we uncover the complexities of this innovative cybersecurity approach, shedding light on its benefits and challenges. Whether you are new to the concept or a seasoned professional, there is something here for everyone.
Dell data breach, 49 million customer records stolen
Having said that and before we get into RBI, lets turn to a couple of top trending news this week and they are:- https://techcrunch.com: Threat Actor Scraped- 49M Dell customer Addresses Before The Company Found Out
- https://www.w3.org: Introduction to DOM
- https://en.wikipedia.org: Browser IsolationBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
In part 2 on eBPF we continue demystifying this promising new technology that is strengthening the cyber space. Please listen to the previous episode i.e. Episode 169 before you to listen to this one.
New UK Law: No Default Passwords on Smart Devices from April 2024
Having said that, lets recap a top trending security news, shall we?- https://www.ncsc.gov.uk: Smart Devices Law
- https://www.ncsc.gov.uk: Leaflet To Consumer On Security Law Smart Devices
- https://ebpf.foundation: eBPF
- https://cloudblogs.microsoft.com: Making eBPF work on Windows
- https://en.wikipedia.org: Protection ring
- https://cilium.io: Cilium
- https://blogs.cisco.com: Cisco HyperShield Reimagining Security
- https://www.linkedin.com: Skyfall eBPF Agent For Infrastructure ObservabilityBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Mangler du episoder?
-
In this episode, we're diving deep to demystif a groundbreaking technology that's gathering pace on the security front. It is not something most people are aware of. This technology is bringing enhanced visibility, increased performance to enabling powerful security measures.
Threat Actors Were Exploiting an Antivirus Update Mechanism to Spread Malware
Hang around as we unravel the potential of eBPF in bolstering cybersecurity defenses, from real-time threat detection to proactive mitigation strategies, and explore how this revolutionary tool is reshaping the landscape of security.
Before we get into that, lets recap a top trending security news: and that is- https://decoded.avast.io: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
- https://ebpf.foundation: eBPF
- https://cloudblogs.microsoft.com: Making eBPF work on Windows
- https://en.wikipedia.org: Protection ring
- https://cilium.io: Cilium
- https://blogs.cisco.com: Cisco HyperShield Reimagining Security
- https://www.linkedin.com: Skyfall eBPF Agent For Infrastructure ObservabilityBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
In this week's episode, we will continue with part 2 on "Preparing for and responding to ransomeware attack"
There is large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials
As I said last week, ransomware is a threat that will be around us for the foreseeable future.
Do listen to part 1 before you listen to this episode.
With that out of the way, lets have a look a top trending piece of update for you.
https://blog.talosintelligence.com: Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials
- https://attack.mitre.org: Turla
- https://www.chainalysis.com: ransomware 2024
- https://www.cohesity.com: Ransomware RecoveryBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Ransomware is a threat that will be around us for the foreseeable future.
In this week's episode we will look at the history of ransomware, the common TTPs in use by threat actors such as Turla, how to align our incident response to that threat and others, and finally how to contain, eradicate, and recover from it.
In addition we will answer the following pertinent question that are top of minds for the SOC team. Questions such as:
- What are the best methods to inhibiter Threat actor's lateral movement?
- What are the critical components that drive ransomware?
etc...
But before we dig into these gems, lets touch one important top trending piece of news. And that is:
- CISA makes its malware analysis system publicly available
- https://www.cisa.gov: CISA Announces Malware Next-Gen Analysis
- https://attack.mitre.org: Turla
- https://www.chainalysis.com: ransomware 2024
- https://www.cohesity.com: Ransomware RecoveryBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
This week we will dive into a collection of powerful system utilities and tools designed to help users diagnose, troubleshoot, and monitor Windows operating system.
There is a Post Authentication Stack Overflow on a NetGear Router.
These utilities provide advanced functionality beyond what is typically available in Windows, as they offer insights into system internals, processes, file systems, networking, and more.
But before we dig into these gems, lets touch one important top trending piece of news. And that is:- https://blog.talosintelligence.com: Netgear wireless router open to code execution after buffer overflow vulnerability
https://www.talosintelligence.com:
Netgear RAX30 JSON Parsing getblockschedule() stack-based buffer overflow vulnerability
- https://kb.netgear.com: Security Advisory for Post Authentication Stack-Overflow on the RAX30
- https://learn.microsoft.com: PSTools
- https://learn.microsoft.com: SysInternals
- https://en.wikipedia.org/wiki: Mark RussinovichBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
AI is getting into all sorts of places but no less than in cybersecurity in both a good way and bad ways. In a good way with bolstering Incident response live cycle but unfortunately in a bad way with generating convincing phishing email or assisting with script and coding etc.
RedHat warns of a backdoor in a tool used in most of Linux distributions.
In this week's episode we will focus on how AI is helping IR in getting to the bottom of what might have happened.
Before we get into the main topic, lets touch one important top trending piece of news. And that is:- https://www.redhat.com: Urgent security alert Fedora 41 and rawhide users
- https://www.cisa.gov: Reported supply chain compromise affecting XZ Utils data compression library CVE-2024-3094
- https://www.ciscolive.com: AI Assistance (page 52)Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
In our second episode, we continue exploring the concept of adopting a platform security.
- Github added AI powered vulnerability auto-fix feature
In this second part we will continue where we left off from last week and will encourage you to listed to the first episode if you have not done so.
Before we get into the main topic, lets touch one important top trending piece of news this week. And that is:
- https://www.cisco.com: XDR- Platform approach to security
- https://github.blog: Introducing Code Ccanning Auto-Fix Powered By Ggithub Copilot And CodeQLBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english.
The United States lost record $12.5 billion to online crime in 2023
In this episode, we explore the recently much talked about concept of adopting a platform security. As technology advances, cyber criminals continually adapt their tactics. Engaged in a constant cat-and-mouse game, staying ahead is crucial. It begins with a deep understanding of which strategies best align with your objectives, safeguarding not only your digital assets but also your bottom line.
Before we get into the main topic, lets touch a top trending piece of news this week. And that is:
- https://www.ic3.gov:2023 IC3 Report
- https://www.cisco.com: XDR- Platform approach to securityBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
It was the LEAP event this past week. LEAP is a technology event in Saudi Arabia, Riyadh and it attracts every technology company imaginable especially in the cyber security domain. This is year was no different.
New email scam that targets NTLM hashes
At LEAP, I met with Port53, a firm that helps from SMB to enterprise businesses with their cyber security mission by delivering enterprise-grade solutions to deploy and management effortlessly.
Before we get into that lets turn to a top trending news this week which- https://port53.com: Port53
- https://www.bleepingcomputer.com: Hackers steal Windows NTLM authentication hashes in phishing attacks
- https://learn.microsoft.com: NTLM OverviewBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
This week I attended Qatar Web Summit. This is a technology and start-up summit held yearly in Doha, Qatar. There were a lot going on and I am lucky to have spent time with the Ken Fee, the CEO of Business Technology Architect shorten as BTA where we talked about security, network optimisation and automation.
The return of LockBit Ransomware-as-a-Service attacks increase in Middle East & Africa region- https://techcrunch.com: Feds hack LockBit, LockBit springs back. Now what?
- https://www.group-ib.com: Hi-Tech crime trends 2023 MEA
- https://qatar.websummit.com: Qatar Web SummitBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
In this episode, we are continuing with part 2 of the risks paused by default configuration. As I said last week, while default config is convenient for initial setup, these settings are may introduce significant security risks that can leave systems vulnerable to exploitation by malicious actors. Please listen to the first episode before you listen to this episode. That way you will get the background and full context of the topic.
Well intended Network Traversal Tool is Being Abused for malicious gain. Where have we seen that beoforeLaw enforcement from the UK and others disrupt Lockbit Ransomware group infrastructure
Having said that, lets turn to a couple of top trending news this week and they are:
- https://joshua.hu: SSH-Snake SSH network traversal discover SSH private keys network graph
- https://www.nationalcrimeagency.gov.uk/ NCA leads international investigation targeting worlds most harmful ransomware group
- https://www.chainalysis.com: LockBit takedown sanctionsBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
In today's interconnected world, default configurations are ubiquitous across various systems and devices, from routers to software applications. While convenient for initial setup, these default settings often harbor significant security risks that can leave systems vulnerable to exploitation by malicious actors. In this episode, we delve into the hidden dangers posed by default configurations, exploring real-world examples and discussing strategies to mitigate these risks effectively. Join us as we uncover the critical importance of securing systems against the perils of default settings.
The toothbrush DDOS that never wasYour favorite browser might have a feature that defends your home network
Before that, lets recap on what is top of mind on the news front.- https://www.forbes.com: Surprising 3 million hacked toothbrushes story goes viral is it true?
- https://chromestatus.com: Private Network Access
- https://owasp.org: Security Misconfiguration/Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
This is the second episode of our two part episode on whether quantum computing is a threat to cryptography really. Make sure you listen to episode 1 first as we laid the foundation on what is coming up in this episode.
CISA and the FBI release Living of the land technique guidancesGoogle's AI assisted with detection
As always lets review this week's top trending security news first.- https://www.computer.org: Quantum Computing
- https://thequantuminsider.com: Quantum Research
- https://cqn-erc.org/about: The Center for Quantum Networks
- https://www.cisa.gov: Joint Guidance Identifying and Mitigating LOTL
- http://security.googleblog.com: Scaling security with AI from detection
- https://safety.google: Cybersecurity AdvancementsBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Cryptography are the backbone of privacy since time immemorial. Toda is THE foundational block of the connected world without which the Internet will crumble as we know it.
There is a feverish discussions happening and fast improving of a new era in computing - Quantum computing, and it is improving year after year taking us ever closer to question the strength of the existing cryptography. So we asked "Is quantum computing a threat to cryptography, really?"
- https://blog.cloudflare.com: Thanks-Giving 2023 security incident
- https://www.justice.gov: US government disrupts botnet
- https://www.computer.org: Quantum Computing
- https://thequantuminsider.com: Quantum Research
- https://cqn-erc.org/about: The Center for Quantum NetworksBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english.
Not long ago, Microsoft's exchange online was breached. They now revealed how this happened.UK and US Water Utilities Hit with Cyberattacks
Accessing and managing various applications and services remotely is a daily occurrence for a typical administrator. It is often the fastest way to accomplish a quick task while you are on the move or say something urgent is needed while you are still on your way to your desk. While that is nothing new, we see an uptick on the number of successful attack taking advantage on these exposed administrative interfaces. What is causing the recent increase in Web UI initial access? Well, that is the topic our episode this week.
I am your host Ibrahim Yusuf
Just before we hit the main topic, lets review a couple top of mind recent news:- https://www.microsoft.com: Midnight Blizzard guidance for responders on nation state-attack
- https://www.securityweek.com: Major UK and US water companies hit by ransomware
https://www.cisa.gov: Water and wastewater sector incident response guideBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
When things go wrong, they go wrong fast. This week will dive into the widespread exploitation on iVanti VPN solution that attracted a lot of attention from both the security community as well as from the bad guys. What went wrong? Stay tuned.
Millions of passwords of top brands such as facebook and others were found for sale.SonicWall API attracts attacks that can impacts over 170 thousand firewalls.
Just before we get into iVanti, lets review the other top security news this week.- https://psirt.global.sonicwall.com: CVE-2022-22274
- https://psirt.global.sonicwall.com: CVE-2023-0656
- https://forums.ivanti.com: CVE-2023-46805 Authentication Bypass and CVE-2024-21887 Command Injection for Ivanti Connect Secure and Ivanti Policy Secure Gateways
- https://forums.ivanti.com: Pulse Connect Secure (PCS) Integrity Assurance
- https://www.mandiant.com: Suspected APT targets Ivanti zerodayBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
We are continuing demystifying a couple of terms that folks new to the realm of cyber security often mix up. Those are the terms Exfil or DLP. So by the end of the session you will surely understand where you stand the next time you will hear an Exfil has happened to so and so org or a DLP is require here.
Babuk variant decryption key made availableMandiant X account hacked
Make sure you listen to part 1 beforehand.
And as alware before we get into the weeds, lets review the recent top trending news this week. These are- https://www.bleepingcomputer.com: Decryptor for Babuk ransomware variant released after hacker arrested
- https://grahamcluley.com: Security firm Mandiant says it did not have 2FA enabled on its hacked Twitter account
- https://www.nomoreransom.org: No-More-Ransom siteBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
We will kick off the year with demystifying a couple of terms that folks new to the realm of cyber security often mix up. Those are the terms Exfil or DLP. So by the end of the session you will surely understand where you stand the next time you will hear an Exfil has happened to so and so org or a DLP is require here.
A new threat abusing the good old SMTP protocolWe'll talk about Terrapin and what protocol that is abusing as well.
Before we get into the weeds, lets review the recent top trending news this week. These are- https://sec-consult.com: SMTP Smuggling, spoofing e-mails worldwide
- https://www.postfix.org: SMTP Smuggling
- https://arstechnica.com: Millions still haven't patched Terrapin SSH protocol vulnerability
- https://terrapin-attack.com: Terrapin Attack
- https://attack.mitre.org: ATT&CKBe sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. -
Welcome back and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain English.
Well 2023 came and is is now gone, in this final episode we are unwinding the tape to go back to our most popular episodes. If you ever wondered hey what are the most listened to episode. This is the answer. I am sure you will find them beneficial as our listeners did.
We won't cover the latest news this time to give room to the content and it is mostly quiet this time of year and nothing has flared up like some recent years.
Enjoy the recap and the year end!Be sure to subscribe!
If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com
You will find a list of all previous episodes in there too. - Se mer
