Search

What happens to CISA now? Is deterrence in cyber possible? Mysterious rebooting iPhones The Sophos kernel implant Fortinet 0days ESET Israel wiper malware Typhoons and Blizzards: Cyberespionage and national security on front burner Careto returns Exploding beepers Ep13: The Consolation of Threat Intel (JAG-S LABScon keynote) Ep12: Security use-cases for AI chain-of-thought reasoning Ep11: Cyberwarfare takes an ominous turn Ep10: Volt Typhoon zero-day Ep9: The blurring lines between nation-state APTs and the ransomware epidemic Ep8: Microsoft's zero-days and a wormable Windows TCP/IP flaw known to China Ep7: Crowd2K and the kernel Ep6: After CrowdStrike chaos Ep5: CrowdStrike's faulty update shuts down global networks Ep4: The AT&T mega-breach Ep3: Dave Aitel joins debate on nation-state hacking responsibilities Ep2: A deep-dive on disrupting and exposing nation-state malware ops Ep1: The Microsoft Recall debacle Cris Neckar on the early days of securing Chrome Costin Raiu joins the XZ Utils backdoor investigation Katie Moussouris on building a different cybersecurity businesses Costin Raiu: The GReAT exit interview Danny Adamitis on an 'unkillable' router botnet used by Chinese .gov hackers Allison Miller talks about CISO life Rob Ragan on the excitement of AI solving security problems Seth Spergel on venture capital bets in cybersecurity Dan Lorenc on fixing the 'crappy' CVE ecosystem Cisco Talos researcher Nick Biasini on chasing APTs Allison Nixon on disturbing elements in cybercriminal ecosystem Dakota Cary on China's weaponization of software vulnerabilities Abhishek Arya on Google's AI cybersecurity experiments Dr Sergey Bratus on the 'citizen science' of hacking DARPA's Perri Adams on CTF hacking Ryan Hurst on tech innovation and unsolved problems in security Jason Chan on Microsoft's security problems GitHub security chief Mike Hanley on secure coding Jason Shockey Federico Kirschbaum on a life in the Argentina hacking scene Kymberlee Price reflects on life at the MSRC OpenSSF GM Omkhar Arasaratnam on open-source software security Serial entrepreneur Rishi Bhargava on building another cybersecurity company Claude Mandy on CISO priorities Sidra Ahmed Lefort dishes on VC investments and cyber uncertainties Paul Roberts on wins and losses in the 'right to repair' battle Katie Moussouris on where bug bounties went wrong Robinhood CSO Caleb Sima on a career in the security trenches Charlie Miller on hacking iPhones JAG-S on big-game malware hunting and a very mysterious APT Chainguard's Dan Lorenc gets real on software supply chain problems Vinnie Liu discusses a life in the offensive security trenches Down memory lane with Snort and Sourcefire creator Marty Roesch Subbu Rama Project Zero's Maddie Stone on the surge in zero-day discoveries Prof. Mohit Tiwari on the future of securing data at scale Google's Shane Huntley on zero-days and the nation-state threat landscape Lamont Orange Haroon Meer on the business of cybersecurity Tony Pepper Microsoft's Justin Campbell on offensive security research Costin Raiu on the .gov mobile exploitation business Amanda Gorton Intel's Venky Venkateswaran on hardware-enabled security Sounil Yu on SBOMs Algirde Pipikaite Josh Schwartz on red-teaming and proactive security engineering Michael Laventure Google's Heather Adkins on defenders playing the long game Collin Greene Alex Matrosov on the state of security at the firmware layer Charles Nwatu Doug Madory on the mysterious AS8003 global routing story Crossbeam CISO Chris Castaldo on securing the start-up Shubs Shah on finding riches (and lessons) from bug bounty hacking Fahmida Rashid Microsoft's David Weston on the surge in firmware attacks Lena Smart Patrick Howell O'Neill Nico Waisman Ron Brash on the water plant hacks and the state of ICS security Throwback: Zero-day exploit broker Chaouki Bekrar Selena Larson Fredrick Lee Zack Whittaker Jason Chan Andy Greenberg Matt Honea Brooke Pearson Tim MalcomVetter Matt Suiche Jaime Blasco Collin Mulliner Michael Piacente Dave Aitel Sounil Yu Andy Ellis Costin Raiu Josh Lefkowitz Christine Gadsby Chad Loder Chris Castaldo Wim Remes Dan Hubbard David Weston Rich Seiersen Andrew Morris Yoav Leitersdorf Juan Andrés Guerrero-Saade Robert M. Lee Brandon Dixon Ryan Huber Ivan Arce Sinan Eren Stephen Ridley Mischel Kwon Rick Holland Thomas Ptacek Zane Lackey Haroon Meer David (int eighty) Dennis Fisher Tim Maurer Will Lin Pete Chronis Brad Arkin Aanchal Gupta Tom Conklin John Terrill Christopher Ahlberg Masha Sedova Paul Roberts Dino Dai Zovi Sharon Anolik Kim Zetter Kelly Jackson Higgins Katie Moussouris

Episode Newsletter

africa AI AI Cyber Challenge AI models AIxCC AMP android anti-exploitation anti-virus antivirus Antiy Appin Apple appliances appsec APT APT 41 APT attribution APT groups APT names APT29 APT29 Cyber Attacks APT29 tactics APT45 APTs argentina Artifical Intelligence artificial intelligence as8003 AT&T AT&T breach AT&T data breach Atlantic Council attack surfaces attribution automation balkanid Balkanization Barracuda BGP BGP hijacking bios bitcoin Bitcoin attacks black hat blackberry blue screens blue team breach detection browsers BSOD bug bounties bugbounty business continuity Canada canaries candiru Career career guidance Careto CET Chainguard Chengdu Chevron deference China Chinese APTs Chinese cyber actors chip backdoor chrome Chrome Flex OS CIA CISA Cisco Talos CISO CISO liability CISO movements CISOs client security code quality codecov coinbase community building compliance continuous testing core security corellium corona virus covid credential theft crisis management critical infrastructure crowdstrike crypto cryptocurrency cryptojacking csam CSRB CVE cyber espionage cyber operations Cyber threat indicators cyber threats cyber-insurance cybersecurity cybersecurity business Cybersecurity Threats cyberwar Dan Geer dan kaminsky Dark Reading DARPA Dartmouth data guard data privacy data security Davos DEF CON CTF Defcon detection detection update diplomacy disclosure disinformation disrupting nation-state operations diversity Doppelganger dspm Duqu Dutch Intel eclypsium EDR EDR software ekoparty election interference email email security emulation encryption Engagement entrepreneurship ESET espionage Espionage and Cyber Warfare exploit brokers exploit reuse exploit sales exploitability exploitation techniques exploits facebook FBI FBI CISA report firewall devices firewall vulnerabilities firmware FOMO Typhoon Fortinet Fraud Prevention funding generative ai global routing Goblin Rat godaddy google google project zero GReAT groups GRU h2c smuggling hack-for-hire Hamas hardware hardware security HexRays hiring Hitcon ics IDA Pro Identity and Access ids iga implants India influence operations information sharing infrastructure attacks insurance intel internet backbone Internet Explorer investments investments and exits IOCs iOS iOS 14.5 iOS exploitation iOS malware ios self-driving cars iOS vulnerabilities IOT iphone ips ipv4 IPv6 Iran Iranian hacking Israel Ivanti Japan jeep JetBrains TeamCity vulnerability jiu-jitsu jobs market journalism Kaspersky key management Keywords cybersecurity Kim Zetter labscon Lapsu$ law enforcement layoffs Lazarus leadership legal considerations Linux LLMs log4j log4shell macbook machine learning MacOS malware analysis malware campaigns MAPP marketing marty roesch memory corruption memory forensics Memory Safety mercenary hacking Merlin Ventures messaging metador microsoft Microsoft 365 outage Microsoft Teams exploitation MIVD mobile mobile stock trading monoculture msrc nation-state nation-state APTs nation-state malware National security cyber risks National Security Risks Netherlands netography network security network-based attacks news gathering NIST North Korea npm NSO Group NSO lawsuit NSO Pegasus NullBulge offense vs defense offensive security Olympics open source software open-source OpenAI Palo Alto pandemic Paragon parsers password-protected phone patch tuesday patching shenanigans Pavel Durov PDF pegasus pen-testing penetration testing PKFail Polyfill supply chain Predatory Sparrow print spooler printnightmare prisoner exchange privacy privacy engineering Private Cloud Computer product security Project Zero PSOAs public cloud Pulse Secure pwn2own Q&A Qihoo 360 quantum computing ransomware recruiting Red October red team remediation research Reuters risk management robinhood routers RPISEC rsa conference rsac Russia Russia cyber espionage S1 saas SafeDocs Salt Typhoon Salt Typhoon Hacks Salt Typhoon vulnerability Sandboxing SBOM SBOMs scada Scattered Spider Section 702 secure boot bypass secure coding security security assessments security awareness security framework security research security updates securityawareness securityresponse self-driving cars Sentinel One sentinellabs serverless shift-left simulated hacking attacks skills-shortage Skripal slack snort Snowflake SOC software liability software update solarwinds Sophos sourcefire South Korea spectre spyware startup startups stolen data story-telling Storytelling Stuxnet sunburst supply chain Supply chain cyber attack surveillance surveillance industry SVR cyber threat Switzerland Taiwan teams teamviewer breach Telegram telemetry tesla hack testing the-com thinkst third-party risk threat detection threat intelligence threat-hunting threat-intel threatintel TLP tpm sniffing transcript transparency Triangulation typosquatting uefi uefi malware ukraine UltraAV Unit 29155 validation VC funding venture capital Versa Director virtualization Virus Bulletin VirusTotal visibility Volt Typhoon Volt Typoon vpn vulnerabilities vulnerability discovery vupen web app security webapp security whatsapp White House windows Windows Defender Windows kernel windows os Windows Recall wiper wipers writing Xiaomi XZ Utils YARA zero-click exploits zero-day zero-day vulnerabilities Zero-days zero-trust zerodium Zoom

2017 2018 2019 2020 2021 2022 2023 2024