This week, N2K's very own Brandon Karpf sits down with Kevin Lentz, Team Leader of the Cyber Pacific Project at the Global Disinformation Lab, and they discuss the recent threatcasting report "Cyber Competition in the Indo-Pacific Gray Zone 2035." This report, developed using the Threatcasting Method, examines how the U.S. and Indo-Pacific allies can coordinate their cyber defense efforts in response to future competition with China. It presents findings, trends, and recommendations based on twe...
Sep 07, 2024•27 min•Season 8Ep. 345
Cadet Blizzard is part of Russia’s elite GRU Unit. Apache releases a security update for its open-source ERP system. SonicWall has issued an urgent advisory for a critical vulnerability. Researchers uncover a novel technique exploiting Linux’s Pluggable Authentication Modules. Google’s kCTF team has discloses a critical security vulnerability affecting the Linux kernel’s netfilter component. Predator spyware has resurfaced. US health care firm Confidant Health exposes 5.3 terabytes of sensitive ...
Sep 06, 2024•45 min•Season 8Ep. 2145
The DOJ disrupts Russia’s Doppelganger. NSA boasts over 1,000 public and private partners. The FBI warns of North Korean operatives launching “complex and elaborate” social engineering attacks. Iran pays the ransom to sure up their banking system. Cisco has disclosed two critical vulnerabilities in its Smart Licensing Utility. A Nigerian man gets five years in prison for Business Email Compromise schemes. Planned Parenthood confirms a cyberattack. Our guests are Sara Siegle and Cam Potts from NS...
Sep 05, 2024•30 min•Season 8Ep. 2147
Researchers find Yubikeys vulnerable to cloning. Google warns of a serious zero-day Android vulnerability. Zyxel releases patches for multiple vulnerabilities. D-Link urges customers to retire unsupported vulnerable routers. Hackers linked to Russia and Belarus target Latvian websites. The Federal Trade Commission (FTC) reports a sharp rise in Bitcoin ATM-related scams. Dutch authorities fine Clearview AI over thirty million Euros over GDPR violations. Threat actors are misusing the MacroPack re...
Sep 04, 2024•31 min•Season 8Ep. 2146
Brazil blocks access to X/Twitter. Transport for London has been hit with a cyberattack. Threat actors have poisoned GlobalProtect VPN software to deliver WikiLoader. “Voldemort” is a significant international cyber-espionage campaign. Researchers uncover an SQL injection flaw with implications for airport security. Three men plead guilty to running an MFA bypass service. The FTC has filed a complaint against security camera firm Verkada. CBIZ Benefits & Insurance Services disclosed a data breac...
Sep 03, 2024•34 min•Season 8Ep. 2142
You can learn more about AWS in Orbit at space.n2k.com/aws. Our guests today are Jason Aspiotis, Global Director, In-Space Data & Security at Axiom Space and Jay Naves, Sr. Solutions Architect at AWS Aerospace & Satellite Solutions. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. Remember to leave us a 5-star rating and review in your favorite pod...
Sep 02, 2024•40 min•Season 1Ep. 10
Enjoy this encore episode with Vice President of Security and Support Operations of Alert Logic Tom Gorup shares how his career path led him from tactics learned in Army infantry using machine guns and claymores to cybersecurity replacing the artillery with antivirus and firewalls. Tom built a security automation solution called the Grunt (in recollection of his role in the Army) that automated firewall blocks. He credits his experience in battle-planning for his expertise in applying strategic ...
Sep 01, 2024•7 min•Season 1Ep. 31
In this Special Edition podcast, N2K's Executive Editor Brandon Karpf speaks with Danielle Ruderman, Senior Manager for Wordwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M, about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Learn more about your ad choices. Visit megaphone.fm/adchoices
Sep 01, 2024•25 min•Season 9Ep. 71
Tim Peck, a Senior Threat Researcher at Securonix, is discussing their work on "Threat actors behind the DEV#POPPER campaign have retooled and are continuing to target software developers via social engineering." The DEV#POPPER campaign continues to evolve, now targeting developers with malware capable of operating on Linux, Windows, and macOS systems. The threat actors, believed to be North Korean, employ sophisticated social engineering tactics, such as fake job interviews, to deliver stealthy...
Aug 31, 2024•23 min•Season 8Ep. 344
AI regulations move forward in California. DDoS attacks are on the rise. CISA releases a joint Cybersecurity Advisory on the RansomHub ransomware. A persistent malware campaign has been targeting Roblox developers. Two European men are indicted for orchestrating a widespread “swatting” campaign. Critical vulnerabilities in an enterprise network monitoring solution could lead to system compromise. An Ohio judge issues a restraining order against a cybersecurity expert following a ransomware attac...
Aug 30, 2024•33 min•Season 8Ep. 2141
French authorities outline the allegations against Telegram’s CEO. Google finds familiar spyware in Mongolian government websites. The Mirai botnet leverages obsolete security cameras. Iran’s Peach Sandstorm targets the space industry. A federal appeals court says platforms may be liable to algorithmically recommended content. Scam cycles are getting shorter. McDonald’s officials are grimacing after hackers take over their Instagram account. Our guests today are Dave DeWalt, Founder and CEO of N...
Aug 29, 2024•34 min•Season 8Ep. 2140
Threat actors use a malicious Pidgin plugin to deliver malware. The BlackByte ransomware group is exploiting a recently patched VMware ESXi vulnerability. The State Department offers a $2.5 million reward for a major malware distributor. A Swiss industrial manufacturer suffers a cyberattack. The U.S. Marshals Service (USMS) responds to claims of data theft by the Hunters International ransomware gang. Park’N Fly reports a data breach affecting 1 million customers. Black Lotus Labs documents the ...
Aug 28, 2024•34 min•Season 8Ep. 2139
Hacktivists respond to the arrest of Telegram’s CEO in France. Stealthy Linux malware stayed undetected for two years. Versa Networks patches a zero-day vulnerability. Google has patched its tenth zero-day vulnerability of 2024. Researchers at Arkose labs document Greasy Opal. A flaw in Microsoft 365 Copilot allowed attackers to exfiltrate sensitive user data. Gafgyt targets crypto mining in cloud native environments. Microsoft investigates an Exchange Online message quarantine issue. Our guest ...
Aug 27, 2024•31 min•Season 8Ep. 2141
Telegram’s CEO is arrested by French police, presumably over moderation failures. A cyberattack disrupted services at Seattle-Tacoma International Airport and the Port of Seattle. SonicWall has warned customers of a critical vulnerability that could lead to unauthorized access or a firewall crash. Dutch and French regulators fined Uber €290 million for failing to protect the privacy of EU drivers. Microsoft will host a cybersecurity conference next month in response to the disastrous CrowdStrike...
Aug 26, 2024•32 min•Season 8Ep. 2137
Enjoy this special encore episode, where we are joined by Vice President of Global Systems Engineering Ellen Sundra and she shares her career path from life as a college grad who found her niche by creating a training program to a leader in cybersecurity. She realized that training and educating people was her passion. Ellen sees her value in providing soft skills as a natural balance to her technical team at Forescout Technologies. Being a woman in a male-dominated world proved to be a challeng...
Aug 25, 2024•8 min•Season 1Ep. 30
In this Special Edition podcast, N2K's Executive Editor Brandon Karpf speaks with Dustin Moody, mathematician at NIST, about their first 3 recently finalized post-quantum encryption standards. NIST finalized a key set of encryption algorithms designed to protect against future cyberattacks from quantum computers, which operate in fundamentally different ways from traditional computers. Listen as Brandon and Dustin discuss these algorithms and how quantum computing will change the way we view enc...
Aug 25, 2024•32 min•Season 9Ep. 70
Robert Duncan, VP of Product Strategy from Netcraft, is discussing their work on "Mule-as-a-Service Infrastructure Exposed." Netcraft's new threat intelligence reveals the intricate connections within global fraud networks, showing how criminals use specialized services like Mule-as-a-Service (MaaS) to launder scam proceeds. By mapping the cyber and financial infrastructure, including bank accounts, crypto wallets, and phone numbers, Netcraft exposes how different scams are interconnected and id...
Aug 24, 2024•26 min•Season 8Ep. 339
The exploitation of the LiteSpeed Cache Wordpress plugin has begun. Halliburton confirms a cyberattack. Velvet Ant targets Cisco Switch appliances. The Qilin ransomware group harvests credentials stored in Google Chrome. Ham radio enthusiasts pay a million dollar ransom. SolarWinds releases a hotfix to fix a hotfix. A telecom company will pay a million dollar fine over President Biden deepfakes. The Justice Department is suing the Georgia Institute of Technology and an affiliated company for all...
Aug 23, 2024•30 min•Season 8Ep. 2136
A Wordpress plugin vulnerability puts 5 million sites at risk. Google releases an emergency Chrome update addressing an actively exploited vulnerability. Cisco patches multiple vulnerabilities. Researchers say Slack AI is vulnerable to prompt injection. Widely used RFID smart cards could be easily backdoored. The FAA proposes new cybersecurity rules for airplanes, engines, and propellers. A member of the Russian Karakurt ransomware group faces charges in the U.S. The Five Eyes release a guide on...
Aug 22, 2024•32 min•Season 8Ep. 2135
A major American chipmaker discloses a cyberattack. Cybercriminals exploit Progressive Web Applications (PWAs) to bypass iOS and Android defenses. Mandiant uncovers a privilege escalation vulnerability in Microsoft Azure Kubernetes Services. ALBeast hits ALB. Microsoft’s latest security update has caused significant issues for dual-boot systems. The DOE’s new SolarSnitch program aims to sure up solar panel security. Researchers uncover LLM poisoning techniques. An Iranian-linked group uses a fak...
Aug 21, 2024•34 min•Season 8Ep. 2134
The Dem’s 2024 party platform touches on cybersecurity goals. The feds warn of increased Iranian influence operations. A severe security flaw has been discovered in a popular WordPress donation plugin. The Lazarus Group exploits a Windows zero-day to install a rootkit. Krebs on Security takes a closer look at the significant data breach at National Public Data. Toyota confirms a data breach after their data shows up on a hacking forum. A critical Jenkins vulnerability is added to CISA’s Known Ex...
Aug 20, 2024•35 min•Season 8Ep. 2133
Cisco Talos discovers vulnerabilities in Microsoft applications for macOS. OpenAI disrupts an Iranian influence campaign. Jewish Home Lifecare discloses a data breach affecting over 100,000. Google tests an auto-redaction feature in Chrome for Android. Unicoin informs the SEC that it was locked out of G-Suite for four days. House lawmakers raise concerns over China-made WiFi routers. Moody’s likens the switch to post-quantum cryptography to the Y2K bug. Diversity focused tech nonprofits grapple ...
Aug 19, 2024•30 min•Season 8Ep. 2132
Enjoy this special encore with CEO and co-founder of Dragos Robert Lee, as he talks about how he came to cybersecurity through industrial control systems. Growing up with parents in the Air Force, Robert's father tried to steer him away from military service. Still Rob chose to attend the Air Force Academy where he had greater exposure to computers through ICS. Robert finds his interest lies in things that impact the physical world around us. In his work, Dragos focuses on identifying what peopl...
Aug 18, 2024•8 min•Season 1Ep. 29
Snir Ben Shimol from ZEST Security on their work, "How we hacked a cloud production environment by exploiting Terraform providers." In this blog, ZEST discusses the security risks associated with Terraform providers, particularly those from community sources. The research highlights the importance of carefully vetting providers, regular scanning, and following best practices like version pinning to mitigate potential vulnerabilities in cloud infrastructure management. The research can be found h...
Aug 17, 2024•24 min•Season 8Ep. 339
Google and iVerify clash over the security implications of an Android app. CISA has issued a warning about a critical vulnerability in SolarWinds Web Help Desk. Ransomware attacks targeting industrial sectors surge. Microsoft is rolling out mandatory MFA for Azure. Banshee Stealer is a new macOS-targeted malware developed by Russian threat actors. A popular flight tracking website exposes users’ personal and professional information. San Francisco goes after websites generating deepfake nudes. D...
Aug 16, 2024•32 min•Season 8Ep. 2131
Microsoft urges users to patch a critical TCP/IP remote code execution vulnerability. Texas sues GM over the privacy of location and driving data. Google says Iran’s APT42 is responsible for recent phishing attacks targeting presidential campaigns. Doppelgänger struggles to sustain its operations. Sophos X-Ops examines the Mad Liberator extortion gang. Fortra researchers document a potential Blue Screen of Death vulnerability on Windows. China’s Green Cicada Network creates over 5,000 AI-control...
Aug 15, 2024•33 min•Season 8Ep. 2130
Researchers at Tenable uncovered severe vulnerabilities in Microsoft’s Azure Health Bot Service. Scammers use deepfakes on Facebook and Instagram. Foreign influence operations target the Harris presidential campaign. An Idaho not-for-profit healthcare provider discloses a data breach. Research reveals a troubling trend of delayed and non-disclosure of ransomware attacks by organizations. Patch Tuesday roundup. Palo Alto Networks’ Unit 42 revealed a significant security risk in open-source GitHub...
Aug 14, 2024•31 min•Season 8Ep. 2132
The FBI is the repossessor of Dispossessor. The NCA collars and extradites a notorious cybercriminal. A German company loses sixty million dollars to business email compromise. DeathGrip is a new Ransomware-as-a-Service (RaaS) platform. Russia blocks access to Signal. NIST publishes post-quantum cryptography standards. DARPA awards $14 million to teams competing in the AI Cyber Challenge. On our Solution Spotlight, N2K President Simone Petrella talks with Lee Parrish, CISO of Newell Brands, abou...
Aug 13, 2024•38 min•Season 8Ep. 2128
On this Solution Spotlight, guest Lee Parrish, author and CISO at Newell Brands, joins N2K President Simone Petrella to discuss his book "The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security" and security relationship management. Learn more about your ad choices. Visit megaphone.fm/adchoices
Aug 13, 2024•34 min•Season 9Ep. 69
The Trump campaign claims its email systems were breached by Iranian hackers. A Nashville man is arrested as part of an alleged North Korean IT worker hiring scam. At Defcon, researchers reveal significant vulnerabilities in Google’s Quick Share. Ransomware attacks hit an Australian gold mining company as well as multiple U.S. local governments. GPS spoofing is a matter of time. Cisco readies another round of layoffs. Nearly 2.7 billion records of personal information for people in the United St...
Aug 12, 2024•31 min•Season 8Ep. 2127
