This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - Internet Radio Done Right
Checked 4d ago
اضافه شده در four سال پیش
محتوای ارائه شده توسط YusufOnSecurity.Com. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط YusufOnSecurity.Com یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه YusufOnSecurity.com
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
Daily Deals
82 - Weighting The Risk Benefit Of Kernel Level Access By 3rd Party Apps
Manage episode 432258668 series 2872461
محتوای ارائه شده توسط YusufOnSecurity.Com. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط YusufOnSecurity.Com یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Enjoying the content? Let us know your feedback!
In this week's episode, we will dig into the risk benefit analysis of allowing kernel level access to third party application. We will look into the inherent risks this brings into the operating system and the benefit thereof.
We will also compare the approach the two major operatic system makers took i.e. Microsoft and Apple. We will include snippet of what Microsoft says post CrowStrike outage.
- https://www.microsoft.com: Windows Security Best Practices For Integrating And Managing Security Tools
- https://support.apple.com: System And Kernel Extensions In MacOS
- https://www.theverge.com: Microsoft Windows Changes Crowdstrike Kernel Driver
- https://learn.microsoft.com: Support Policy Third Party Kernel Level Attestation
Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.
226 قسمت
اشتراک گذاری
Manage episode 432258668 series 2872461
محتوای ارائه شده توسط YusufOnSecurity.Com. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط YusufOnSecurity.Com یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Enjoying the content? Let us know your feedback!
In this week's episode, we will dig into the risk benefit analysis of allowing kernel level access to third party application. We will look into the inherent risks this brings into the operating system and the benefit thereof.
We will also compare the approach the two major operatic system makers took i.e. Microsoft and Apple. We will include snippet of what Microsoft says post CrowStrike outage.
- https://www.microsoft.com: Windows Security Best Practices For Integrating And Managing Security Tools
- https://support.apple.com: System And Kernel Extensions In MacOS
- https://www.theverge.com: Microsoft Windows Changes Crowdstrike Kernel Driver
- https://learn.microsoft.com: Support Policy Third Party Kernel Level Attestation
Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.
226 قسمت
همه قسمت ها
×
Enjoying the content? Let us know your feedback! In this week's episode, we get into some detailed exploration of an up and coming malware. Looking at it closer, it is one of the most advanced post-exploitation code families shaping the cybersecurity landscape in 2025. Over the time we have together, we’ll unravel what this malware is, how it works, why it’s so dangerous, and most importantly what businesses can do to defend themselves. Along the way, we’ll break down technical terms and processes, to make the topic less complex as I need it to be accessible and engaging to everyone. Before we dive into our main topic, let’s take a quick look at a major tech update making headlines: Microsoft Authenticator Now Warns To Export Passwords Before July Cut Off - https://www.bleepingcomputer.com : Ransomware gangs increasingly use Skitnet post-exploitation malware - https://otx.alienvault.com : Skitnet IOCs Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! This week we are exploring what Content Delivery Networks —commonly known as CDNs— are and whether they protect modern businesses. We’ll dive deep into the mechanics of how CDNs work, the technologies behind them, and whether they defend organizations from threats or just deliver content at blazing speeds. Along the way, we’ll highlight two of the world’s leading CDN providers. - https://en.wikipedia.org : Content Delivery Network - https://www.cloudflare.com : What Is CDN? - https://www.akamai.com : What Is CDN? Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! In this week's episode, we are looking at the latest Cisco Talos’ 2024 report. In this comprehensive report, we will delve into the major cybersecurity trends and threats observed over the past year. Cisco Talos team, has compiled this report to provide valuable insights and guidance for organizations to enhance their security postures. But before we get in to the main topic, I have one security news for you and that is: - The European Union launches a new vulnerability Database - EUVD - https://euvd.enisa.europa.eu : EUVD - https://euvd.enisa.europa.eu/faq : EUVD FAQ - https://blog.talosintelligence.com : 2024 Year In Review Report - https://www.forbes.com : Why Quantum Computers Will Work Alongside Classical Systems Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! This is the part 2 of RSAC 2025 episode. If you have not listened to episode 1 (that episode 222), I would suggest you listen to episode 1 before you listen this episode. Before you we get into part 2, lets review what has been happening last week on the news front. - UK shares security tips after major retail cyberattacks - https://www.bleepingcomputer.com : UK NCSC Cyber Attack A Wake Up call - https://www.ncsc.gov.uk :NCSC statement - Incident impacting retailers Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! It was RSAC week and it would be remiss of me if I did not give you a highlight on what went on this year, 2025. After all, RSAC has a critical role in security. We will be reviewing the top key announcements from this year's event, including some exciting news from the major security players in the industry. Whether you're a cybersecurity professional, a tech enthusiast, or just curious about the latest in the world of cyber security, this episode is definitely for you. So, let's get started! Before we dive into the main segment, we will also add one more topic that I think is of major importance on top of everything else and that is from Microsoft. Microsoft makes All new Account Passwordless by default - https://techcommunity.microsoft.com : New User Experience - https://www.rsaconference.com : RSA Conference 2025 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! This week's episode looks at the FBI’s 2024 Annual Internet Crime Report -an analysis that not only highlights the scale of cybercrime but also reveals the evolving tactics of cybercriminals and the staggering financial impact on individuals and businesses alike. This of course relates to US but it is an indicative what might be happening elsewhere. - https://www.ic3.gov : Federal Bureau Of Investigation - Internet Crime Report 2024 Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! Imagine visiting your favorite website-one you trust, one you’ve browsed a hundred times before-only to discover it’s become a silent gateway for cybercriminals. What if the real danger wasn’t in suspicious emails or obvious scams, but lurking in the very places you feel safest online? In today’s episode, we’ll unravel a cunning technique that preys on trust and routine, catching even the most vigilant users off guard. Stay tuned as we explore the origins, methods, and real-world impact of one of the most deceptive cyber threats in existence. But before we get to the main topic, lets cover the top security news first Lazarus hackers breach multiple organisation in a not so new attack method. We will find out what the technique is. - https://attack.mitre.org : Lazarus - https://attack.mitre.org : Drive by compromise Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this week's episode we are touching an intriguing topic. We're going to explore Agentic AI, a fascinating area within artificial intelligence that focuses on autonomous systems capable of making decisions and performing tasks without human intervention. We'll break it down for those new to cybersecurity, delve into some technical details, and use analogies to make it all clear But we before we dive into the topic, lets recap the top security news this week: Microsoft defender will isolate undiscovered endpoing to block attacks - https://learn.microsoft.com : Whatsbnew in Microsoft Defender Endpoint - Apri 2025 - https://en.wikipedia.org : Alan Turing - https://www.nvidia.com : Agentic AI Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! This week, we re going to explore what Fast Flux is, a sophisticated technique used by cybercriminals to evade detection and maintain their malicious activities. We'll break it down for those new to cybersecurity, delve into some technical details, and use analogies to make it all clear. So without further ado, grab your coffee, or keep your eyes on the road if you are driving, sit back, and let's get started!" HellCat Ransomware - https://therecord.media: Schneider Electric Hackers Accessed Internal Project Tracking Platform - https://www.infosecurity-magazine.com: Hellcat Ransomware Humiliation - https://attack.mitre.org : Dynamic Resolution: Fast Flux DNS - https://www.cisa.gov : Fasst Flux, A National Security Threat Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! This week's episode is continuation of Troy Hunt's cautionary tale , the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll continue to break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end where we bust our myth of the week! We will also look at this week's cyber security news which is Ubuntu Linux security bypasses - https://blog.qualys.co m: Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions - https://www.troyhunt.com : A sneaky phish just grabbed my Mailchimp mailing list Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! In this week's episode we have a fascinating and cautionary tale about none other than Troy Hunt, the creator of HaveIBeenPwned. Despite being a renowned security expert, Troy recently fell victim to a sophisticated phishing attack through Mailchimp. We'll break down what happened, how it happened, and what we can all learn from this incident. Stay tuned till the end for tips on how to stay vigilant against phishing attacks and our myth of the week! we will also look at the cyber security news. Here is what caught my attention this week. - PSTools dll injection vulnerability - https://www.foto-video-it.de : Disclosure Sysinternals (You will need to translate to English if you are not a German speaker) - https://learn.microsoft.com : PSTool - https://www.troyhunt.com : A sneaky phish just grabbed my Mailchimp mailing list Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! In this episode, we’ll look into a cybersecurity assessment method that mimics real-world attacks to test an organization's security defenses and response capabilities: Threat emulation. It is one of the strategies to keep you ahead of the game. Threat emulation aims to identify and mitigate security gaps before attackers exploit them, providing a more comprehensive evaluation than traditional assessments. Before we dive into the main topic, lets glance what is happening on the security front: March Microsoft Patch Tuesday has landed! - https://msrc.microsoft.com : March 2025 Security Updates - https://detect-respond.blogspot.com : Pyramid Of Pain - https://www.atomicredteam.io : Atomic Read Team - https://www.ecb.europa.eu /paym/cyber-resilience/tiber-eu/html/index.en.html Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Enjoying the content? Let us know your feedback! In this episode, we’ll be exploring a particularly intriguing file types: polyglot files. These digital shapeshifters have become a powerful tool in the arsenal of cyber attackers, capable of bypassing security measures, confusing systems, and delivering malicious payloads in ways that are both creative and devastating. Over the next 20 to 30 minutes or so, we’ll break down what polyglot files are, how they work, and why they’re so dangerous. We’ll also examine some real-world examples where polyglot files were used in cyberattacks. We will reference the MITRE ATT&CK framework to understand how these techniques fit into the broader landscape of adversarial tactics. Finally, we’ll discuss mitigation strategies and close with a cybersecurity myth that needs busting Before we dive into the main topic, lets glance what is happening on the security front: UEFI Secure Boot bypass vulnerability - https://en.wikipedia.org : Polyglot - https://attack.mitre.org : Masquerading - https://arxiv.org : Where the Polyglots Are: How Polyglot Files Enable Cyber Attack Chains and Methods for Detection & Disarmament - https://medium.com : Polyglot Files A Hackers Best Friend - https://www.bleepingcomputer.com : New polyglot malware hits aviation, satellite communication firms Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
1 213 - Stealing Data in Plain Sight -How Cybercriminals Exfiltrate Your Secrets and How to Stop Them 50:53
Enjoying the content? Let us know your feedback! In today's episode, we're diving deep into Data Exfiltration; one of the most serious threats facing organizations today. We'll break down exactly what data exfiltration is, where it fits in the MITRE ATT&CK framework, the tools and techniques attackers use, and, most importantly, how organizations can defend themselves. We’ll also cover real-world examples, including publicly known cases that had major consequences. So, whether you're a seasoned security professional or just starting out in the field, stick around as we unravel the methods attackers use and how to stop them. First lets look at one of the trending security news this week, and that is: News: Caldera Vulnerability - https://github.com/mitre/caldera : Security Notice - https://nvd.nist.gov : CVE-2025-27364 - https://medium.com : MITRE Caldera Security Advisory — Remote Code Execution (CVE-2025–27364) - https://www.mitre.org : Caldera Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
Y
YusufOnSecurity.com
Enjoying the content? Let us know your feedback! We are continuing with part 2 of "Behind the Login Screen - Understanding OS Authentication." If you missed our first episode, I highly recommend giving it a listen before diving into today's content. In part one, we started to explore the fascinating world of operating system authentications, focusing on Windows, Linux/Unix, and Mac OS. We discussed how hashes are used in authentication, the concept of salt in passwords, rainbow table attacks. In today's episode, we'll build on that foundation and delve even deeper into the topic of OS authentication mechanisms. So again, if you haven't already, make sure to catch up on part one to get the full picture. Now, let's get started with part two of our journey into the world of OS authentication! lets look at one of the trending security news this week, and that is: - Newly discovered OpenSSH vulnerabilities. - https://blog.qualys.com : Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 - https://learn.microsoft.com : Kerberos Authentication Overview Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes in there too.…
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
Daily Deals
مشابه YusufOnSecurity.com
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
